Last night I presented to the London Connected Systems User Group on the subject of Windows Identity Foundation (WIF).
The LCSUG community is focussed around building and integrating services. One architectural concern that has been widely ignored in service oriented architecture is identity and access control. Web based identity protocols such as WS-Trust, OAuth WRAP and WS-Federation are of great importance to service and application design because they enable identity to be freed beyond the boundaries of an application or single enterprise and onto the web.
The software demands of end users have changed in recent years; people expect access to information anywhere from any device all the time. For most enterprises, this demand will mean provisioning internet facing applications and services in a public cloud, while key tier 1 or line of business applications will remain under close supervision on premise or in a private cloud. This is reality of “hybrid cloud” scenarios.
To deliver cloud enterprise architecture you need one key ingredient : HTTP. Identity that flows over HTTP(S) enables access control to operate from device to service and beyond in a way that it seamless and invisible to end users. This web single sign on capability is also becoming a key differentiator in a users experience of an application.
The slide deck I gave last night can be viewed below:
Over the next few weeks I will be providing detailed examples of using WIF with ASP.NET MVC, WCF and WCF Data Services.
