This section discusses example scenarios that you can implement with Windows® Identity Foundation (WIF).
The following fictional companies and their stated business needs are used in the sample scenarios that are described in this topic:
- Contoso Hybrid is an international
automobile engine supply company that specializes in manufacturing
electric and fuel cell-based hybrid engines to car manufactures
inside and outside of the US. In a strategic effort to meet the
part ordering demands of its customers, the IT department at
Contoso has been tasked with developing and deploying a secure
Internet-accessible part ordering application through their host
name Contoso.com. This application must also provide multiple
levels of access for various internal users (Contoso employees) and
external users (car manufacturer employees). To minimize costs
associated with maintaining the parts ordering application, IT must
also avoid the need for the application to use and maintain an
additional account store in order for internal and external users
to access the application.
- Fabrikam Motors is a Swedish
manufacturer of fuel efficient compact and small cars that is known
worldwide for its low price point on hybrid automobiles. Although
sales have been accelerating consistently year after year for
Fabrikam, there has been a noticeable increase in hybrid engine
failure rates in cars that have been sold to customers within their
first year. In order for Fabrikam Motors to maintain its standard
for high levels of service, it must implement a more efficient
means by which hybrid engine parts can be ordered through Contoso
Hybrid.
- Identity
Delegation Scenario. This scenario demonstrates the ability to
access the resources from a Web service in Contoso Hybrid that
requires an ActAs token; that is, the service requires the identity
of the immediate caller (typically the identity of the service) and
the original user who initiated the request (typically the identity
of the interactive user).
- Step-Up
Authentication Scenario. This scenario demonstrates the ability
to access the resources of different values (low value or high
value) in Contoso Hybrid from within a single user session; that
is, the user logs on initially with a low-strength authentication
method (such as forms authentication) and gains access to the
low-value resources; then, when the user tries to access high-value
resources, they are prompted for step-up authentication to strongly
authenticate them (such as a smart card).
Note that these scenarios are not the only scenarios that WIF can address; they are selected to show how WIF applies to a given scenario.
Note that Active Directory® Federation Services (AD FS) 2.0 offers a turnkey server product that can be used as a Security Token Service (STS) and help eliminate the need to build a custom STS. Refer to the AD FS 2.0 Product Documentation for the functionalities offered by the server product.