SOA Building Blocks WS-Federation
WS-Federation describes how to use the existing Web services security building blocks to provide federation functionality, including trust, single sign-on (and single sign-off), and attribute management across a federation. WS-Federation is really a family of three specifications: WS-Federation, WS-Federation Passive Client, and WS-Federation Active Client.
WS-Federation itself describes how to implement a federation in a Web services world. In particular, WS-Federation focuses on the relationships between parties and the high-level architecture that supports these relationships. The two individual documents, WS-Federation Active and WS-Federation Passive, describe how to implement individual federation solutions.
WS-Federation Active describes how to implement federation functionality in the active client environment. Active clients are those that are Web services-enabled, that is, able to issue Web services requests and react to a Web services response. Leveraging the Web services security stack, WS-Federation Active describes how to implement the advantages of a federation relationship, including single sign-on, in an active client environment. WS-Federation Passive describes how to implement federation functionality in a passive client environment. A passive client is one that is not Web services-enabled.
The most commonly encountered example of a passive client is a vanilla HTTP browser. WS-Federation Passive describes how to leverage the advantages of a federation relationship such as single sign-on in a passive client environment. Because this solution leverages the WS-Security foundation of the infrastructure support, the same components used to provide a passive client solution can be leveraged for an active client solution.
The models defined in [WS-Security], [WS-Trust], and [WS-Policy] provides the basis for federated trust. This specification extends this foundation by describing how these models are combined to enable richer trust realm mechanisms across and within federations. This section describes different trust topologies and how token exchange (or mapping) can be used to broker the trust for each scenario.
Read more Here