What's the difference between ADFS, WIF, WS Federation, SAML, and STS?

Question

These are numerous technologies and buzzwords used for single sign-on with Microsoft services.

Can someone explain ADFS, WIF, WS Federation, SAML, and STS (Security

Answer 1

From a big picture viewpoint:

Assume an ASP.NET browser-based application that requires authentication and authorization.

The application can roll its own or it can outsource it.

WIF is a .NET library that allows ASP.NET to implement this outsourcing.

It talks to an STS (ADFS is an instance of an STS) which authenticates against an identity repository and provides authorization information in the form of claims. An STS provides a set of signed, trusted claims.

The protocol used between WIF and ADFS is WS-Federation.

If the STS was Java based (e.g Ping Identity or OpenAM), then WIF would use the SAML protocol for communication. ADFS also supports SAML to enable federation.

(Federation e.g. allows a user in a Java oriented company A to access the ASP.NET application in a .NET oriented company B by authenticating against A's identity repository. Company A and company B trust each other in a federation sense.)