Just what is an STS anyway:
A Security Token Service (STS) is the plumbing that builds, signs, and issues security tokens using the interoperable protocols.
Difference between Active STS and Passive STS:
| Active STS mode | Passive STS mode | |
| Definition(sort of) | In Active Federation your Relying Party (RP) has its login window (web page) and asks the STS for security token. "Active" to anything capable of using WS-Trust which is the protocol you use to obtain a token from an STS. | Passive Federation is when Relying Party (RP) does not have a login page and redirected to the login page located on STS. Since Web browsers cannot directly make SOAP calls they dumbly redirect to an STS and get the tokens. |
| Examples | Web Services/WCF | web applications(ASP.NET) |
| Hosting | Self-hosted / IIS | IIS/or any web server. |
| What protocol is involved? | WS-Trust protocol | WS-Federation passive protocol. The lack of SOAP capabilities forced some creative solution for "emulating" WS-Trust on top of GET, POST and cookies: the result is the above mentioned dance of redirects, where the browser goes back & forth between previously established addresses on the resource and requestor domains and using cookies for communicating authentication information. THIS is what is meant by passive federation. |
http://blogs.msdn.com/b/vbertocci/archive/2008/06/05/active-passive-and-passive-aggressive.aspx
********************** IMPORTANT--PLEASE READ ************************
This electronic message, including its attachments, is COMPANY CONFIDENTIAL
and may contain PROPRIETARY or LEGALLY PRIVILEGED information. If you are
not the intended recipient, you are hereby notified that any use, disclosure,
copying, or distribution of this message or any of the information included
in it is unauthorized and strictly prohibited. If you have received this
message in error, please immediately notify the sender by reply e-mail and
permanently delete this message and its attachments, along with any copies
thereof. Thank you.
************************************************************************
No comments:
Post a Comment