First session today was titled "Securing ASP.NET and Windows Communication Foundation (WCF) Applications with Windows Cardspace" by Vittorio Bertocci, but it actually was covering ADFS "2". ADFS is Active Directory Federation Services and is part of the Windows Server 2003 R2.

What ADFS really is, is a Security Token Service (STS), so Federation is one scenario and for ADFS 1 it is probably the most likely scenario because it is somewhat limited. So what is a STS you might wonder and why do I need one? This is a question that I hope to answer in a future post (or a series of posts), where I also will cover some parts that it takes to build a STS and make it useful. For now a STS is a service that verifies the identity of the user and creates a SAML token that the business services could use to perform its security work.

Implementing a STS requires a lot of work and knowledge of cryptographic, all of this is infrastructure that everyone today will need to repeatedly implement if STS will be a good solution to your security requirements. Since this is plumbing code it would better if for example Microsoft could provide this, and that is what they will do with ADFS "2", and they have broaden the scope of ADFS to not only include federation scenario. What Vittorio covered was a scenario with Cardspace, both with private, and in the case of STS, managed cards. This is still very early sneak peaks of ADFS 2, but it looks promising.