Understanding Windows Azure platform AppFabric Access Control Service Resources

Before we can begin using the Windows Azure AppFabric Access Control Service (ACS) to decouple our applications from security concerns and enable claims-based identities we need to understand the Resources contained in the Service Namespace and what role they play in the authentication and authorization infrastructure. This brief blog entry is meant to provide you with the basic understanding and vocabulary required to get started.

Service Namespace

The Service Namespace is an abstraction for the collection of ACS Resources including Token Policies, Scopes, Issuers, and Rules (which are described in more detail below).

The Service Namespace is comprised of a hierarchy of related entities. At the root of this hierarchy is the AppFabric Service Account Project. The Service Namespace can be broken into three constituent parts as shown in Figure 1, the Token Policy, the Scope, and the Issuer.

Figure 1 – Service Namespace Object Hierarchy

Token Policy

A Token Policy defines token expiration periods and digital signing keys. A Token Policy may be shared across Service Namespaces and is used by the ACS to sign the response tokens and to set their expiration periods.

Issuer

An issuer is a party that will issue requests for tokens from the ACS. An Issuer may not be shared across Service Namespaces.

Scope

A Scope groups rules governing ACS token issuing behavior. A Scope contains exactly one internal RuleSet object which can be populated with multiple Rules. A Scope may not be shared across Service Namespaces.

Rule

A Rule defines a transformation between one or more input claims and one or more output claims. Rules cannot be shared across Service Namespaces. The Rule feature is one of the most powerful and innovative features of the Windows Azure ACS.

RuleSet

A RuleSet is a collection of individual Rule objects. We do not directly create the RuleSet object; one is created automatically for us as part of a Scope.

Claim

The ACS Rules engine uses Rule objects to perform actions using incoming claims to create outgoing claims. A Claim is a statement that can be made about an entity. Applications and Services such as the ones that you will build specify what claims are necessary to perform a given operation.

Identity

Simply stated, an Identity is a collection of claims. Your ACS enabled application will accept identities from the ACS, an identity provider that your application implicitly trusts. The ACS will verify the claims made by your application users, and will transform those claims into ones usable by your application using the Rules defined in the Ruleset of the Scope that applies to your Service Namespace.

We help companies make the most of Microsoft Azure.

We are a premier Microsoft Azure solutions provider managing public and private Azure clouds.

Collaborate with Experts

You gain the experience and successful track record of a top 5 Microsoft cloud partner.

Optimize Performance

You can count on a solution which delivers performance, scalability and reliability.

Improve Security

You will know that any security concerns were carefully addressed.

Collaborate with Experts

  • Plan out your cloud strategy without having to commit all your applications to the public cloud: >> Hybrid Approach.
  • Microsoft has the only viable hybrid strategy and expected to surpass AWS in market share by 2019.
  • We specialize in engineering, deploying and operating the right solution for your business by combining public and private Azure.
  • As one of the world’s five leading Microsoft Cloud Solution Providers (CSP), we help you identify the optimal environment to run each application including you database and storage.
  • Count on us to maintain your databases and ensure optimal performance: >> Managed DBAaaS.

Optimize Performance

  • Leverage ground-breaking performance and scale as you need it.
  • Accelerate hybrid cloud scenarios using Azure.
  • Benefit from a cloud with the most secure and least vulnerable database: >> Managed SQL Server.
  • Migrate to a database with the fastest In-Memory technology.
  • Deploy using Windows and Linux for any type of data and application.

Improve Security

  • Ensure you are secure from design through deployment: >> Managed InfoSec.
  • Eliminate concerns about exposing your data when using the public cloud.
  • Define your objectives and build the right foundation using best practices and then execute it.
  • Meet HIPAA/HITECH and PCI DSS compliance: >> Managed Compliance.
Stay Informed

Sign up for the latest blogs, events, and insights.

We deliver solutions that accelerate the value of Azure.
Ready to experience the full power of Microsoft Azure?

Atmosera is thrilled to announce that we have been named GitHub AI Partner of the Year.

X