This section discusses example scenarios that you can implement with Windows® Identity Foundation (WIF).
The following fictional companies and their stated business needs are used in the sample scenarios that are described in this topic:
Contoso Hybrid is an international automobile engine supply company that specializes in manufacturing electric and fuel cell-based hybrid engines to car manufactures inside and outside of the US. In a strategic effort to meet the part ordering demands of its customers, the IT department at Contoso has been tasked with developing and deploying a secure Internet-accessible part ordering application through their host name Contoso.com. This application must also provide multiple levels of access for various internal users (Contoso employees) and external users (car manufacturer employees). To minimize costs associated with maintaining the parts ordering application, IT must also avoid the need for the application to use and maintain an additional account store in order for internal and external users to access the application.
Fabrikam Motors is a Swedish manufacturer of fuel efficient compact and small cars that is known worldwide for its low price point on hybrid automobiles. Although sales have been accelerating consistently year after year for Fabrikam, there has been a noticeable increase in hybrid engine failure rates in cars that have been sold to customers within their first year. In order for Fabrikam Motors to maintain its standard for high levels of service, it must implement a more efficient means by which hybrid engine parts can be ordered through Contoso Hybrid.
Identity Delegation Scenario. This scenario demonstrates the ability to access the resources from a Web service in Contoso Hybrid that requires an ActAs token; that is, the service requires the identity of the immediate caller (typically the identity of the service) and the original user who initiated the request (typically the identity of the interactive user).
Step-Up Authentication Scenario. This scenario demonstrates the ability to access the resources of different values (low value or high value) in Contoso Hybrid from within a single user session; that is, the user logs on initially with a low-strength authentication method (such as forms authentication) and gains access to the low-value resources; then, when the user tries to access high-value resources, they are prompted for step-up authentication to strongly authenticate them (such as a smart card).
Note that these scenarios are not the only scenarios that WIF can address; they are selected to show how WIF applies to a given scenario.
Note that Active Directory® Federation Services (AD FS) 2.0 offers a turnkey server product that can be used as a Security Token Service (STS) and help eliminate the need to build a custom STS. Refer to the AD FS 2.0 Product Documentation for the functionalities offered by the server product.