BizTalk Labs
Identity Services

Search
Identity Home Getting Started with Identity What's New with Identity Feedback

The BizTalk Services Identity Provider

The Identity Provider service is a publicly-accessible Security Token Service (STS). Third-party Web sites and applications can use the Identity Provider for authentication and access control. Applications and users can obtain secure authentication tokens from the Identity Provider Service. These tokens can then be exchanged, to allow communicating parties to provide proof of their identities.

To learn more about the STS model, see the WS-Trust specification.

Why would applications use the Identity Provider?

Using the Identity Provider within BizTalk Services as a third-party identity provider for an application enables developers to "offload" authentication functions and eliminate the overhead of creating and maintaining an authentication and identity subsystem.

Strong authentication based on tokens from the Identity Provider can form the basis of secure communications, including digitially signed or encrypted messages. Strong authentication also enables identity-based access control.

How would applications or users employ the BizTalk Services Identity Provider?

Today, users can authenticate to the BizTalk Services Identity Provider via Windows® CardSpace, while "headless" applications, such as server applications, authenticate to the Identity Provider via a user name and password.

How can an application take advantage of Identity Services in the BizTalk Services offering?

If you run a Web site or Web service, you can enable it to accept identity tokens provided by the Security Token Service. To do this, you must create a digital identity at this site on behalf of your site or service, and then you must configure your site or service to accept the appropriate identity tokens.

Users of those sites or services should also create a digital identity at this site and associate an Infomation card. When the user later connects to a Web site or service that requires a secure identity, the Windows CardSpace user interface will be triggered, and the user can select the associated Information Card to send to the Security Token Service to get a token, and then the token is sent to the remote application. When using an Information Card to authenticate at a site or service, information from the user's identity is released from the Identity Provider to the site or service via a secure credential that only the desired web site or service can read.

Must an application use the other services within BizTalk Services, in order to use the Identity Provider?

No. Secure identities provided by the BizTalk Services Identity Provider can be employed by any application. The Identity Provider is a Secure Token Service as described in the WS-Trust standard, which means identity tokens issued by the Identity Provider should be fully interoperable with other WS-Trust infrastructure and applications.

Try It Now

Quick Jump

The BizTalk Services SDK and the BizTalk Labs Services are currently available at CTP (Community Technology Preview) status. Microsoft offers this CTP as an early release of technology, to explore ideas and solicit feedback that will help shape a final release. The BizTalk Labs capability is not currently intended for high-availability production applications but rather to allow for measured experimentation. The BizTalk Labs team appreciates any feedback you have on these technologies.

©2008 Microsoft Corporation. All Rights Reserved. Privacy Statement | Terms of Use microsoft