Authentication and Authorization is well understood as long as you stay in your own trust domain. These tasks get much harder as soon as external users need to access your applications or you need to establish authorization for cloud based services (which are not “attached” to any trust domain at all). This talk takes a close look at Microsoft’s Access Control Service which promises to solve the above problems in a general purpose and standards based fashion.
Dominick Baier works as a security consultant at thinktecture (www.thinktecture.com). His main focus is security, identity and access control in distributed applications using the Microsoft technology stack. He’s the author of “Writing more-secure ASP.NET Applications” (MS Press) and the security curriculum lead at Developmentor. You can find his blog at www.leastprivilege.com.