ACS v2 Protocols & Tokens Matrix

Version 2 of Windows Azure’s Access Control Service (ACS) was released recently.  There seems to be some confusion flying about when it comes to which security tokens are provided by protocols or ACS mechanisms.  Here’s a quick matrix which we hope will clarify the situation:

  SWT SAML 1.1 SAML 2.0
OAuth 2.0

   
OAuth WRAP

   
SAML (SAMLP)    

WS-Federation

WS-Trust

So you can acquire a SAML 2.0 token using a SAML protocol (aka, SAMLP), but not SWT or SAML 1.1 tokens.

This matrix also draws attention to other issues:

  • SWT tokens are the most protocol agnostic. ACS supports rendering SWT tokens from all protocols except SAMLP.
  • SAML 1.1 are the most protocol specific.  If your application requires SAML 1.1, ACS has already made your protocol decision for you. (From a security token perspective, WS-Federation is a more complex special case of WS-Trust)