...
The ID-WSF 2.0 spec set is fairly large, and covers a lot of ground. (See LibertyWSFIntrofor a basic introduction.) It's a good idea to have a rough understanding of the primary standards that WSF is based on before trying to digest it all at once.
...
As an order to approach the technical material, I would suggest:
- LibertyWSFSOAPBinding: Defines the basic message structure and SOAP header blocks (required and optional) that make up a WSF SOAP message, a lot of it derived from WS-Addressing.
- LibertyWSFSecurity: Interoperable profiles for securing LibertyWSFSOAPBinding messages in various ways, including a SAML 2.0 profile supporting services acting on behalf of user identities.
- LibertyWSFAuthentication: Includes a web service for client authentication designed around the SASL framework, and a pair of SAML 2.0 profiles that combine the SAML Authentication Request protocol with the LibertyWSFSOAPBinding. This provides clients and servers with the ability to leverage SAML tokens (or other LibertyWSFSecurity mechanisms) and obtain new SAML tokens for use by other services.
...
There are a handful of infrastructure services defined on top of the core messaging and security layer:
- LibertyWSFDiscovery: Powerful but somewhat overloaded, combines registering and locating web services with the capability to issue security tokens needed for accessing them. WSPs register their service information and indicate their security requirements so that a query can return everything a WSC needs to access a WSP in a single
EndpointReferencestructure. - LibertyWSFPeople: A web service enabling users to reference other users across IdPs without requiring the use of global identifiers. The People Service utilizes features exposed by Liberty IdPs to map identifiers between namespaces and can issue invitations on behalf of users to establish new federated identifiers across domains.