Aucune remarque pour cette diapositive
VerbsVerbs tell the server what to doGET and POST most common, but others used in various ways – i.e. REST
Responses composed of:CodeHeadersBlank LineBodyResponse CodesGive clues about errors401 means not authenticated
Purpose: To describe the basics of WS-FederationSimilar to the SAML Web SSO ProfileUses different messagesSequence is pretty much the same as SAMLPurely SP-Initiated
Refresh tokens add an element of security, so that the access token can have a lifetime while still giving the client a way to access the resource. The refresh token is no good without the client’s secret. Really what a refresh token does, is that it’s an authorization for a client to obtain an access token in the future without intervention of the user.
Why have an access token? For UserInfo retrieval
Active Directory from the on-premises to the Cloud – Windows Azure AD whitepapers: http://www.microsoft.com/en-us/download/details.aspx?id=36391