The Extensible Security Infrastructure of the Windows Communication Foundation provides a flexible and easily customizable way of controlling access to the resources of a software application. It allows for access to resources to be controlled based on claims. Claims-based authorization subsumes both role-based authorization and authorization using access control lists.
The power of the Extensible Security Infrastructure was demonstrated by an exercise in which access to an intranet service controlled using role-based authorization was extended to permit controlled claims-based access by the users of another organization. That was accomplished by adding security token services built using the Extensible Security Infrastructure to the solution to serve as a foundation for federated identity. In the process, no changes had to be made to the code of either the client or the service, which is an eloquent demonstration of the power that the Windows Communication Foundation can bring to bear on complex business scenarios.