The Federated Model for .NET My Services

The federated model for .NET My Services will allow users to access their data from a common set of Web sites and applications without requiring them to store their data with Microsoft.

Under the original model, a user would store personal data, such as her credit card number and home address, in Microsoft’s instance of .NET My Services. Then she could allow an e-commerce site to access this data so she wouldn’t have to reenter it when making a purchase. Microsoft’s authentication system, .NET Passport, would authenticate both the user (to make sure she was the same person who originally entered the data) and the e-commerce site (to make sure the request was actually coming from the site that claimed to be making it). Once both parties were authenticated, Microsoft’s instance of .NET My Services would check to see whether the user had authorized the e-commerce site to access this information and, if so, grant access.

Under the federated model, the user will be able to store her personal data with any organization, such as her ISP. To federate with Microsoft, the ISP will have to establish a trust relationship with Passport, so that authentications from each system can be understood by the other. The ISP’s authentication system will authenticate the user, and Passport will authenticate the site. After both parties are authenticated, the ISP’s instance of .NET My Services will check to see whether this e-commerce site is authorized to access this user’s data.