Suppose I'm an ISV who wants to sell software that connects via the service bus. I'm interested in selling software, and am not interested incurring the cost/risk of a client who creates too many listeners/hosts on the AppFabric. Therefore, my client is responsible for acquiring and paying for the AppFabric account. I just want to be responsible for software maintenance.
My ultimate goal is to control the available features available to each user via a claim sent by ADFS. These claims will unlock features very similar to the Identity Training Kit's 10 Day Weather sample.
In this 2 STS system (I don't know the proper term for this), how does the host verify the integrity of the claims that are sent by the ADFS server if the ACS is considered non-Authoritative for claim information?
Can I just have an encrypted payload (sent as a claim) that is later verified, or is there an innate feature of SAML/ACS/WS-Trust/WIF I could take advantage of?
I'm not sure if it's possible for the ACS, which is owned and operated by someone who I don't directly trust, to alter or create false assertions that my ADFS server does not create.
I would like my host (who is using and the service bus) to act upon claims that my ADFS server makes, and not those that are created by ACS. The whole reason for this wierd topology is because I don't want to absorb the cost of the AppFabric connection count in my model. I'd rather have those customers who need it pay for it. Plus reselling the ACS at it is today isn't very appealing. There is no way for me to throttle connections used per listener/host, etc.
I'm actually only interested in the SB, not ACS per se. My understanding is that ACS is a requirement. Also, the SB is opt in... for those whose infrastructure requires it. Since I'm offering a free service, those who need that connectivity need to pay thier own way with Azure AppFabric.
All other customers will use WS-Trust to my ADFS server to my service.