WCF: WS-* Federation HTTP Binding (WSFederationHttpBinding), Part 1
![Image](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhZy549yxWcMi5DaEUkenPUS5yFfOJge43-7REw70Flx0C5XyysUU3qxZJBwU-cVOL1RbxcFx4VFRlR9OGggjxLWbEHM8h_bzZKMJXYp-B_ZF1OsfH2F72UnhkJr_CoonJ8MEu0kVdj8DM/s1600/Federated+Diagram+1.png)
Federated security is interesting because it presents such a clear break between a service and the security (authentication and authorization) that protects it. Plus -- and this is the part I find even more intriguing -- federated security allows for trust . We'll look trust a little more in a moment but let's first consider that first point, the clear line between the service and its security. With federated security, a service requires clients to authenticate using a security token issued by a security token service. It's the security token service that is responsible for authentication and access decisions. Typically, a security token service is within a specific domain, such as an organization, and refers to policies set for that domain. Where federated security becomes really interesting is when a client in one organization accesses a service in another organization. In the example above, we have two organizations, Organization A and Organization B. Both orga