Active Directory Federation Services (AD FS)
- four day Microsoft Course (50412B: Implementing Active Directory Federation Services 2.0)
- definition: Linking a security principal's identity/attributes to a foreign identity management
- example: OAuth, OpenID with Facebook, Microsoft Account, Google Account, etc.
- standard: Claims-based identity
   » it's an Authentication method, not Authorisation
   » claims are packaged into SAML tokens using a Security Token Service (STS)
Resources: Security Assertion Markup Language
                 SAML 101: What It Is, How It Works & Why It's Important
                 SAML tokens and WS-Trust Security Token Service (STS)

Overview:
- it's Microsoft's implementation of an ID management framework
- v1, 1.1 were add-ons (didn't come as part of OS); v 2.1 is included in Windows Server 2012
- dedication to Web standards (can federate with non MS infrastructures)
- around 50 PowerShell cmdlets (ADFS module) - AD FS Cmdlets in Windows PowerShell
- integration with Dynamic Access Control

Additional resources:
- Active Directory Federation Services Overview
- AD FS 2.0 Content Map
- Installing and configuring Active Directory Federation Services
- AD FS 2.0 Step-by-Step and How To Guides