This need for authentication and authorization are common across many different types of systems, from Web services and browser-based applications, to rich Windows desktop applications, and console command line applications. But despite the common need for these features, many services require with solutions. Most developers are not security experts, and many feel uncomfortable being given the job of authenticating and authorizing users. This is not a subject that has been traditionally taught in computer science curriculum, and there’s a long history of ignoring it until late in the development lifecycle.
It’s often difficult to implement single-sign on across them, or to federate identity across security realms. How a service in system A can trust a request in system B ? How to authorize them ?
SAML: specified an XML format for tokens (SAML tokens) as well as protocols for performing Web App/Service single sign on using SAML tokens, sometimes referred to inside Microsoft as SAMLP (for the SAML protocol suite). WS-Federation and related WS-* specifications also define a set of protocols for Web App/Service single sign on SWT: While SAML and WS-* are protocols designed to be used with SOAP, REST aims for a more minimalist approach. Thus, AC issues tokens in a format called Simple Web Token (SWT) developed jointly by Microsoft, Google, and Yahoo. A SWT token (pronounced swat) looks very much like the query string in a URL, and consequently is easy to parse by any REST Web service. WRAP : The protocol that AC uses to issue tokens is called Web Resource Authorization Protocol. WRAP is a REST convention (developed in conjunction with SWT) that is used to request tokens from issuers such as AC. As you might expect, this community-developed protocol is simple to use. To request a token, issue a POST command with your request to your issuer's WRAP endpoint (AC refers to this as its STS endpoint) with a content type of "application/x-www-form-urlencoded.“
Picture from : http://en.wikipedia.org/wiki/File:ESB.svg
Picture from : http://www.microsoft.com/windowsazure/appfabric/
Service Bus helps to provide secure connectivity between loosely-coupled services and applications, enabling them to navigate firewalls or network boundaries and to use a variety of communication patterns.