Having followed Vittorio's work (blog, webcasts, code samples)related to claims-based identity over the last two-three years, I ordered this book as soon as it arrived. And this book did not disappoint. I read the book cover-to-cover within a week of its arrival and found it to be very useful in helping me better understand the concepts behind WIF.

Here are some additional details that I hope will be helpful to anyone considering this book:

1) Claims based identity is an important enabling technology that .NET developers and designer need to understand well. And this is not just case, if you are an ASP.NET or WCF developer. Claims-based identity is important even if you are SharePoint, BI or Azure developer.

2) This book is broken up into two parts. The first part explains the basics of claims based identity. Second part is more advanced and gets into the nuts and bolts of WIF.

3) Don't skip over the ASP.NET chapters (2, 3 & 4 ) just because you are not going to use WIF inside ASP.NET. These aforementioned chapters cover a number of important concepts ( such as single-sign-on, claims transformation, federation) that you will need to understand when using WIF outside of ASP.NET (say with WCF).

4) Being involved with the WIF team for a long time, Vittorio is able to provide important context around how some of the features have evolved, design decisions etc.

5) Last but not the least, it is hard to write a book on security. Fortunately, Vittorio has managed to write it in a conversational, unassuming style that makes it easy to read. Wherever needed, he provides a just in time, overview of protocols ( WS-Trust, WS-Federation and so on) without getting mired in the details associated with these, rather arcane, specifications.

This is a very good book, the author knows extremely well what he explains, provides a great introduction and the example of using the driver's license or passport as a valid identification from a trusted issuer provider on a movie theather or liquor store is an excellent analogy to understand. He goes quickly about how to use it on your own app, how to get claims backs and create custom code to extend the framework. Also he gives a lot of deep theory about the authentication process and all the complexities of security and how WIF makes things easier for you. He mentions how to create a test STS using WIF (new Visual Studio template that comes with the framework), that can be used during development to simulate a real life scenario and how to create your own custom claims.

I read the book, I have a better understanding, 200+ pages of great wisdom. Get it!!

Thanks

This is a must have for any anyone tasked with writing claims aware applicatons. Do NOT let the size of this book fool you either - it is jammed full of critical details. This is the only publication available that goes into the detail that Vittorio goes into. Whether you're new to claims-based development and just want to know enough to get started writing Relying Party's (that's about the first 50 pages), or need the in-depth knowledge of how protocols work, intricate details of WSFAM and SAM, and such, this book has you covered. I also like how Vittorio draws attention to solutions to some common problems, such as home-realm discovery, pass through claims, impersonation, proof-of-possession, custom STS's, and more. You will also find references to some very useful tools to aid in your development.