Security and authentication resource centers for SharePoint 2010 Products

SharePoint 2010 Products are logically divided into three distributed tiers: the front-end Web server tier, the application server tier, and the back-end database tier. Administrators and IT pros are empowered to control and manage access to the resources that reside within each of these tiers. Access to network resources can be centrally managed using the tools and methods described in the planning, deployment, and operations articles listed in the following security and authentication resource centers for SharePoint Server 2010 and SharePoint Foundation 2010.

An important new authentication feature of SharePoint 2010 Products is the ability to choose between claims-based authentication and classic-mode authentication when you create a Web application. Classic-mode authentication refers to the Integrated Windows authentication model supported in Office SharePoint Server 2007. Claims-based authentication is built on the Microsoft Windows Identity Foundation (WIF). WIF is a set of .NET Framework classes designed to enable the creation of claims-aware applications. A claims-aware application created with WIF can process WS-Federation authentication requests. WS-Federation is an authentication protocol that builds on two other standard protocols: WS-Trust and WS-Security. WS-Federation supports the token-based authentication architecture that enables a Web application to require a security token for authenticated access to resources.

For more information, see the following resource centers:

Security and Authentication for SharePoint Server 2010:
Security and Authentication for SharePoint Foundation 2010:

We also welcome any questions or feedback.

-- Douglas Goodwin, Writer, Office Servers UA

Comments (2)
  1. keshav says:

    hi can you please let me know the difference between the authendication method called SSOS ( single sing on service) in MOSS 2007 vs SSS (Secure store server) in MOSS 2010?

  2. sspb485 says:

    This is for authoring site [public facing publishing site with Windows authentication; content authors & approvers have to login to see the site]. It is like an intranet site extended to internet zone.

    SP version: SP 2010

    Browsers: IE 7.0 & higher; FF

    Problem:needs to end the session (authoring site) after 10 minutes of inactivity.

    Why? –> staff share computers, but have different logins & permissions

    OOB settings (like session timeout in IIS) don’t work as the solution is a system of systems (Windows, IIS & SP).

    Screensavers & closing the browsers were not acceptable.

    Please let me know if you have answer to my question. Thanks!

Comments are closed.

Skip to main content