Absolutely, you might only need access to the STS if you expose business web services to other companies which are protected by a token issued by your STS.
Oli ________________________________________ From: chris snow [[email protected]] Sent: 01 May 2013 20:33 To: [email protected] Subject: fediz: IDP deployed in DMZ, STS deployed behind firewall I am thinking of deploying the Fediz IDP and the RP in the DMZ, and hiding the STS behind the firewall. STS will be deployed behind the firewall because it has access to the credential store and deserves another layer of protection. It appears that only the IDP needs to communicate with the STS and that is through the WS-TRUST web service? Is this an expected deployment architecture for Fediz? Many thanks, Chris
