A. ADFS was introduced in Windows Server 2003 R2 as a means to allow single-sign on, controlled access between organizations through the use of Security Account Markup Language (SAML) tokens. This controlled access is based around web-based services.

ADFS Version 2, formally known as Geneva, builds on this functionality and is made up of three pieces:

  • The Active Directory Federation Services 2.0 server, a security token service (STS) that's responsible for the authorization of the requesting caller, creation and issuance of tokens that contain claims based on predefined rules, and transformation of incoming SAML tokens for use in the internal organization. ADFS v2 is used to create federations between organizations. ADFS v2 only uses Active Directory for the authentication store.
  • Windows Identity Foundation (WIF), the developer platform that allows .NET applications, such as ASP.NET, to actually consume the claims provided SAML tokens. This saves the applications from worrying about identity logic.

Windows Cardspace, an identity selector that runs on the client and helps users pick the right token for each target application when prompted.