What security benefits does WIF provide?

Question

We currently use WIF to secure our application and back end services. I'm trying to determine if we really have a need for WIF in our solution, or if its just an extra layer that consumes resources without providing any benefit.

Our current application is split up into 2 separate web applications, a Client and Admin and several WCF services. Identity is not shared between the two applications(You have different credentials for admin and client). Identity is only ever shared between the client and the WCF services. This occurs between machines, but never across networks or enterprise boundaries.

We use a third party to perform authentication, however the 3rd party is not used as an Identity Provider. That function is performed inside the application itself.

We currently have no future plans to share identity between other applications or services, or to use a 3rd party Identity Provider, etc.

Given the way our application is setup, do we really gain much from using WIF as an additional means of securing our back end services? If WIF was removed what are we losing?

Answer 1

If you remove WIF, you'll have to replace it with something. Unless you decide that you don't need user authentication and authorization at all. Remember that in addition to authentication, WIF gives you the claims-based authorization model.

Another benefit of WIF is that it's becoming a well-known standard way of securing applications, meaning that when you bring on new developers in the future, they'll likely be familiar with your security model. That's a big benefit. Compare that to a custom security model that you'd have to train the new developers on.

Also, WIF is a proven technology with well-known security benefits. If you implement WIF as recommended, your applications are secured. That's not necessarily true of other models, especially a custom-designed security model.

Also, you say that you currently have no future plans to use the more advanced features of WIF. There's a big difference between not currently having plans and never ever going to do it. With your current WIF implementation, you have the flexibility to add those things if plans change in the future. If you replace WIF with something else, you're giving up that flexibility. Or at least making it much more difficult.

Were it my project, the first questions I would ask are:

1. Does the existing WIF security model work? If no, then fix or replace. If yes, then ...
2. Is it causing any trouble (materially affect memory usage, application response, or developer productivity)? If not, then leave it alone. If yes, then ...
3. Are the benefits of replacing it worth the cost and the risk of breaking something or failing to implement some other feature?

If you have something that works and doesn't impede your ability to improve your application, then any time you spend working on that piece is at the cost of some other feature.