This article describes the installation process of using Azure Access Control Service (ACS) as an identity provider for SharePoint. This article uses Windows Live-ID as test.
This article uses ACS as the first federator after the consuming application with reference to the below architecture.
1: Administrative access to the Azure ACS. (https://manage.windowsazure.com/)
2: Access from SharePoint solution to Azure ACS url. (Internet browsing available)
3: Access to public URL of SharePoint solution. (SharePoint exposed to the internet)
The below should give a simple overview to the infrastructure of identity federation. The approach is generic, however my experience is vastly within the Microsoft portfolio of identity federation products. The following description is from an infrastructure perspective and does not cover the solution specific elements like the claim specification e.g.
Directory Services: Active Directory, eDirectory, Red Hat Directory Server
Consumer: SharePoint, CRM
Federator: Active Directoy Federation Services, Azure Account Control Service, Novell Access Manager
A federator(Identity Provider) can federate its own organization identities to either another federator or to a consumer.
The relying party is created from either the consumer or another federator, to the federator providing the identities.
A federator can federate one or more organizational identities to the same consumer.