Security Service
This document describes Security Services of Team Foundation at the API level. The security services consist of two core Team Foundation Server Web services: the Group Security Service and the Authorization Service. These Web services are exposed on the application tier. They are consumed through APIs that are sub-services of the TeamFoundationServer client-side object model. The client-side APIs are designed to be the primary interface for managing Team Foundation Server security for third-party tools.
Group Security Service
The Group Security Service enables consumers to manage Team Foundation Server application groups. This is the central mechanism by which the server manages all users and groups.
This service can be used independently of the Authorization Service. Regardless of whether the Team Foundation -provided authorization is used or consumers implement their own authorization logic, this service can be used for querying group memberships for subsequent permission evaluation. In fact, the version control components of Team Foundation Server authorize the path-level permissions independently of the Authorization Service. They query for group memberships against the Group Security Service.