Brian Swan has a new post to his blog today that aims to help you understand how your scripts access the Windows Azure AppFabric and how to can control the levels with the Access Control Service.

In a post I wrote a couple of weeks ago, Consuming SQL Azure Data with the OData SDK for PHP, I didn't address how to protect SQL Azure OData feeds with the Windows Azure AppFabric access control service because, quite frankly, I didn't understand how to do it at the time. What I aim to do in this post is share with you some of what I've learned since then. I won't go directly into how to protect OData feeds with AppFabric access control service (ACS, for short), but I will use PHP to show you how ACS works.

He illustrates with an example from another blog about a night club with a bartender, bouncer and checking wristbands to make sure the patrons are allowed to drink. In this case, the "bouncer" is the Access Control Service, a built-in feature of your Azure instance. He shows how to set it up, configure policies and the PHP code for both sides of the equation - the "bouncer" to change the certification sent and the user with a "wristband" to send the credentials on connect.