OWIN (Open Web Interface for .NET ) is a standard, a protocol to standardize the way an application talks to the host and KATANA is just an implementation of that standard developed and maintained by Microsoft. OWIN is such a standard that it let application frameworks run upon it and forget about everything beneath it. OWIN itself utilizes various host adapters to make sure it can talk to the underlying web servers (IIS and many others). OWIN is designed to decouple web servers from the frameworks you work under. It can make the applications lightweight and portable for the mixing frameworks and servers. OWIN is a away to break up the tight coupling between ASP.NET and IIS. With IIS supporting OWIN it is possible to run other OWIN-enabled frameworks such as Nancy on IIS. With Microsoft’s web frameworks depending on OWIN and not IIS it is possible to run those in other environments, such as self hosting within a process or on a web server on linux running Mono. SignalR and Web API already uses OWIN which means that they can be self hosted and other cool stuff. ASP.NET MVC6 which is part of ASP.NET vNext will be completely based on OWIN.
ASP.NET Identity is the reworked, flexible replacement for the old membership system that has been around since ASP.NET 2.0. ASP.NET Identity is more well designed and flexible than the old membership system and uses OWIN middle-ware components for external logins such as Facebook, Google and Twitter. Compared to the membership system, the architecture of ASP.NET Identity is very much improved and decoupled. Actually, ASP.NET identity doesn’t know (nearly) anything about OWIN at all. ASP.NET Identity is working on an application ignorant level, taking care of user and role storage. Then there are the OWIN authentication modules that takes care of the actual interaction with the external providers and keeping the user session. The plumping code required is built into the account-controller created by the new project wizard for ASP.NET projects.
For a typical application there will be a number of different application layers cooperating to provide the authentication functionality. The ASP.NET Identity module sits at the very bottom of the chain, far, far away from the incoming HTTP Request. In fact, it knows nothing about HTTP at all. The MVC account-controller provides all the plumbing to make the different modules interact with each other. The Google Authentication middle-ware interacts with Google to provide Google sign-on. In this example I only show Google, but if more social networks such as Facebook or Twitter were offered, they would be next to the Google middleware in the stack. The MVC acnount-controller is the generated MVC controller that ties all of the layers together.
The ASP.NET Identity module handles user and secure password storage, role mapping etc. OWIN and KATANA offers a flexible pipeline for external authentication with existing providers for authentication by Google, Facebook, Twitter and more. It is also possible to write your own custom authentication provider and get full integration with the OWIN external authentication pipeline and ASP.NET Identity.
Some good references are :