2. About Skyline Technologies
• Leading Microsoft solutions provider
– Develops and tailors IT applications to meet the business and
technical objectives of customers
– Serves clients in the manufacturing and retail to healthcare,
transportation, and logistics industries
• Microsoft Partner with Gold competencies in Business Intelligence,
Content Management, Portals and Collaboration, and Web Development
and Silver competencies in Data Platform, Project and Portfolio
Management, Search, and Software Development.
• Provides a pathway to speed your company toward its vision.
• Recognized by businesses nationwide as a team of smart, experienced
people and a Microsoft Gold Certified Partner organization specializing in
adapting Microsoft solutions to individual client’s needs.
3. Agenda
• SharePoint Access Control
• What are Claims?
• Why would you use them?
• Claims-Based Authentication
• Reality of Claims Based Authentication
• Reference Materials
4. SharePoint Access Control
• Authentication vs. Authorization
– Authentication = Who are you?
– Authorization = What can you do?
• Information Rights Management
– Windows Server 2008 Active Directory Rights
Management Server
– CSS Print Suppression
• @media print { .NoPrint { display: none; } }
6. Groups
SharePoint Groups Active Directory Groups
• Distributed • Centralized
• SharePoint Only • Enterprise
• Auditing • Auditing
– 3rd Party Tools – Member Of
7. What are Claims?
• Attributes about a User
• Need to Come from Someone You Trust
• Driver’s License Example
– Trusted Provider = State of Wisconsin
– Claims
• Name = Jonathan Schultz
• Age = 35
• Organ Donor = No
8. UWEBC Claims Example
• Trusted Provider = Cavinda
• My Claims
– Name = Jonathan Schultz
– Company = Skyline Technologies
– Presenter = Yes
9. Why Use Claims?
• Claim Augmentation
– Security Groups from Active Directory
– HRMS/CRM Attributes
• Title/Role
• Federation
– Partner Network
• Business to Business
– Subsidiaries
– Web 2.0 (Windows Live, Facebook, etc.)
• Advanced Authentication & Authorization
15. Claims Based Architecture Notes
• New in SharePoint 2010
• Authentication Prompt for Multiple Providers
• All Intra/Inter Farm Calls are Claims Based
– i.e. Service Applications
• Claims-to-Windows Token Service Needed for
Some Service Applications, i.e. PerformancePoint
Services
17. Reality of Claims Based Authentication
• Claims Authorization uses OR logic, not AND
– Scenario: Authorize US HR User
• Location Claim = US
• Department Claim = HR
• Will also succeed for US IT because of US OR HR
• Trusted Identity Providers
– Cookie Driven (Watch out for domains/paths)
– Time Based Expiration (Server Times)
• Claims + Kerberos + SSRS = Problem
18. Reference Materials
• Claims and Security Technical Articles for
SharePoint 2010
• Implementing Claims-Based Authentication with
SharePoint Server 2010 – White Paper
• A Guide to Claims-Based Identity and Access
Control – Patterns & Practices
• Custom Claims-Based Security in SharePoint
2010
• Steve Peschka’s Blog: Share-n-dipity