Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
En vedette
En vedette (6)
Similaire à Protecting Online Identities
Similaire à Protecting Online Identities (20)
Plus de goodfriday
Plus de goodfriday (20)
Dernier
Dernier (20)
Protecting Online Identities
- 1. Session: MIX09-T27F Live Identity Services Overview
- 2. Web ISVs Organizations Developers • Federation for • Turnkey selling their • Customizable federation for applications to identity UX adopting organizations • Single Sign On services • Easy on- • Access to user (Online, Live, IS boarding of new Vs) data customers • Works with existing identity infrastructure
- 3. Baseline understanding of Live ID Web Developers • Consuming Windows Live IDs on your site • Accessing user data on your site ISVs • Consuming federated identities • Rapid on-boarding for organizations
- 5. • Authentication: users, applications, devices Identities Strong • Investing in 2FA such as Smartcard, StartKey Authentication • User / IP reputation, Account abuse prevention Attacker Resistant • Live ID is fully customizable UI Customization • Delegated auth: user permission to access data Data Portability OpenID • Embracing Open Standards Federated • Compatible with Microsoft Federation Gateway Authentication
- 6. Type of identity Credential Types Principal Types • [Strong] Password, Principal Acting for Self Acting for User Pin User User auth • eID / Smart card (Client or Web) Application App auth (AppID) Delegation (Good) • CardSpace Impersonation • Policy-driven control (BAD!) Device DeviceID Linked DeviceID The Password Types of Live ID Users Anti-Pattern! • Live Mail / Hotmail accounts • EASI (“E-mail As Sign-In”) • Managed domains • Federated domains
- 8. Consume Accessing user identities & data SSO • Delegated Auth SDK • Web Authentication • Client SDK • Preview: Open ID
- 11. Cross-platform HTML http://login.live.com/controls/WebAuth.htm appid=<%=AppId%> context=welcomepage Existing: WebAuth.htm style=font-size=10pt; New: WebAuthLogo.htm font-family=verdana; font-style=normal; New: WebAuthButton.htm font-weight=bold; background=white; color=black;
- 12. Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762 Relying Party Web Site e.g., Contoso.com 1 End User 5 w/ web browser 4 2 3 Live ID WebAuth service
- 14. Recognizable & not jarring Sign-in Sign-up Consent
- 15. Customizable Contents Elements that can be customized. Partner Logo Task statement Product description Sign up section Task integration statement Header background Customizable Theme Elements cannot change. Sign-up section Customize look & feel. Font color Background color Button color User tile color Live ID description color
- 20. Microsoft is becoming an OpenID Provider (OP) Try the Live ID – OpenID Provider CTP Now 1. Set up a Live ID INT account: https://login.Live-INT.com/ 2. Set up OpenID alias: https://OpenID.Live-INT.com /beta/ManageOpenID.srf 3. Use OpenID 2.0 login URI: OpenID.Live-INT.com 4. Send feedback: openidfb@microsoft.com >> Production release of Live ID – OpenID Provider later this year
- 21. Consume Accessing user identities & data SSO • Delegated Auth SDK • Web Authentication • Client SDK • Preview: Open ID
- 23. “Granting Consent” phase End User with browser Consent UI consent.live.com Application Provider “Using Consent” Phase (user can be offline) (web site) Resource Provider (e.g., Windows Live Contacts) Live ID Delegation Service
- 24. Don’t panic! The SDK libraries handle all this for you! ru= ps=Contacts.View,Contacts.Update pl= ttype= 1: Compact token, 2: SAML token mkt= app=appid Application Verifier token: ts ip sig AppID, Timestamp, Client IP, SHA256 signature appctx=welcomepage
- 26. Federation Rapid on- Infrastructure boarding / tools • Standards based • Microsoft Services • WS-Trust/WS-Fed Connector • Microsoft Federation Gateway
- 27. Benefits of federated identity more services and applications more customers greatly simplify
- 28. Identity Providers (IdP) User Applications Relying Party (RP) Client SDK Live ID Windows Microsoft App Federation Web Site / Online App Gateway (MFG) Browser Live ID Other federated Identity Identity Providers Provider
- 29. Microsoft Services Connector Microsoft Federation Gateway Hub and spoke Connects auto-provisioning Production customizable 2006 self-service Free federation provisioning Objective: Connect to cloud services without changing existing identity infrastructure
- 30. Federation Rapid on- Infrastructure boarding / tools • Standards based • Microsoft Services • WS-Trust/WS-Fed Connector • Microsoft Federation Gateway
- 32. Using Federation Gateway & MSC 1. User clicks link -- 3. Services Connector issues login token and redirects to Federation Gateway 2. 4. Federation Gateway validates token and transforms claims 5. Federation Gateway issues service Browser token and redirects to service 6. User accesses service Office Desktop Apps Cloud Microsoft Microsoft Enterprise Federation Services Applications Connector Gateway Developer Active Services Directory
- 33. Web ISVs Organizations developers • Federation for • Turnkey selling their • Customizable federation for applications to identity UX adopting organizations • Single Sign On services • Easy on- • Access to user (Online, Live, IS boarding of new Vs) data customers • Works with existing identity infrastructure
- 35. Your feedback is important!
- 36. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.