6. The consequences Users have to remember lots of credentials Administrators have to manage user accounts in lots of systems User access cannot be traced The “trusted subsystem” anti-pattern Software blocks opportunity Acquisition Federation
12. Anatomy of a Security Token Collection of Claims Audience Valid Dates Issuer with digital signature Encryption Various formats (SAML 1.1, SAML 2.0, Custom…)
14. Security Token Services (STS) All Security Token Services issue tokens Identity Provider Security Token Service (IP-STS) Stores the identity information about a user Somehow authenticates a user Resource Security Token Service (R-STS) Transforms claims from one format to another Relies on at least one IP-STS A Relying Party (RP) consumes security tokens issued from a trusted STS
18. The Identity Protocols Browser based “Passive” clients WS-Federation SAML-P Non-Browser based “Active” clients SOAP WS-Trust 1.3 REST OAuth WRAP OAuth 2.0
19. Identity in the Microsoft Stack Windows Identity Foundation (WIF) Build Relying Parties using WS-Federation and WS-Trust Build custom Security Token Services StarterSTS ADFS 2.0 On premise IP-STS or R-STS Supports WS-Federation, WS-Trust, SAML-P Windows Azure AppFabric Access Control Service (ACS) R-STS in the cloud Supports OAuth WRAP, WS-Federation, WS-Trust, OpenId, Google, Yahoo and Facebook
20. Platform support for consuming claims SharePoint 2010 WF4 Security Activity Pack WIF provides support for: WCF via custom bindings ASP.NET via HTTP modules WCF Data Services
23. Contact Us Simon Evans simon.evans@emc.com http://consultingblogs.emc.com/simonevans http://twitter.com/simonevans
Editor's Notes
Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.