Garrett Serack
Community Program Manager
Microsoft Corporation

Authentication in an era past
Music: Kevin MacLeod

Authentication in an era past
Music: Kevin MacLeod

At the core, very little
Usernames and passwords still very prevalent
Graphics are a tad better

War Games
Music: Kevin MacLeod
Video: MGM © 1983

War Games
Music: Kevin MacLeod
Video: MGM © 1983

Passwords shouldn’t be words like “pencil”
Perhaps writing them down in a commonly accessible
place isn't the wisest move
At least we don't echo the letters back to the screen
anymore
Where is the accountability?

Garrett Serack
Community Program Manager
Federated Identity Team

Instead of using shared secrets to authenticate, we can
use cryptography
PPIDs are unique to the user  website relationship
Websites can have a common, consistent user
experience
Reduce drop-off, with simplified sign-up

Preparation
Sign In
Association
Recovery
Visuals

SSL Protected Website

Information Cards Users
PK UniqueID PK UserID
FK1 UserID FirstName
PPID LastName
IssuerID EmailAddress

Perform Client
Side Detection
Does the
No Browser Support Yes
Information
Cards?
Web Page without Card Enabled
Card Support Web Page
<html> <html>

Please Sign In
or
<html>
The user is
Yes Is this card
associated
No
signed in with an
account?
Choose:
Associate with an existing account
Create a new account
Welcome back Choose a different card
<html>
to the website
<html>

Choose:
Associate with an existing account
Create a new account
Choose a different card
<html>
Recovery
Account Creation
Scenario
<html> Start Over <html>

Sign In:
Choose:
Authenticate via:
Associate with an existing account <html>
Username/Password
Create a new account
Proof of account
Choose a different card <html>
<html> Send email
confirmation

Explicit sign up
Registration:
Welcome
Optional The user is to the website
<html> validation steps signed in
<html>
Implicit sign up
Choose:
Associate with an existing account
Create a new account
Choose a different card
<html>

Pat Felsted Mike Jones
Bandit Project Lead Dir. of Identity Partnerships
Novell, Inc. Microsoft Corporation

Industry Support for Information Cards
Based entirely on open protocols
Identity requires cooperation – and you’re seeing it today!
Interoperable software being built by
Novell, IBM, Sun, Ping Identity, BMC, VeriSign, …
For Linux, MacOS, mobile devices, …
With browser support happening for
Firefox, Safari, …

Bandit Project
Provides loosely-coupled open source identity
components
for Authentication, Authorization, and Audit
Information Card solutions built from these components:
Identity Selector, Identity Provider, Relying Party
On multiple platforms
Sponsored by Novell – with open participation
Code contributor to Higgins open source identity project

Pat Felsted
Bandit Project Lead
Novell, Inc.

What you just saw
Multiple platforms, browsers, and identity selectors
All signing into a Joomla relying party site
Demo scenarios:
IE7 and Windows CardSpace on Windows
Firefox 2.0 and Windows CardSpace on Windows
Firefox 2.0 and Bandit Identity Selector on Linux
Firefox 2.0 and Bandit Identity Selector on the Mac
Demonstrating protocol and program interoperability

Garrett Serack, Vittorio Bertucci, Caleb Baker

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.