Jorgen Thelin
Senior Program Manager
Microsoft Corporation
Session Code: SIA303
Web                ISVs            Organizations
   Developers      • Federation for     • Turnkey
• Customizable       se...
Agenda
Baseline understanding of Identity Services & Windows
Live ™ ID
Identity challenges from Cloud Services

      Orga...
Windows Live Identity Services
Core principles
                                  Ease of use




                         ...
Identity Services - Many components
       Identities        • Authentication: users, applications, devices


 Strong Auth...
Software and Service Topology
                             Cloud
  Enterprise                                       Window...
Federated Ecosystem
Benefits of federated identity
  Open participation based on industry standards
  Linking service prov...
Software and Service Challenges
Security Challenges                 Adoption Challenges
 Identity islands:                ...
Federation               Rapid on-
  Infrastructure          boarding / tools
• Microsoft Federation   • Codename “Geneva”...
Scenario - Switching to Cloud Services
                              Cloud
    Enterprise                                 ...
Software and Service Topology – Federated Identity

                                   Cloud
   Enterprise                ...
Scenario - Collaborating with Other Organizations
                                     Cloud
    Enterprise               ...
Scenario - Outreach to End User Customers
                                   Cloud
   Enterprise                          ...
Solution: Microsoft Federation Gateway
   Federation hub service enables
   access to:
      Microsoft services           ...
Federation               Rapid on-
  Infrastructure          boarding / tools
• Microsoft Federation   • Codename “Geneva”...
Solution: Live Federation Tool for quot;Genevaquot; Server

    Codename “Geneva” Server connects Active
    Directory® to...
Federation Gateway + quot;Genevaquot; Server
Installation and Setup
Connecting to Federation Gateway
One-click federation tool for quot;Genevaquot;
   Connects Active Directory® to Federatio...
Federation Gateway and quot;Genevaquot; Server
Accessing federated resources
from inside corporate network
Using Federation Gateway and
quot;Genevaquot; – Accessing Services
1. User clicks link -- taken to Codename        3. “Gen...
Federation Gateway and quot;Genevaquot; Server
Accessing federated resources
from outside corporate network
Using Federation Gateway and
quot;Genevaquot; – Deployment Options

           Active
          Directory


              ...
Benefit: Reduced Federation Costs
 Federated Identity makes switching to Cloud Services easier:

     Microsoft Federation...
Connections - Federation Ecosystem
User Applications        Relying Party (RP)       Identity Providers (IdP)
            ...
Federation Gateway: Integration Options

    For businesses and universities:
       Microsoft Services Connector, “Geneva...
Consume              Accessing user
identities and SSO           data
• Web Authentication   • Delegated
• Client SDK     ...
Windows Live Web Authentication
How Web Authentication Works
        Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762




...
Customizing the Identity Experience


Recognizable and not jarring


 Sign-in     Sign-up Consent
Sign-in Screen                                     Customizable Theme
                                                   E...
Customizing Windows Live ID
Customizing Windows Live ID
 The top request from partners and the field!
Customizable Sign-in Screen
                         What was changed?

                         Partner Logo
           ...
Another Example – LiveWIM.com
Consume                 Accessing
identities and SSO          user data
• Web Authentication   • Delegated
• Client SDK   ...
Windows Live Delegated Authentication
Enabling data portability
Delegated Auth Protocol Overview
End User                 “Granting Consent” phase
  with
browser
                        ...
Web                ISVs            Organizations
   Developers      • Federation for     • Turnkey
• Customizable       se...
Resources

  www.microsoft.com/teched            www.microsoft.com/learning

  Sessions On-Demand & Community      Microso...
Complete an
evaluation on
CommNet and
enter to win!
Federation Resources and Links
 Microsoft Federation Gateway
    Released in 2006, available today
    Whitepaper: http://...
Live ID Resources & Links
Windows Live ID Developer Center - http://dev.live.com/liveid
  Windows Live ID Articles on MSDN...
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be...
Identity Services Drilldown - TechEd NA 2009
Identity Services Drilldown - TechEd NA 2009
Identity Services Drilldown - TechEd NA 2009
Identity Services Drilldown - TechEd NA 2009
Identity Services Drilldown - TechEd NA 2009
Upcoming SlideShare
Loading in …5
×

Identity Services Drilldown - TechEd NA 2009

1,517 views
1,399 views

Published on

Presentation from TechEd North America 2009
Abstract:
Microsoft's identity services enable enterprises, organizations, and developers to easily adopt the services they need. In this session learn about how identity solutions can enable service adoption, including: enterprises connecting their identity directory to cloud services, ISV developers leveraging Microsoft building blocks to sell their service to organizations, and web developers adopting customized versions of Live ID for their applications. We'll cover the Microsoft Federation Gateway service, updates to Live ID, and a turnkey adoption mechanism using Active Directory and Codename “Geneva” Server.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,517
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Identity Services Drilldown - TechEd NA 2009

  1. 1. Jorgen Thelin Senior Program Manager Microsoft Corporation Session Code: SIA303
  2. 2. Web ISVs Organizations Developers • Federation for • Turnkey • Customizable selling their federation for identity UX applications to adopting services • Single Sign On organizations (Online, Live, ISVs • Access to • Easy on-boarding ) user data of new customers • Works with existing identity infrastructure
  3. 3. Agenda Baseline understanding of Identity Services & Windows Live ™ ID Identity challenges from Cloud Services Organizations • Consuming federated identities -- Microsoft ® Federation Gateway • Rapid on-boarding for organizations – Codename “Geneva” Server + one-click federation ISVs • Become part of the federation ecosystem • Consuming federated identities • Rapid on-boarding for your customers and suppliers Web Developers • Consuming Windows Live IDs on your site • Accessing user data on your site
  4. 4. Windows Live Identity Services Core principles Ease of use Open and Rich Standards- functionality based Security is our top priority! Personal and Federation Business ready
  5. 5. Identity Services - Many components Identities • Authentication: users, applications, devices Strong Authentication • Investing in 2FA such as Smartcard, StartKey Attacker Resistant • User / IP reputation, Account abuse prevention UI Customization • Windows Live ™ ID is fully customizable Data Portability • Delegated auth: user permission to access data Open Standards • SAML 2.0 / OpenID / OAuth Federated • Compatible with Microsoft ® Federation Gateway Authentication
  6. 6. Software and Service Topology Cloud Enterprise Windows Microsoft® ISV Apps Apps Live Online Microsoft Live Azure™ Services Platform Online Dynamics® Mesh CRM Online Identity Service Browser Org On-Premises Active Office Directory® Desktop Apps Exchange ISV Apps SharePoint
  7. 7. Federated Ecosystem Benefits of federated identity Open participation based on industry standards Linking service providers and service consumers Access to more services and applications: Microsoft cloud applications Developers using Azure ™ Services Platform Developers using other hosting platforms Access to more customers: 500m+ Windows Live ID users Other organizations using federated identity Microsoft is offering solutions that greatly simplify the federation scenarios
  8. 8. Software and Service Challenges Security Challenges Adoption Challenges Identity islands: IT Admin User identity in AD on premise Re-work security practices Software service and tools? (Exchange Labs) is in cloud Re-train to manage identity Partners & Customers federation? Security zones: Users Physical isolation for Re-train on a new user on-premise software experience? Service in cloud Developers Data transport across Re-write existing applications? security zones
  9. 9. Federation Rapid on- Infrastructure boarding / tools • Microsoft Federation • Codename “Geneva” Gateway Server • Standards-based • One-click federation • Service adoption scenarios
  10. 10. Scenario - Switching to Cloud Services Cloud Enterprise Windows Microsoft® ISV App Apps Live Online Microsoft Live Dynamics® Azure™ Services Platform Mesh CRM Online Challenge: How to switch to cloud Typical IT Requests: services without scrapping your 1) Outsource service to existing identity infrastructure? cloud-based delivery (e.g. Exchange) 2) Move application to Enterprise On-Premises cloud hosting Active Directory® 3) Use a new cloud-service Exchange ISV App SharePoint
  11. 11. Software and Service Topology – Federated Identity Cloud Enterprise Windows Microsoft® ISV Apps Apps Live Online Microsoft Live Live Microsoft Dynamics® Azure™ Services Platform Mesh CRM Online Identity Federation Service Gateway “Geneva” Server Enterprise On-Premises Browser Active Office Directory® Employee Exchange ISV AppsSharePoint Apps
  12. 12. Scenario - Collaborating with Other Organizations Cloud Enterprise Windows Microsoft® ISV Apps Apps Live Online Microsoft Live Azure™ Services Platform Live Microsoft Dynamics® Mesh CRM Online Identity Federation Service Gateway “Geneva” “Geneva” Server University Server Org On-Premises Active Active Directory® Directory® Exchange Exchange ISV AppsSharePoint
  13. 13. Scenario - Outreach to End User Customers Cloud Enterprise Windows Microsoft ISV Apps Apps Live Online Microsoft Live Azure Services Platform Live Microsoft Dynamics Mesh CRM Online Identity Federation Service Gateway “Geneva” Server Org On-Premises Browser Office Active End User Directory Apps Exchange ISV Apps SharePoint
  14. 14. Solution: Microsoft Federation Gateway Federation hub service enables access to: Microsoft services Service Service Service Provider Provider Provider ISVs on Azure Platform Other businesses 500+ million Live IDs Federation Hub Manage one relationship to connect to any combination Hub and spoke model Customer Customer Customer handles endpoint changes, key rollovers, protocol changes
  15. 15. Federation Rapid on- Infrastructure boarding / tools • Microsoft Federation • Codename “Geneva” Gateway Server • Standards-based • One-click federation • Service adoption scenarios
  16. 16. Solution: Live Federation Tool for quot;Genevaquot; Server Codename “Geneva” Server connects Active Directory® to: Microsoft Federation Gateway Online/Live services, Windows Live ID & ISV services Other standards-based federation hubs Supports range of AD and network topologies: Single server, Server farm, Proxy server, DMZ Active Directory: Single domain, Single forest, Multiple forests Download tool for quick and easy connection setup to Microsoft Federation Gateway http://www.microsoft.com/Geneva
  17. 17. Federation Gateway + quot;Genevaquot; Server Installation and Setup
  18. 18. Connecting to Federation Gateway One-click federation tool for quot;Genevaquot; Connects Active Directory® to Federation Gateway and Cloud services / applications One-time federation setup – Trust-Provisioning Assert domain ownership via SSL cert issued by a trusted Cert Authority Registers organization's domain, sign-in endpoint, and token signing key http://msdn.microsoft.com/en-us/library/dd164396.aspx Microsoft Microsoft Cloud Organization “Geneva” Federation Server Applications Gateway Developer Active Services Directory Server Apps
  19. 19. Federation Gateway and quot;Genevaquot; Server Accessing federated resources from inside corporate network
  20. 20. Using Federation Gateway and quot;Genevaquot; – Accessing Services 1. User clicks link -- taken to Codename 3. “Geneva” Server issues login token and “Geneva” Server for authentication redirects to Federation Gateway 2. “Geneva” Server validates credentials with 4. Federation Gateway validates token Active Directory and transforms claims 5. Federation Gateway issues service token and redirects to service Browser 6. User accesses service Office Desktop Apps Microsoft Cloud Enterprise “Geneva” Federation Server Applications Gateway Developer Active Services Directory
  21. 21. Federation Gateway and quot;Genevaquot; Server Accessing federated resources from outside corporate network
  22. 22. Using Federation Gateway and quot;Genevaquot; – Deployment Options Active Directory “Geneva” “Geneva” Server Server Proxy External user Internal user Enterprise DMZ
  23. 23. Benefit: Reduced Federation Costs Federated Identity makes switching to Cloud Services easier: Microsoft Federation Gateway for federation of both enterprises and services Codename “Geneva” Server extends AD into the Cloud – a simple on-boarding process Federation Gateway and “Geneva” Server provides: Fewer federation relationships to configure Helps protect corporate account security No new user accounts needed No extra passwords for users to forget!
  24. 24. Connections - Federation Ecosystem User Applications Relying Party (RP) Identity Providers (IdP) Client SDK Live ID Windows App Microsoft Web Site / Online App Federation Gateway Browser Live ID Other federated Identity Identity Provider Providers
  25. 25. Federation Gateway: Integration Options For businesses and universities: Microsoft Services Connector, “Geneva” Server Works for businesses without Active Directory too Protocols: WS-* (WS-Trust, WS-Federation) Tokens: SAML For web applications / relying services: Frameworks: .NET, “Geneva”, Live Framework Protocols:
  26. 26. Consume Accessing user identities and SSO data • Web Authentication • Delegated • Client SDK Authentication SDK
  27. 27. Windows Live Web Authentication
  28. 28. How Web Authentication Works Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762 Relying Party Web Site 1 AdventureWorks.com End User with web 5 browser 4 2 3 Live ID WebAuth service
  29. 29. Customizing the Identity Experience Recognizable and not jarring Sign-in Sign-up Consent
  30. 30. Sign-in Screen Customizable Theme Elements cannot change. Customize look and feel. Font color Background color Button color Task integration statement User tile color Live ID description color Customizable Contents Elements that can Sign-up section be customized. Partner Logo Task statement Product description Sign up section Header background
  31. 31. Customizing Windows Live ID
  32. 32. Customizing Windows Live ID The top request from partners and the field!
  33. 33. Customizable Sign-in Screen What was changed? Partner Logo Task statement Product description Sign up section Header background Font color Background color Button color User tile color Live ID description color
  34. 34. Another Example – LiveWIM.com
  35. 35. Consume Accessing identities and SSO user data • Web Authentication • Delegated • Client SDK Authentication SDK
  36. 36. Windows Live Delegated Authentication Enabling data portability
  37. 37. Delegated Auth Protocol Overview End User “Granting Consent” phase with browser Consent UI consent.live.com Application Provider “Using Consent” Phase (user can be offline) (web site) Resource Provider (ex: Windows Live Contacts) Live ID Delegation Service
  38. 38. Web ISVs Organizations Developers • Federation for • Turnkey • Customizable selling their federation for identity UX applications to adopting services • Single sign On organizations (Online, Live, ISVs • Access to user • Easy on-boarding ) data of new customers • Works with existing identity infrastructure
  39. 39. Resources www.microsoft.com/teched www.microsoft.com/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http://microsoft.com/technet http://microsoft.com/msdn Resources for IT Professionals Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources
  40. 40. Complete an evaluation on CommNet and enter to win!
  41. 41. Federation Resources and Links Microsoft Federation Gateway Released in 2006, available today Whitepaper: http://msdn.microsoft.com/en-us/library/cc287610.aspx On-boarding documentation: http://msdn.microsoft.com/en-us/library/dd164396.aspx Codename “Geneva” Server Beta 2 available today http://www.microsoft.com/Geneva Live Federation tool for Codename “Geneva” Server http://www.microsoft.com/Geneva
  42. 42. Live ID Resources & Links Windows Live ID Developer Center - http://dev.live.com/liveid Windows Live ID Articles on MSDN - http://go.microsoft.com/fwlink/?LinkId=111111 Windows Live ID Documentation on MSDN - http://msdn2.microsoft.com/en-us/library/bb404787.aspx Windows Live ID Developer Forum - http://go.microsoft.com/fwlink/?LinkID=78146 Windows Live ID Team Blog - http://winliveid.spaces.live.com Windows Live ID Whitepapers Introduction to Windows Live ID - http://msdn2.microsoft.com/en-us/library/bb288408.aspx Understanding Windows Live Delegated Authentication - http://msdn2.microsoft.com/en- us/library/cc287613.aspx Windows Live ID Federation - http://msdn2.microsoft.com/en-us/library/cc287610.aspx Windows Live ID Documentation and SDKs Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762 Web Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkID=91761 Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=107420 Delegated Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkId=107419 Windows Live ID Client SDK download - http://go.microsoft.com/fwlink/?LinkId=86974 Delegated Authentication Resource Providers List - http://go.microsoft.com/fwlink/?LinkID=108535 Windows Live ID Web Authentication app registration page http://lx.azure.microsoft.com Windows Live Tools for Visual Studio - http://dev.live.com/tools/
  43. 43. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

×