Search

Identity Services Drilldown - TechEd NA 2009

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Favorites, Groups & Events

    Identity Services Drilldown - TechEd NA 2009 - Presentation Transcript

    1. Jorgen Thelin Senior Program Manager Microsoft Corporation Session Code: SIA303
    2. Web ISVs Organizations Developers • Federation for • Turnkey • Customizable selling their federation for identity UX applications to adopting services • Single Sign On organizations (Online, Live, ISVs • Access to • Easy on-boarding ) user data of new customers • Works with existing identity infrastructure
    3. Agenda Baseline understanding of Identity Services & Windows Live ™ ID Identity challenges from Cloud Services Organizations • Consuming federated identities -- Microsoft ® Federation Gateway • Rapid on-boarding for organizations – Codename “Geneva” Server + one-click federation ISVs • Become part of the federation ecosystem • Consuming federated identities • Rapid on-boarding for your customers and suppliers Web Developers • Consuming Windows Live IDs on your site • Accessing user data on your site
    4. Windows Live Identity Services Core principles Ease of use Open and Rich Standards- functionality based Security is our top priority! Personal and Federation Business ready
    5. Identity Services - Many components Identities • Authentication: users, applications, devices Strong Authentication • Investing in 2FA such as Smartcard, StartKey Attacker Resistant • User / IP reputation, Account abuse prevention UI Customization • Windows Live ™ ID is fully customizable Data Portability • Delegated auth: user permission to access data Open Standards • SAML 2.0 / OpenID / OAuth Federated • Compatible with Microsoft ® Federation Gateway Authentication
    6. Software and Service Topology Cloud Enterprise Windows Microsoft® ISV Apps Apps Live Online Microsoft Live Azure™ Services Platform Online Dynamics® Mesh CRM Online Identity Service Browser Org On-Premises Active Office Directory® Desktop Apps Exchange ISV Apps SharePoint
    7. Federated Ecosystem Benefits of federated identity Open participation based on industry standards Linking service providers and service consumers Access to more services and applications: Microsoft cloud applications Developers using Azure ™ Services Platform Developers using other hosting platforms Access to more customers: 500m+ Windows Live ID users Other organizations using federated identity Microsoft is offering solutions that greatly simplify the federation scenarios
    8. Software and Service Challenges Security Challenges Adoption Challenges Identity islands: IT Admin User identity in AD on premise Re-work security practices Software service and tools? (Exchange Labs) is in cloud Re-train to manage identity Partners & Customers federation? Security zones: Users Physical isolation for Re-train on a new user on-premise software experience? Service in cloud Developers Data transport across Re-write existing applications? security zones
    9. Federation Rapid on- Infrastructure boarding / tools • Microsoft Federation • Codename “Geneva” Gateway Server • Standards-based • One-click federation • Service adoption scenarios
    10. Scenario - Switching to Cloud Services Cloud Enterprise Windows Microsoft® ISV App Apps Live Online Microsoft Live Dynamics® Azure™ Services Platform Mesh CRM Online Challenge: How to switch to cloud Typical IT Requests: services without scrapping your 1) Outsource service to existing identity infrastructure? cloud-based delivery (e.g. Exchange) 2) Move application to Enterprise On-Premises cloud hosting Active Directory® 3) Use a new cloud-service Exchange ISV App SharePoint
    11. Software and Service Topology – Federated Identity Cloud Enterprise Windows Microsoft® ISV Apps Apps Live Online Microsoft Live Live Microsoft Dynamics® Azure™ Services Platform Mesh CRM Online Identity Federation Service Gateway “Geneva” Server Enterprise On-Premises Browser Active Office Directory® Employee Exchange ISV AppsSharePoint Apps
    12. Scenario - Collaborating with Other Organizations Cloud Enterprise Windows Microsoft® ISV Apps Apps Live Online Microsoft Live Azure™ Services Platform Live Microsoft Dynamics® Mesh CRM Online Identity Federation Service Gateway “Geneva” “Geneva” Server University Server Org On-Premises Active Active Directory® Directory® Exchange Exchange ISV AppsSharePoint
    13. Scenario - Outreach to End User Customers Cloud Enterprise Windows Microsoft ISV Apps Apps Live Online Microsoft Live Azure Services Platform Live Microsoft Dynamics Mesh CRM Online Identity Federation Service Gateway “Geneva” Server Org On-Premises Browser Office Active End User Directory Apps Exchange ISV Apps SharePoint
    14. Solution: Microsoft Federation Gateway Federation hub service enables access to: Microsoft services Service Service Service Provider Provider Provider ISVs on Azure Platform Other businesses 500+ million Live IDs Federation Hub Manage one relationship to connect to any combination Hub and spoke model Customer Customer Customer handles endpoint changes, key rollovers, protocol changes
    15. Federation Rapid on- Infrastructure boarding / tools • Microsoft Federation • Codename “Geneva” Gateway Server • Standards-based • One-click federation • Service adoption scenarios
    16. Solution: Live Federation Tool for \"Geneva\" Server Codename “Geneva” Server connects Active Directory® to: Microsoft Federation Gateway Online/Live services, Windows Live ID & ISV services Other standards-based federation hubs Supports range of AD and network topologies: Single server, Server farm, Proxy server, DMZ Active Directory: Single domain, Single forest, Multiple forests Download tool for quick and easy connection setup to Microsoft Federation Gateway http://www.microsoft.com/Geneva
    17. Federation Gateway + \"Geneva\" Server Installation and Setup
    18. Connecting to Federation Gateway One-click federation tool for \"Geneva\" Connects Active Directory® to Federation Gateway and Cloud services / applications One-time federation setup – Trust-Provisioning Assert domain ownership via SSL cert issued by a trusted Cert Authority Registers organization's domain, sign-in endpoint, and token signing key http://msdn.microsoft.com/en-us/library/dd164396.aspx Microsoft Microsoft Cloud Organization “Geneva” Federation Server Applications Gateway Developer Active Services Directory Server Apps
    19. Federation Gateway and \"Geneva\" Server Accessing federated resources from inside corporate network
    20. Using Federation Gateway and \"Geneva\" – Accessing Services 1. User clicks link -- taken to Codename 3. “Geneva” Server issues login token and “Geneva” Server for authentication redirects to Federation Gateway 2. “Geneva” Server validates credentials with 4. Federation Gateway validates token Active Directory and transforms claims 5. Federation Gateway issues service token and redirects to service Browser 6. User accesses service Office Desktop Apps Microsoft Cloud Enterprise “Geneva” Federation Server Applications Gateway Developer Active Services Directory
    21. Federation Gateway and \"Geneva\" Server Accessing federated resources from outside corporate network
    22. Using Federation Gateway and \"Geneva\" – Deployment Options Active Directory “Geneva” “Geneva” Server Server Proxy External user Internal user Enterprise DMZ
    23. Benefit: Reduced Federation Costs Federated Identity makes switching to Cloud Services easier: Microsoft Federation Gateway for federation of both enterprises and services Codename “Geneva” Server extends AD into the Cloud – a simple on-boarding process Federation Gateway and “Geneva” Server provides: Fewer federation relationships to configure Helps protect corporate account security No new user accounts needed No extra passwords for users to forget!
    24. Connections - Federation Ecosystem User Applications Relying Party (RP) Identity Providers (IdP) Client SDK Live ID Windows App Microsoft Web Site / Online App Federation Gateway Browser Live ID Other federated Identity Identity Provider Providers
    25. Federation Gateway: Integration Options For businesses and universities: Microsoft Services Connector, “Geneva” Server Works for businesses without Active Directory too Protocols: WS-* (WS-Trust, WS-Federation) Tokens: SAML For web applications / relying services: Frameworks: .NET, “Geneva”, Live Framework Protocols:
    26. Consume Accessing user identities and SSO data • Web Authentication • Delegated • Client SDK Authentication SDK
    27. Windows Live Web Authentication
    28. How Web Authentication Works Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762 Relying Party Web Site 1 AdventureWorks.com End User with web 5 browser 4 2 3 Live ID WebAuth service
    29. Customizing the Identity Experience Recognizable and not jarring Sign-in Sign-up Consent
    30. Sign-in Screen Customizable Theme Elements cannot change. Customize look and feel. Font color Background color Button color Task integration statement User tile color Live ID description color Customizable Contents Elements that can Sign-up section be customized. Partner Logo Task statement Product description Sign up section Header background
    31. Customizing Windows Live ID
    32. Customizing Windows Live ID The top request from partners and the field!
    33. Customizable Sign-in Screen What was changed? Partner Logo Task statement Product description Sign up section Header background Font color Background color Button color User tile color Live ID description color
    34. Another Example – LiveWIM.com
    35. Consume Accessing identities and SSO user data • Web Authentication • Delegated • Client SDK Authentication SDK
    36. Windows Live Delegated Authentication Enabling data portability
    37. Delegated Auth Protocol Overview End User “Granting Consent” phase with browser Consent UI consent.live.com Application Provider “Using Consent” Phase (user can be offline) (web site) Resource Provider (ex: Windows Live Contacts) Live ID Delegation Service
    38. Web ISVs Organizations Developers • Federation for • Turnkey • Customizable selling their federation for identity UX applications to adopting services • Single sign On organizations (Online, Live, ISVs • Access to user • Easy on-boarding ) data of new customers • Works with existing identity infrastructure
    39. Resources www.microsoft.com/teched www.microsoft.com/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http://microsoft.com/technet http://microsoft.com/msdn Resources for IT Professionals Resources for Developers www.microsoft.com/learning Microsoft Certification and Training Resources
    40. Complete an evaluation on CommNet and enter to win!
    41. Federation Resources and Links Microsoft Federation Gateway Released in 2006, available today Whitepaper: http://msdn.microsoft.com/en-us/library/cc287610.aspx On-boarding documentation: http://msdn.microsoft.com/en-us/library/dd164396.aspx Codename “Geneva” Server Beta 2 available today http://www.microsoft.com/Geneva Live Federation tool for Codename “Geneva” Server http://www.microsoft.com/Geneva
    42. Live ID Resources & Links Windows Live ID Developer Center - http://dev.live.com/liveid Windows Live ID Articles on MSDN - http://go.microsoft.com/fwlink/?LinkId=111111 Windows Live ID Documentation on MSDN - http://msdn2.microsoft.com/en-us/library/bb404787.aspx Windows Live ID Developer Forum - http://go.microsoft.com/fwlink/?LinkID=78146 Windows Live ID Team Blog - http://winliveid.spaces.live.com Windows Live ID Whitepapers Introduction to Windows Live ID - http://msdn2.microsoft.com/en-us/library/bb288408.aspx Understanding Windows Live Delegated Authentication - http://msdn2.microsoft.com/en- us/library/cc287613.aspx Windows Live ID Federation - http://msdn2.microsoft.com/en-us/library/cc287610.aspx Windows Live ID Documentation and SDKs Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762 Web Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkID=91761 Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=107420 Delegated Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkId=107419 Windows Live ID Client SDK download - http://go.microsoft.com/fwlink/?LinkId=86974 Delegated Authentication Resource Providers List - http://go.microsoft.com/fwlink/?LinkID=108535 Windows Live ID Web Authentication app registration page http://lx.azure.microsoft.com Windows Live Tools for Visual Studio - http://dev.live.com/tools/
    43. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

    + Jorgen ThelinJorgen Thelin, 6 months ago

    custom

    428 views, 0 favs, 0 embeds more stats

    Presentation from TechEd North America 2009
    Abstr more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 428
      • 428 on SlideShare
      • 0 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 0
    Most viewed embeds

    more

    All embeds

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    Search
    RSS Feed
    What's new?

    © 2009 SlideShare Inc. All Rights Reserved