 Jorgen Thelin Senior PM Microsoft Corporation BB22
.Net Access  Control  Service Microsoft Services Connector “ Geneva” Framework Windows CardSpace “Geneva” Active Directory...
 
 
A P P Z Authori Z ation Claims Roles Access control P rofile Account registration Membership DB P olicy Trust relationship...
Embracing  Open Standards
<ul><li>Next Steps –  Try the Live ID OP </li></ul><ul><li>Set up a Live ID INT account: https://login.Live-INT.com/ </li>...
Embracing  Open Standards
<ul><li>GET http://openid.live-INT.com/OpenIDAuth.srf </li></ul><ul><ul><li>? openid.mode= checkid_setup </li></ul></ul><u...
<ul><li>GET /login.aspx </li></ul><ul><ul><li>? ReturnUrl= /Default.aspx </li></ul></ul><ul><ul><li>& token= Abu8voGNbjk2/...
 
Windows Live ID Web Authentication SDK Windows Live ID Delegated Authentication SDK Windows Live Tools Windows Live ID Cli...
Principal Types Principal Acting for Self Acting for User User User auth  (Client or Web) Application App auth (AppID) Del...
Enabling apps  to be secure
Windows Live ID service 2 3 3 4 5 4 2 1 End User w/web browser <ul><li>Integration Steps: </li></ul><ul><li>Register AppID...
<ul><li>< live:IDLoginStatus   </li></ul><ul><ul><li>ID=&quot;IDLoginStatus1&quot; </li></ul></ul><ul><ul><li>runat=&quot;...
<ul><li><iframe id=&quot;WebAuthControl&quot;  </li></ul><ul><ul><li>src=&quot; http://login.live.com/controls/WebAuth.htm...
Don’t panic! The SDK libraries handle all this for you! Sign-in Request <ul><ul><li>POST http://www.mydomain.com/wl-handle...
Enabling seamless sign-in / sign-up user experience
<ul><li>Customizable Contents Area (Orange) </li></ul><ul><li>Elements that can be customized. </li></ul><ul><ul><li>Partn...
<ul><li><WhiteLabelProperties> </li></ul><ul><ul><li>< Logo > STRID_LOGO </Logo> </li></ul></ul><ul><ul><li>< LogoAltText ...
ToS CAPTCHA Password Username Task integration Header image Password reset question / Alt e-mail Profile info
 
Application Provider (web site) Windows Live ID Delegation Service End User w/ browser Integration Steps: 1. Register AppI...
<ul><li>https://consent.live.com/delegation.aspx </li></ul><ul><ul><li>? ru = http://mydomain.myapp.com/ReturnURL.aspx </l...
<ul><li>delt = EwCoARAnAAAUgxwUrFTrj0j98kTTv4OX%2FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf%2B33MyPpGSnwrmtOc2aKG0Oz0...
<ul><li>http://consent.live.com/RefreshToken.aspx </li></ul><ul><ul><li>? ru = http://mydomain.myapp.com/ReturnURL.aspx </...
<ul><li>{ </li></ul><ul><ul><li>&quot; ConsentToken &quot;: </li></ul></ul><ul><ul><li>&quot; delt %3dEwCoARAnAAAUgxwUrFTr...
 
 
Step 1   (Partner Sign-in) A user sends credentials to the federated partner identity provider (IdP). federated partner’s ...
Easy
 
 
 
Please fill  out your evaluation for this session at: This session will be available as  a recording at: www.microsoftpdc....
 
 
<ul><li>NEXT: <next slide title> </li></ul>
SPEAKERS, PLEASE READ: Speakers, Please read.  Your slides will be formatted BEFORE this event to ensure consistency in lo...
SPEAKERS, PLEASE READ (hidden slide): Speakers, Please read.  Your slides will be “archived” AFTER the event.  Below is a ...
 
Upcoming SlideShare
Loading in...5
×

Live Identity Services Drilldown - PDC 2008

1,770

Published on

Live Identity Services enables developers on any platform to choose the identity integration model that best enables their scenarios, including: web or client authentication, delegated authentication, or federated authentication. Learn how to build seamless, cobranded, and customized sign-up and sign-in experiences.
Microsoft PDC 2008 - Session BB22

Published in: Technology, Business
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,770
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • 06/07/09 08:26 © 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  • Live Identity Services Drilldown - PDC 2008

    1. 1.  Jorgen Thelin Senior PM Microsoft Corporation BB22
    2. 2. .Net Access Control Service Microsoft Services Connector “ Geneva” Framework Windows CardSpace “Geneva” Active Directory “ Geneva” Server Live Framework Live Identity Services Microsoft Federation Gateway Software Services Claims-Based Access Standards Based Enhances Developer Productivity Flexibility via Choice
    3. 5. A P P Z Authori Z ation Claims Roles Access control P rofile Account registration Membership DB P olicy Trust relationships Auth token policies A uthentication Auth Protocols Principal Types
    4. 6. Embracing Open Standards
    5. 7. <ul><li>Next Steps – Try the Live ID OP </li></ul><ul><li>Set up a Live ID INT account: https://login.Live-INT.com/ </li></ul><ul><li>Set up OpenID alias : https://OpenID.Live-INT.com /beta/ManageOpenID.srf </li></ul><ul><li>Users : Use OpenID 2.0 login URI: OpenID.Live-INT.com </li></ul><ul><li>Library developers : Test interop with the Live ID OP endpoint </li></ul><ul><li>Web site owners : Test Live ID OpenID sign-in to your site </li></ul><ul><li>Send feedback: [email_address] </li></ul>Microsoft is becoming an OpenID Provider (OP)
    6. 8. Embracing Open Standards
    7. 9. <ul><li>GET http://openid.live-INT.com/OpenIDAuth.srf </li></ul><ul><ul><li>? openid.mode= checkid_setup </li></ul></ul><ul><ul><li>& openid.identity= http%3a%2f%2fopenid.live-int.com%2fjthelin </li></ul></ul><ul><ul><li>& openid.ns= http%3a%2f%2fspecs.openid.net%2fauth%2f2.0 </li></ul></ul><ul><ul><li>& openid.claimed_id= http%3a%2f%2fopenid.live-int.com%2fjthelin </li></ul></ul><ul><ul><li>& openid.realm= http%3a%2f%2flocalhost%3a49413%2f </li></ul></ul><ul><ul><li>& openid.return_to= http%3a%2f%2flocalhost%3a49413%2flogin.aspx%3f ReturnUrl %3d%252fDefault.aspx%26 token %3dAbu8voGNbjk2%252fH%252bWGN4vgbrzsETS0aCY%252bCSc%252frV%252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8vanRoZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaHR0cDovL3BpcC52ZXJpc2lnbmxhYnMuY29tL3NlcnZlcg0KMi4wDQo%253d </li></ul></ul><ul><ul><li>& openid.assoc_handle= d7d181a0-632e-11dd-ba82-f91efcd7aef7 </li></ul></ul><ul><li>HTTP/1.1 </li></ul>Don’t panic! The SDK libraries handle all this for you!
    8. 10. <ul><li>GET /login.aspx </li></ul><ul><ul><li>? ReturnUrl= /Default.aspx </li></ul></ul><ul><ul><li>& token= Abu8voGNbjk2/H+WGN4vgbrzsETS0aCY+CSc/rV+o6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8vanRoZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaHR0cDovL3BpcC52ZXJpc2lnbmxhYnMuY29tL3NlcnZlcg0KMi4wDQo= </li></ul></ul><ul><ul><li>& openid.assoc_handle= d7d181a0-632e-11dd-ba82-f91efcd7aef7 </li></ul></ul><ul><ul><li>& openid.response_nonce= 2008-08-05T20:42:15ZiBs= </li></ul></ul><ul><ul><li>& openid.ns= http://specs.openid.net/auth/2.0 </li></ul></ul><ul><ul><li>& openid.mode= id_res </li></ul></ul><ul><ul><li>& openid.op_endpoint= http://openid.live-int.com/openidauth.srf </li></ul></ul><ul><ul><li>& openid.claimed_id= http://openid.live-int.com/jthelin </li></ul></ul><ul><ul><li>& openid.sig= kdXRyifqU0vd6H4kjgY5kgwmq4nN5ZhXBSck/bfLMDg= </li></ul></ul><ul><ul><li>& openid.identity= http://openid.live-int.com/jthelin </li></ul></ul><ul><ul><li>& openid.signed= assoc_handle,identity,response_nonce,return_to,claimed_id,op_endpoint </li></ul></ul><ul><ul><li>& openid.return_to= http%3a%2f%2flocalhost%3a49413%2flogin.aspx%3f ReturnUrl %3d%252fDefault.aspx%26 token %3dAbu8voGNbjk2%252fH%252bWGN4vgbrzsETS0aCY%252bCSc%252frV%252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8vanRoZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaHR0cDovL3BpcC52ZXJpc2lnbmxhYnMuY29tL3NlcnZlcg0KMi4wDQo%253d </li></ul></ul><ul><li>HTTP/1.1 </li></ul>Don’t panic! The SDK libraries handle all this for you!
    9. 12. Windows Live ID Web Authentication SDK Windows Live ID Delegated Authentication SDK Windows Live Tools Windows Live ID Client SDK
    10. 13. Principal Types Principal Acting for Self Acting for User User User auth (Client or Web) Application App auth (AppID) Delegation (Good) Impersonation (BAD!) Device DeviceID Linked DeviceID Credential Types <ul><ul><li>[Strong] Password, Pin </li></ul></ul><ul><ul><li>eID / Smart card </li></ul></ul><ul><ul><li>CardSpace </li></ul></ul><ul><ul><li>Policy-driven control </li></ul></ul>Types of Live ID Users <ul><ul><li>Live Mail / Hotmail accounts </li></ul></ul><ul><ul><li>EASI (“E-mail As Sign-In”) </li></ul></ul><ul><ul><li>Managed domains </li></ul></ul><ul><ul><li>Federated domains </li></ul></ul>
    11. 14. Enabling apps to be secure
    12. 15. Windows Live ID service 2 3 3 4 5 4 2 1 End User w/web browser <ul><li>Integration Steps: </li></ul><ul><li>Register AppID </li></ul><ul><li>Get WebAuth library module from SDK </li></ul><ul><li>Use WL Tool ASP.NET controls – IDLoginStatus and/or IDLoginView </li></ul><ul><li>Create Member ID association page (optional) </li></ul><ul><li>Test & deploy! </li></ul>Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762 Relying Party Web Site e.g., Contoso.com
    13. 16. <ul><li>< live:IDLoginStatus </li></ul><ul><ul><li>ID=&quot;IDLoginStatus1&quot; </li></ul></ul><ul><ul><li>runat=&quot;server&quot; </li></ul></ul><ul><ul><li>ApplicationContext=&quot; welcomepage &quot; </li></ul></ul><ul><ul><li>BackColor=&quot; #E5ECE5 “ </li></ul></ul><ul><ul><li>onserversignin= </li></ul></ul><ul><ul><ul><li>&quot; IDLoginStatus1_ServerSignIn &quot; </li></ul></ul></ul><ul><ul><ul><li>onserversignout= </li></ul></ul></ul><ul><ul><ul><ul><li>&quot; IDLoginStatus1_ServerSignOut &quot; </li></ul></ul></ul></ul><ul><li>/> </li></ul>
    14. 17. <ul><li><iframe id=&quot;WebAuthControl&quot; </li></ul><ul><ul><li>src=&quot; http://login.live.com/controls/WebAuth.htm </li></ul></ul><ul><ul><ul><li>? appid = <%=AppId%> </li></ul></ul></ul><ul><ul><ul><li>& context = welcomepage </li></ul></ul></ul><ul><ul><ul><li>& style = font-size= 10pt ; </li></ul></ul></ul><ul><ul><ul><ul><li>+ font-family= verdana ; </li></ul></ul></ul></ul><ul><ul><ul><ul><li>+ font-style= normal ; </li></ul></ul></ul></ul><ul><ul><ul><ul><li>+ font-weight= bold ; </li></ul></ul></ul></ul><ul><ul><ul><ul><li>+ background= white ; </li></ul></ul></ul></ul><ul><ul><ul><ul><li>+ color= black ; &quot; </li></ul></ul></ul></ul><ul><ul><ul><li>width =&quot;80px&quot; height =&quot;20px&quot;> </li></ul></ul></ul><ul><li></iframe> </li></ul>Existing: WebAuth.htm New : WebAuth Logo .htm New : WebAuth Button. htm
    15. 18. Don’t panic! The SDK libraries handle all this for you! Sign-in Request <ul><ul><li>POST http://www.mydomain.com/wl-handler.aspx HTTP/1.1 action= login & appctx= welcomepage & stoken= MA12BCF0012BAM567890MABD123456ABCDEF12345667890 </li></ul></ul>Sign-in Response Encrypted Contents: appid = <application id> & uid = <user identifier> & ts = <timestamp> & sig = <signature>
    16. 19. Enabling seamless sign-in / sign-up user experience
    17. 20. <ul><li>Customizable Contents Area (Orange) </li></ul><ul><li>Elements that can be customized. </li></ul><ul><ul><li>Partner Logo </li></ul></ul><ul><ul><li>Task statement </li></ul></ul><ul><ul><li>Product description </li></ul></ul><ul><ul><li>Sign up section </li></ul></ul><ul><ul><li>Header background </li></ul></ul><ul><li>Customizable Theme Area (Blue) </li></ul><ul><li>Elements cannot change. Customize look & feel. </li></ul><ul><ul><li>Font color </li></ul></ul><ul><ul><li>Background color </li></ul></ul><ul><ul><li>Button color </li></ul></ul><ul><ul><li>User tile color </li></ul></ul><ul><ul><li>Live ID description color </li></ul></ul>Task integration statement Sign-up section
    18. 21. <ul><li><WhiteLabelProperties> </li></ul><ul><ul><li>< Logo > STRID_LOGO </Logo> </li></ul></ul><ul><ul><li>< LogoAltText > STRID_LOGOALTTEXT </LogoAltText> </li></ul></ul><ul><ul><li>< HeaderBkgndColor > #336633 </HeaderBkgndColor> </li></ul></ul><ul><ul><li>< BkgndColor > #e5ece5 </BkgndColor> </li></ul></ul><ul><ul><li>< FontColorLight > #b5781e </FontColorLight> </li></ul></ul><ul><ul><li>< FontColorLink > #b5781e </FontColorLink> </li></ul></ul><ul><ul><li>< ButtonColor > #9EB39B </ButtonColor> </li></ul></ul><ul><ul><li>< ButtonBorder > #336633 </ButtonBorder> </li></ul></ul><ul><ul><li>< FontColor > black </FontColor> </li></ul></ul><ul><ul><li>< UserTileColor > #C6D6B9 </UserTileColor> </li></ul></ul><ul><li></WhiteLabelProperties> </li></ul><ul><li><SiteLoginUIProperties> </li></ul><ul><ul><li>< Header id =&quot;default&quot;> STRID_HEADER </Header> </li></ul></ul><ul><ul><li>< Title id=&quot;default&quot;> STRID_TITLE </Title> </li></ul></ul><ul><ul><li>< Subtitle id=&quot;default&quot;> STRID_SUBTITLE </Subtitle> </li></ul></ul><ul><li></SiteLoginUIProperties> </li></ul><ul><li><StringTable> </li></ul><ul><ul><li><Language langID=&quot;en&quot;> </li></ul></ul><ul><ul><ul><li><String id=&quot; STRID_HEADER &quot;> To make a Reservation, Sign in with your Windows Live ID </String> </li></ul></ul></ul><ul><ul><ul><li><String id=&quot; STRID_TITLE &quot;> Welcome to AdventureWorks Resorts </String> </li></ul></ul></ul><ul><ul><ul><li><String id=&quot; STRID_SUBTITLE &quot;> </li></ul></ul></ul><ul><ul><ul><li>##li5## Experience the very pinnacle of ##b## all-inclusive excellence ##/b## anywhere in the world at our 8 exclusive destinations. ##li2## Make a ##b## reservation ##/b## today and ensure yourself a get away like you've ##i## never ##/i## experienced before. ##li3## Join our exciting new ##b## online community ##/b## of vacationers. </li></ul></ul></ul><ul><ul><ul><li></String> </li></ul></ul></ul><ul><ul><ul><li><String id=&quot; STRID_LOGOALTTEXT &quot;> AdventureWorks Resort </String> </li></ul></ul></ul><ul><ul><ul><li><String id=&quot; STRID_LOGO &quot;> </li></ul></ul></ul><ul><ul><ul><li>http://adventureworksresorts.sharplogic.com/App_Themes/AWR/images/logo.png </li></ul></ul></ul><ul><ul><ul><li></String> </li></ul></ul></ul><ul><ul><li></Language> </li></ul></ul><ul><li></StringTable> </li></ul>
    19. 22. ToS CAPTCHA Password Username Task integration Header image Password reset question / Alt e-mail Profile info
    20. 24. Application Provider (web site) Windows Live ID Delegation Service End User w/ browser Integration Steps: 1. Register AppID 2. Get DelAuth library module from SDK 3. Create consent request URL link 4. Create auth callback handler page 5. Create store for consent tokens (optional) 6. Send RP data request and process reply 7. Test & deploy! Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=107420 “ Using Consent” Phase ( user can be offline ) Resource Provider (e.g., Windows Live Contacts) Consent UI (consent.live.com)
    21. 25. <ul><li>https://consent.live.com/delegation.aspx </li></ul><ul><ul><li>? ru = http://mydomain.myapp.com/ReturnURL.aspx </li></ul></ul><ul><ul><li>& ps = Contacts.View,Contacts.Update </li></ul></ul><ul><ul><li>& pl = http://mydomain.myapp.com/PrivacyPolicy.htm </li></ul></ul><ul><ul><li>& ttype = 1 </li></ul></ul><ul><ul><li>& mkt = en-US </li></ul></ul><ul><ul><li>& app = appid %3d10000%26 ts %3d1193445084%26 ip %3d157.56.190.178%26 sig %3d7HgcsIEheEVO30BuPAEJhJeB8Pz0xHBV%252f%252bQD27AOdmI%253d </li></ul></ul><ul><ul><li>& appctx = welcomepage </li></ul></ul>Don’t panic! The SDK libraries handle all this for you! 1=Compact token, 2=SAML token Application Verifier token: AppID, Timestamp, Client IP, SHA256 signature
    22. 26. <ul><li>delt = EwCoARAnAAAUgxwUrFTrj0j98kTTv4OX%2FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf%2B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqdS0HNJZW9xAUoD2MOqUz7RxqY%2FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%2B2Iot56mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5EYNJqxMXG8tZhe87ylkvESebImX%2B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu6dZ5FbspeKlPCi7pxjevW1WAHuoJY9oow%2FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w8G9syt4%2F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2tpW%2BBjFEgy8w%2Fc5wb66At7V4Vs1ccbiBJ7pC%2F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6kAAA%3D%3D </li></ul><ul><li>& exp = 1196836447 </li></ul><ul><li>& reft = F7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0nFxgB33czSkOgk0Ht5n8LGLZW2Mgo06dpFYonRF0e0hasWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI6RqYnDSBgkNqKPQtUbIN%2F%2FXQ%2B7qUnzyWvnSA%3D%3D </li></ul><ul><li>& offer = Contacts.View,Contacts.Update :1228350847 </li></ul><ul><li>& sig = C1itgV6AL7%2F%2BJFnML1unjGZ6nNNjQsrb8%2BcTtmNAzp8%3D </li></ul><ul><li>& skey = iS30MXEnIJj7K6HpwUBrXR5isE9rN9zq </li></ul><ul><li>& lid = f8eb4468555a951e </li></ul>Don’t panic! The SDK libraries handle all this for you!
    23. 27. <ul><li>http://consent.live.com/RefreshToken.aspx </li></ul><ul><ul><li>? ru = http://mydomain.myapp.com/ReturnURL.aspx </li></ul></ul><ul><ul><li>& ps = Contacts.View,Contacts.Update </li></ul></ul><ul><ul><li>& reft = F7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0nFxgB33czSkOgk0Ht5n8LGLZW2Mgo06dpFYonRF0e0hasWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI6RqYnDSBgkNqKPQtUbIN%252F%252FXQ%252B7qUnzyWvnSA%253D%253D </li></ul></ul><ul><ul><li>& app = appid %3d10000%26 ts %3d1193445084%26 ip %3d157.56.190.178%26 sig %3d7HgcsIEheEVO30BuPAEJhJeB8Pz0xHBV%252f%252bQD27AOdmI%253d </li></ul></ul>Don’t panic! The SDK libraries handle all this for you!
    24. 28. <ul><li>{ </li></ul><ul><ul><li>&quot; ConsentToken &quot;: </li></ul></ul><ul><ul><li>&quot; delt %3dEwCoARAnAAAUgxwUrFTrj0j98kTTv4OX%252FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf%252B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqdS0HNJZW9xAUoD2MOqUz7RxqY%252FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%252B2Iot56mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5EYNJqxMXG8tZhe87ylkvESebImX%252B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu6dZ5FbspeKlPCi7pxjevW1WAHuoJY9oow%252FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w8G9syt4%252F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2tpW%252BBjFEgy8w%252Fc5wb66At7V4Vs1ccbiBJ7pC%252F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6kAAA%253D%253D%26 reft %3dF7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0nFxgB33czSkOgk0Ht5n8LGLZW2Mgo06dpFYonRF0e0hasWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI6RqYnDSBgkNqKPQtUbIN%252F%252FXQ%252B7qUnzyWvnSA%253D%253D%26 skey %3diS30MXEnIJj7K6HpwUBrXR5isE9rN9zq%26 offer %3d Contacts.View,Contacts.Update %3a1228350847%26 exp %3d1196836447%26 sig %3dC1itgV6AL7%252F%252BJFnML1unjGZ6nNNjQsrb8%252BcTtmNAzp8%253D%26 lid %3df8eb4468555a951e&quot; </li></ul></ul><ul><li>} </li></ul>Don’t panic! The SDK libraries handle all this for you!
    25. 31. Step 1 (Partner Sign-in) A user sends credentials to the federated partner identity provider (IdP). federated partner’s Security Token Service (STS) generates IdP token. Windows Live ID Client SDK http://go.microsoft.com/fwlink/?LinkId=86974 Step 2 (Federated Sign-in) IdP token is sent to Microsoft Federation Gateway. Federation Gateway converts IdP token from the federated partner to a Live Service token. Step 3 (Service Sign-in) The issued service access token is sent to the Live Service that the user originally wanted to access.
    26. 32. Easy
    27. 36. Please fill out your evaluation for this session at: This session will be available as a recording at: www.microsoftpdc.com
    28. 39. <ul><li>NEXT: <next slide title> </li></ul>
    29. 40. SPEAKERS, PLEASE READ: Speakers, Please read. Your slides will be formatted BEFORE this event to ensure consistency in look and feel across presentations and to ensure they meet MS Branding guidelines. Below is a list of the formatting steps that will be applied to your deck. If there are any steps you do NOT want taken , please note these on the “Speaker Comments” slide.
    30. 41. SPEAKERS, PLEASE READ (hidden slide): Speakers, Please read. Your slides will be “archived” AFTER the event. Below is a list of the archiving steps that will be applied to your deck. If there are any steps you do NOT want taken , please note these on the “Speaker Comments” slide.

    ×