Liberating Identity using Windows Identity Foundation
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

Liberating Identity using Windows Identity Foundation

  • 4,367 views
Uploaded on

This presentation was delivered by Simon Evans to the London Connected Systems User Group on 7th December 2010

This presentation was delivered by Simon Evans to the London Connected Systems User Group on 7th December 2010

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
4,367
On Slideshare
1,777
From Embeds
2,590
Number of Embeds
5

Actions

Shares
Downloads
20
Comments
0
Likes
0

Embeds 2,590

http://consultingblogs.emc.com 2,583
http://webcache.googleusercontent.com 4
http://static.slidesharecdn.com 1
http://www.ontheblog.net 1
http://cc.bingj.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.

Transcript

  • 1. Liberating Identity with WIFSimon Evans
    London Connected Systems User Group
  • 2. IDENTITY MATTERS
    And we’ve broken it
  • 3.
  • 4.
  • 5. Users are prisoners
  • 6. The consequences
    Users have to remember lots of credentials
    Administrators have to manage user accounts in lots of systems
    User access cannot be traced
    The “trusted subsystem” anti-pattern
    Software blocks opportunity
    Acquisition
    Federation
  • 7. LIBERATING IDENTITY
    Free your users
  • 8. Claims
  • 9. Example Claims
    Firstname
    Surname
    Date of Birth
    Post Code
    Email Address
    Company Name
    Business Unit
    Roles
  • 10. ACCESS CONTROL
    Is RBACS dead?
  • 11. Anatomy of a Security Token
  • 12. Anatomy of a Security Token
    Collection of Claims
    Audience
    Valid Dates
    Issuer with digital signature
    Encryption
    Various formats (SAML 1.1, SAML 2.0, Custom…)
  • 13. Issuing Security Tokens
  • 14. Security Token Services (STS)
    All Security Token Services issue tokens
    Identity Provider Security Token Service (IP-STS)
    Stores the identity information about a user
    Somehow authenticates a user
    Resource Security Token Service (R-STS)
    Transforms claims from one format to another
    Relies on at least one IP-STS
    A Relying Party (RP) consumes security tokens issued from a trusted STS
  • 15. Security Token Services (STS)
  • 16. Security Token Services (STS)
  • 17. Establishing Trust
    X.509
  • 18. The Identity Protocols
    Browser based “Passive” clients
    WS-Federation
    SAML-P
    Non-Browser based “Active” clients
    SOAP
    WS-Trust 1.3
    REST
    OAuth WRAP
    OAuth 2.0
  • 19. Identity in the Microsoft Stack
    Windows Identity Foundation (WIF)
    Build Relying Parties using WS-Federation and WS-Trust
    Build custom Security Token Services
    StarterSTS
    ADFS 2.0
    On premise IP-STS or R-STS
    Supports WS-Federation, WS-Trust, SAML-P
    Windows Azure AppFabric Access Control Service (ACS)
    R-STS in the cloud
    Supports OAuth WRAP, WS-Federation, WS-Trust, OpenId, Google, Yahoo and Facebook
  • 20. Platform support for consuming claims
    SharePoint 2010
    WF4 Security Activity Pack
    WIF provides support for:
    WCF via custom bindings
    ASP.NET via HTTP modules
    WCF Data Services
  • 21. Identity Delegation
    Removing the “Trusted Subsystem” anti-pattern
  • 22. WS-Trust 1.3 Delegation “Act-As”
  • 23. Contact Us
    Simon Evans
    simon.evans@emc.com
    http://consultingblogs.emc.com/simonevans
    http://twitter.com/simonevans