Your SlideShare is downloading. ×
0
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Liberating Identity using Windows Identity Foundation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Liberating Identity using Windows Identity Foundation

4,136

Published on

This presentation was delivered by Simon Evans to the London Connected Systems User Group on 7th December 2010

This presentation was delivered by Simon Evans to the London Connected Systems User Group on 7th December 2010

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
4,136
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
24
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Use existing tools and services wherever possible. But only if they fit seamlessly and don’t cause pain in the solutionBuild in a loosely coupled manner, code against contracts not implementations, build for testability, separate concerns, favour convention over configurationBut don’t over engineer – don’t provide endless configuration options, just in case. Build a simple solution that’s easy and painless to change if and when required. What’s the result – developing software simply and quickly. Reducing waste, reducing effort, reducing cost.
  • Transcript

    • 1. Liberating Identity with WIFSimon Evans<br />London Connected Systems User Group<br />
    • 2. IDENTITY MATTERS<br />And we’ve broken it<br />
    • 3.
    • 4.
    • 5. Users are prisoners<br />
    • 6. The consequences<br />Users have to remember lots of credentials<br />Administrators have to manage user accounts in lots of systems<br />User access cannot be traced<br />The “trusted subsystem” anti-pattern<br />Software blocks opportunity<br />Acquisition<br />Federation<br />
    • 7. LIBERATING IDENTITY<br />Free your users<br />
    • 8. Claims<br />
    • 9. Example Claims<br />Firstname<br />Surname<br />Date of Birth<br />Post Code<br />Email Address<br />Company Name<br />Business Unit<br />Roles<br />
    • 10. ACCESS CONTROL<br />Is RBACS dead?<br />
    • 11. Anatomy of a Security Token<br />
    • 12. Anatomy of a Security Token<br />Collection of Claims<br />Audience<br />Valid Dates<br />Issuer with digital signature<br />Encryption<br />Various formats (SAML 1.1, SAML 2.0, Custom…)<br />
    • 13. Issuing Security Tokens<br />
    • 14. Security Token Services (STS)<br />All Security Token Services issue tokens<br />Identity Provider Security Token Service (IP-STS)<br />Stores the identity information about a user<br />Somehow authenticates a user<br />Resource Security Token Service (R-STS)<br />Transforms claims from one format to another<br />Relies on at least one IP-STS<br />A Relying Party (RP) consumes security tokens issued from a trusted STS<br />
    • 15. Security Token Services (STS)<br />
    • 16. Security Token Services (STS)<br />
    • 17. Establishing Trust<br />X.509<br />
    • 18. The Identity Protocols<br />Browser based “Passive” clients<br />WS-Federation<br />SAML-P<br />Non-Browser based “Active” clients<br />SOAP<br />WS-Trust 1.3<br />REST<br />OAuth WRAP<br />OAuth 2.0<br />
    • 19. Identity in the Microsoft Stack<br />Windows Identity Foundation (WIF)<br />Build Relying Parties using WS-Federation and WS-Trust<br />Build custom Security Token Services<br />StarterSTS<br />ADFS 2.0<br />On premise IP-STS or R-STS<br />Supports WS-Federation, WS-Trust, SAML-P<br />Windows Azure AppFabric Access Control Service (ACS)<br />R-STS in the cloud<br />Supports OAuth WRAP, WS-Federation, WS-Trust, OpenId, Google, Yahoo and Facebook<br />
    • 20. Platform support for consuming claims<br />SharePoint 2010<br />WF4 Security Activity Pack<br />WIF provides support for:<br />WCF via custom bindings<br />ASP.NET via HTTP modules<br />WCF Data Services<br />
    • 21. Identity Delegation<br />Removing the “Trusted Subsystem” anti-pattern<br />
    • 22. WS-Trust 1.3 Delegation “Act-As”<br />
    • 23. Contact Us<br />Simon Evans<br />simon.evans@emc.com<br />http://consultingblogs.emc.com/simonevans<br />http://twitter.com/simonevans<br />

    ×