SlideShare a Scribd company logo
1 of 49
Live Services
           Synchronizing Life




Online Identity
Easing the pain of identity integration
Agenda                      Live Services
                            Synchronizing Life




• LiveID OverView
• Advantages and Drivers
• Types of Authentication
  – WebAuth
  – DelAuth
  – ClientAuth
• Contacts
• Summary
• Discussion
Session objectives and takeaways    Live Services
                                    Synchronizing Life




• At the end of this session the
  audience should understand LiveID
  and how to use it.
• Feel confident and comfortable to go
  and start creating apps that use
  LiveID.
Agenda                       Live Services
                             Synchronizing Life




 • LiveID OverView
 • Advantages and Drivers
 • Types of Authentication
   – WebAuth
   – DelAuth
   – ClientAuth
 • Contacts
 • Summary
 • Discussion
Microsoft Identity Software + Services                           Live Services
                                                                 Synchronizing Life

 One identity model that puts users in control of their identities

           Flexibility via     Enhances Developer
                                                    Standards Based
              Choice              Productivity




                                                                       Claims-Based Access
Services



                      Live        Micros .Net Access
                    Identity        oft    Control
                    Service       Federat Service
Software




           “Gene Micros Windo “Gene Live
                         ws     va” Frame
              Active    CardS Frame work
Live ID within the Live Framework                                                                                                                     Live Services
                                                                                                                                                        Synchronizing Life



Libraries

       .NET FX 3.5 APIs            Silverlight APIs       JavaScript APIs          Client Controls       Web Controls                 …
                                                                                                                                                         Tools &
                                                                                                                                                         Services

Resource Model
                                                                                                                                                         Developer
                                                        ATOM                JSON              POX                RSS             Binary XML                Portal

         AtomPub                  FeedSync

                                                                 Resource
        CRUD                Sync             URI-LINQ                              Triggers          Auth/Z            Hosting       Introspection
                                                                  Scripts
                Core                                    Data                          Communications                         App Model
                                                                                                                                                       Provisioning /
                                        User                                                                                                              Account
            Identity                                                                          P2P                                Catalog                Management
                                             Folders             News
           Device Mesh                                                                  Notifications                             Hosting
                                               Photos          Favorites
           Applications                                                                   Presence                       Mesh Applications           Angus Logan 10/2/08
                                             Contacts            Groups                                                                              Replace HOSTING
                                                                                                                         App Data & Settings
                                               Profile          Calendar                                                                                Visual Studio
                                                                                                                       Application Management             Tools /
                                        System                                                                                                          Designers
                                                    Geospatial

                                                        Search


Live Operating Environment
                                                                                                                                                          Analytics

       CRUD                Sync         App Hosting                        CRUD                        Sync                         Hosting

   Resource Script
                          Auth/Z                 Angus
                                         Analytics       Logan 10/2/08
                                                            Resource Script Engine                    Auth/Z                      Local Store
       Engine
                                                   Replace Hosting
       Cache                                   …                            P2P                       File Sys                        …

                          Cloud                                                                       Client                                         Angus Logan 10/2/08
                                                                                                                                                       Developer
                                                                                                                                                        Sandbox
                                                                                                                                                     Replace Hosting
                     Windows “Strata”                             Windows               Embedded              Windows Mobile               Other
Live Services
                                                                               Synchronizing Life




                                            Live ID




   Hotmail            Messenger                              Spaces
                                           Live Search                      Alerts




    Live.com Live Search                   Sky Drive
                             Mail                          Photo Gallery     Events
                Maps



                                    Expo         Gallery    Calendar       Agents
  Gadgets
                  Writer




Windows Live                  Contacts
 for Mobile                                    OneCare       Toolbar         QnA
                 Favorites
Find          Identity      User Data     Notifications   Infrastructure
                                                                  Live Services
& Locate                                    & Messaging
                                                                   Synchronizing Life




Live Search      Live ID       Contacts      Messenger      Admin Center




Virtual Earth                   Photos         Alerts         Silverlight
                                                              Streaming




                              App Storage      Agents



                           Terms of Service
The Life of an App Developer                                        Live Services
                                                                    Synchronizing Life




                                                   Business logic
      …
      Identity Provider availability and reliability
      Anti-spam account detection                  IdP QoS
      Trust relationship management
      Child account legal and parental controlsOn-boarding      Identity
      Account sign-up / management                              “pain”
      Different principal types
                                                   AuthN
      Different authentication protocols

   Operating Environment
Live ID Identity Services Principles                    Live Services
                                                        Synchronizing Life




    Above all: SECURE!




    Consume
                          Open &    Rich
       r+     Federatio                       Ease of
                         Standard functiona
    Enterpris n friendly                        use
                         s-based     lity
        e
Live Services
        Synchronizing Life




Integrating with Live ID
Steps to Identity Integration - APPZ             Live Services
                                                 Synchronizing Life




                  Authentication
A        Auth Protocols            Principal Types

                          Policy
P      Trust relationships     Auth token policies

                       Profile
P     Account registration         Membership DB

                  AuthoriZation
Z        Claims            Roles       Access control
Live Identity Services                                              Live Services
                                                                    Synchronizing Life


Integration SDKs

     Web          ••Web site integration                   Windows Live ID
                  ••Co-branded user experience                  Web
  Application     ••Open source samples in 7 languages –
(Authentication    C#, VB, Java, Perl, PHP, Ruby, Python   Authentication

     Web          ••App provider accessing u               Windows Live ID
                   ser data stored in Live                    Delegated
  Application      Services
 (Delegation)     ••Open source samples in 7 languages –   Authentication

                  ••ASP.NET controls
                    simplified integration                  Windows Live
   ASP.NET        ••Controls: IDLogin, IDLoginView,            Tools
                   Contacts, SilverlightStreaming



 Windows Rich     ••Rich client applications
                                                           Windows Live ID
                  ••Windows Client OS
    Client                                                   Client SDK
  Application
Windows Live ID – Type of Identity      Live Services
                                        Synchronizing Life




     Principal Types          Credential
                             Types
                             • [Strong]
                             Password, Pin
                             • eID / Smart
                             card
                             • CardSpace


       Types of Live ID Users          The
                                     Passwo
      • Live / Hotmail                  rd
      • EASI (“E-mail As              Anti-
                                     Pattern
      Sign-In”)                          !
Agenda                      Live Services
                            Synchronizing Life




• LiveID OverView
• Advantages and Drivers
• Types of Authentication
  – WebAuth
  – DelAuth
  – ClientAuth
• Contacts
• Summary
• Discussion
Everything needs an ID - Why LiveID?              Live Services
                                                  Synchronizing Life




• You the end user don’t have to worry about
  setting up and maintaining the back end
  infrastructure required for AuthZ and AuthN
• LiveID Services takes care of it for you.
• LiveID Services is always online, secure, backed
  up and available
• Based on Open standards and platform neutral
• Easy to provision, access and use
• Technology agnostic
• Move seamlessly across multiple applications/
  services - A Single Sign In service
• Last but not least – largest collection of users on
  a system – close to half a billion users already use
  LiveID. So it’s easy to tap into this vast existing
  user base for your customer base or audience.
Live ID – Rich Functionality                                  Live Services
                                                              Synchronizing Life




• Provides an identity platform:                               m ore
   –   An authentication platform                       M uch the
                                                         be hind ox!
       A delegation platform                                     b
   –
                                                          lo gin
   –   A federation platform
   –   A user and service provisioning platform
   –   The first line of anti-spam defense

• All delivered as Software + Services
   – Cloud hosted authentication services
   – Client SDK libraries – 6 languages / multi
     platform
        • ASP.NET (C# + VB), Java, Perl, Python, Ruby
Agenda                      Live Services
                            Synchronizing Life




• LiveID OverView
• Advantages and Drivers
• Types of Authentication
  – WebAuth
  – DelAuth
  – ClientAuth
• Contacts
• Summary
• Discussion
Live Services
                       Synchronizing Life




demo
       Live Identity
       Services
       Web Authentication
       Enabling apps
       to be secure
Web Authentication Protocol Overview                                     Live Services
                                                                         Synchronizing Life




Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?
                               LinkID=91762



                                     1               Relying Party Web Site
                                                       e.g., Contoso.com
 End User
  w/web                         2                 Integration Steps:
                                                  1. Register AppID
 browser
                         4                        2. Get WebAuth library module from
                                                     SDK
                    5                             3. Use WL Tool ASP.NET controls –
                                                     IDLoginStatus and/or IDLoginView
                                                  4. Create Member ID association
                    2                                page (optional)
                                                  5. Test & deploy!
                         3

                                3

                                     4
                                                   Windows Live ID service
Windows Live Tools                 Live Services
                                   Synchronizing Life


IDLoginStatus Control (ASP.NET)

 • <live:IDLoginStatus
    – ID=quot;IDLoginStatus1quot;
    – runat=quot;serverquot;
    – ApplicationContext=quot;welcomepagequot;
    – BackColor=quot;#E5ECE5“
    – onserversignin=
       • quot;IDLoginStatus1_ServerSignInquot;
   •onserversignout=
     –quot;IDLoginStatus1_ServerSignOutquot;
 • />
WebAuth Sign-in Control                           Live Services
                                                  Synchronizing Life


(Cross-platform HTML – URL decoded for readability)

 • <iframe id=quot;WebAuthControlquot;
    – src=quot;http://login.live.com/controls/
      WebAuth.htm
       ?appid=<%=AppId%>
       &context=welcomepage Existing: WebAuth.htm
       &style=font-size=10pt;
          – +font-family=verdana; New: WebAuthLogo.htm
          – +font-style=normal;
          – +font-weight=bold;    New:
          – +background=white;    WebAuthButton.htm
          – +color=black;quot;
       • width=quot;80pxquot; height=quot;20pxquot;>
 • </iframe>
WebAuth Sign-in Messages                                Live Services
                                                        Synchronizing Life



Don’t panic! The SDK libraries handle all this for you!

               ••GET http://login.live.com/wlogin.srf
  Sign-in       ?appid=00167FFE80002700
                &appctx=welcomepage
  Request       HTTP/1.1
                ...


              ••POST http://www.mydomain.com/
                                      Encrypted Contents:
               wl-handler.aspx HTTP/1.1
                                      appid=<applicationid
                                           >
 Sign-in        action=login
                                           &uid=<user
                                           identifier>
Response        &appctx=welcomepage        &ts=<timestamp>
                                           &sig=<signature>
                &stoken=MA12BCF0012BAM567890
                MABD123456ABCDEF12345667890
Live Services
                                           Synchronizing Life




Live ID Services Web Authentication
Sign-in Screen Customization

Enabling seamless sign-in / sign-up user
experience
Customizable Sign-in Screen                                            Live Services
                                                                       Synchronizing Life




  • Flexible sign-in customization options
    allow creative and seamless user
                                                         Customizable Contents
                                                         Area (Orange)
                                                         Elements that can be
                                                         customized.
                                                          Partner Logo
                            Task integration statement    Task statement
                                                          Product description
                                                          Sign up section
                                                          Header background

                                                         Customizable Theme
                                                         Area (Blue)
                                                         Elements cannot
          Sign-up section
                                                         change.
                                                         Customize look & feel.
                                                          Font color
                                                          Background color
                                                          Button color
                                                          User tile color
                                                          Live ID description
                                                           color
Sign-in Screen Customization                                                                                  Live Services
                                                                                                              Synchronizing Life




 •   <WhiteLabelProperties>
      –    <Logo>STRID_LOGO</Logo>
      –    <LogoAltText>STRID_LOGOALTTEXT</LogoAltText>
      –    <HeaderBkgndColor>#336633</HeaderBkgndColor>
      –    <BkgndColor>#e5ece5</BkgndColor>
      –    <FontColorLight>#b5781e</FontColorLight>
      –    <FontColorLink>#b5781e</FontColorLink>
      –    <ButtonColor>#9EB39B</ButtonColor>
      –    <ButtonBorder>#336633</ButtonBorder>
      –    <FontColor>black</FontColor>
      –    <UserTileColor>#C6D6B9</UserTileColor>
 •   </WhiteLabelProperties>
 •   <SiteLoginUIProperties>
      –    <Header id =quot;defaultquot;>STRID_HEADER</Header>
      –    <Title id=quot;defaultquot;>STRID_TITLE</Title>
      –    <Subtitle id=quot;defaultquot;>STRID_SUBTITLE</Subtitle>
 •   </SiteLoginUIProperties>
 •   <StringTable>
      –    <Language langID=quot;enquot;>
              • <String id=quot;STRID_HEADERquot;>To make a Reservation, Sign in with your Windows Live ID</String>
              • <String id=quot;STRID_TITLEquot;>Welcome to AdventureWorks Resorts</String>
Customizable Registration             Live Services
                                      Synchronizing Life




  • Flexible registration screen options
                 Header image

                Task integration

                   Username

                   Password

                   Password
                 reset question
                  / Alt e-mail

                  Profile info

                  CAPTCHA

                     ToS
Agenda                      Live Services
                            Synchronizing Life




• LiveID OverView
• Advantages and Drivers
• Types of Authentication
  – WebAuth
  – DelAuth
  – ClientAuth
• Contacts
• Summary
• Discussion
Live Services
                           Synchronizing Life




Live Identity Services
Delegated
            Enabling
            data portability
Delegated Auth Protocol                                                                 Live Services
                                                                                        Synchronizing Life




Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?
                                 LinkID=107420

      End User                              “Granting Consent” phase (user must be
     w/ browser
                                            online)
                                                Direct user to consent UI
                                                                              Consent UI
                                                                           (consent.live.com)
                                                Receive consent token




Integration Steps:            Application    “Using Consent” Phase (user can be offline)
1. Register AppID               Provider
2. Get DelAuth library         (web site)       Send delegation token           Resource
module from SDK                                with API call to resource     Provider (e.g.,
3. Create consent                                                               Windows
request URL link                                     Receive data
                                                                             Live Contacts)
4. Create auth
callback handler page
                                                 Send refresh token        Windows Live ID
5. Create store for consent
tokens (optional)                                                            Delegation
6. Send RP data                               Receive new consent token        Service
request and process reply
7. Test & deploy!
Requesting Delegated Auth                                  Live Services
                                                           Synchronizing Life




 Don’t panic! The SDK libraries handle all this for you!


 • https://consent.live.com/
   delegation.aspx
   – ?ru=http://mydomain.myapp.com/ReturnURL.aspx
   – &ps=Contacts.View,Contacts.Update
   – &pl=http://mydomain.myapp.com/PrivacyPolicy.htm
                      1=Compact token, 2=SAML
   – &ttype=1         token
   – &mkt=en-US
   – &app=appid%3d10000%26ts%3d1193445084%26ip
     %3d157.56.190.178%26sig
     %3d7HgcsIEheEVO30BuPAEJhJeB8Pz0xHBV%252f
     %252bQD27AOdmI%253d
                                Application Verifier
                                token:
                                AppID, Timestamp, Client
                                IP, SHA256 signature
DelAuth Consent Token Response                           Live Services
                                                         Synchronizing Life


(URL Decoded)
     Don’t panic! The SDK libraries handle all this for you!

 •   delt=EwCoARAnAAAUgxwUrFTrj0j98kTTv4OX
     %2FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf
     %2B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqd
     S0HNJZW9xAUoD2MOqUz7RxqY
     %2FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%2B2Iot56
     mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5E
     YNJqxMXG8tZhe87ylkvESebImX
     %2B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu
     6dZ5FbspeKlPCi7pxjevW1WAHuoJY9oow
     %2FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w
     8G9syt4%2F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2t
     pW%2BBjFEgy8w%2Fc5wb66At7V4Vs1ccbiBJ7pC
     %2F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6
     kAAA%3D%3D
 •   &exp=1196836447
Delegated Auth Consent Refresh                     Live Services
                                                   Synchronizing Life




Request
  Don’t panic! The SDK libraries handle all this for you!

• http://consent.live.com/RefreshToken.aspx
   – ?ru=http://mydomain.myapp.com/
     ReturnURL.aspx
   – &ps=Contacts.View,Contacts.Update
   – &reft=F7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0
     nFx
   – gB33czSkOgk0Ht5n8LGLZW2Mgo06dpFYonRF0e
     0ha
   – sWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI6RqYn
     DS
   – BgkNqKPQtUbIN%252F%252FXQ
     %252B7qUnzyWvn
   – SA%253D%253D
   – &app=appid%3d10000%26ts
DelAuth Consent Refresh                                           Live Services
                                                                  Synchronizing Life



Response - Raw JSON
     Don’t panic! The SDK libraries handle all this for you!
 •   {
         – quot;ConsentTokenquot;:
         – quot;delt%3dEwCoARAnAAAUgxwUrFTrj0j98kTTv4OX
           %252FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf
           %252B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqdS
           0HNJZW9xAUoD2MOqUz7RxqY
           %252FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%252B2Iot5
           6mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5EYNJ
           qxMXG8tZhe87ylkvESebImX
           %252B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu6d
           Z5FbspeKlPCi7pxjevW1WAHuoJY9oow
           %252FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w8
           G9syt4%252F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2tpW
           %252BBjFEgy8w%252Fc5wb66At7V4Vs1ccbiBJ7pC
           %252F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6k
           AAA%253D%253D%26reft
           %3dF7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0nFxgB33czSkOgk0Ht5n8L
           GLZW2Mgo06dpFYonRF0e0hasWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI
           6RqYnDSBgkNqKPQtUbIN%252F%252FXQ%252B7qUnzyWvnSA%253D
           %253D%26skey%3diS30MXEnIJj7K6HpwUBrXR5isE9rN9zq%26offer
           %3dContacts.View,Contacts.Update%3a1228350847%26exp
           %3d1196836447%26sig%3dC1itgV6AL7%252F
           %252BJFnML1unjGZ6nNNjQsrb8%252BcTtmNAzp8%253D%26lid
           %3df8eb4468555a951equot;
Delegated Auth Protocol Drilldown                                                                         Live Services
                                                                                                          Synchronizing Life




 User’s         3rd Party WLID               WL RP        Supplies ‘on behalf of’ functionality
Browser         Website Service              Service         App can act on behalf of the user
                                                                    Subject to user’s consent
     Access 3rd party                                               For a specific “offer” only (eg Calendar.Read)
 1        app
                                                                    For a defined time period
                                                          Re-use / Extend existing building blocks
 2       Redirect to
          Consent                                            WS-Trust RequestSecurityToken ‘on-behalf of’
                                                                element
 3           Request user
                                                             Re-use existing tokens – SAML and Compact – with
            consent & token
                                                                new elements – ‘appid’ and “Offer”
 4         Redirect to 3rd party
                                                             Use Roles and Sharing for storing Permissions
              app w/ token
                                                          Scenarios that are enabled
 5Post token to app                                          Supply auth mechanism for 3rd parties to call WL APIs
                                                                – Facebook, match.com
 6                       Request user data                   Exchange 14 calendar sharing
                           w/ app token                      Application authentication – Echoes
 7                        Return data for the
                                                          Existing WL services integrate easily
                           user to the app                   RPS Validates the App token, same as auth Token
 8                                                           RPS is configured to map the API to the “Offer” in the
        App render                                              app token
        data to user
 9                                                           App can perform additional AuthZ checks if needed
                         Renew                            Basic flow
                         token                               App needs a token to access WL API
10                               Request                     Send user to a consent URL with identifier for “Offer”
                               updated data
                                                                consent is needed for
11
        render data to                                       User grants consent and a token is return to the App
            user                                             App uses the token to make authenticated call WL
                                                                API
                                                             Token has expiration. Can be renewed by the app if
                                                                consent is still valid
Agenda                      Live Services
                            Synchronizing Life




• LiveID OverView
• Advantages and Drivers
• Types of Authentication
  – WebAuth
  – DelAuth
  – ClientAuth
• Contacts
• Summary
• Discussion
Client SDK                                Live Services
                                          Synchronizing Life




• Integrate Desktop Applications to use
  Live ID
• SDK provides a managed API
• No need to worry about technical
  details of authentication
  – Live ID authentication manages this
    process
• Not necessary to bother about storing
demo
                           Live Services
                           Synchronizing Life




Desktop Client Auth Demo
Live Services
                         Synchronizing Life




Announced at
PDC        Windows Live ID
      OpenID Provider
           Embracing
             Open
             Standards
Windows Live ID OpenID Provider                                                Live Services
                                                                               Synchronizing Life




             Microsoft is becoming an
               OpenID Provider (OP)
                                                     Next Steps - Try the Live ID
 Use your Windows Live ID account                    OP
                                                     1. Set up a Live ID INT account:
                 to                                    https://setup.Live-INT.com/
 sign-in to any OpenID 2.0 enabled                   2. Set up OpenID alias: https://
 What is OpenID?                                       OpenID.Live-INT.com /beta/
                      Web site
 • “Open ID is a free and easy way to use a single     ManageOpenID.srf
   digital identity across the Internet”             3. Users: Use OpenID 2.0 login
  Source: OpenID Foundation - http://openid.net/
 • OpenID eliminates the need for multiple             URI:OpenID.Live-
   usernames across different websites                 INT.com
 Key Implementation Details                          4. Library developers: Test
  Create
                                                       interop with the Live ID OP
        OpenID Alias attached to your Live ID
  account                                              endpoint
  Authenticate
                                                     5. Web site owners: Test Live ID
                  with alias + account credentials
  Choice:
         Either global unique (public) or pair-
  wise anonymous (private) identifier returned to
  RP
OpenID Sign-in Request                                           Live Services
                                                                 Synchronizing Life



(URL decoded for readability)

    Don’t panic! The SDK libraries handle all this for you!
•    GET http://openid.live-INT.com/OpenIDAuth.srf
      – ?openid.mode=checkid_setup
      – &openid.identity=http%3a%2f%2fopenid.live-int.com%2fjthelin
      – &openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0
      – &openid.claimed_id=http%3a%2f%2fopenid.live-int.com%2fjthelin
      – &openid.realm=http%3a%2f%2flocalhost%3a49413%2f
      – &openid.return_to=http%3a%2f%2flocalhost%3a49413%2flogin.aspx
        %3fReturnUrl%3d%252fDefault.aspx%26token%3dAbu8voGNbjk2%252fH
        %252bWGN4vgbrzsETS0aCY%252bCSc%252frV
        %252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQ
        podHRwOi8vanRoZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaH
        R0cDovL3BpcC52ZXJpc2lnbmxhYnMuY29tL3NlcnZlcg0KMi4wDQo%253d
      – &openid.assoc_handle=d7d181a0-632e-11dd-ba82-f91efcd7aef7
•    HTTP/1.1
OpenID Sign-in Response                                                          Live Services
                                                                                 Synchronizing Life



(URL decoded for readability)
    Don’t panic! The SDK libraries handle all this for you!
•    GET /login.aspx
      –   ?ReturnUrl=/Default.aspx
      –   &token=Abu8voGNbjk2/H+WGN4vgbrzsETS0aCY+CSc/rV
          +o6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8vanR
          oZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaHR0cDovL3BpcC52ZXJpc2lnbm
          xhYnMuY29tL3NlcnZlcg0KMi4wDQo=
      –   &openid.assoc_handle=d7d181a0-632e-11dd-ba82-f91efcd7aef7
      –   &openid.response_nonce=2008-08-05T20:42:15ZiBs=
      –   &openid.ns=http://specs.openid.net/auth/2.0
      –   &openid.mode=id_res
      –   &openid.op_endpoint=http://openid.live-int.com/openidauth.srf
      –   &openid.claimed_id=http://openid.live-int.com/jthelin
      –   &openid.sig=kdXRyifqU0vd6H4kjgY5kgwmq4nN5ZhXBSck/bfLMDg=
      –   &openid.identity=http://openid.live-int.com/jthelin
      –   &openid.signed=assoc_handle,identity,response_nonce,return_to,claimed_id,op_end
          point
      –   &openid.return_to=http%3a%2f%2flocalhost%3a49413%2flogin.aspx%3fReturnUrl%3d
          %252fDefault.aspx%26token%3dAbu8voGNbjk2%252fH%252bWGN4vgbrzsETS0aCY
          %252bCSc%252frV
          %252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8
Agenda                      Live Services
                            Synchronizing Life




• LiveID OverView
• Advantages and Drivers
• Types of Authentication
  – WebAuth
  – DelAuth
  – ClientAuth
• Contacts
• Summary
• Discussion
demo
                                         Live Services
                                         Synchronizing Life




Live Contacts

Enabling apps to be secure – Delegated
Authentication
Agenda                      Live Services
                            Synchronizing Life




• LiveID OverView
• Advantages and Drivers
• Types of Authentication
  – WebAuth
  – DelAuth
  – ClientAuth
• Contacts
• Summary
• Discussion
Summary – Windows Live ID                             Live Services
                                                      Synchronizing Life




• The biggest identity provider on the planet!

• … but Live ID platform is much more than just the
  familiar login box

• Various types of users and various authentication
  models are supported

• Sign-in and Sign-up page customizations

• Increasing focus on enabling federation and enterprise
  access to online services

• Ease-of-use is always the goal
  ..... and the challenge!
Summary                                           Live Services
                                                  Synchronizing Life


Live Identity Services
Identity Integration


Web Authentication


Screen Customization


Delegated Authentication


Client Authentication


Federated Authentication


OpenID Support



   Core Principles                 Into the
  • Ease of use                   Future
  • Rich functionality            • More ease of
  • Open and                        use – for users
    Standards-based
  • Personal +             Easy     and developers
                                  • More
Questions?
                         Live Services
                         Synchronizing Life




Discussion

Please use microphones
Live Identity Services                                                              Live Services
                                                                                    Synchronizing Life


Resources and links
 • Windows Live ID Developer Center - http://dev.live.com/liveid
   – Windows Live ID   Articles on MSDN - http://go.microsoft.com/fwlink/?LinkId=111111
   – Windows Live ID   Documentation on MSDN - http://msdn2.microsoft.com/en-us/library/
     bb404787.aspx
   – Windows Live ID   Developer Forum - http://go.microsoft.com/fwlink/?LinkID=78146
   – Windows Live ID   Team Blog - http://winliveid.spaces.live.com
 • Windows Live ID Whitepapers
   – Introduction to Windows Live ID - http://msdn2.microsoft.com/en-us/library/
     bb288408.aspx
   – Understanding Windows Live Delegated Authentication - http://msdn2.microsoft.com/
     en-us/library/cc287613.aspx
   – Windows Live ID Federation - http://msdn2.microsoft.com/en-us/library/
     cc287610.aspx
 • Windows Live ID Documentation and SDKs
   – Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?
     LinkID=91762
     Web Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkID=91761
   – Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?
     LinkID=107420
     Delegated Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkId=107419
   – Windows Live ID Client SDK download - http://go.microsoft.com/fwlink/?LinkId=86974
 • Delegated Authentication Resource Providers List - http://go.microsoft.com/
   fwlink/?LinkID=108535

More Related Content

What's hot

Cloudforce Essentials 2012 - Understanding Force.com in 60 Minutes or Less
Cloudforce Essentials 2012 - Understanding Force.com  in 60 Minutes or LessCloudforce Essentials 2012 - Understanding Force.com  in 60 Minutes or Less
Cloudforce Essentials 2012 - Understanding Force.com in 60 Minutes or LessSalesforce_APAC
 
Mesh-Enabled Web Applications
Mesh-Enabled Web ApplicationsMesh-Enabled Web Applications
Mesh-Enabled Web Applicationsgoodfriday
 
GlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans HrasnaGlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans HrasnaEduardo Pelegri-Llopart
 
Ibm Java在企业级开发中的应用
Ibm Java在企业级开发中的应用Ibm Java在企业级开发中的应用
Ibm Java在企业级开发中的应用George Ang
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 PredictionsFlexera
 
15 Ace 2010 Share Point Plm
15 Ace 2010 Share Point Plm15 Ace 2010 Share Point Plm
15 Ace 2010 Share Point PlmProdeos
 
Data in your SOA: From SQL to NoSQL and Beyond
Data in your SOA: From SQL to NoSQL and BeyondData in your SOA: From SQL to NoSQL and Beyond
Data in your SOA: From SQL to NoSQL and BeyondWSO2
 
The 'SharePoint and...Story
The 'SharePoint and...StoryThe 'SharePoint and...Story
The 'SharePoint and...StorySentri
 
La qualità delle applicazioni Web
La qualità delle applicazioni WebLa qualità delle applicazioni Web
La qualità delle applicazioni WebRoberto Polillo
 
EPC Group - Comparing SharePoint 2010 Versions and Functionallity - SharePoin...
EPC Group - Comparing SharePoint 2010 Versions and Functionallity - SharePoin...EPC Group - Comparing SharePoint 2010 Versions and Functionallity - SharePoin...
EPC Group - Comparing SharePoint 2010 Versions and Functionallity - SharePoin...EPC Group
 
2. FOMS _ FeedHenry_ Mícheál Ó Foghlú
2. FOMS _ FeedHenry_ Mícheál Ó Foghlú2. FOMS _ FeedHenry_ Mícheál Ó Foghlú
2. FOMS _ FeedHenry_ Mícheál Ó FoghlúFOMS011
 
(ATS3-GS03) Accelrys Enterprise Platform Deeper Dive
(ATS3-GS03) Accelrys Enterprise Platform Deeper Dive(ATS3-GS03) Accelrys Enterprise Platform Deeper Dive
(ATS3-GS03) Accelrys Enterprise Platform Deeper DiveBIOVIA
 
Sap microsoft interoperability sitnl 08-12-2012
Sap microsoft interoperability sitnl 08-12-2012Sap microsoft interoperability sitnl 08-12-2012
Sap microsoft interoperability sitnl 08-12-2012Twan van den Broek
 
Ow2 Open World Forum09 Trustie Project
Ow2 Open World Forum09 Trustie ProjectOw2 Open World Forum09 Trustie Project
Ow2 Open World Forum09 Trustie ProjectOW2
 
E2.0 - Next Generation Portal and Content Management
E2.0 - Next Generation Portal and Content ManagementE2.0 - Next Generation Portal and Content Management
E2.0 - Next Generation Portal and Content Managementmuratc2a
 
Compuware APM Solution
Compuware APM SolutionCompuware APM Solution
Compuware APM Solutionbackfire_88
 

What's hot (20)

Asap session 1
Asap session 1Asap session 1
Asap session 1
 
Configuring and deploying a private cloud with system center 2012
Configuring and deploying a private cloud with system center 2012Configuring and deploying a private cloud with system center 2012
Configuring and deploying a private cloud with system center 2012
 
Cloudforce Essentials 2012 - Understanding Force.com in 60 Minutes or Less
Cloudforce Essentials 2012 - Understanding Force.com  in 60 Minutes or LessCloudforce Essentials 2012 - Understanding Force.com  in 60 Minutes or Less
Cloudforce Essentials 2012 - Understanding Force.com in 60 Minutes or Less
 
Mesh-Enabled Web Applications
Mesh-Enabled Web ApplicationsMesh-Enabled Web Applications
Mesh-Enabled Web Applications
 
GlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans HrasnaGlassFish Mobility Platform - Hans Hrasna
GlassFish Mobility Platform - Hans Hrasna
 
Ibm Java在企业级开发中的应用
Ibm Java在企业级开发中的应用Ibm Java在企业级开发中的应用
Ibm Java在企业级开发中的应用
 
Grottarossa:Why?
Grottarossa:Why?Grottarossa:Why?
Grottarossa:Why?
 
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions2010 Software Licensing and Pricing Survey Results and 2011 Predictions
2010 Software Licensing and Pricing Survey Results and 2011 Predictions
 
15 Ace 2010 Share Point Plm
15 Ace 2010 Share Point Plm15 Ace 2010 Share Point Plm
15 Ace 2010 Share Point Plm
 
Data in your SOA: From SQL to NoSQL and Beyond
Data in your SOA: From SQL to NoSQL and BeyondData in your SOA: From SQL to NoSQL and Beyond
Data in your SOA: From SQL to NoSQL and Beyond
 
The 'SharePoint and...Story
The 'SharePoint and...StoryThe 'SharePoint and...Story
The 'SharePoint and...Story
 
La qualità delle applicazioni Web
La qualità delle applicazioni WebLa qualità delle applicazioni Web
La qualità delle applicazioni Web
 
Final Academic Project
Final Academic ProjectFinal Academic Project
Final Academic Project
 
EPC Group - Comparing SharePoint 2010 Versions and Functionallity - SharePoin...
EPC Group - Comparing SharePoint 2010 Versions and Functionallity - SharePoin...EPC Group - Comparing SharePoint 2010 Versions and Functionallity - SharePoin...
EPC Group - Comparing SharePoint 2010 Versions and Functionallity - SharePoin...
 
2. FOMS _ FeedHenry_ Mícheál Ó Foghlú
2. FOMS _ FeedHenry_ Mícheál Ó Foghlú2. FOMS _ FeedHenry_ Mícheál Ó Foghlú
2. FOMS _ FeedHenry_ Mícheál Ó Foghlú
 
(ATS3-GS03) Accelrys Enterprise Platform Deeper Dive
(ATS3-GS03) Accelrys Enterprise Platform Deeper Dive(ATS3-GS03) Accelrys Enterprise Platform Deeper Dive
(ATS3-GS03) Accelrys Enterprise Platform Deeper Dive
 
Sap microsoft interoperability sitnl 08-12-2012
Sap microsoft interoperability sitnl 08-12-2012Sap microsoft interoperability sitnl 08-12-2012
Sap microsoft interoperability sitnl 08-12-2012
 
Ow2 Open World Forum09 Trustie Project
Ow2 Open World Forum09 Trustie ProjectOw2 Open World Forum09 Trustie Project
Ow2 Open World Forum09 Trustie Project
 
E2.0 - Next Generation Portal and Content Management
E2.0 - Next Generation Portal and Content ManagementE2.0 - Next Generation Portal and Content Management
E2.0 - Next Generation Portal and Content Management
 
Compuware APM Solution
Compuware APM SolutionCompuware APM Solution
Compuware APM Solution
 

Viewers also liked

Benson Pecha Kucha
Benson Pecha KuchaBenson Pecha Kucha
Benson Pecha Kuchambenson75
 
UX勉強会(第十章)
UX勉強会(第十章)UX勉強会(第十章)
UX勉強会(第十章)Takumi KASHIMA
 
UX勉強会(第十五章)
UX勉強会(第十五章)UX勉強会(第十五章)
UX勉強会(第十五章)Takumi KASHIMA
 
UX勉強会(第五章)
UX勉強会(第五章)UX勉強会(第五章)
UX勉強会(第五章)Takumi KASHIMA
 
UX勉強会(第四章)
UX勉強会(第四章) UX勉強会(第四章)
UX勉強会(第四章) Takumi KASHIMA
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your BusinessBarry Feldman
 

Viewers also liked (7)

Benson Pecha Kucha
Benson Pecha KuchaBenson Pecha Kucha
Benson Pecha Kucha
 
UX勉強会(第十章)
UX勉強会(第十章)UX勉強会(第十章)
UX勉強会(第十章)
 
UX勉強会(第十五章)
UX勉強会(第十五章)UX勉強会(第十五章)
UX勉強会(第十五章)
 
動画のあれこれ
動画のあれこれ動画のあれこれ
動画のあれこれ
 
UX勉強会(第五章)
UX勉強会(第五章)UX勉強会(第五章)
UX勉強会(第五章)
 
UX勉強会(第四章)
UX勉強会(第四章) UX勉強会(第四章)
UX勉強会(第四章)
 
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business32 Ways a Digital Marketing Consultant Can Help Grow Your Business
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
 

Similar to 02 Ms Online Identity Session 1

6.Live Framework 和Mesh Services
6.Live Framework 和Mesh Services6.Live Framework 和Mesh Services
6.Live Framework 和Mesh ServicesGaryYoung
 
Compliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement ManagementCompliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement ManagementNoam Bunder
 
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
Toronto Share Point Camp 2009   Social Computing With Share Point & Silverlig...Toronto Share Point Camp 2009   Social Computing With Share Point & Silverlig...
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...Andy Nogueira
 
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackCloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackbuildacloud
 
Venus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScienceVenus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScienceOW2
 
Webinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformWebinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformService2Media
 
Tech Ed 09 - Arc302 - Analysis and Architecture
Tech Ed 09 -  Arc302  - Analysis and ArchitectureTech Ed 09 -  Arc302  - Analysis and Architecture
Tech Ed 09 - Arc302 - Analysis and Architecturemhessinger
 
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise ArchitecturesBIOVIA
 
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012OpenCity Community
 
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...Lucas Jellema
 
Federal Cloud Computing Initiative
Federal Cloud Computing InitiativeFederal Cloud Computing Initiative
Federal Cloud Computing InitiativeGovCloud Network
 
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...Lucas Jellema
 
DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013Sanjeev Sharma
 
2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical Update2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical UpdateWSO2
 
IBM Pulse 2013 session - DevOps for Mobile Apps
IBM Pulse 2013 session - DevOps for Mobile AppsIBM Pulse 2013 session - DevOps for Mobile Apps
IBM Pulse 2013 session - DevOps for Mobile AppsSanjeev Sharma
 
IT Modernization and Cloud Computing
IT Modernization and Cloud ComputingIT Modernization and Cloud Computing
IT Modernization and Cloud ComputingBarry Gervin
 

Similar to 02 Ms Online Identity Session 1 (20)

6.Live Framework 和Mesh Services
6.Live Framework 和Mesh Services6.Live Framework 和Mesh Services
6.Live Framework 和Mesh Services
 
Compliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement ManagementCompliance and Governance Through Complex Entitlement Management
Compliance and Governance Through Complex Entitlement Management
 
IT Governance Portals
IT Governance   PortalsIT Governance   Portals
IT Governance Portals
 
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
Toronto Share Point Camp 2009   Social Computing With Share Point & Silverlig...Toronto Share Point Camp 2009   Social Computing With Share Point & Silverlig...
Toronto Share Point Camp 2009 Social Computing With Share Point & Silverlig...
 
Sybase Unwired Platform- Introduction to Mobility
Sybase Unwired Platform- Introduction to MobilitySybase Unwired Platform- Introduction to Mobility
Sybase Unwired Platform- Introduction to Mobility
 
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackCloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stack
 
Venus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScienceVenus-c: Using open source clouds in eScience
Venus-c: Using open source clouds in eScience
 
Webinar The App Lifecycle Platform
Webinar The App Lifecycle PlatformWebinar The App Lifecycle Platform
Webinar The App Lifecycle Platform
 
Tech Ed 09 - Arc302 - Analysis and Architecture
Tech Ed 09 -  Arc302  - Analysis and ArchitectureTech Ed 09 -  Arc302  - Analysis and Architecture
Tech Ed 09 - Arc302 - Analysis and Architecture
 
Chris Kemp: NASA Nebula
Chris Kemp: NASA NebulaChris Kemp: NASA Nebula
Chris Kemp: NASA Nebula
 
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
 
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
Dell open stack powered cloud solution introduce & crowbar demo cosug-2012
 
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
Manage Agility through Manage-ability – Introducing Design Time at Run Time ...
 
Federal Cloud Computing Initiative
Federal Cloud Computing InitiativeFederal Cloud Computing Initiative
Federal Cloud Computing Initiative
 
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
Instant Agility in Oracle Fusion Middleware through Design Time @ Run Time (O...
 
DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013DevOps for Mobile - DevOpsDays, NY, 2013
DevOps for Mobile - DevOpsDays, NY, 2013
 
2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical Update2009 Q2 WSO2 Technical Update
2009 Q2 WSO2 Technical Update
 
Unwired Platform
Unwired PlatformUnwired Platform
Unwired Platform
 
IBM Pulse 2013 session - DevOps for Mobile Apps
IBM Pulse 2013 session - DevOps for Mobile AppsIBM Pulse 2013 session - DevOps for Mobile Apps
IBM Pulse 2013 session - DevOps for Mobile Apps
 
IT Modernization and Cloud Computing
IT Modernization and Cloud ComputingIT Modernization and Cloud Computing
IT Modernization and Cloud Computing
 

Recently uploaded

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 

Recently uploaded (20)

AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 

02 Ms Online Identity Session 1

  • 1. Live Services Synchronizing Life Online Identity Easing the pain of identity integration
  • 2. Agenda Live Services Synchronizing Life • LiveID OverView • Advantages and Drivers • Types of Authentication – WebAuth – DelAuth – ClientAuth • Contacts • Summary • Discussion
  • 3. Session objectives and takeaways Live Services Synchronizing Life • At the end of this session the audience should understand LiveID and how to use it. • Feel confident and comfortable to go and start creating apps that use LiveID.
  • 4. Agenda Live Services Synchronizing Life • LiveID OverView • Advantages and Drivers • Types of Authentication – WebAuth – DelAuth – ClientAuth • Contacts • Summary • Discussion
  • 5. Microsoft Identity Software + Services Live Services Synchronizing Life One identity model that puts users in control of their identities Flexibility via Enhances Developer Standards Based Choice Productivity Claims-Based Access Services Live Micros .Net Access Identity oft Control Service Federat Service Software “Gene Micros Windo “Gene Live ws va” Frame Active CardS Frame work
  • 6. Live ID within the Live Framework Live Services Synchronizing Life Libraries .NET FX 3.5 APIs Silverlight APIs JavaScript APIs Client Controls Web Controls … Tools & Services Resource Model Developer ATOM JSON POX RSS Binary XML Portal AtomPub FeedSync Resource CRUD Sync URI-LINQ Triggers Auth/Z Hosting Introspection Scripts Core Data Communications App Model Provisioning / User Account Identity P2P Catalog Management Folders News Device Mesh Notifications Hosting Photos Favorites Applications Presence Mesh Applications Angus Logan 10/2/08 Contacts Groups Replace HOSTING App Data & Settings Profile Calendar Visual Studio Application Management Tools / System Designers Geospatial Search Live Operating Environment Analytics CRUD Sync App Hosting CRUD Sync Hosting Resource Script Auth/Z Angus Analytics Logan 10/2/08 Resource Script Engine Auth/Z Local Store Engine Replace Hosting Cache … P2P File Sys … Cloud Client Angus Logan 10/2/08 Developer Sandbox Replace Hosting Windows “Strata” Windows Embedded Windows Mobile Other
  • 7. Live Services Synchronizing Life Live ID Hotmail Messenger Spaces Live Search Alerts Live.com Live Search Sky Drive Mail Photo Gallery Events Maps Expo Gallery Calendar Agents Gadgets Writer Windows Live Contacts for Mobile OneCare Toolbar QnA Favorites
  • 8. Find Identity User Data Notifications Infrastructure Live Services & Locate & Messaging Synchronizing Life Live Search Live ID Contacts Messenger Admin Center Virtual Earth Photos Alerts Silverlight Streaming App Storage Agents Terms of Service
  • 9. The Life of an App Developer Live Services Synchronizing Life Business logic … Identity Provider availability and reliability Anti-spam account detection IdP QoS Trust relationship management Child account legal and parental controlsOn-boarding Identity Account sign-up / management “pain” Different principal types AuthN Different authentication protocols Operating Environment
  • 10. Live ID Identity Services Principles Live Services Synchronizing Life Above all: SECURE! Consume Open & Rich r+ Federatio Ease of Standard functiona Enterpris n friendly use s-based lity e
  • 11. Live Services Synchronizing Life Integrating with Live ID
  • 12. Steps to Identity Integration - APPZ Live Services Synchronizing Life Authentication A Auth Protocols Principal Types Policy P Trust relationships Auth token policies Profile P Account registration Membership DB AuthoriZation Z Claims Roles Access control
  • 13. Live Identity Services Live Services Synchronizing Life Integration SDKs Web ••Web site integration Windows Live ID ••Co-branded user experience Web Application ••Open source samples in 7 languages – (Authentication C#, VB, Java, Perl, PHP, Ruby, Python Authentication Web ••App provider accessing u Windows Live ID ser data stored in Live Delegated Application Services (Delegation) ••Open source samples in 7 languages – Authentication ••ASP.NET controls  simplified integration Windows Live ASP.NET ••Controls: IDLogin, IDLoginView, Tools Contacts, SilverlightStreaming Windows Rich ••Rich client applications Windows Live ID ••Windows Client OS Client Client SDK Application
  • 14. Windows Live ID – Type of Identity Live Services Synchronizing Life Principal Types Credential Types • [Strong] Password, Pin • eID / Smart card • CardSpace Types of Live ID Users The Passwo • Live / Hotmail rd • EASI (“E-mail As Anti- Pattern Sign-In”) !
  • 15. Agenda Live Services Synchronizing Life • LiveID OverView • Advantages and Drivers • Types of Authentication – WebAuth – DelAuth – ClientAuth • Contacts • Summary • Discussion
  • 16. Everything needs an ID - Why LiveID? Live Services Synchronizing Life • You the end user don’t have to worry about setting up and maintaining the back end infrastructure required for AuthZ and AuthN • LiveID Services takes care of it for you. • LiveID Services is always online, secure, backed up and available • Based on Open standards and platform neutral • Easy to provision, access and use • Technology agnostic • Move seamlessly across multiple applications/ services - A Single Sign In service • Last but not least – largest collection of users on a system – close to half a billion users already use LiveID. So it’s easy to tap into this vast existing user base for your customer base or audience.
  • 17. Live ID – Rich Functionality Live Services Synchronizing Life • Provides an identity platform: m ore – An authentication platform M uch the be hind ox! A delegation platform b – lo gin – A federation platform – A user and service provisioning platform – The first line of anti-spam defense • All delivered as Software + Services – Cloud hosted authentication services – Client SDK libraries – 6 languages / multi platform • ASP.NET (C# + VB), Java, Perl, Python, Ruby
  • 18. Agenda Live Services Synchronizing Life • LiveID OverView • Advantages and Drivers • Types of Authentication – WebAuth – DelAuth – ClientAuth • Contacts • Summary • Discussion
  • 19. Live Services Synchronizing Life demo Live Identity Services Web Authentication Enabling apps to be secure
  • 20. Web Authentication Protocol Overview Live Services Synchronizing Life Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/? LinkID=91762 1 Relying Party Web Site e.g., Contoso.com End User w/web 2 Integration Steps: 1. Register AppID browser 4 2. Get WebAuth library module from SDK 5 3. Use WL Tool ASP.NET controls – IDLoginStatus and/or IDLoginView 4. Create Member ID association 2 page (optional) 5. Test & deploy! 3 3 4 Windows Live ID service
  • 21. Windows Live Tools Live Services Synchronizing Life IDLoginStatus Control (ASP.NET) • <live:IDLoginStatus – ID=quot;IDLoginStatus1quot; – runat=quot;serverquot; – ApplicationContext=quot;welcomepagequot; – BackColor=quot;#E5ECE5“ – onserversignin= • quot;IDLoginStatus1_ServerSignInquot; •onserversignout= –quot;IDLoginStatus1_ServerSignOutquot; • />
  • 22. WebAuth Sign-in Control Live Services Synchronizing Life (Cross-platform HTML – URL decoded for readability) • <iframe id=quot;WebAuthControlquot; – src=quot;http://login.live.com/controls/ WebAuth.htm ?appid=<%=AppId%> &context=welcomepage Existing: WebAuth.htm &style=font-size=10pt; – +font-family=verdana; New: WebAuthLogo.htm – +font-style=normal; – +font-weight=bold; New: – +background=white; WebAuthButton.htm – +color=black;quot; • width=quot;80pxquot; height=quot;20pxquot;> • </iframe>
  • 23. WebAuth Sign-in Messages Live Services Synchronizing Life Don’t panic! The SDK libraries handle all this for you! ••GET http://login.live.com/wlogin.srf Sign-in ?appid=00167FFE80002700 &appctx=welcomepage Request HTTP/1.1 ... ••POST http://www.mydomain.com/ Encrypted Contents: wl-handler.aspx HTTP/1.1 appid=<applicationid > Sign-in action=login &uid=<user identifier> Response &appctx=welcomepage &ts=<timestamp> &sig=<signature> &stoken=MA12BCF0012BAM567890 MABD123456ABCDEF12345667890
  • 24. Live Services Synchronizing Life Live ID Services Web Authentication Sign-in Screen Customization Enabling seamless sign-in / sign-up user experience
  • 25. Customizable Sign-in Screen Live Services Synchronizing Life • Flexible sign-in customization options allow creative and seamless user Customizable Contents Area (Orange) Elements that can be customized. Partner Logo Task integration statement Task statement Product description Sign up section Header background Customizable Theme Area (Blue) Elements cannot Sign-up section change. Customize look & feel. Font color Background color Button color User tile color Live ID description color
  • 26. Sign-in Screen Customization Live Services Synchronizing Life • <WhiteLabelProperties> – <Logo>STRID_LOGO</Logo> – <LogoAltText>STRID_LOGOALTTEXT</LogoAltText> – <HeaderBkgndColor>#336633</HeaderBkgndColor> – <BkgndColor>#e5ece5</BkgndColor> – <FontColorLight>#b5781e</FontColorLight> – <FontColorLink>#b5781e</FontColorLink> – <ButtonColor>#9EB39B</ButtonColor> – <ButtonBorder>#336633</ButtonBorder> – <FontColor>black</FontColor> – <UserTileColor>#C6D6B9</UserTileColor> • </WhiteLabelProperties> • <SiteLoginUIProperties> – <Header id =quot;defaultquot;>STRID_HEADER</Header> – <Title id=quot;defaultquot;>STRID_TITLE</Title> – <Subtitle id=quot;defaultquot;>STRID_SUBTITLE</Subtitle> • </SiteLoginUIProperties> • <StringTable> – <Language langID=quot;enquot;> • <String id=quot;STRID_HEADERquot;>To make a Reservation, Sign in with your Windows Live ID</String> • <String id=quot;STRID_TITLEquot;>Welcome to AdventureWorks Resorts</String>
  • 27. Customizable Registration Live Services Synchronizing Life • Flexible registration screen options Header image Task integration Username Password Password reset question / Alt e-mail Profile info CAPTCHA ToS
  • 28. Agenda Live Services Synchronizing Life • LiveID OverView • Advantages and Drivers • Types of Authentication – WebAuth – DelAuth – ClientAuth • Contacts • Summary • Discussion
  • 29. Live Services Synchronizing Life Live Identity Services Delegated Enabling data portability
  • 30. Delegated Auth Protocol Live Services Synchronizing Life Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/? LinkID=107420 End User “Granting Consent” phase (user must be w/ browser online) Direct user to consent UI Consent UI (consent.live.com) Receive consent token Integration Steps: Application “Using Consent” Phase (user can be offline) 1. Register AppID Provider 2. Get DelAuth library (web site) Send delegation token Resource module from SDK with API call to resource Provider (e.g., 3. Create consent Windows request URL link Receive data Live Contacts) 4. Create auth callback handler page Send refresh token Windows Live ID 5. Create store for consent tokens (optional) Delegation 6. Send RP data Receive new consent token Service request and process reply 7. Test & deploy!
  • 31. Requesting Delegated Auth Live Services Synchronizing Life Don’t panic! The SDK libraries handle all this for you! • https://consent.live.com/ delegation.aspx – ?ru=http://mydomain.myapp.com/ReturnURL.aspx – &ps=Contacts.View,Contacts.Update – &pl=http://mydomain.myapp.com/PrivacyPolicy.htm 1=Compact token, 2=SAML – &ttype=1 token – &mkt=en-US – &app=appid%3d10000%26ts%3d1193445084%26ip %3d157.56.190.178%26sig %3d7HgcsIEheEVO30BuPAEJhJeB8Pz0xHBV%252f %252bQD27AOdmI%253d Application Verifier token: AppID, Timestamp, Client IP, SHA256 signature
  • 32. DelAuth Consent Token Response Live Services Synchronizing Life (URL Decoded) Don’t panic! The SDK libraries handle all this for you! • delt=EwCoARAnAAAUgxwUrFTrj0j98kTTv4OX %2FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf %2B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqd S0HNJZW9xAUoD2MOqUz7RxqY %2FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%2B2Iot56 mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5E YNJqxMXG8tZhe87ylkvESebImX %2B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu 6dZ5FbspeKlPCi7pxjevW1WAHuoJY9oow %2FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w 8G9syt4%2F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2t pW%2BBjFEgy8w%2Fc5wb66At7V4Vs1ccbiBJ7pC %2F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6 kAAA%3D%3D • &exp=1196836447
  • 33. Delegated Auth Consent Refresh Live Services Synchronizing Life Request Don’t panic! The SDK libraries handle all this for you! • http://consent.live.com/RefreshToken.aspx – ?ru=http://mydomain.myapp.com/ ReturnURL.aspx – &ps=Contacts.View,Contacts.Update – &reft=F7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0 nFx – gB33czSkOgk0Ht5n8LGLZW2Mgo06dpFYonRF0e 0ha – sWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI6RqYn DS – BgkNqKPQtUbIN%252F%252FXQ %252B7qUnzyWvn – SA%253D%253D – &app=appid%3d10000%26ts
  • 34. DelAuth Consent Refresh Live Services Synchronizing Life Response - Raw JSON Don’t panic! The SDK libraries handle all this for you! • { – quot;ConsentTokenquot;: – quot;delt%3dEwCoARAnAAAUgxwUrFTrj0j98kTTv4OX %252FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf %252B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqdS 0HNJZW9xAUoD2MOqUz7RxqY %252FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%252B2Iot5 6mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5EYNJ qxMXG8tZhe87ylkvESebImX %252B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu6d Z5FbspeKlPCi7pxjevW1WAHuoJY9oow %252FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w8 G9syt4%252F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2tpW %252BBjFEgy8w%252Fc5wb66At7V4Vs1ccbiBJ7pC %252F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6k AAA%253D%253D%26reft %3dF7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0nFxgB33czSkOgk0Ht5n8L GLZW2Mgo06dpFYonRF0e0hasWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI 6RqYnDSBgkNqKPQtUbIN%252F%252FXQ%252B7qUnzyWvnSA%253D %253D%26skey%3diS30MXEnIJj7K6HpwUBrXR5isE9rN9zq%26offer %3dContacts.View,Contacts.Update%3a1228350847%26exp %3d1196836447%26sig%3dC1itgV6AL7%252F %252BJFnML1unjGZ6nNNjQsrb8%252BcTtmNAzp8%253D%26lid %3df8eb4468555a951equot;
  • 35. Delegated Auth Protocol Drilldown Live Services Synchronizing Life User’s 3rd Party WLID WL RP  Supplies ‘on behalf of’ functionality Browser Website Service Service  App can act on behalf of the user  Subject to user’s consent Access 3rd party  For a specific “offer” only (eg Calendar.Read) 1 app  For a defined time period  Re-use / Extend existing building blocks 2 Redirect to Consent  WS-Trust RequestSecurityToken ‘on-behalf of’ element 3 Request user  Re-use existing tokens – SAML and Compact – with consent & token new elements – ‘appid’ and “Offer” 4 Redirect to 3rd party  Use Roles and Sharing for storing Permissions app w/ token  Scenarios that are enabled 5Post token to app  Supply auth mechanism for 3rd parties to call WL APIs – Facebook, match.com 6 Request user data  Exchange 14 calendar sharing w/ app token  Application authentication – Echoes 7 Return data for the  Existing WL services integrate easily user to the app  RPS Validates the App token, same as auth Token 8  RPS is configured to map the API to the “Offer” in the App render app token data to user 9  App can perform additional AuthZ checks if needed Renew  Basic flow token  App needs a token to access WL API 10 Request  Send user to a consent URL with identifier for “Offer” updated data consent is needed for 11 render data to  User grants consent and a token is return to the App user  App uses the token to make authenticated call WL API  Token has expiration. Can be renewed by the app if consent is still valid
  • 36. Agenda Live Services Synchronizing Life • LiveID OverView • Advantages and Drivers • Types of Authentication – WebAuth – DelAuth – ClientAuth • Contacts • Summary • Discussion
  • 37. Client SDK Live Services Synchronizing Life • Integrate Desktop Applications to use Live ID • SDK provides a managed API • No need to worry about technical details of authentication – Live ID authentication manages this process • Not necessary to bother about storing
  • 38. demo Live Services Synchronizing Life Desktop Client Auth Demo
  • 39. Live Services Synchronizing Life Announced at PDC Windows Live ID OpenID Provider Embracing Open Standards
  • 40. Windows Live ID OpenID Provider Live Services Synchronizing Life Microsoft is becoming an OpenID Provider (OP) Next Steps - Try the Live ID Use your Windows Live ID account OP 1. Set up a Live ID INT account: to https://setup.Live-INT.com/ sign-in to any OpenID 2.0 enabled 2. Set up OpenID alias: https:// What is OpenID? OpenID.Live-INT.com /beta/ Web site • “Open ID is a free and easy way to use a single ManageOpenID.srf digital identity across the Internet” 3. Users: Use OpenID 2.0 login Source: OpenID Foundation - http://openid.net/ • OpenID eliminates the need for multiple URI:OpenID.Live- usernames across different websites INT.com Key Implementation Details 4. Library developers: Test  Create interop with the Live ID OP OpenID Alias attached to your Live ID account endpoint  Authenticate 5. Web site owners: Test Live ID with alias + account credentials  Choice: Either global unique (public) or pair- wise anonymous (private) identifier returned to RP
  • 41. OpenID Sign-in Request Live Services Synchronizing Life (URL decoded for readability) Don’t panic! The SDK libraries handle all this for you! • GET http://openid.live-INT.com/OpenIDAuth.srf – ?openid.mode=checkid_setup – &openid.identity=http%3a%2f%2fopenid.live-int.com%2fjthelin – &openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0 – &openid.claimed_id=http%3a%2f%2fopenid.live-int.com%2fjthelin – &openid.realm=http%3a%2f%2flocalhost%3a49413%2f – &openid.return_to=http%3a%2f%2flocalhost%3a49413%2flogin.aspx %3fReturnUrl%3d%252fDefault.aspx%26token%3dAbu8voGNbjk2%252fH %252bWGN4vgbrzsETS0aCY%252bCSc%252frV %252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQ podHRwOi8vanRoZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaH R0cDovL3BpcC52ZXJpc2lnbmxhYnMuY29tL3NlcnZlcg0KMi4wDQo%253d – &openid.assoc_handle=d7d181a0-632e-11dd-ba82-f91efcd7aef7 • HTTP/1.1
  • 42. OpenID Sign-in Response Live Services Synchronizing Life (URL decoded for readability) Don’t panic! The SDK libraries handle all this for you! • GET /login.aspx – ?ReturnUrl=/Default.aspx – &token=Abu8voGNbjk2/H+WGN4vgbrzsETS0aCY+CSc/rV +o6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8vanR oZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaHR0cDovL3BpcC52ZXJpc2lnbm xhYnMuY29tL3NlcnZlcg0KMi4wDQo= – &openid.assoc_handle=d7d181a0-632e-11dd-ba82-f91efcd7aef7 – &openid.response_nonce=2008-08-05T20:42:15ZiBs= – &openid.ns=http://specs.openid.net/auth/2.0 – &openid.mode=id_res – &openid.op_endpoint=http://openid.live-int.com/openidauth.srf – &openid.claimed_id=http://openid.live-int.com/jthelin – &openid.sig=kdXRyifqU0vd6H4kjgY5kgwmq4nN5ZhXBSck/bfLMDg= – &openid.identity=http://openid.live-int.com/jthelin – &openid.signed=assoc_handle,identity,response_nonce,return_to,claimed_id,op_end point – &openid.return_to=http%3a%2f%2flocalhost%3a49413%2flogin.aspx%3fReturnUrl%3d %252fDefault.aspx%26token%3dAbu8voGNbjk2%252fH%252bWGN4vgbrzsETS0aCY %252bCSc%252frV %252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8
  • 43. Agenda Live Services Synchronizing Life • LiveID OverView • Advantages and Drivers • Types of Authentication – WebAuth – DelAuth – ClientAuth • Contacts • Summary • Discussion
  • 44. demo Live Services Synchronizing Life Live Contacts Enabling apps to be secure – Delegated Authentication
  • 45. Agenda Live Services Synchronizing Life • LiveID OverView • Advantages and Drivers • Types of Authentication – WebAuth – DelAuth – ClientAuth • Contacts • Summary • Discussion
  • 46. Summary – Windows Live ID Live Services Synchronizing Life • The biggest identity provider on the planet! • … but Live ID platform is much more than just the familiar login box • Various types of users and various authentication models are supported • Sign-in and Sign-up page customizations • Increasing focus on enabling federation and enterprise access to online services • Ease-of-use is always the goal ..... and the challenge!
  • 47. Summary Live Services Synchronizing Life Live Identity Services Identity Integration Web Authentication Screen Customization Delegated Authentication Client Authentication Federated Authentication OpenID Support Core Principles Into the • Ease of use Future • Rich functionality • More ease of • Open and use – for users Standards-based • Personal + Easy and developers • More
  • 48. Questions? Live Services Synchronizing Life Discussion Please use microphones
  • 49. Live Identity Services Live Services Synchronizing Life Resources and links • Windows Live ID Developer Center - http://dev.live.com/liveid – Windows Live ID Articles on MSDN - http://go.microsoft.com/fwlink/?LinkId=111111 – Windows Live ID Documentation on MSDN - http://msdn2.microsoft.com/en-us/library/ bb404787.aspx – Windows Live ID Developer Forum - http://go.microsoft.com/fwlink/?LinkID=78146 – Windows Live ID Team Blog - http://winliveid.spaces.live.com • Windows Live ID Whitepapers – Introduction to Windows Live ID - http://msdn2.microsoft.com/en-us/library/ bb288408.aspx – Understanding Windows Live Delegated Authentication - http://msdn2.microsoft.com/ en-us/library/cc287613.aspx – Windows Live ID Federation - http://msdn2.microsoft.com/en-us/library/ cc287610.aspx • Windows Live ID Documentation and SDKs – Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/? LinkID=91762 Web Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkID=91761 – Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/? LinkID=107420 Delegated Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkId=107419 – Windows Live ID Client SDK download - http://go.microsoft.com/fwlink/?LinkId=86974 • Delegated Authentication Resource Providers List - http://go.microsoft.com/ fwlink/?LinkID=108535