SlideShare ist ein Scribd-Unternehmen logo

Protecting Online Identities

•Als PPTX, PDF herunterladen•
•
G
goodfriday

Learn how Microsoft provides a range of identity solutions for helping developers more easily build seamless user experiences that include Federation, Authentication, UX Customization, Open Standards, Open ID and more.

TechnologieBusiness
1 von 37
Session: MIX09-T27F Live Identity Services Overview
Web ISVs Organizations Developers • Federation for • Turnkey selling their • Customizable federation for applications to identity UX adopting organizations • Single Sign On services • Easy on- • Access to user (Online, Live, IS boarding of new Vs) data customers • Works with existing identity infrastructure
Baseline understanding of Live ID Web Developers • Consuming Windows Live IDs on your site • Accessing user data on your site ISVs • Consuming federated identities • Rapid on-boarding for organizations
• Authentication: users, applications, devices Identities Strong • Investing in 2FA such as Smartcard, StartKey Authentication • User / IP reputation, Account abuse prevention Attacker Resistant • Live ID is fully customizable UI Customization • Delegated auth: user permission to access data Data Portability OpenID • Embracing Open Standards Federated • Compatible with Microsoft Federation Gateway Authentication
Type of identity Credential Types Principal Types • [Strong] Principal Acting for Self Acting for User Password, Pin User User auth • eID / Smart card (Client or Web) Application App auth (AppID) Delegation (Good) • CardSpace Impersonation • Policy-driven control (BAD!) Device DeviceID Linked DeviceID The Password Types of Live ID Users Anti-Pattern! • Live Mail / Hotmail accounts • EASI (“E-mail As Sign-In”) • Managed domains • Federated domains
Consume Accessing user identities & data SSO • Delegated Auth SDK • Web Authentication • Client SDK • Preview: Open ID
Cross-platform HTML http://login.live.com/controls/WebAuth.htm appid=<%=AppId%> context=welcomepage Existing: WebAuth.htm style=font-size=10pt; New: WebAuthLogo.htm font-family=verdana; font-style=normal; New: WebAuthButton.htm font-weight=bold; background=white; color=black;
Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762 Relying Party Web Site e.g., Contoso.com 1 End User 5 w/ web browser 4 2 3 Live ID WebAuth service
Recognizable & not jarring Sign-in Sign-up Consent
Customizable Contents Elements that can be customized. Partner Logo Task statement Product description Sign up section Task integration statement Header background Customizable Theme Elements cannot change. Sign-up section Customize look & feel. Font color Background color Button color User tile color Live ID description color
Microsoft is becoming an OpenID Provider (OP) Try the Live ID – OpenID Provider CTP Now 1. Set up a Live ID INT account: https://login.Live-INT.com/ 2. Set up OpenID alias: https://OpenID.Live-INT.com /beta/ManageOpenID.srf 3. Use OpenID 2.0 login URI: OpenID.Live-INT.com 4. Send feedback: openidfb@microsoft.com >> Production release of Live ID – OpenID Provider later this year
Consume Accessing user identities & data SSO • Delegated Auth SDK • Web Authentication • Client SDK • Preview: Open ID
“Granting Consent” phase End User with browser Consent UI consent.live.com Application Provider “Using Consent” Phase (user can be offline) (web site) Resource Provider (e.g., Windows Live Contacts) Live ID Delegation Service
Don’t panic! The SDK libraries handle all this for you! ru= ps=Contacts.View,Contacts.Update pl= ttype= 1: Compact token, 2: SAML token mkt= app=appid Application Verifier token: ts ip sig AppID, Timestamp, Client IP, SHA256 signature appctx=welcomepage
Federation Rapid on- Infrastructure boarding / tools • Standards based • Microsoft Services • WS-Trust/WS-Fed Connector • Microsoft Federation Gateway
Benefits of federated identity more services and applications more customers greatly simplify
Identity Providers (IdP) User Applications Relying Party (RP) Client SDK Live ID Windows Microsoft App Federation Web Site / Online App Gateway (MFG) Browser Live ID Other federated Identity Identity Providers Provider
Microsoft Services Connector Microsoft Federation Gateway Hub and spoke Connects auto-provisioning Production customizable 2006 self-service Free federation provisioning Objective: Connect to cloud services without changing existing identity infrastructure
Federation Rapid on- Infrastructure boarding / tools • Standards based • Microsoft Services • WS-Trust/WS-Fed Connector • Microsoft Federation Gateway
Using Federation Gateway & MSC 1. User clicks link -- 3. Services Connector issues login token and redirects to Federation Gateway 2. 4. Federation Gateway validates token and transforms claims 5. Federation Gateway issues service Browser token and redirects to service 6. User accesses service Office Desktop Apps Cloud Microsoft Microsoft Enterprise Federation Services Applications Connector Gateway Developer Active Services Directory
Web ISVs Organizations developers • Federation for • Turnkey selling their • Customizable federation for applications to identity UX adopting organizations • Single Sign On services • Easy on- • Access to user (Online, Live, IS boarding of new Vs) data customers • Works with existing identity infrastructure
Your feedback is important!
Š 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Protecting Online Identities

Empfohlen

Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09
Jorgen Thelin
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
Paul Madsen
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
Paul Madsen
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer
 
Preparing for Office 365
Preparing for Office 365Preparing for Office 365
Preparing for Office 365
Jan Egil Ring
 
Cybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDCybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-ID
abelsonp
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
SharePoint as digital service platform
SharePoint as digital service platformSharePoint as digital service platform
SharePoint as digital service platform
Nir Levy
 

Empfohlen

Protecting Online Identities - MIX09
Protecting Online Identities - MIX09Protecting Online Identities - MIX09
Protecting Online Identities - MIX09
Jorgen Thelin
 
Saas webinar-dec6-01
Saas webinar-dec6-01Saas webinar-dec6-01
Saas webinar-dec6-01
Paul Madsen
 
Iiw2007b Madsen 01
Iiw2007b Madsen 01Iiw2007b Madsen 01
Iiw2007b Madsen 01
Paul Madsen
 
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...
TrustBearer
 
Preparing for Office 365
Preparing for Office 365Preparing for Office 365
Preparing for Office 365
Jan Egil Ring
 
Cybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-IDCybercom Enhanced Security Platform, CESP-ID
Cybercom Enhanced Security Platform, CESP-ID
abelsonp
 
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud ComputingSmart Cards & Devices Forum 2012 - Securing Cloud Computing
Smart Cards & Devices Forum 2012 - Securing Cloud Computing
OKsystem
 
SharePoint as digital service platform
SharePoint as digital service platformSharePoint as digital service platform
SharePoint as digital service platform
Nir Levy
 
Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
JayHicks
 
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Microsoft TechNet - Belgium and Luxembourg
 
Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]
Markus Sabadello
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CloudIDSummit
 
Defining Enterprise Identity Management
Defining Enterprise Identity ManagementDefining Enterprise Identity Management
Defining Enterprise Identity Management
Hitachi ID Systems, Inc.
 
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
Naoto Miyachi
 
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
Shreeraj Shah
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CloudIDSummit
 
Startup Spotlight: OneID
Startup Spotlight: OneIDStartup Spotlight: OneID
Startup Spotlight: OneID
pii2011
 
Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...
E-Government Center Moldova
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
Bixlabs
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
Raj Chanchal
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon Cognito
Amazon Web Services
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
Oliver Pfaff
 
OAuth 2.0 #idit2012
OAuth 2.0 #idit2012OAuth 2.0 #idit2012
OAuth 2.0 #idit2012
Nov Matake
 
Soa204 Kawasaki Final
Soa204 Kawasaki FinalSoa204 Kawasaki Final
Soa204 Kawasaki Final
Anush Kumar
 
OreDev 2008: Software + Services
OreDev 2008: Software + ServicesOreDev 2008: Software + Services
OreDev 2008: Software + Services
ukdpe
 
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
Victor Gridnev
 
Web Property Proposal
Web Property ProposalWeb Property Proposal
Web Property Proposal
J T
 
Authentication Server
Authentication ServerAuthentication Server
Authentication Server
Abhishek Chikane
 
Building Silverlight Applications Using .NET (Part 2 of 2)
Building Silverlight Applications Using .NET (Part 2 of 2)Building Silverlight Applications Using .NET (Part 2 of 2)
Building Silverlight Applications Using .NET (Part 2 of 2)
goodfriday
 
3rd Sunday of Easter :: op-stjoseph.org
3rd Sunday of Easter :: op-stjoseph.org3rd Sunday of Easter :: op-stjoseph.org
3rd Sunday of Easter :: op-stjoseph.org
goodfriday
 

Weitere ähnliche Inhalte

Was ist angesagt?

Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
JayHicks
 
Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]
Markus Sabadello
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CloudIDSummit
 
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
Naoto Miyachi
 
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
Shreeraj Shah
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
Raj Chanchal
 
OAuth 2.0 #idit2012
OAuth 2.0 #idit2012OAuth 2.0 #idit2012
OAuth 2.0 #idit2012
Nov Matake
 
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
Victor Gridnev
 

Was ist angesagt? (20)

Comodo Overview Presentation Read Only
Comodo Overview Presentation Read OnlyComodo Overview Presentation Read Only
Comodo Overview Presentation Read Only
 
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
Office 365: Planning and Automating for Hybrid Identity Scenarios in the Clou...
 
Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]Higgins Overview 2008 [Compatibility Mode]
Higgins Overview 2008 [Compatibility Mode]
 
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other WorldsCIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds
 
Defining Enterprise Identity Management
Defining Enterprise Identity ManagementDefining Enterprise Identity Management
Defining Enterprise Identity Management
 
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
今更聞けない電子認証入門 - OAuth 2.0/OIDCからFIDOまで -
 
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
 
Startup Spotlight: OneID
Startup Spotlight: OneIDStartup Spotlight: OneID
Startup Spotlight: OneID
 
Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...
 
O auth2 with angular js
O auth2 with angular jsO auth2 with angular js
O auth2 with angular js
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Authentication and Identity with Amazon Cognito
Authentication and Identity with Amazon CognitoAuthentication and Identity with Amazon Cognito
Authentication and Identity with Amazon Cognito
 
Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'Deciphering 'Claims-based Identity'
Deciphering 'Claims-based Identity'
 
OAuth 2.0 #idit2012
OAuth 2.0 #idit2012OAuth 2.0 #idit2012
OAuth 2.0 #idit2012
 
Soa204 Kawasaki Final
Soa204 Kawasaki FinalSoa204 Kawasaki Final
Soa204 Kawasaki Final
 
OreDev 2008: Software + Services
OreDev 2008: Software + ServicesOreDev 2008: Software + Services
OreDev 2008: Software + Services
 
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
Идентификация - Identity Management (Германия - Fraunhofer FOKUS 2011)
 
Web Property Proposal
Web Property ProposalWeb Property Proposal
Web Property Proposal
 
Authentication Server
Authentication ServerAuthentication Server
Authentication Server
 

Andere mochten auch

3rd Sunday of Easter :: op-stjoseph.org
3rd Sunday of Easter :: op-stjoseph.org3rd Sunday of Easter :: op-stjoseph.org
3rd Sunday of Easter :: op-stjoseph.org
goodfriday
 

Andere mochten auch (8)

Building Silverlight Applications Using .NET (Part 2 of 2)
Building Silverlight Applications Using .NET (Part 2 of 2)Building Silverlight Applications Using .NET (Part 2 of 2)
Building Silverlight Applications Using .NET (Part 2 of 2)
 
3rd Sunday of Easter :: op-stjoseph.org
3rd Sunday of Easter :: op-stjoseph.org3rd Sunday of Easter :: op-stjoseph.org
3rd Sunday of Easter :: op-stjoseph.org
 
Introducing SQL Server Data Services
Introducing SQL Server Data ServicesIntroducing SQL Server Data Services
Introducing SQL Server Data Services
 
Building Rich Internet Applications Using Microsoft Silverlight 2, Part 2
Building Rich Internet Applications Using Microsoft Silverlight 2, Part 2Building Rich Internet Applications Using Microsoft Silverlight 2, Part 2
Building Rich Internet Applications Using Microsoft Silverlight 2, Part 2
 
Building AOL's High Performance, Enterprise Wide Mail Application With Silver...
Building AOL's High Performance, Enterprise Wide Mail Application With Silver...Building AOL's High Performance, Enterprise Wide Mail Application With Silver...
Building AOL's High Performance, Enterprise Wide Mail Application With Silver...
 
Building Microsoft Silverlight Controls
Building Microsoft Silverlight ControlsBuilding Microsoft Silverlight Controls
Building Microsoft Silverlight Controls
 
Escaping Flatland in Application Design: Rich User Experiences
Escaping Flatland in Application Design: Rich User ExperiencesEscaping Flatland in Application Design: Rich User Experiences
Escaping Flatland in Application Design: Rich User Experiences
 
Partying with PHP on Microsoft Internet Information Services 7
Partying with PHP on Microsoft Internet Information Services 7Partying with PHP on Microsoft Internet Information Services 7
Partying with PHP on Microsoft Internet Information Services 7
 

Ähnlich wie Protecting Online Identities

BeamAuth - Two-Factor Web Authentication with a Bookmark
BeamAuth - Two-Factor Web Authentication with a BookmarkBeamAuth - Two-Factor Web Authentication with a Bookmark
BeamAuth - Two-Factor Web Authentication with a Bookmark
Ben Adida
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
webhostingguy
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
Amazon Web Services
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
Amazon Web Services
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
Amazon Web Services
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Web Services
 

Ähnlich wie Protecting Online Identities (20)

TrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong AuthenticationTrustBearer - CTST 2009 - OpenID & Strong Authentication
TrustBearer - CTST 2009 - OpenID & Strong Authentication
 
Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008Live Identity Services Drilldown - PDC 2008
Live Identity Services Drilldown - PDC 2008
 
BeamAuth - Two-Factor Web Authentication with a Bookmark
BeamAuth - Two-Factor Web Authentication with a BookmarkBeamAuth - Two-Factor Web Authentication with a Bookmark
BeamAuth - Two-Factor Web Authentication with a Bookmark
 
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
Deep Dive on Amazon Cognito - DevDay Los Angeles 2017
 
Live ensure overview 1.4
Live ensure overview 1.4Live ensure overview 1.4
Live ensure overview 1.4
 
Developing with Windows Live
Developing with Windows LiveDeveloping with Windows Live
Developing with Windows Live
 
Slide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate AuthoritySlide 1 - Authenticated Reseller SSL Certificate Authority
Slide 1 - Authenticated Reseller SSL Certificate Authority
 
Cognito Customer Deep Dive
Cognito Customer Deep DiveCognito Customer Deep Dive
Cognito Customer Deep Dive
 
Identity Services Drilldown - TechEd NA 2009
Identity Services Drilldown - TechEd NA 2009Identity Services Drilldown - TechEd NA 2009
Identity Services Drilldown - TechEd NA 2009
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...
 
Amazon Cognito Deep Dive
Amazon Cognito Deep DiveAmazon Cognito Deep Dive
Amazon Cognito Deep Dive
 
User Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon CognitoUser Authentication and Identity with Amazon Cognito
User Authentication and Identity with Amazon Cognito
 
Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017Deep Dive on Amazon Cognito - DevDay Austin 2017
Deep Dive on Amazon Cognito - DevDay Austin 2017
 
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
Hitachi ID Identity Manager: Faster onboarding, reliable deactivation and eff...
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
Add End User Sign-in, User Management, and Security to Your Mobile and Web Ap...
 
Ipad Application Development Casestudy
Ipad Application Development CasestudyIpad Application Development Casestudy
Ipad Application Development Casestudy
 
Build Windows 2012
Build Windows 2012Build Windows 2012
Build Windows 2012
 
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
Amazon Cognito Public Beta of Built-in UI for User Sign-up/in and SAML Federa...
 

Mehr von goodfriday

Narine Presentations 20051021 134052
Narine Presentations 20051021 134052Narine Presentations 20051021 134052
Narine Presentations 20051021 134052
goodfriday
 
Triunemar05
Triunemar05Triunemar05
Triunemar05
goodfriday
 
09 03 22 easter
09 03 22 easter09 03 22 easter
09 03 22 easter
goodfriday
 
Holy Week Easter 2009
Holy Week Easter 2009Holy Week Easter 2009
Holy Week Easter 2009
goodfriday
 
Holt Park Easter 09 Swim
Holt Park Easter 09 SwimHolt Park Easter 09 Swim
Holt Park Easter 09 Swim
goodfriday
 
Easter Letter
Easter LetterEaster Letter
Easter Letter
goodfriday
 
April2009
April2009April2009
April2009
goodfriday
 
Swarthmore Lentbrochure20092
Swarthmore Lentbrochure20092Swarthmore Lentbrochure20092
Swarthmore Lentbrochure20092
goodfriday
 
Eastercard2009
Eastercard2009Eastercard2009
Eastercard2009
goodfriday
 
Easterservices2009
Easterservices2009Easterservices2009
Easterservices2009
goodfriday
 
Bulletin Current
Bulletin CurrentBulletin Current
Bulletin Current
goodfriday
 
Easter2009
Easter2009Easter2009
Easter2009
goodfriday
 
Bulletin
BulletinBulletin
Bulletin
goodfriday
 
March 2009 Newsletter
March 2009 NewsletterMarch 2009 Newsletter
March 2009 Newsletter
goodfriday
 
Mar 29 2009
Mar 29 2009Mar 29 2009
Mar 29 2009
goodfriday
 
Lent Easter 2009
Lent Easter 2009Lent Easter 2009
Lent Easter 2009
goodfriday
 
Easterpowersports09
Easterpowersports09Easterpowersports09
Easterpowersports09
goodfriday
 
Easter Trading 09
Easter Trading 09Easter Trading 09
Easter Trading 09
goodfriday
 
Easter Brochure 2009
Easter Brochure 2009Easter Brochure 2009
Easter Brochure 2009
goodfriday
 
March April 2009 Calendar
March April 2009 CalendarMarch April 2009 Calendar
March April 2009 Calendar
goodfriday
 

Mehr von goodfriday (20)

Narine Presentations 20051021 134052
Narine Presentations 20051021 134052Narine Presentations 20051021 134052
Narine Presentations 20051021 134052
 
Triunemar05
Triunemar05Triunemar05
Triunemar05
 
09 03 22 easter
09 03 22 easter09 03 22 easter
09 03 22 easter
 
Holy Week Easter 2009
Holy Week Easter 2009Holy Week Easter 2009
Holy Week Easter 2009
 
Holt Park Easter 09 Swim
Holt Park Easter 09 SwimHolt Park Easter 09 Swim
Holt Park Easter 09 Swim
 
Easter Letter
Easter LetterEaster Letter
Easter Letter
 
April2009
April2009April2009
April2009
 
Swarthmore Lentbrochure20092
Swarthmore Lentbrochure20092Swarthmore Lentbrochure20092
Swarthmore Lentbrochure20092
 
Eastercard2009
Eastercard2009Eastercard2009
Eastercard2009
 
Easterservices2009
Easterservices2009Easterservices2009
Easterservices2009
 
Bulletin Current
Bulletin CurrentBulletin Current
Bulletin Current
 
Easter2009
Easter2009Easter2009
Easter2009
 
Bulletin
BulletinBulletin
Bulletin
 
March 2009 Newsletter
March 2009 NewsletterMarch 2009 Newsletter
March 2009 Newsletter
 
Mar 29 2009
Mar 29 2009Mar 29 2009
Mar 29 2009
 
Lent Easter 2009
Lent Easter 2009Lent Easter 2009
Lent Easter 2009
 
Easterpowersports09
Easterpowersports09Easterpowersports09
Easterpowersports09
 
Easter Trading 09
Easter Trading 09Easter Trading 09
Easter Trading 09
 
Easter Brochure 2009
Easter Brochure 2009Easter Brochure 2009
Easter Brochure 2009
 
March April 2009 Calendar
March April 2009 CalendarMarch April 2009 Calendar
March April 2009 Calendar
 

KĂźrzlich hochgeladen

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel AraĂşjo
 

KĂźrzlich hochgeladen (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 

Protecting Online Identities

  • 2. Web ISVs Organizations Developers • Federation for • Turnkey selling their • Customizable federation for applications to identity UX adopting organizations • Single Sign On services • Easy on- • Access to user (Online, Live, IS boarding of new Vs) data customers • Works with existing identity infrastructure
  • 3. Baseline understanding of Live ID Web Developers • Consuming Windows Live IDs on your site • Accessing user data on your site ISVs • Consuming federated identities • Rapid on-boarding for organizations
  • 4.
  • 5. • Authentication: users, applications, devices Identities Strong • Investing in 2FA such as Smartcard, StartKey Authentication • User / IP reputation, Account abuse prevention Attacker Resistant • Live ID is fully customizable UI Customization • Delegated auth: user permission to access data Data Portability OpenID • Embracing Open Standards Federated • Compatible with Microsoft Federation Gateway Authentication
  • 6. Type of identity Credential Types Principal Types • [Strong] Principal Acting for Self Acting for User Password, Pin User User auth • eID / Smart card (Client or Web) Application App auth (AppID) Delegation (Good) • CardSpace Impersonation • Policy-driven control (BAD!) Device DeviceID Linked DeviceID The Password Types of Live ID Users Anti-Pattern! • Live Mail / Hotmail accounts • EASI (“E-mail As Sign-In”) • Managed domains • Federated domains
  • 7.
  • 8. Consume Accessing user identities & data SSO • Delegated Auth SDK • Web Authentication • Client SDK • Preview: Open ID
  • 9.
  • 10.
  • 11. Cross-platform HTML http://login.live.com/controls/WebAuth.htm appid=<%=AppId%> context=welcomepage Existing: WebAuth.htm style=font-size=10pt; New: WebAuthLogo.htm font-family=verdana; font-style=normal; New: WebAuthButton.htm font-weight=bold; background=white; color=black;
  • 12. Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762 Relying Party Web Site e.g., Contoso.com 1 End User 5 w/ web browser 4 2 3 Live ID WebAuth service
  • 13.
  • 14. Recognizable & not jarring Sign-in Sign-up Consent
  • 15. Customizable Contents Elements that can be customized. Partner Logo Task statement Product description Sign up section Task integration statement Header background Customizable Theme Elements cannot change. Sign-up section Customize look & feel. Font color Background color Button color User tile color Live ID description color
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. Microsoft is becoming an OpenID Provider (OP) Try the Live ID – OpenID Provider CTP Now 1. Set up a Live ID INT account: https://login.Live-INT.com/ 2. Set up OpenID alias: https://OpenID.Live-INT.com /beta/ManageOpenID.srf 3. Use OpenID 2.0 login URI: OpenID.Live-INT.com 4. Send feedback: openidfb@microsoft.com >> Production release of Live ID – OpenID Provider later this year
  • 21. Consume Accessing user identities & data SSO • Delegated Auth SDK • Web Authentication • Client SDK • Preview: Open ID
  • 22.
  • 23. “Granting Consent” phase End User with browser Consent UI consent.live.com Application Provider “Using Consent” Phase (user can be offline) (web site) Resource Provider (e.g., Windows Live Contacts) Live ID Delegation Service
  • 24. Don’t panic! The SDK libraries handle all this for you! ru= ps=Contacts.View,Contacts.Update pl= ttype= 1: Compact token, 2: SAML token mkt= app=appid Application Verifier token: ts ip sig AppID, Timestamp, Client IP, SHA256 signature appctx=welcomepage
  • 25.
  • 26. Federation Rapid on- Infrastructure boarding / tools • Standards based • Microsoft Services • WS-Trust/WS-Fed Connector • Microsoft Federation Gateway
  • 27. Benefits of federated identity more services and applications more customers greatly simplify
  • 28. Identity Providers (IdP) User Applications Relying Party (RP) Client SDK Live ID Windows Microsoft App Federation Web Site / Online App Gateway (MFG) Browser Live ID Other federated Identity Identity Providers Provider
  • 29. Microsoft Services Connector Microsoft Federation Gateway Hub and spoke Connects auto-provisioning Production customizable 2006 self-service Free federation provisioning Objective: Connect to cloud services without changing existing identity infrastructure
  • 30. Federation Rapid on- Infrastructure boarding / tools • Standards based • Microsoft Services • WS-Trust/WS-Fed Connector • Microsoft Federation Gateway
  • 31.
  • 32. Using Federation Gateway & MSC 1. User clicks link -- 3. Services Connector issues login token and redirects to Federation Gateway 2. 4. Federation Gateway validates token and transforms claims 5. Federation Gateway issues service Browser token and redirects to service 6. User accesses service Office Desktop Apps Cloud Microsoft Microsoft Enterprise Federation Services Applications Connector Gateway Developer Active Services Directory
  • 33. Web ISVs Organizations developers • Federation for • Turnkey selling their • Customizable federation for applications to identity UX adopting organizations • Single Sign On services • Easy on- • Access to user (Online, Live, IS boarding of new Vs) data customers • Works with existing identity infrastructure
  • 34.
  • 35. Your feedback is important!
  • 36. Š 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.