Live Identity Services enables developers on any platform to choose the identity integration model that best enables their scenarios, including: web or client authentication, delegated authentication, or federated authentication. Learn how to build seamless, cobranded, and customized sign-up and sign-in experiences. Microsoft PDC 2008 - Session BB22

1.  Jorgen Thelin Senior PM Microsoft Corporation BB22

2. .Net Access Control Service Microsoft Services Connector “ Geneva” Framework Windows CardSpace “Geneva” Active Directory “ Geneva” Server Live Framework Live Identity Services Microsoft Federation Gateway Software Services Claims-Based Access Standards Based Enhances Developer Productivity Flexibility via Choice

5. A P P Z Authori Z ation Claims Roles Access control P rofile Account registration Membership DB P olicy Trust relationships Auth token policies A uthentication Auth Protocols Principal Types

6. Embracing Open Standards

8. Embracing Open Standards

12. Windows Live ID Web Authentication SDK Windows Live ID Delegated Authentication SDK Windows Live Tools Windows Live ID Client SDK

14. Enabling apps to be secure

19. Enabling seamless sign-in / sign-up user experience

22. ToS CAPTCHA Password Username Task integration Header image Password reset question / Alt e-mail Profile info

24. Application Provider (web site) Windows Live ID Delegation Service End User w/ browser Integration Steps: 1. Register AppID 2. Get DelAuth library module from SDK 3. Create consent request URL link 4. Create auth callback handler page 5. Create store for consent tokens (optional) 6. Send RP data request and process reply 7. Test & deploy! Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=107420 “ Using Consent” Phase ( user can be offline ) Resource Provider (e.g., Windows Live Contacts) Consent UI (consent.live.com)

31. Step 1 (Partner Sign-in) A user sends credentials to the federated partner identity provider (IdP). federated partner’s Security Token Service (STS) generates IdP token. Windows Live ID Client SDK http://go.microsoft.com/fwlink/?LinkId=86974 Step 2 (Federated Sign-in) IdP token is sent to Microsoft Federation Gateway. Federation Gateway converts IdP token from the federated partner to a Live Service token. Step 3 (Service Sign-in) The issued service access token is sent to the Live Service that the user originally wanted to access.

32. Easy

36. Please fill out your evaluation for this session at: This session will be available as a recording at: www.microsoftpdc.com

40. SPEAKERS, PLEASE READ: Speakers, Please read. Your slides will be formatted BEFORE this event to ensure consistency in look and feel across presentations and to ensure they meet MS Branding guidelines. Below is a list of the formatting steps that will be applied to your deck. If there are any steps you do NOT want taken , please note these on the “Speaker Comments” slide.

41. SPEAKERS, PLEASE READ (hidden slide): Speakers, Please read. Your slides will be “archived” AFTER the event. Below is a list of the archiving steps that will be applied to your deck. If there are any steps you do NOT want taken , please note these on the “Speaker Comments” slide.