Learn how Microsoft provides a range of identity solutions for helping developers more easily build seamless user experiences that include Federation, Authentication, UX Customization, Open Standards, Open ID and more.
2. Web ISVs Organizations
Developers • Federation for • Turnkey
selling their
• Customizable federation for
applications to
identity UX adopting
organizations
• Single Sign On services
• Easy on-
• Access to user (Online, Live, IS
boarding of new Vs)
data
customers • Works with
existing identity
infrastructure
3. Baseline understanding of Live ID
Web Developers
• Consuming Windows Live IDs on your site
• Accessing user data on your site
ISVs
• Consuming federated identities
• Rapid on-boarding for organizations
4.
5. • Authentication: users, applications, devices
Identities
Strong • Investing in 2FA such as Smartcard, StartKey
Authentication
• User / IP reputation, Account abuse prevention
Attacker Resistant
• Live ID is fully customizable
UI Customization
• Delegated auth: user permission to access data
Data Portability
OpenID • Embracing Open Standards
Federated • Compatible with Microsoft Federation Gateway
Authentication
6. Type of identity
Credential Types
Principal Types
• [Strong]
Principal Acting for Self Acting for User
Password, Pin
User User auth
• eID / Smart card
(Client or Web)
Application App auth (AppID) Delegation (Good)
• CardSpace
Impersonation
• Policy-driven control
(BAD!)
Device DeviceID Linked DeviceID
The Password
Types of Live ID Users Anti-Pattern!
• Live Mail / Hotmail accounts
• EASI (“E-mail As Sign-In”)
• Managed domains
• Federated domains
7.
8. Consume Accessing user
identities & data
SSO • Delegated Auth
SDK
• Web Authentication
• Client SDK
• Preview: Open ID
12. Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762
Relying Party Web Site
e.g., Contoso.com
1
End User
5
w/ web
browser
4 2
3
Live ID WebAuth service
15. Customizable Contents
Elements that can be
customized.
Partner Logo
Task statement
Product description
Sign up section
Task integration statement
Header background
Customizable Theme
Elements cannot change.
Sign-up section
Customize look & feel.
Font color
Background color
Button color
User tile color
Live ID description color
16.
17.
18.
19.
20. Microsoft is becoming an
OpenID Provider (OP)
Try the Live ID – OpenID Provider CTP Now
1. Set up a Live ID INT account: https://login.Live-INT.com/
2. Set up OpenID alias:
https://OpenID.Live-INT.com /beta/ManageOpenID.srf
3. Use OpenID 2.0 login URI: OpenID.Live-INT.com
4. Send feedback: openidfb@microsoft.com
>> Production release of Live ID – OpenID Provider
later this year
21. Consume Accessing user
identities & data
SSO • Delegated Auth
SDK
• Web Authentication
• Client SDK
• Preview: Open ID
22.
23. “Granting Consent” phase
End User
with
browser
Consent UI
consent.live.com
Application
Provider “Using Consent” Phase (user can be offline)
(web site)
Resource
Provider (e.g.,
Windows
Live Contacts)
Live ID
Delegation
Service
24. Don’t panic! The SDK libraries handle all this for you!
ru=
ps=Contacts.View,Contacts.Update
pl=
ttype= 1: Compact token, 2: SAML token
mkt=
app=appid
Application Verifier token:
ts ip
sig
AppID, Timestamp, Client IP, SHA256 signature
appctx=welcomepage
25.
26. Federation Rapid on-
Infrastructure boarding / tools
• Standards based • Microsoft Services
• WS-Trust/WS-Fed Connector
• Microsoft
Federation
Gateway
27. Benefits of federated identity
more services and applications
more customers
greatly simplify
28. Identity Providers (IdP)
User Applications Relying Party (RP)
Client SDK
Live ID
Windows
Microsoft
App
Federation
Web Site /
Online App Gateway
(MFG)
Browser
Live ID Other federated
Identity Identity
Providers
Provider
29. Microsoft Services Connector
Microsoft Federation Gateway
Hub and spoke Connects
auto-provisioning
Production customizable
2006
self-service Free
federation provisioning
Objective: Connect to cloud services without changing
existing identity infrastructure
30. Federation Rapid on-
Infrastructure boarding / tools
• Standards based • Microsoft Services
• WS-Trust/WS-Fed Connector
• Microsoft
Federation
Gateway
31.
32. Using Federation Gateway & MSC
1. User clicks link -- 3. Services Connector issues login
token and redirects to Federation
Gateway
2.
4. Federation Gateway validates token
and transforms claims
5. Federation Gateway issues service
Browser token and redirects to service
6. User accesses service
Office
Desktop Apps
Cloud
Microsoft
Microsoft
Enterprise Federation
Services
Applications
Connector Gateway
Developer
Active
Services
Directory
33. Web ISVs Organizations
developers • Federation for • Turnkey
selling their
• Customizable federation for
applications to
identity UX adopting
organizations
• Single Sign On services
• Easy on-
• Access to user (Online, Live, IS
boarding of new Vs)
data
customers • Works with
existing identity
infrastructure