Active Directory Federation Services Architecture Drilldown

Slides:

Advertisements

Similar presentations

Active Directory Federation Services How does it really work?

Advertisements

 Jan Alexander Program Manager Microsoft Corporation BB43.

Bruce Cowper IT Pro Advisor Microsoft Canada. Agenda Windows Server™ 2003 R2 –Principal Scenarios Identity and Access Management Efficient Storage Management.

SIM403. Claims Provider Trust Relying Party x Relying Party Trust Claims Provider Trust Your ADFS STS Partner ADFS STS & IP Relying Party Trust Partner.

Implementing and Administering AD FS

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Understanding Active Directory

Identity and Access Management: Strategy and Solution Sandeep Sinha Lead Product Manager Windows Server Product Management Redmond,

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

A claims-based Identity Metasystem

Conditional access DirectAccess & automatic VPN Desktop Virtualization.

EMEA Jürgen Pfeifer Architect Microsoft EMEA HQ Kevin Sangwell Architect Microsoft EMEA HQ

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Understanding Active Directory

Troubleshooting Federation, AD FS 2.0, and More…

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Virtual techdays INDIA │ august 2010 Secure Collaboration: All You Need to Know about Extending Active Directory Rights Management Services (AD RMS)

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Troubleshooting Federation, AD FS 2.0, and More…

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.

TNC2004 Rhodes 1 Authentication and access control in Sympa mailing list manager Serge Aumont & Olivier Salaün May 2004.

Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:

Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.

Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.

OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.

Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.

SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.

Windows NT ® Single Sign On Cross Platform Applications (Part II) John Brezak Program Manager Windows NT Security Microsoft Corporation.

Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.

Harshavardhan Achrekar - Grad Student Umass Lowell presents 1 Scenarios Authentication Patterns Direct Authentication v/s Brokered Authentication Kerberos.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Office 365 deployment choices Cutover, Staged, Hybrid What is AD FS (Active Directory Federation Services) Attribute Stores, ADFS Configuration Database.

Windows Role-Based Access Control Longhorn Update

SIM401. A. Datum Account Forest Trey Research Resource Forest Federation Trust Microsoft (Users) E-Company Store (Resource) Contoso(Users)Contoso(Users)Fabrikam(Resource)Fabrikam(Resource)

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Federico Guerrini IDA TSP, EMEA Incubation Team From Identity Synchronization to Identity Management.

Identity Management and Enterprise Single Sign-On (ESSO)

Web Services Security Patterns Alex Mackman CM Group Ltd

Module 11: Designing an Active Directory Federation Services Implementation in Windows Server 2008.

Copyright Microsoft Corp Sandeep Katyal TechnologistMicrosoft Solving the Identity Management problem using MIIS and ADFS.

Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.

Claims-based security with Windows Identity Foundation.

Designing a Secure Extranet with Sharepoint Russ Basiura Principal Consultant RJB Technical Consulting

Web Services Security Mike Shaw Architectural Engineer.

Brian Puhl Technology Architect Microsoft IT Session Code: ITS212.

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

F5 APM & Security Assertion Markup Language ‘sam-el’

Protect your data Enable your users Desktop Virtualization Information protection Mobile device & application management Identity and Access Management.

Identity and Access Management

Secure Connected Infrastructure

Secure Single Sign-On Across Security Domains

Stop Those Prying Eyes Getting to Your Data

Introduction to Windows Azure AppFabric

Data and Applications Security Developments and Directions

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

SharePoint Online Hybrid – Configure Outbound Search

Office 365 Identity Management

M6: Advanced Identity Management topics for Office 365

Presentation transcript:

Active Directory Federation Services Architecture Drilldown SVR311 4/14/2017 11:44 AM Active Directory Federation Services Architecture Drilldown John Pritchard Microsoft Corporation johnpr@microsoft.com © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Target Audience IT Professionals who want to understand how ADFS works 4/14/2017 11:44 AM Target Audience IT Professionals who want to understand how ADFS works Session is about ADFS components and how they work, and the specifications ADFS is based on © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

What are the major components of ADFS and how do they work? 4/14/2017 11:44 AM Key Takeaways What are the major components of ADFS and how do they work? What is ADFS based on? How might I use ADFS? © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Agenda Level set Active Directory Federation Services 4/14/2017 11:44 AM Agenda Level set Distributed IAM Problems Federated IAM Solution Active Directory Federation Services Architecture & Components Managing Access with Claims (User Attributes) Demo Deployment & Programming Models ADFS WS-* Specifications Heritage Multi-vendor Interoperability © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Orgs Have To Extend Access 4/14/2017 11:44 AM Orgs Have To Extend Access Your SUPPLIERS Your CUSTOMERS Customer satisfaction & customer intimacy Cost competitiveness Reach, personalization Collaboration Outsourcing Faster business cycles; process automation Value chain Your REMOTE and VIRTUAL EMPLOYEES Your PARTNERS Your COMPANY and your EMPLOYEES M&A Mobile/global workforce Flexible/temp workforce © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Problem: Business Costs of Extending your Network 4/14/2017 11:44 AM Problem: Business Costs of Extending your Network IT/Helpdesk Efficiency End User Productivity Security Regulatory Compliance Account provisioning requests Password reset requests Account proliferation Provisioning latency Forgotten passwords Logon frequency Orphaned or inaccurate accounts Compromised passwords Least access Privacy protection SOX, HIPAA, etc. Auditing and reporting © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Solution: Federated Identity and Access Management 4/14/2017 11:44 AM Solution: Federated Identity and Access Management Industry Definition Standards-based technology & IT processes … Distributed identification, authentication and authorization … Across boundaries (security, departmental, organizational or platform boundaries) … ADFS Vision Log on once, secure access to everything Leverage identity and services as broadly as possible © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Security Tokens & Claims Distributed authentication/authorization 4/14/2017 11:44 AM Security Tokens & Claims Distributed authentication/authorization Security tokens assert claims Claims – Statements authorities make about security principals (name, identity, key, group, privilege, capability, etc.) Signed Proof of Possession X.509 Kerberos XrML Secret Key SAML Password © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Security Token Service 4/14/2017 11:44 AM Security Token Service A security token service issues security tokens Key Distribution Center Security Token Service STSs can “swap” tokens as a request crosses security domain boundaries © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Federated IAM in Action X-organization, X-platform Web SSO Federation Claims Application Claims Federation STS SIDs Federation STS Active Directory Order Entry Portal Order Entry Application Trey Research Inc. A.Datum Corp. User clicks A.Datum portal link to Trey Research order processing application User redirected to A.Datum STS Seamlessly authenticated via Kerberos (Windows integrated AuthN & AD) User obtains SAML security token from A.Datum STS for Trey Research STS Federation claims per business agreement User obtains SAML security token from Trey Research STS for application Federation + application-specific claims User accesses Trey Research order processing application © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Agenda Level set Active Directory Federation Services 4/14/2017 11:44 AM Agenda Level set Distributed IAM Problems Federated IAM Solution Active Directory Federation Services Architecture & Components Managing Access with Claims (User Attributes) Demo Deployment & Programming Models ADFS WS-* Specifications Heritage Multi-vendor Interoperability © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Windows Authentication/LDAP 4/14/2017 11:44 AM ADFS Architecture Windows Authentication/LDAP Active Directory Authenticates users Manages attributes used to populate claims Federation Service (FS) STS Issues security tokens Manages federation trust policy FS Proxy (FS-P) Client proxy for token requests Provides UI for browser clients Web Server SSO Agent Enforces user authentication Creates user authorization context LPC/Web Methods HTTPS Note: ADFS supports both W2K & W2K3 forests FS & FS-P co-located by default, Can be separate boxes FS, FS-P & SSO agent require IISv6 W2K03 R2 Browser clients only for ADFSv1 (W2K03 R2 release) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

4/14/2017 11:44 AM Federation Service ASP.NET-hosted service running on IISv6 – Windows 2003 Server R2 Federation Policy management Establishes trust for signed security tokens by certificate-based key distribution Defines token/claim types & shared namespace for Federated security realms Security token generation Retrieves user attributes for claim generation from AD (or ADAM) via LDAP Transforms claims (if required) between internal & federation namespaces Builds signed SAML security token & sends to FS-P Builds “User SSO” cookie contents & sends to FS-P User authentication Validates ID/Password via LDAP Bind for Forms-based authentication © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Federation Service Proxy 4/14/2017 11:44 AM Federation Service Proxy ASP.NET-hosted service running on IISv6 – Windows 2003 Server R2 User authentication Provides UI for Home Realm Discovery & Forms-based Logon Authenticates users for Windows Integrated & Client SSL authentication Writes “User SSO” cookie to Browser (similar to Kerberos TGT) Security token processing Requests security token for client from FS Routes token to web server via “POST redirect” through browser © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

4/14/2017 11:44 AM Web Server SSO Agent ISAPI extension for IISv6 – Windows 2003 Server R2 User authentication Intercepts URL GET requests & Redirects un-authenticated clients to LS Writes “Web Server SSO” cookie to Browser (similar to Kerberos service ticket) Windows Service User authorization Creates NT Token for impersonation (AD users only) Managed Web Module Security token processing Validates user’s security token and parses claims in token Populates ASP.NET GenericPrincipal context from claims to support IsInRole() Provides raw claims to app © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Web SSO Agent Schematic 4/14/2017 11:44 AM Web SSO Agent Schematic © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ADFS Trust & Message Flows 4/14/2017 11:44 AM ADFS Trust & Message Flows STS: Trust & claims policy setup (out of band) Browser: Application and security token requests (HTTPS) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

4/14/2017 11:44 AM ADFS Identity Federation Projects AD Identities to other security realms Organization A Private Namespace Organization B Private Namespace Federation Servers Federation Server Manage: Trust – Keys Security – Claims required Privacy – Claims allowed Audit – Identities, authorities Federation Server © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ADFS: Claim & Token Processing 4/14/2017 11:44 AM ADFS: Claim & Token Processing © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ADFS: Supported Security Tokens 4/14/2017 11:44 AM ADFS: Supported Security Tokens Currently only issue SAML tokens Tokens are not encrypted All messages are over HTTPS Tokens are signed (default) Signed with RSA Private key and signature verified with public key from X.509 certificate (optional) Can be signed with Kerberos session key FS-R tokens for Web server SSO Agent NT service component of Web server SSO Agent must run as a domain service account and must have an SPN configure © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ADFS: Supported Claim Types 4/14/2017 11:44 AM ADFS: Supported Claim Types WS-Federation interoperable claim types Identity User Principal Name (UPN) E-mail Address Common Name (any string value) Group Custom name/value pair (eg SSN / 123-45-6789) ADFS-to-ADFS only authZ data SIDs Sent to avoid employee shadow accounts in extranet DMZ Sent in SAML token Advice element (not a standard claim type) Organizational claims Common set of claims across account stores and partners Mark organizational claims as sensitive (not audited/logged) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ADFS: Claims Processing Extensibility 4/14/2017 11:44 AM ADFS: Claims Processing Extensibility Interface allows plug-in modules to be developed for custom claim transformation ADFS v1 FS supports one claim transform module. Not a pipeline for multiple modules. Further lookups to a LDAP or SQL store Complex claim transformations requiring computation © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ADFS Federation Claims Flow 4/14/2017 11:44 AM ADFS Federation Claims Flow © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Supply Chain/Purchasing Application 4/14/2017 11:44 AM Supply Chain/Purchasing Application © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Agenda Level set Active Directory Federation Services 4/14/2017 11:44 AM Agenda Level set Distributed IAM Problems Federated IAM Solution Active Directory Federation Services Architecture & Components Managing Access with Claims (User Attributes) Demo Deployment & Programming Models ADFS WS-* Specifications Heritage Multi-vendor Interoperability © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

B2B: ADFS Federated Web SSO Partners do NOT need local accounts 4/14/2017 11:44 AM B2B: ADFS Federated Web SSO Partners do NOT need local accounts Web-based purchasing & inventory control apps Partner employees use their corporate AD accounts Intranet UX: Web SSO after Windows desktop logon Internet UX: Web SSO after Forms-based logon or SSL client authN © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

4/14/2017 11:44 AM B2E: ADFS Extranet Web SSO Single sign-on for HQ & “Road Warrior” users Web-based Wholesale Order Entry app in DMZ All employees have accounts in intranet AD Intranet UX: Web SSO after Windows desktop logon Internet UX: Web SSO after Forms-based logon or SSL client authN © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

B2C: ADFS “Online” Web SSO Classic Web SSO for Internet customers 4/14/2017 11:44 AM B2C: ADFS “Online” Web SSO Classic Web SSO for Internet customers Web-based Retail Order Entry & Customer Service apps Customers issued user accounts in DMZ (AD or ADAM) Internet UX: Web SSO after Forms-based logon © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

ADFS App Programming Model Web Server SSO Agent Authenticates users for app Creates authorization context for app NT Impersonation and ACLs ASP.NET IsInRole() String match, You do all the authorization logic AzMan RBAC integration App can add Role/Group claims to AzMan context ASP.NET Raw Claims API System.Web.Security.SingleSignOn.Authorization Session SVR400 Developing Solutions on the Microsoft Identity and Access Platform © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

4/14/2017 11:44 AM Federated IAM via Claims & RBAC ADFS & Authorization Manager integration Federation Realm SIDs/Attribs Federation Claims Application Claims Federation STS Federation STS Active Directory AzMan (RBAC) Roles Web Server Account Realm Resource Realm © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Agenda Level set Active Directory Federation Services 4/14/2017 11:44 AM Agenda Level set Distributed IAM Problems Federated IAM Solution Active Directory Federation Services Architecture & Components Managing Access with Claims (User Attributes) Demo Deployment & Programming Models ADFS WS-* Specifications Heritage Multi-vendor Interoperability © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

WS-Federation Web services federation language 4/14/2017 11:44 AM WS-Federation Web services federation language Defines messages to enable security realms to federate & exchange security tokens BEA, IBM, Microsoft, RSA, VeriSign Two “profiles” of the model defined Passive (Browser) clients – HTTP/S Active (Smart) clients – SOAP HTTP messages HTTP Receiver Security Token Service SOAP Receiver SOAP messages © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

4/14/2017 11:44 AM Passive Requestor Profile Supported by ADFSv1 in Windows Server 2003 R2 Binding of WS-Federation & WS-Trust for browser (passive) clients Implicitly adhere to policy by following redirects Implicitly acquire tokens via HTTP msgs Authentication Requires secure transport (HTTPS) Cannot provide “proof of possession” for tokens Limited (time based) token caching Tokens can be replayed © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Sample Flow: Browser Client Requesting Browser Requestor’s IP/STS Target Resource Target’s IP/STS Get resource Return secured response Redirect to resource’s IP/STS Return resource token Detect realm Return identity token Redirect to requestor’s IP/STS Login © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Active Requestor Profile Future ADFS release 4/14/2017 11:44 AM Active Requestor Profile Future ADFS release Binding of WS-Federation & WS-Trust for SOAP/XML aware (active) clients Explicitly determine token needs from policy Explicitly request tokens via SOAP msgs Strong authentication of all requests Can provide “proof of possession” for tokens Supports delegation Client can provide token for web service to use on its behalf Allows rich token caching at client Improved user experience & performance © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Return secured response 4/14/2017 11:44 AM Sample Flow: Active SOAP Client WS-Policy used to route client token requests Requesting Service Requestor’s IP/STS Target Service Target’s IP/STS Acquire policy Request token Return token Acquire policy Request token Return token Send secured request Return secured response © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

WS-Federation Interoperability 4/14/2017 11:44 AM WS-Federation Interoperability WS-* public workshops/mailing list prepare specs for submission to standards bodies http://groups.yahoo.com/group/WS-Security-Workshops/ WS-Federation vendor workshop (3/29/04) Passive Requestor Profile & SAML token Microsoft, IBM, RSA, Oblix, PingID, Open Network, Netegrity 100% interop achieved by all participants WS-Federation product previews at Tech·Ed Interop pavilion & Vendor panel © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Call to Action Play with ADFS 4/14/2017 11:44 AM Call to Action Play with ADFS ADFS Hands-On Lab! ADFS in R2 Beta 2 Encourage claims-aware application development today; get federation “for free” when R2 ships Authorization Manager ASP.NET IsInRole © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Resources White Papers: http://www.microsoft.com/idm 4/14/2017 11:44 AM Resources White Papers: http://www.microsoft.com/idm “Federation of Identities in a Web Services World” “Federated Identity Management Interoperability” Video: http://msdn.microsoft.com/theshow/episode047/default.asp © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Your Feedback is Important! 4/14/2017 11:44 AM We invite you to participate in our online evaluation on CommNet, accessible Friday only If you choose to complete the evaluation online, there is no need to complete the paper evaluation © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

4/14/2017 11:44 AM © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

© 2005 Microsoft Corporation. All rights reserved. 4/14/2017 11:44 AM © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.