11 steve plank (“planky”) identity architect microsoft uk.

Slides:



Advertisements
Similar presentations
Advances in Digital Identity
Advertisements

Agenda AD to Windows Azure AD Sync Options Federation Architecture
steve plank “planky” microsoft Lest we forget windows azure appfab
 Rich Randall Development Lead Microsoft Corporation BB44.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Functional component terminology - thoughts C. Tilton.
2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
Windows azure app fab security steve plank “planky” architectural evangelist, microsoft uk
read policy for submitOrder() client application 2. call submitOrder() including [planky, ****] submitOrder() requires [name,password] cred.
The Laws of Identity and Cardspace Charles Young Solidsoft.
Identity & Access Control in the Cloud Sachin Vinod Rathi Architect Advisor, Microsoft Corporation Niraj Bhatt Enterprise Architect, Windows Azure MVP.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Active Directory Integration with Microsoft Office 365
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Troubleshooting Federation, AD FS 2.0, and More…
Prabath Siriwardena Senior Software Architect. An open source Identity & Entitlement management server.
Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.
Microsoft’s Identity Management Strategy and Roadmap
A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.
Troubleshooting Federation, AD FS 2.0, and More…
Enterprise Identity Steve Plank – Microsoft Ivor Bright – Charteris Dave Nesbitt – Oxford Computer Group.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Windows Azure Dave Glover Developer Evangelist Microsoft Australia Tel:
Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
SharePoint Security Fundamentals Introduction to Claims-based Security Configuring Claims-based Security Development Opportunities.
Identity & Access Control in the Cloud Name Title Organization.
Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.
Keith Brown Cofounder pluralsight.com SIA312 Outline What is identity? Challenges Federated identity How it works from a 10,000 foot view Terminology.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.
All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
Adxstudio Portals Training
 Justin Smith Sr. Program Manager Microsoft Corporation BB28.
Expenses Timesheets Approvals Expense capture Timesheets Expense capture Timesheets Expense capture Timesheets.
steve plank “planky” microsoft connecting your private and public clouds with adfs
Alex Thissen | Achmea Designing and implementing a claims-based architecture Alex Thissen | Achmea Claim typeValue
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Prabath Siriwardena, Director of Security, WSO2 Twitter
ADFS - Does it Still have a Place? Fitting into the EMS puzzle Frank C. Drewes III 2016 Redmond Summit | Identity.
SharePoint Authentication and Authorization
Azure Active Directory - Business 2 Consumer
Introduction to Windows Azure AppFabric
The power of common identity across any cloud
Information Protection
Azure AD Application Proxy
Laws for Secure Credentialing
An Identity on the Internet
Put SAML assertion in context
microsoft cloud platform: enterprise-class architecture
Office 365 Identity Management
Agenda OAuth Concepts Programming OAuth.
Matthew Levy Azure AD B2B vs B2C Matthew Levy
Office 365 Development.
Western Mass Microsoft Technology Users Group
Presentation transcript:

11 steve plank (“planky”) identity architect microsoft uk

22 what is a digital identity? if the identity service has my password, why does my application still have a user account? identities and profiles how do I factor authentication and authorization in to separate services for my applications? a single source of identities, or many sources? What’s best? how to federate with: other organisaitons the “cloud”

33 trust fabric a set of claims made by one subject about another subject self-asserted identity ebay amazon google hotmail yahoo... authenticity marks (digital signatures) claims static claims: date of birth gender dynamic claims: address job title derived claims: over 18 = true health professional = true

44 **************** you can’t assert your own identity – even to yourself claims not assertions verification processes: military government finance

5 1.read policy for submitOrder() client application 2. call submitOrder() including [planky, ****] submitOrder() requires [name,password] cred

6 1.read policy for submitOrder() 2.read policy for request security token 3.request security token passing [planky, ****] submitOrder() requires {role} from sts_authentication {role} requires [name,password] cred security token service sts_authentication application

7 5.call “submit order” with security token security token service sts_authentication 4. request security token response {role=purchaser} signed sts_authentication mapping: (planky,****)  {role = purchaser} “submit order” requires {role} from sts_authentication application

8 1.read policy for submitOrder() security token service sts_authorization “authorization claims provider” security token service sts_authentication “identity claims provider” 2.read policy for request security token 4.request security token passing [planky’s kerb ticket] 3.read policy for request security token submitOrder() requires {submit order} from sts_authorization {submit order} requires {role} claim from sts_authentication {role} requires [kerb ticket] or [name/pwd] cred client application

9 call submitOrder() client security token service sts_authorization security token service sts_authentication mapping: planky  {role = purchaser} mapping: {role = purchaser}  {submit order = true} {role=purchaser} signed sts_authentication {submit order = true} signed sts_authorization {role=purchaser} signed sts_authentication submitOrder() requires {submit order} claim from sts_authorization submitOrder() requires {role} claim from sts_authentication application

10 1. user control and consenm 2. minimal disclosure for a defined use 3. justifiable parties 4. directional identity 5. pluralism of operators and technologies 6. human integration 7. consistent experience across contexts

11 “On Premise” “Off Premise” Your Organisation My Organisation Windows Live ID Microsoft Federation Gateway.NET Services Access Control Microsoft Dynamics CRM Online “Geneva Server” AD “Geneva” Framework S+S App Website SAML WS-Fed WS-Trust Microsoft Services Connector

12 what is a digital identity? if the identity service has my password, why does my application still have a user account? identities and profiles how do I factor authentication and authorization in to separate services for my applications? a single source of identities, or many sources? What’s best? how to federate with: other organisaitons the “cloud”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.