Windows CardSpace Martin Parry Developer Evangelist Microsoft

Slides:

Advertisements

Similar presentations

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.

Advertisements

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).

Advances in Digital Identity

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

MSDN Connection Get personalised information on the topics and technologies you want Profile yourself today and get updates via RSS Get personalised information.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.

Using Digital Credentials On The World-Wide Web M. Winslett.

The Laws of Identity and Cardspace Charles Young Solidsoft.

Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.

Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

The slides for this event will be posted at:

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

Troubleshooting Federation, AD FS 2.0, and More…

An Introduction to Information Card Barry Dorrans Charteris plc

David Chappell Chappell & Associates

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

Web Service Standards, Security & Management Chris Peiris

OUC204. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

A Claims Based Identity System Steve Plank Identity Architect Microsoft UK.

Identity Management Report By Jean Carreon and Marlon Gonzales.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

The Windows Live Dev Platform Martin Parry Developer & Platform Group Microsoft Ltd

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

Paul Andrew. Recently Announced… Identity Integration Options 2 3 Identity Management Overview 1.

Shibboleth Akylbek Zhumabayev September Agenda Introduction Related Standards: SAML, WS-Trust, WS-Federation Overview: Shibboleth, GSI, GridShib.

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

WS-Trust “From each,according to his ability;to each, according to his need. “ Karl marx Ahmet Emre Naza Selçuk Durna

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

OSP324. Active Directory User directory synchronization User single-sign on Client distribution Availability monitoring User directory synchronization.

© 2008 by Matt Flaherty & Mary Ruddy; made available under the EPL v1.0 Security & Identity : From present to future Matt Flaherty, IBM Mary Ruddy, Meristic.

Privacy in Cloud Computing Identity Management System for Cloud Microsoft CardSpace Purdue University.

David Chappell Chappell & Associates ARC206.

Claims-Based Identity Solution Architect Briefing zoli.herczeg.ro Taken from David Chappel’s work at TechEd Berlin 2009.

Session: MIX09-T27F. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations.

Adxstudio Portals Training

Linus Joyeux Valerie Alonso Managing consultantLead consultant blue-infinity (Switzerland) Active Directory Federation Services v2.

Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.

Introduction to.NET FX 3.0 (+ sneak preview of.NET FX 3.5) Martin Parry Developer & Platform Group Microsoft Ltd

Claims-based security with Windows Identity Foundation.

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Windows CardSpace™ Adlai Maschiach Senior Consultant

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

F5 APM & Security Assertion Markup Language ‘sam-el’

Martina Grom MVP Office 365 How to (remote) control Office 365 with Azure Toni Pohl MVP Client Dev

Claims-Based Identity The path to federation and CardSpace.

WSO2 Identity Server. Small company (called company A) had few services deployed on one app server.

Access Policy - Federation March 23, 2016

Identity and Access Management

Analyn Policarpio Andrew Jazon Gupaal

Visual Studio Tools for Office 2005

Home Computer Security

An Identity on the Internet

CON 222 如何将网站身份认证向CardSpace迁移

Windows Identity Foundation Overview

Office 365 Identity Management

Matthew Levy Azure AD B2B vs B2C Matthew Levy

Building "One Size Fits All" Identity Systems Possible or Fantasy

Martin Parry Developer Evangelist Microsoft

Presentation transcript:

Windows CardSpace Martin Parry Developer Evangelist Microsoft

Event slides will be posted at:

Identity: problems Passwords too easy to crack Or too hard to remember I want multiple identities Results in identity silos Banks etc. would like to make sign-on data a lot more complex Users’ ability to remember is the obstacle Nobody trusts a single organization to store all identity information

Identity: a new approach Kim Cameron; Seven laws of identity We have interoperable WS-* specs Allow multiple identity systems to take part We have a standard format for credentials SAML tokens The Identity Metasystem

Security Tokens SAML Security Assertion Markup Language Prevailing format for credentials today What’s in a security token? Collection of claims (self-asserted or verifiable) Token signed by issuer Issuing a token Use WS-Security and WS-Trust Consuming a token Verify signature, decide if issuer trusted Read claims (for authZ decisions)

Example Security Token Given Name:Martin Family Name:Parry Martin Parry

Security Token Service Username/password X.509 Certificate Another security token Biometric Etc... Give it something... Martin Parry

Federation If users have accounts elsewhere and you trust the authN that takes place there Don’t add user accounts to your system Accept security tokens issued elsewhere Establish trust between systems WS-Federation Think of B2B scenarios

Federation: example Instead of provisioning a new user account for a partner, I’ll let her organization authenticate her Automate the trust relationship Ask user to supply a SAML token issued by a partner org SAML token contains claims about the user Partner org claims that this user’s name is Alice Partner org claims that Alice is a Purchaser Partner org claims that Alice is authorized to purchase bike parts Reduces identity management burden and latency

Information Cards Identities represented as cards Users understand that they need to be careful when giving out credit card details Self-issued “personal card” Created by user and held in local secure store Private personal identifier “Managed card” Issued by trusted Identity Provider Visible locally but identity information is stored at IP Cards do not contain security tokens They represent my ability to supply a token

How it works Policy 2. “I would like a SAML 1.1 token, containing First Name, Surname, issued by *any*” 3. UI filters cards that can satisfy policy 4. User picks a card 5. Token is requested 1.Access resource 6. Token is created 7. Token is presented Relying Party Identity Provider

Demo Create a self-issued card Sign on to a website using the card

HTML Click here to sign in <param name="requiredClaims" value=" nalidentifier" />

Server-side code protected void Page_Load(object sender, EventArgs e) { string xmlToken = Request.Params["xmlToken"]; if (xmlToken == null || xmlToken.Equals("")) ShowError("Token presented was null"); else { TokenHelper tokenHelper = new TokenHelper(xmlToken, " givenname.Text = tokenHelper.GetClaim(ClaimTypes.GivenName); surname.Text = tokenHelper.GetClaim(ClaimTypes.Surname); .Text = tokenHelper.GetClaim(ClaimTypes. ); } Clearly all the work’s in TokenHelper Get it in the samples at

How to implement a RP Update user database To include unique IDs from CardSpace Create an association page Users can associate cards with their accounts Update the sign-in page To allow the use of cards Can still allow other credentials Update registration page To allow the use of cards

Event slides will be posted at:

Get the latest technology previews, trial software, special offers Get information tailored to your needs Pick your RSS feeds Sign up for MSDN Connection at:

Resources, tools and betas Learn about development for Windows Live Useful resource for.NET Framework 3.0, the development platform for Windows Vista Get the latest betas for Windows Vista and Office Try Visual Studio Check out the free Express versions of Visual Studio Learn about and try the new Web and client designer tools Resources

Additional Information UK MSDN Events Post events page including slide decks Upcoming events UK MSDN Site & Flash Newsletter Local news, events, nuggets & webcasts Register to receive the bi-weekly MSDN Flash by