Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Team. Overview Digital Identity 2.0 What’s CardSpace Architecture Why CardSpace Demo Future Directions Resources Q&A.

Published byKaren Lloyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Team. Overview Digital Identity 2.0 What’s CardSpace Architecture Why CardSpace Demo Future Directions Resources Q&A."— Presentation transcript:

1 Network Team

2 Overview Digital Identity 2.0 What’s CardSpace Architecture Why CardSpace Demo Future Directions Resources Q&A

3 Network Team Digital Identity 2.0 사용자 중심 기술을 사용하여 Identity 확인 방식 실제 환경과 유사한 Identity Transactions 의 Open Method 를 강조

4 Network Team Digital Identity 2.0 User Silo - centric User - centric

5 Network Team User - centric User 가 정말 원하는 방식이 무엇이든지, 그 방식대로 Identity Information 를 관리해줌. ⇒어떤 정보는 위탁 관리하고, 어떤 정보는 User 가 직접 관리

6 Network Team Digital Identity 2.0 OpenID 2.0 CardSpace / Higgins SAML Federation Identity System User – Centric Conversation

7 Network Team What’s CardSpace Microsoft 의 Identity MetaSystem 을 위한 Identity Selector 클라이언트 소프트웨어 사용자들의 디지털 정보를 저장하면서 사용자들 에게 시각적인 정보 카드로 이 사용자 정보를 보 여줌. ⇒사용자에게 일관된 digital Identity Interface 를 제공

8 Network Team Card Types Personal Cards Managed Cards User - centric 카드를 ID Selector 로 가져온 User 에게 ID Provider 가 제공하는 카드 카드를 ID Selector 로 가져온 User 에게 ID Provider 가 제공하는 카드 User 가 ID Provider 역할도 수행하며 User 가 클레임에 대한 모든 값을 제공하는 카드 User 가 ID Provider 역할도 수행하며 User 가 클레임에 대한 모든 값을 제공하는 카드

9 Network Team Architecture

10 Network Team Claims-Based Access Model Application Server Security Token Service End User Claims Framework Your App 3. Read policy 5. Send claims 1.Establish relationship using metadata 2. Read policy trust 4. Get claims Identity Selector Client

11 Network Team Claim 누군가가 특정 주체에 대해 설명하는 주장들로 구 성 카드를 통해서 표현되는 정보 신원을 증명하려 할 때 제공하는 정보 로컬 컴퓨터 대신에 카드 발급자에 저장

12 Network Team Object Tag <OBJECT classid=“CLSID:19916E01-B44E-4e31-94A4-4696DF46157B" name="CardSpaceToken“ CODEBASE=“http://microsoft.com/CSV2.exe#Version=10,10,1,12"> <PARAM NAME="issuer" VALUE="http://contoso.com/issue" > <PARAM NAME="tokenType" VALUE="urn:oasis:names:tc:SAML:1.0:assertion" > <PARAM NAME="requiredClaims" VALUE=" http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalide ntifier " >

13 Network Team Security token WS-Security –XML 전자서명과 XML 암호화 기술을 통하여 메시지의 안전한 전송을 가능하게 하며 또한 인증 및 권한제어 등을 위해 메시지 헤더에 다양한 보안토큰을 삽입하는 방법을 정의 개인 정보를 전달하기 위해 사용 인증 및 권한제어를 위한 용도 + 다양한 컨텍스트에 사용되며 브라우저 기반 웹 환경에서도 사용 가능

14 Network Team Identity MetaSystem Protocols and architecture for exchange claims

15 Network Team Identity MetaSystem ● 구성요소 I.Claim 을 사용하여 ID 를 표현하는 방법 II.ID Provider, Relying Party, User 의 협상 방법 III.Claim 과 요구 사항을 가져오기 위한 캡슐화 프 로토콜 IV.Claim 변환을 사용하여 기술 및 조직 경계를 극 복하는 방법 V. 여러 상황, 기술 및 운영자 간의 일관된 사용자 경험

16 Network Team Identity MetaSystem

17 Network Team Why CardSapce Home realm discovery Persona’s and other card tricks Credential agility

18 Network Team Home Realm Discovery App User Federated App NexonGame World Policy Claim: Email Policy Claim: Email

19 Network Team Persona Selection Claim: Admin Claim: User Geneva Identity Server Claims Store Claims Aware App Claim: Admin

20 Network Team Credential Agility App does not handle credentials –CardSpace handles credential collection –STS(Security Token Service) handles Credential validation –Credential type can vary without affecting the app

21 Network Team Why CardSapce Regardless of the complex flow of claims, tokens, and token types between the different systems within the metasystem, the user should have a simple, consistent, and comprehensible experience

22 Network Team Demo http://home.live.com/

23 Network Team Future Directions CardSpace 와 OpenID 의 협업 –OpenID 토큰 내용을 포함하는 CardSapce 스키마를 정 의하고, CardSpace 가 SAML 토큰을 얻는 것처럼 OpenID 토큰을 얻음 CardSpace 와 WCF 통합 다른 OS 와의 상호 운용성 –Higgins

24 Network Team Resources Web Sites/Blogs –MSDN Library http://msdn.microsoft.com/ko-kr/library/ms734655.aspx –Microsoft windows CardSpace 공식 http://www.microsoft.com/windows/products/winfamily/cardsp ace/default.mspxhttp://www.microsoft.com/windows/products/winfamily/cardsp ace/default.mspx –Microsoft's CardSpace: Part 1,2,3 http://dotnetslackers.com/articles/security/microsoft_cardspa ce_getting_started.aspxhttp://dotnetslackers.com/articles/security/microsoft_cardspa ce_getting_started.aspx –Kim Carmeron’s Identity Weblog http://www.identityblog.com/ –Korean Identity Management(KIM) http://ayo79.egloos.com/

25 Network Team Resources Book –Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities /by Vittorio Bertocci, Garrett Serack, Caleb Baker CardSpace Open Source Project –Java 프로젝트 http://informationcard.sourceforge.net http://www.codeplex.com/informationcardjava –Ruby 프로젝트 http://rubyforge.org/projects/informationcard http://www.codeplex.com/informationcardruby

26 Network Team

Download ppt "Network Team. Overview Digital Identity 2.0 What’s CardSpace Architecture Why CardSpace Demo Future Directions Resources Q&A."

Similar presentations

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.
Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
Advances in Digital Identity

Advances in Digital Identity
Securing Your Applications and Web Services with the Geneva Framework Jim Lavin.

Securing Your Applications and Web Services with the Geneva Framework Jim Lavin.
 Jan Alexander Program Manager Microsoft Corporation BB43.

 Jan Alexander Program Manager Microsoft Corporation BB43.
 Rich Randall Development Lead Microsoft Corporation BB44.

 Rich Randall Development Lead Microsoft Corporation BB44.
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?

2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?
Implementing and Administering AD FS

Implementing and Administering AD FS
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.

Infocard and Eduroam Enrique de la Hoz, Diego R. L ó pez, Antonio Garc í a, Samuel Mu ñ oz.
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft

SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
Higgins 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation.

Higgins 1: A species of Tasmanian long-tailed mouse 2: An open source identity framework being developed at the Eclipse Foundation.
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,

Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
© 2009 by Mary Ruddy, Manfred Duchrow, Frank Gerhardt, Jochen Hiller, Gunnar Wagenknecht; made available under the EPL v1.0 | 2009-03-24 Identity Management.

© 2009 by Mary Ruddy, Manfred Duchrow, Frank Gerhardt, Jochen Hiller, Gunnar Wagenknecht; made available under the EPL v1.0 | Identity Management.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.

 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number 09-017 Norman F. Brickman, Roger.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.

Similar presentations

Ads by Google