Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 steve plank (“planky”) identity architect microsoft uk.

Published byMarylou Wilson Modified over 9 years ago

Similar presentations

Presentation on theme: "11 steve plank (“planky”) identity architect microsoft uk."— Presentation transcript:

1 11 steve plank (“planky”) identity architect microsoft uk

2 22 what is a digital identity? if the identity service has my password, why does my application still have a user account? identities and profiles how do I factor authentication and authorization in to separate services for my applications? a single source of identities, or many sources? What’s best? how to federate with: other organisaitons the “cloud”

3 33 trust fabric a set of claims made by one subject about another subject self-asserted identity ebay amazon google hotmail yahoo... authenticity marks (digital signatures) claims static claims: date of birth gender dynamic claims: address job title derived claims: over 18 = true health professional = true

4 44 elvis@hotmail.com **************** you can’t assert your own identity – even to yourself claims not assertions verification processes: military government finance

5 5 1.read policy for submitOrder() client application 2. call submitOrder() including [planky, ****] submitOrder() requires [name,password] cred

6 6 1.read policy for submitOrder() 2.read policy for request security token 3.request security token passing [planky, ****] submitOrder() requires {role} from sts_authentication {role} requires [name,password] cred security token service sts_authentication application

7 7 5.call “submit order” with security token security token service sts_authentication 4. request security token response {role=purchaser} signed sts_authentication mapping: (planky,****)  {role = purchaser} “submit order” requires {role} from sts_authentication application

8 8 1.read policy for submitOrder() security token service sts_authorization “authorization claims provider” security token service sts_authentication “identity claims provider” 2.read policy for request security token 4.request security token passing [planky’s kerb ticket] 3.read policy for request security token submitOrder() requires {submit order} from sts_authorization {submit order} requires {role} claim from sts_authentication {role} requires [kerb ticket] or [name/pwd] cred client application

9 9 call submitOrder() client security token service sts_authorization security token service sts_authentication mapping: planky  {role = purchaser} mapping: {role = purchaser}  {submit order = true} {role=purchaser} signed sts_authentication {submit order = true} signed sts_authorization {role=purchaser} signed sts_authentication submitOrder() requires {submit order} claim from sts_authorization submitOrder() requires {role} claim from sts_authentication application

10 10 1. user control and consenm 2. minimal disclosure for a defined use 3. justifiable parties 4. directional identity 5. pluralism of operators and technologies 6. human integration 7. consistent experience across contexts

11 11 “On Premise” “Off Premise” Your Organisation My Organisation Windows Live ID Microsoft Federation Gateway.NET Services Access Control Microsoft Dynamics CRM Online “Geneva Server” AD “Geneva” Framework S+S App Website SAML WS-Fed WS-Trust Microsoft Services Connector

12 12 what is a digital identity? if the identity service has my password, why does my application still have a user account? identities and profiles how do I factor authentication and authorization in to separate services for my applications? a single source of identities, or many sources? What’s best? how to federate with: other organisaitons the “cloud”

Download ppt "11 steve plank (“planky”) identity architect microsoft uk."

Similar presentations

Advances in Digital Identity

Advances in Digital Identity
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
steve plank “planky” microsoft Lest we forget windows azure appfab

steve plank “planky” microsoft Lest we forget windows azure appfab
 Rich Randall Development Lead Microsoft Corporation BB44.

 Rich Randall Development Lead Microsoft Corporation BB44.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?

2 3 Who are you? What are you allowed to do? How should your experience be personalized? How do I get apps that are provably securable and manageable?
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft

SAML 2.0 og ”Geneva” OIOSAML Workshop 31. marts 2009 Århus René Løhde, Microsoft
Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,

Adoption Time Single paradigm, mature tools, stable design patterns and frameworks Software developer’s comfort zone Competing paradigms, no tools,
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.

 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
Windows azure app fab security steve plank “planky” architectural evangelist, microsoft uk

Windows azure app fab security steve plank “planky” architectural evangelist, microsoft uk
11. 2 1.read policy for submitOrder() client application 2. call submitOrder() including [planky, ****] submitOrder() requires [name,password] cred.

read policy for submitOrder() client application 2. call submitOrder() including [planky, ****] submitOrder() requires [name,password] cred.
The Laws of Identity and Cardspace Charles Young Solidsoft.

The Laws of Identity and Cardspace Charles Young Solidsoft.
Identity & Access Control in the Cloud Sachin Vinod Rathi Architect Advisor, Microsoft Corporation Niraj Bhatt Enterprise Architect, Windows Azure MVP.

Identity & Access Control in the Cloud Sachin Vinod Rathi Architect Advisor, Microsoft Corporation Niraj Bhatt Enterprise Architect, Windows Azure MVP.
Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.

Problem Statement AD DB App1 DB App2 AD App4 App6 AD App5 Intranet Extranet Cloud AD App3 DB SSO Separate Sign-in Separate Sign-in Separate Sign-in.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.

 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.

Similar presentations

Ads by Google