Download presentation
Presentation is loading. Please wait.
Published byAlexander Miles Modified over 9 years ago
1
SIM205
5
(On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime Other Manages You manage Platform (as a Service) Other Manages You manage Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data Software (as a Service) Other Manages Storage Servers Networking O/S Middleware Virtualization Applications Runtime Data Common Identity Leveraging on-premises Active Directory Federating based on industry standards Provisioning objects to services where needed Enabling cloud identity providers
7
Private Cloud On-Premises Public Cloud Partners SaaS PaaS User Public Cloud SaaS PaaS
8
Private Cloud On-Premises Partners Public Cloud SaaS PaaS AD Federation Services AD Certificate Services AD Rights Management Services AppFabric Access Control service SAML OAUTH WS-Trust, SAML User Claims based applications
9
a claims store and so much more Active Directory Domain Service the developer experience Windows Identity Foundation cloud hosted STS AppFabric Access Control Service on-premises STS Active Directory Federation Service on-premises identity management Forefront Identity Manager cloud identity provider + much more Windows Live ID SaaS - Exchange Online, SharePoint Online… Office 365 / BPOS PaaS - a cloud-OS offering a development, service-hosting and service-management environment Windows Azure
10
Relationship Claims Provider (Security Token Service) Claims Provider (Security Token Service) 2. Get claims 3. Send claims 1. Require claims SUBJECT Resource Provider
11
End User Configure: Claims Rules (Federation Metadata) Configure: Establish Relationship / Trust (Signing key) 3. Get claims 2. AuthN (Creds) Claims Framework (WIF) Claims Framework (WIF) App Business Logic App Business Logic 4. AuthN (Claims) 1. Get policy 5. Grant/deny access Resource Provider Claims-aware application Security Token Service (AD FS) Directory (AD DS)
13
Credential Management Group Management User Management Policy Management
18
Define Role in Hyper-V AzMan or VMM Add Groups to roles Manage Groups in FIM Secure Delegated Administra tion System Center Forefront Identity Manager Private Cloud management
26
Active Directory Other Providers WS-* and SAML On Premises Use of Active Directory identities and groups through federation Enable seamless access experience with other corporate applications tied to AD Integration with 3 rd party systems through WS-* and SAML 2.0 open standards In the next release of AppFabric Access Control Services (ACS 2.0), single sign-on with popular Internet identity providers
27
Access Control Service Your Service 2. Request token (pass input claims) 4. Return token (receive output claims) 5. Send message with token 0. Establish trust via key exchange Customer 1. Define access control rules for an identity provider 3. Map input claims to output claims based on access control rules 6. Process token
28
demo
31
On Premises AD Online Directory Sync Identity services Provisioning platform Provisioning platform Lync SharePoint Exchange Active Directory Federation Services Trust IdP Directory Store Admin portal Authentication platform IdP Forefront Identity Manager 2010 Small/Medium Customer
34
Windows Integrated/Kerberos FIM 2010 HR System Workflow ADDS Phone Title Department Manager Group Identity directories Exchange GAL & DL SharePoint Profiles and Access SAP and other apps AD FS 2.0 WS-* and SAML Claims Partner Claims-Aware Applications Claims- Aware Applications SQL Server Role Client List Self Service MS Online Directory Synchronization
39
www.microsoft.com/teched Sessions On-Demand & CommunityMicrosoft Certification & Training Resources Resources for IT ProfessionalsResources for Developers www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn http://northamerica.msteched.com Connect. Share. Discuss.
41
Scan the Tag to evaluate this session now on myTechEd Mobile
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.