1. Session: MIX09-T27F

2. Web Developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations Easy on - boarding of new customers Organizations Turnkey federation for adopting services (Online, Live, ISVs) Works with existing identity infrastructure

3. Baseline understanding of Live ID Web Developers Consuming Windows Live IDs on your site Accessing user data on your site ISVs Consuming federated identities Rapid on-boarding for organizations

5. Authentication: users, applications, devices Identities Investing in 2FA such as Smartcard, StartKey Strong Authentication User / IP reputation, Account abuse prevention Attacker Resistant Live ID is fully customizable UI Customization Delegated auth: user permission to access data Data Portability Embracing Open Standards OpenID Compatible with Microsoft Federation Gateway Federated Authentication

6. PrincipalActing for SelfActing for User User User auth (Client or Web) Application App auth (AppID)Delegation (Good) Impersonation (BAD!) Device DeviceIDLinked DeviceID The Password Anti-Pattern! Anti-Pattern! Principal Types Credential Types [Strong] Password, Pin eID / Smart card CardSpace Policy-driven control Types of Live ID Users Live Mail / Hotmail accounts EASI (“E-mail As Sign-In”) Managed domains Federated domains Type of identity

8. Consume identities & SSO Web Authentication Client SDK Preview: Open ID Accessing user data Delegated Auth SDK

11. Existing: WebAuth.htm New: WebAuthLogo.htm New: WebAuthButton.htm

12. Live ID WebAuth service Relying Party Web Site e.g., Contoso.com Relying Party Web Site e.g., Contoso.com 33 55 44 2 2 11 End User w/ web browser Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?LinkID=91762http://go.microsoft.com/fwlink/?LinkID=91762

14. Recognizable & not jarring Sign-inSign-upConsent

15. Customizable Contents Elements that can be customized.  Partner Logo  Task statement  Product description  Sign up section  Header background Task integration statement Sign-up section Customizable Theme Elements cannot change. Customize look & feel.  Font color  Background color  Button color  User tile color  Live ID description color

20. Microsoft is becoming an OpenID Provider (OP) Try the Live ID – OpenID Provider CTP Now 1.Set up a Live ID INT account: https://login.Live-INT.com/https://login.Live-INT.com/ 2.Set up OpenID alias: https://OpenID.Live-INT.com /beta/ManageOpenID.srf 3.Use OpenID 2.0 login URI: OpenID.Live-INT.com 4.Send feedback: openidfb@microsoft.comopenidfb@microsoft.com >> Production release of Live ID – OpenID Provider later this year

21. Consume identities & SSO Web Authentication Client SDK Preview: Open ID Accessing user data Delegated Auth SDK

23. Application Provider (web site) Live ID Delegation Service “Using Consent” Phase ( user can be offline ) Resource Provider (e.g., Windows Live Contacts) Consent UI consent.live.com End User with browser

24. Don’t panic! The SDK libraries handle all this for you! Application Verifier token: AppID, Timestamp, Client IP, SHA256 signature 1: Compact token, 2: SAML token

26. Federation Infrastructure Standards based WS-Trust/WS-Fed Microsoft Federation Gateway Rapid on- boarding / tools Microsoft Services Connector

28. Web Site / Online App Relying Party (RP) Identity Providers (IdP) Microsoft Federation Gateway (MFG) Live ID Identity Provider Other federated Identity Providers Browser Windows App Live ID Client SDK User Applications

29. Microsoft Federation Gateway Microsoft Services Connector Objective: Connect to cloud services without changing existing identity infrastructure

30. Federation Infrastructure Standards based WS-Trust/WS-Fed Microsoft Federation Gateway Rapid on- boarding / tools Microsoft Services Connector

32. Desktop Browser Office Apps Enterprise Microsoft Services Connector Microsoft Services Connector Active Directory Active Directory Microsoft Federation Gateway Cloud Applications Developer Services 3.Services Connector issues login token and redirects to Federation Gateway 4.Federation Gateway validates token and transforms claims 5.Federation Gateway issues service token and redirects to service 6.User accesses service

33. Web developers Customizable identity UX Single Sign On Access to user data ISVs Federation for selling their applications to organizations Easy on - boarding of new customers Organizations Turnkey federation for adopting services (Online, Live, ISVs) Works with existing identity infrastructure

36. © 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.