Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Post on 14-Dec-2015

223 views 0 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

Transcript of Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317.

Authentication in the cloud:Step by StepFelix JorkowskiSenior Developer, Planet Software

AZR317

Agenda

Components Of Authentication

Breaking Implicit TrustOAuth / Open ID

Federated AuthenticationWS-Federation / WS-Trust

Components of Authentication

Tokens

“A thing serving as a visible or tangible representation of something abstract”

User

Time

Cookie

Query

JSON

SOAP

Components of Authentication

Trust

Encryption

Explicit or Implicit

Extending trust using tokens

Trust

Breaking Implicit Trust

Identity Provider (IdP)

The User Store

Relying Party (RP)

Service for those Users

Breaking Implicit Trust

OAuth (2)

OpenID

Example: OAuth/OpenID

Client User Source (IdP)

Services

Server (RP)

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Example: OAuth/OpenID

OAuth Only!

Client

Server (RP)

User Source (IdP)

Services

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Example: OAuth/OpenID

OAuth Only!

Client

Server (RP)

User Source (IdP)

Services

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

Example: OAuth/OpenID

Client

Server (RP)

User Source (IdP)

Services

demo

Forms -> OAuth/OpenID

Federated Authentication

Federated Authentication

Passive (WS-Federation)

Active (WS-Trust)

Federated Authentication

Claims

Passed in your tokens

Holds user’s name, email…

Endpoints

Only for WS-Trust

Lots of configurations!

Federated Authentication

Example: WS-Federation

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Example: WS-Federation

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Example: WS-Federation

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

Example: WS-Federation & WS-Trust

GoogleWindows Live ID

Facebook

Yahoo

Your company (ADFS)

WS-Fed Provider

Possible IdPsClient

Server (RP) WS-Federation Provider(IdP + RP)

Azure

ACS

demo

Forms -> WS-Federation

net.tcp -> WS-Trust

Thank you!

Projects available at: https://github.com/ajorkowski/techeddemos

Questions? Meet and Greet - Thursday 11-11:30 Speaker Lounge

Twitter: @felixinmelb

https://github.com/ajorkowski/techeddemos
https://github.com/ajorkowski/techeddemos

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS

PRESENTATION.

Top related

Buck DC-DC Step-Down Felix
 Documents
Text for Balance Step-by-Step Guide › SharedContent › documents › ... · Cornerstone Credit Union has added new Increased Authentication features to the login process. These
 Documents
OSGi with Apache Felix Karaf - with Apache Felix Karaf.pdf · OSGi in a nutshell Apache Felix Karaf
 Documents
Authentication Step-Up Protocol and Metadata Version 1.0docs.oasis-open.org/.../os/trust-el-protocol-v1.0-os.docx · Web viewThe semantics of combining authentication methods to increase
 Documents
FELIX SCHOLARSHIPS 2014 - The Felix Scholarship
 Documents
Two Factor Authentication - USER GUIDE - Nominet · Two Factor Authentication - USER GUIDE Two Factor Authentication (or 2FA) is a two step verification process that provides an extra
 Documents
Building a DC-DC Step-Down (Buck) Converter Circuit · PDF fileBuilding a DC-DC Step-Down (Buck) Converter Circuit Using Positive Voltage Regulator Felix Adisaputra November 19, 2010
 Documents
EXPERIENCE SIMPLER, STRONGER AUTHENTICATION · 2019. 11. 16. · DEMO EXAMPLE STEP 3 . 26 UAF AUTHENTICATION DEMO EXAMPLE STEP 4 . USABILITY, SECURITY and PRIVACY 27. 28 No 3rd Party
 Documents
Step by Step Procedure to apply for a DSCidrbtca.org.in/Download/Step_By_Step_Procedure_to_apply_for_a_DSC.pdf · with Authentication PIN (to be entered in the screen for downloading
 Documents
Authentication Step-Up Protocol and Metadata …docs.oasis-open.org/.../v1.0/csprd01/trust-el-protocol-v… · Web viewAuthentication Step-Up Protocol and Metadata Version 1.0 Committee
 Documents
Step-by-Step Guide Turning on two-factor authentication ...
 Documents
NetScaler Radius Authentication · 5 . Step Phase and Task Page √ 9 Configure the NetScaler Authentication Policy and Server 12 10 Configure the NetScaler Gateway Virtual Server
 Documents
MIFARE DESFire EV1 AES Authentication With · PDF fileAES Authentication 3 AES Authentication The AES authentication process is a multiple step sequence in which the NFC/RFID Reader
 Documents
TruU Identity Platform · 2020. 7. 16. · TruU is built on the concept of Universal Factor Authentication (UFA), the next step in multi-factor authentication (MFA). Unlike two-factor
 Documents
Two-Step Authentication Patents December 2013 CONFIDENTIAL - ATTORNEY WORK - PRODUCT CONFIDENTIAL - ATTORNEY WORK PRODUCT - PRIVILEGED1.
 Documents
Step by Step – Using Windows Server 2012 R2 RD Gateway With Azure Multifactor Authentication _ RDS Gurus
 Documents
How to Set Up 2-Factor Authentication on Adafruit · Two-Factor Authentication (2FA) Explained Two-factor authentication is a 2 step process to help keep bad guys out of a computer
 Documents
Multi-Factor Authentication (MFA) Enrollment · 2018. 8. 8. · Multi-Factor Authentication (MFA), also known as 2-Step Authentication, is a Microsoft delivered feature which allows
 Documents
1. Password 2. Validate 3. Access€¦ · Enable two-Step verification a app To app to Code Two-factor authentication Scan this barcode with your authentication app: Recovery code:
 Documents
Multi-Factor Authentication (MFA) Enrollment · Multi-Factor Authentication (MFA), also known as 2-Step Authentication, is a Microsoft delivered feature which allows an enrolled user
 Documents

Copyright © 2022 FDOCUMENTS