Rich Randall Development Lead Microsoft Corporation BB44.
-
Upload
dania-ammon -
Category
Documents
-
view
219 -
download
4
Transcript of Rich Randall Development Lead Microsoft Corporation BB44.
![Page 1: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/1.jpg)
Identity: Windows CardSpace "Geneva" Under the Hood Rich Randall
Development LeadMicrosoft Corporation
BB44
![Page 2: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/2.jpg)
PLACHOLDER FOR ALL UP IDENTITY SLIDE
![Page 3: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/3.jpg)
Overview of claims-based access What’s new in CardSpace Protocol and architecture Why CardSpace Future plans
What Will Be Covered
![Page 4: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/4.jpg)
The claims-based access client Protocol client
Application inputs policy, gets back token User interface
Relationships manifested as information cards Personas
Credential collection interface
What is CardSpace
![Page 5: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/5.jpg)
Claim Statement by one party about other party May be an identifier, a characteristic
Security token Signed document containing claims Produced by Security Token Service (STS)
Identity Metasystem Protocols and architecture for exchange claims
Claims-aware application Claims delivered when user accesses app
Claims-Based Access Model
![Page 6: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/6.jpg)
Application Server
Claims-Based Access Model
Security Token Service
End User
Claims Framework
Your App
3. Rea
d policy
5. Send claims
1. Establish relationship using metadata
2. Read policy
trust
4. Get
claim
s
Identity Selector Cl
ient
![Page 7: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/7.jpg)
Faster Smaller Lighter
What Did V1 Teach Us
![Page 8: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/8.jpg)
Demo
![Page 9: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/9.jpg)
User friendly metaphor Token issuer reference Issuer capabilities
At The Center Is The Information Card
![Page 10: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/10.jpg)
Policy retrieval Filter and selection Token retrieval
Protocol Flow
![Page 11: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/11.jpg)
Policy Retrieval
FabrikamContoso Application
Contoso STSFabrikam STS
Established Trust
FabrikamContoso
![Page 12: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/12.jpg)
Filter And Selection
![Page 13: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/13.jpg)
Token Retrieval
FabrikamContoso Application
Contoso STSFabrikam STS
Established Trust
FabrikamContoso
![Page 14: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/14.jpg)
Add CardSpace Support
Demo
![Page 15: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/15.jpg)
Object Tag
<html><form method="post" action="TokenProcessingPage.aspx“> <OBJECT classid=“CLSID:19916E01-B44E-4e31-94A4-4696DF46157B" name="CardSpaceToken“ CODEBASE=“http://microsoft.com/CSV2.exe#Version=10,10,1,12"> <PARAM NAME="issuer" VALUE="http://contoso.com/issue" > <PARAM NAME="tokenType" VALUE="urn:oasis:names:tc:SAML:1.0:assertion" > <PARAM NAME="requiredClaims" VALUE=" http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier " > </OBJECT></form></html>
![Page 16: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/16.jpg)
CardSpace “Geneva” Architecture
Internet Explorer 7+
Federated Identity Client Service
Native Client API (infocardapi2.dll)
ObjectTagExtension
(ActiveX Control)
Identity Manager
Card Store ClientSTSLocalStore
SapphireWin32
GetToken() [native]
Managed Application
Native Client API (infocardapi2.dll)
Managed Wrapper Class ?
GetToken() [native]
IdentitySelector.GetToken()
WS-Trust and WS-Mex Client
Control Panel
Card and Ledger Management
Federation Manager
App code
Credential Provider
![Page 17: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/17.jpg)
Home realm discovery Persona’s and other card tricks Credential agility
Why You Want CardSpace
![Page 18: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/18.jpg)
Home Realm Discovery
App UserFederated App
PDC ExhibitorGame World
Policy
Claim: Email
![Page 19: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/19.jpg)
Persona Selection
Claim: Admin
Claim: UserGenevaIdentityServer Claims Store
Claims Aware
App
Claim: Admin
![Page 20: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/20.jpg)
App does not handle credentials CardSpace handles credential collection STS handles Credential validation Credential type can vary
without affecting the app
Credential Agility
![Page 21: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/21.jpg)
In The Future
![Page 22: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/22.jpg)
Windows Integration (SSP)
Sharepoint ServerSharepoint Client
CardSpace Service
LSASS
IE
Credential Provider
WinInet
IIS
Sharepoint
LSASS
FedSSPFedSSP
XML Token to Windows Token
Translator
![Page 23: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/23.jpg)
Windows SSP Integration
Demo
![Page 24: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/24.jpg)
U-Prove: “Minimal Disclosure Tokens”
Cryptographic technology for strong authentication with enhanced privacy characteristics Tokens that cannot be correlated Like coins:
You know issuer (central bank) can’t forge them and can’t tell two apart
Tokens can be obtained in advance for “offline” presentation Single use tokens
Users can prove properties of claims without disclosing the claims Derived claim: Over-21 proof instead of disclosing DoB Prove claim not equal to certain value: my name is not on deny list
![Page 25: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/25.jpg)
Roaming
Cloud and Device Roaming
![Page 26: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/26.jpg)
Wireframe – Connect to Store
Login
Windows Security
Choose a card to submitThe card will be used to authenticate to <computer>
CancelCancelOKOK
SanDisk USB drive (E:)
Password
Enter password to unlock you cards
Remember this location
Find your other cardsClick here to select and connect to a web service that holds your cards.
![Page 27: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/27.jpg)
Wireframe – Select Roamed Card
www.aaa.comWebsite requests a personal card
Login
Windows Security
Choose a card to submitThe card will be used to authenticate to <computer>
CancelCancelOKOK
Real Me
Card location: SanDisk USB drive (E:)Personal card
Funny Me
Card location: SanDisk USB drive (E:)Personal card
Find your other cardsClick here to select and connect to a web service that holds your cards.
This card was previously used at www.aaa.com
![Page 28: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/28.jpg)
Other Future Directions
Windows secure desktop Even smoother installation Admin policy for card use Richer policy alternatives
![Page 29: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/29.jpg)
"Geneva" Schedule
Beta 1October
2008
Beta 21st Half
2009
RTM2nd Half
2009
![Page 30: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/30.jpg)
“Geneva” components are Windows components
Supported platforms Beta: Windows Server 2008, Windows Vista RTM: To Be Determined
See us in Lounge, Pavilion, Hands On Lab Learn about Technology Adoption Partner program
Details
![Page 31: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/31.jpg)
Software (BB42) Identity: "Geneva" Server and Framework Overview (BB43) Identity: "Geneva" Deep Dive (BB44) Identity: Windows CardSpace
"Geneva" Under the Hood Services
(BB22) Identity: Live Identity Services Drilldown (BB29) Identity: Connecting
Active Directory to Microsoft Services (BB28) .NET Services: Access Control Service Drilldown (BB55) .NET Services: Access Control In the Cloud Services
Identity @ PDC
![Page 32: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/32.jpg)
Evals & Recordings
Please fill
out your
evaluation for
this session at:
This session will be available as a recording at:
www.microsoftpdc.com
![Page 33: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/33.jpg)
Please use the microphones provided
Q&A
![Page 34: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/34.jpg)
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 35: Rich Randall Development Lead Microsoft Corporation BB44.](https://reader036.fdocuments.in/reader036/viewer/2022062417/551b6fea550346a6148b4ebc/html5/thumbnails/35.jpg)