Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 steve plank (“planky”) identity architect microsoft uk.

Similar presentations


Presentation on theme: "11 steve plank (“planky”) identity architect microsoft uk."— Presentation transcript:

1 11 steve plank (“planky”) identity architect microsoft uk

2 22 what is a digital identity? if the identity service has my password, why does my application still have a user account? identities and profiles how do I factor authentication and authorization in to separate services for my applications? a single source of identities, or many sources? What’s best? how to federate with: other organisaitons the “cloud”

3 33 trust fabric a set of claims made by one subject about another subject self-asserted identity ebay amazon google hotmail yahoo... authenticity marks (digital signatures) claims static claims: date of birth gender dynamic claims: address job title derived claims: over 18 = true health professional = true

4 44 **************** you can’t assert your own identity – even to yourself claims not assertions verification processes: military government finance

5 5 1.read policy for submitOrder() client application 2. call submitOrder() including [planky, ****] submitOrder() requires [name,password] cred

6 6 1.read policy for submitOrder() 2.read policy for request security token 3.request security token passing [planky, ****] submitOrder() requires {role} from sts_authentication {role} requires [name,password] cred security token service sts_authentication application

7 7 5.call “submit order” with security token security token service sts_authentication 4. request security token response {role=purchaser} signed sts_authentication mapping: (planky,****)  {role = purchaser} “submit order” requires {role} from sts_authentication application

8 8 1.read policy for submitOrder() security token service sts_authorization “authorization claims provider” security token service sts_authentication “identity claims provider” 2.read policy for request security token 4.request security token passing [planky’s kerb ticket] 3.read policy for request security token submitOrder() requires {submit order} from sts_authorization {submit order} requires {role} claim from sts_authentication {role} requires [kerb ticket] or [name/pwd] cred client application

9 9 call submitOrder() client security token service sts_authorization security token service sts_authentication mapping: planky  {role = purchaser} mapping: {role = purchaser}  {submit order = true} {role=purchaser} signed sts_authentication {submit order = true} signed sts_authorization {role=purchaser} signed sts_authentication submitOrder() requires {submit order} claim from sts_authorization submitOrder() requires {role} claim from sts_authentication application

10 10 1. user control and consenm 2. minimal disclosure for a defined use 3. justifiable parties 4. directional identity 5. pluralism of operators and technologies 6. human integration 7. consistent experience across contexts

11 11 “On Premise” “Off Premise” Your Organisation My Organisation Windows Live ID Microsoft Federation Gateway.NET Services Access Control Microsoft Dynamics CRM Online “Geneva Server” AD “Geneva” Framework S+S App Website SAML WS-Fed WS-Trust Microsoft Services Connector

12 12 what is a digital identity? if the identity service has my password, why does my application still have a user account? identities and profiles how do I factor authentication and authorization in to separate services for my applications? a single source of identities, or many sources? What’s best? how to federate with: other organisaitons the “cloud”


Download ppt "11 steve plank (“planky”) identity architect microsoft uk."

Similar presentations


Ads by Google