Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows CardSpace Martin Parry Developer Evangelist Microsoft

Published byBrian Mills Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows CardSpace Martin Parry Developer Evangelist Microsoft"— Presentation transcript:

1 Windows CardSpace Martin Parry Developer Evangelist Microsoft martin.parry@microsoft.com

2 Event slides will be posted at: http://www.microsoft.com/uk/msdnevents

3 Identity: problems Passwords too easy to crack Or too hard to remember I want multiple identities Results in identity silos Banks etc. would like to make sign-on data a lot more complex Users’ ability to remember is the obstacle Nobody trusts a single organization to store all identity information

4 Identity: a new approach Kim Cameron; www.identityblog.com Seven laws of identity We have interoperable WS-* specs Allow multiple identity systems to take part We have a standard format for credentials SAML tokens The Identity Metasystem

5 Security Tokens SAML Security Assertion Markup Language Prevailing format for credentials today What’s in a security token? Collection of claims (self-asserted or verifiable) Token signed by issuer Issuing a token Use WS-Security and WS-Trust Consuming a token Verify signature, decide if issuer trusted Read claims (for authZ decisions)

6 Example Security Token Given Name:Martin Family Name:Parry Email:martin.parry@microsoft.com Martin Parry martin.parry@...

7 Security Token Service Username/password X.509 Certificate Another security token Biometric Etc... Give it something... Martin Parry martin.parry@...

8 Federation If users have accounts elsewhere and you trust the authN that takes place there Don’t add user accounts to your system Accept security tokens issued elsewhere Establish trust between systems WS-Federation Think of B2B scenarios

9 Federation: example Instead of provisioning a new user account for a partner, I’ll let her organization authenticate her Automate the trust relationship Ask user to supply a SAML token issued by a partner org SAML token contains claims about the user Partner org claims that this user’s name is Alice Partner org claims that Alice is a Purchaser Partner org claims that Alice is authorized to purchase bike parts Reduces identity management burden and latency

10 Information Cards Identities represented as cards Users understand that they need to be careful when giving out credit card details Self-issued “personal card” Created by user and held in local secure store Private personal identifier “Managed card” Issued by trusted Identity Provider Visible locally but identity information is stored at IP Cards do not contain security tokens They represent my ability to supply a token

11 How it works Policy 2. “I would like a SAML 1.1 token, containing First Name, Surname, issued by *any*” 3. UI filters cards that can satisfy policy 4. User picks a card 5. Token is requested 1.Access resource 6. Token is created 7. Token is presented Relying Party Identity Provider

12 Demo Create a self-issued card Sign on to a website using the card

13 HTML Click here to sign in <param name="requiredClaims" value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privateperso nalidentifier" />

14 Server-side code protected void Page_Load(object sender, EventArgs e) { string xmlToken = Request.Params["xmlToken"]; if (xmlToken == null || xmlToken.Equals("")) ShowError("Token presented was null"); else { TokenHelper tokenHelper = new TokenHelper(xmlToken, "www.fabrikam.com"); givenname.Text = tokenHelper.GetClaim(ClaimTypes.GivenName); surname.Text = tokenHelper.GetClaim(ClaimTypes.Surname); email.Text = tokenHelper.GetClaim(ClaimTypes.Email); } Clearly all the work’s in TokenHelper Get it in the samples at www.netfx3.com

15 How to implement a RP Update user database To include unique IDs from CardSpace Create an association page Users can associate cards with their accounts Update the sign-in page To allow the use of cards Can still allow other credentials Update registration page To allow the use of cards

16 Event slides will be posted at: http://www.microsoft.com/uk/msdnevents

17 Get the latest technology previews, trial software, special offers Get information tailored to your needs Pick your RSS feeds Sign up for MSDN Connection at: http://www.msdn.co.uk

18 Resources, tools and betas Learn about development for Windows Live http://dev.live.com Useful resource for.NET Framework 3.0, the development platform for Windows Vista http://www.netfx3.com Get the latest betas for Windows Vista and Office 2007 http://www.microsoft.com/betaexperience Try Visual Studio http://www.microsoft.com/getthetrials Check out the free Express versions of Visual Studio http://msdn.microsoft.com/express Learn about and try the new Web and client designer tools http://www.microsoft.com/expression Resources http://www.gotdotnet.com http://www.asp.net

19 Additional Information UK MSDN Events Post events page including slide decks http://www.microsoft.com/uk/msdnevents Upcoming events http://www.microsoft.com/uk/msdn/events/upcoming.aspx UK MSDN Site & Flash Newsletter Local news, events, nuggets & webcasts http://www.microsoft.com/uk/msdn Register to receive the bi-weekly MSDN Flash by email http://www.microsoft.com/uk/msdn/flash.aspx

Download ppt "Windows CardSpace Martin Parry Developer Evangelist Microsoft"

Similar presentations

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.
Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
Advances in Digital Identity

Advances in Digital Identity
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
MSDN Connection Get personalised information on the topics and technologies you want Profile yourself today and get updates via RSS Get personalised information.

MSDN Connection Get personalised information on the topics and technologies you want Profile yourself today and get updates via RSS Get personalised information.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd

.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.

 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.

Vittorio Bertocci Sr. Architect Evangelist Microsoft Corporation ARC204.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
The Laws of Identity and Cardspace Charles Young Solidsoft.

The Laws of Identity and Cardspace Charles Young Solidsoft.
Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.

Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.
Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd

Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd
Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,

Every effort has been made to make this seminar as complete and as accurate as possible but no warranty or fitness is implied. The presenter, authors,
The slides for this event will be posted at: www.microsoft.com/uk/msdn/postevents.

The slides for this event will be posted at:

Similar presentations

Ads by Google