Presentation is loading. Please wait.

Presentation is loading. Please wait.

Martin Parry Developer Evangelist Microsoft

Published byAnna Czerwińska Modified over 5 years ago

Similar presentations

Presentation on theme: "Martin Parry Developer Evangelist Microsoft"— Presentation transcript:

1 Martin Parry Developer Evangelist Microsoft martin.parry@microsoft.com
Windows CardSpace Martin Parry Developer Evangelist Microsoft

2 Event slides will be posted at:

3 Identity: problems Passwords too easy to crack
Or too hard to remember I want multiple identities Results in identity silos Banks etc. would like to make sign-on data a lot more complex Users’ ability to remember is the obstacle Nobody trusts a single organization to store all identity information

4 Identity: a new approach
Kim Cameron; Seven laws of identity We have interoperable WS-* specs Allow multiple identity systems to take part We have a standard format for credentials SAML tokens The Identity Metasystem

5 Security Tokens SAML What’s in a security token? Issuing a token
Security Assertion Markup Language Prevailing format for credentials today What’s in a security token? Collection of claims (self-asserted or verifiable) Token signed by issuer Issuing a token Use WS-Security and WS-Trust Consuming a token Verify signature, decide if issuer trusted Read claims (for authZ decisions)

6 Example Security Token
Given Name: Martin Family Name: Parry Martin Parry

7 Security Token Service
Give it something... Username/password X.509 Certificate Another security token Biometric Etc... Martin Parry

8 Federation If users have accounts elsewhere and you trust the authN that takes place there Don’t add user accounts to your system Accept security tokens issued elsewhere Establish trust between systems WS-Federation Think of B2B scenarios

9 Federation: example Instead of provisioning a new user account for a partner, I’ll let her organization authenticate her Automate the trust relationship Ask user to supply a SAML token issued by a partner org SAML token contains claims about the user Partner org claims that this user’s name is Alice Partner org claims that Alice is a Purchaser Partner org claims that Alice is authorized to purchase bike parts Reduces identity management burden and latency

10 Information Cards Identities represented as cards
Users understand that they need to be careful when giving out credit card details Self-issued “personal card” Created by user and held in local secure store Private personal identifier “Managed card” Issued by trusted Identity Provider Visible locally but identity information is stored at IP Cards do not contain security tokens They represent my ability to supply a token

11 How it works Relying Party 2.
“I would like a SAML 1.1 token, containing First Name, Surname, issued by *any*” Policy 3. UI filters cards that can satisfy policy Access resource 7. Token is presented 4. User picks a card 6. Token is created 5. Token is requested Identity Provider

12 Demo Create a self-issued card Sign on to a website using the card

13 HTML <form id="form1" method="post" action="login1.aspx"> <div> <button type="submit">Click here to sign in</button> <object type="application/x-informationcard" name="xmlToken"> <param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion"/> <param name="issuer" value=" <param name="requiredClaims" value=" /> </object> </div> </form>

14 Server-side code Clearly all the work’s in TokenHelper
protected void Page_Load(object sender, EventArgs e) { string xmlToken = Request.Params["xmlToken"]; if (xmlToken == null || xmlToken.Equals("")) ShowError("Token presented was null"); else TokenHelper tokenHelper = new TokenHelper(xmlToken, " givenname.Text = tokenHelper.GetClaim(ClaimTypes.GivenName); surname.Text = tokenHelper.GetClaim(ClaimTypes.Surname); .Text = tokenHelper.GetClaim(ClaimTypes. ); } Clearly all the work’s in TokenHelper Get it in the samples at

15 How to implement a RP Update user database Create an association page
To include unique IDs from CardSpace Create an association page Users can associate cards with their accounts Update the sign-in page To allow the use of cards Can still allow other credentials Update registration page

16 Event slides will be posted at:

17 Get the latest technology previews, trial software, special offers
Get information tailored to your needs Pick your RSS feeds Sign up for MSDN Connection at:

18 Resources, tools and betas
Learn about development for Windows Live Useful resource for .NET Framework 3.0, the development platform for Windows Vista Get the latest betas for Windows Vista and Office 2007 Try Visual Studio Check out the free Express versions of Visual Studio Learn about and try the new Web and client designer tools Resources

19 Additional Information
UK MSDN Events Post events page including slide decks Upcoming events UK MSDN Site & Flash Newsletter Local news, events, nuggets & webcasts Register to receive the bi-weekly MSDN Flash by

Download ppt "Martin Parry Developer Evangelist Microsoft"

Similar presentations

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.

Seven Perspectives on CardSpace Ronny Bjones Security Strategist Microsoft Corporation.
Active Directory Federation Services How does it really work?

Active Directory Federation Services How does it really work?
Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
Advances in Digital Identity

Advances in Digital Identity
Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
MSDN Connection Get personalised information on the topics and technologies you want Profile yourself today and get updates via RSS Get personalised information.

MSDN Connection Get personalised information on the topics and technologies you want Profile yourself today and get updates via RSS Get personalised information.
InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.

InfoCard and the Identity Metasystem Kim Cameron, Chief Architect of Identity Microsoft.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.

1 Security Assertion Markup Language (SAML). 2 SAML Goals Create trusted security statements –Example: Bill’s address is and he was authenticated.
Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft

Windows CardSpace and the Identity Metasystem Glen Gordon Developer Evangelist, Microsoft
.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd

.NET Framework V3.0 Mike Taulty Developer & Platform Group Microsoft Ltd
 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.

 Lynn Ayres Program Manager Identity Services  Tore Sundelin Program Manager Identity Services BB29.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
The Laws of Identity and Cardspace Charles Young Solidsoft.

The Laws of Identity and Cardspace Charles Young Solidsoft.
Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.

Mario Szpuszta Solutions Architect Microsoft Austria, Vienna.
Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd

Security & Reliability with Windows Vista Martin Parry Developer & Platform Group, Microsoft Ltd
 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.

 Kim Cameron Distinguished Engineer Microsoft Corporation BB11.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Similar presentations

Ads by Google