identity & access control in the cloud sachin vinod rathi architect advisor, microsoft...

Identity & Access Control in the Cloud

Sachin Vinod RathiArchitect Advisor, Microsoft Corporation

Niraj BhattEnterprise Architect, Windows Azure MVP

Identity Crisis

• Typical enterprise has dozens of providers– AD, SunOne, SQL, SAP, Oracle...

• Need to consolidate these, and federate where consolidation isn’t possible

• Goal: single enterprise identity service

Identity Capabilities

Federation Authentication Authorization

Audit Provisioning Removal

Self Service

Federation

UK Immigration Trusts US Passport

Office

Claims Will Get the Job Done

On-Premises Applications

On-Premises Applications

Demo

Managing Access for a Windows Azure Application

?

Managing Access for a Windows Azure Application

Name : NirajRole : Architect

Managing Access for a Windows Azure Application

Name : SachinRole :

Architect

• .NET Framework Extension• Programming model for claims• Visual Studio Tools & Templates

• Windows Server Role• An STS for AD• WS-Federation, WS-Trust, SAML

Basic Use of WIF & STS

Demo

Authenticating Users from Business Partners

Name :

Sachin

Role :

Architect

Name :

Sachin

Role :

Architect

Home Realm

Discovery

Home Realm

Discovery

Authenticating Users from Business Partners

Name :

Sachin

Role :

Architect

Name :

Sachin

Role :

Architect

Home Realm

Discovery

Name :

Sachin

Role :

Architect

Home Realm

Discovery

Name :

Sachin

Role :

Architect

• Hosts an STS in the Cloud• Handles relationship with Business Partners & Social Providers• WS-Federation, WS-Trust, OpenID, OAuth

Handling Relationships, HRD and Token Normalization

Demo

Authenticating Users from Web and Social Providers

HRD1. FaceBook2. Live3. Yahoo4. Google

Name :

Sachin

Role :

Architect

Name :

Sachin

Role :

Architect

FabrikamShipping: Automating Customer SignUp from Social Providers

Demo

Authenticating Mobile Users

Name :

Sachin

Role :

Architect

Name :

Sachin

Role :

Architect

Reusing Existing Identities in Mobile Applications

Demo

Claims Will Get the Job Done

Resources

• www.microsoft.com/wif• acs.codeplex.com• www.windowsazure.com

Q&A

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and

Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.