authentication in the cloud: step by step felix jorkowski senior developer, planet software azr317
TRANSCRIPT
![Page 1: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/1.jpg)
Authentication in the cloud:Step by StepFelix JorkowskiSenior Developer, Planet Software
AZR317
![Page 2: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/2.jpg)
Agenda
Components Of Authentication
Breaking Implicit TrustOAuth / Open ID
Federated AuthenticationWS-Federation / WS-Trust
![Page 3: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/3.jpg)
Components of Authentication
Tokens
“A thing serving as a visible or tangible representation of something abstract”
User
Time
Cookie
Query
JSON
SOAP
![Page 4: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/4.jpg)
Components of Authentication
Trust
Encryption
Explicit or Implicit
Extending trust using tokens
Trust
![Page 5: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/5.jpg)
Breaking Implicit Trust
Identity Provider (IdP)
The User Store
Relying Party (RP)
Service for those Users
![Page 6: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/6.jpg)
Breaking Implicit Trust
OAuth (2)
OpenID
![Page 7: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/7.jpg)
Example: OAuth/OpenID
Client User Source (IdP)
Services
Server (RP)
![Page 8: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/8.jpg)
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
![Page 9: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/9.jpg)
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
![Page 10: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/10.jpg)
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
![Page 11: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/11.jpg)
Example: OAuth/OpenID
OAuth Only!
Client
Server (RP)
User Source (IdP)
Services
![Page 12: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/12.jpg)
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
![Page 13: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/13.jpg)
Example: OAuth/OpenID
OAuth Only!
Client
Server (RP)
User Source (IdP)
Services
![Page 14: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/14.jpg)
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
![Page 15: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/15.jpg)
Example: OAuth/OpenID
Client
Server (RP)
User Source (IdP)
Services
![Page 16: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/16.jpg)
demo
Forms -> OAuth/OpenID
![Page 17: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/17.jpg)
Federated Authentication
![Page 18: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/18.jpg)
Federated Authentication
Passive (WS-Federation)
Active (WS-Trust)
![Page 19: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/19.jpg)
Federated Authentication
Claims
Passed in your tokens
Holds user’s name, email…
![Page 20: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/20.jpg)
Endpoints
Only for WS-Trust
Lots of configurations!
Federated Authentication
![Page 21: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/21.jpg)
Example: WS-Federation
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
![Page 22: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/22.jpg)
Example: WS-Federation
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 23: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/23.jpg)
Example: WS-Federation
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 24: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/24.jpg)
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 25: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/25.jpg)
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 26: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/26.jpg)
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 27: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/27.jpg)
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 28: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/28.jpg)
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 29: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/29.jpg)
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 30: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/30.jpg)
Example: WS-Federation & WS-Trust
GoogleWindows Live ID
Yahoo
Your company (ADFS)
WS-Fed Provider
Possible IdPsClient
Server (RP) WS-Federation Provider(IdP + RP)
Azure
ACS
![Page 31: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/31.jpg)
demo
Forms -> WS-Federation
net.tcp -> WS-Trust
![Page 32: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/32.jpg)
Thank you!
Projects available at: https://github.com/ajorkowski/techeddemos
Questions? Meet and Greet - Thursday 11-11:30 Speaker Lounge
Twitter: @felixinmelb
![Page 33: Authentication in the cloud: Step by Step Felix Jorkowski Senior Developer, Planet Software AZR317](https://reader035.vdocuments.us/reader035/viewer/2022062308/56649f455503460f94c67239/html5/thumbnails/33.jpg)
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS
PRESENTATION.