oauth - brief introduction

10
1118 West Main Street Richmond, Virginia 23220 804.355.0511 ©2012 CapTech Ventures www.captechconsulting.c om Tri-State SharePoint Auth in 2013 James Tramel December 11, 2012

Upload: mmlightning

Post on 01-Nov-2014

181 views

Category:

Technology


0 download

DESCRIPTION

An introduction to Oauth, how it fits into Microsoft, where it came from and what it is doing on the internet.

TRANSCRIPT

Page 1: Oauth - Brief Introduction

1118 West Main StreetRichmond, Virginia 23220804.355.0511

©2012 CapTech Ventures

www.captechconsulting.com

Tri-State SharePointAuth in 2013James Tramel

December 11, 2012

Page 2: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

Agenda

Intro

2013 Auth

Authorization vs Authentication

Oauth

The Dance

Basic Demo

SharePoint Demo

Page 3: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

SP 2013 Auth

Claims, Claims, Claims (Kerberos, SAML, Forms)• Classic is being deprecated (see InfoPath)• Convert-SpWebApplication• Distributed Cache

Server to Server• Exchange, Lync

App Authentication (App Model / App Catalog / CSOM)• Create apps that use Oauth, VS auto gen Client ID and client secret• App Permission Policies (User/App, App Only, User Only)

Page 3

Page 4: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

Authentication vs Authorization

Page 4

Authentication is the verification of the credentials of the connection attempt• Who is the user? • Is the user really who he/she represents himself to

be?

Authorization is the verification that the connection attempt is allowed• Is user X authorized to access resource R? • Is user X authorized to perform operation P? • Is user X authorized to perform operation P on

resource R?

Page 5: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

Oauth

• OAuth is an open standard for authorization

• OAuth is not OpenID (authentication/digital ID)

• Valet Key

• Access Token

• Scopes

Page 5

Page 6: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

The Dance

Page 6

Page 7: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

BCS Hybrid and Oauth – The Dance (Example)

Page 7

Page 8: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

Demo

Page 8

Page 9: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

SharePoint Demo

Page 9

Page 10: Oauth - Brief Introduction

©2012 CapTech Ventures, Inc. All rights reserved.

References

• Technet, MSDN, Wikipedia

• Robert G Carter, Duke Uniersity OIT

Page 10