Embed Size (px)
Citation preview
MSDN EventSpring, 2007MSDN EventSpring, 2007
Lynn LangitLynn LangitDeveloper EvangelistDeveloper EvangelistMicrosoft CorporationMicrosoft Corporationhttp://blogs.msdn.com/SoCalDevGalhttp://blogs.msdn.com/SoCalDevGal
Next Generation Identity Management with Windows CardSpace
Next Generation Identity Management with Windows CardSpace
What We Will CoverWhat We Will Cover
Identity MetasystemIdentity Metasystem
CardSpace in Windows VistaCardSpace in Windows Vista
Using Information Cards Using Information Cards
AgendaAgenda
Identity MetasystemIdentity Metasystem
What is CardSpace?What is CardSpace?
Information Card ProtocolInformation Card Protocol
Information Card ParticipantsInformation Card Participants
More SecurityMore Security
Identity CrisisIdentity Crisis
The Internet is dangerous!The Internet is dangerous!Identity theft, spoofing, phishing, phraudIdentity theft, spoofing, phishing, phraud
Username + password is weak and Username + password is weak and overwhelmedoverwhelmed
Enterprises are in identity silo hellEnterprises are in identity silo hell
www.antiphishing.org
22% Stopped
25% Cut back
Why an Identity MetaSystem?Why an Identity MetaSystem?
Prevent Phishing Prevent Phishing AttacksAttacks
Prevent Identity Prevent Identity TheftTheft
Reduce User Reduce User Names and Names and PasswordsPasswords
Put the User in Put the User in ControlControl
Identity MetasystemIdentity MetasystemObjectives & CharacteristicsObjectives & Characteristics
No Single AuthorityNo Single Authority
Open FrameworkOpen Framework
Set of ProtocolsSet of Protocols
Standards Built on SOAP and XMLStandards Built on SOAP and XML
User in ControlUser in Control
Identity MetasystemIdentity MetasystemSeven LawsSeven Laws
User Control User Control and Consentand Consent
Minimal Minimal DisclosureDisclosure
JustifiablJustifiablee
PartiesPartiesPluralism ofPluralism ofOperatorsOperators
HumanHumanIntegratioIntegratio
nnConsistentConsistentExperienceExperience
Directional Directional IdentityIdentity
Identity System ModelIdentity System Model
User
Identity Provider Relying Party
Trust
IdentitySelector
ClaimsTokentranslation
AgendaAgenda
Identity MetaSystemIdentity MetaSystem
What is CardSpace?What is CardSpace?
Information Card ProtocolInformation Card Protocol
Information Card ParticipantsInformation Card Participants
More SecurityMore Security
What is CardSpace?What is CardSpace?
No Personal No Personal DataData
Processing Processing EngineEngine
Replace User Replace User Names and Names and PasswordsPasswords
DigitalIdentity
in CardSpace
Built on .NET Built on .NET Framework 3.0Framework 3.0
CardSpace as a MetaphorCardSpace as a Metaphor
My Business
My GovernmentMy Bank
My School
What CardSpace AddressesWhat CardSpace Addresses
User name/password fatigueUser name/password fatigue
Phishing and phraudPhishing and phraud
Lack of confidence in InternetLack of confidence in Internet
Working with CardSpaceWorking with CardSpace
AgendaAgenda
Identity MetaSystemIdentity MetaSystem
What is CardSpace?What is CardSpace?
Information Card ProtocolInformation Card Protocol
Information Card ParticipantsInformation Card Participants
More SecurityMore Security
Protocol Drill DownProtocol Drill Down
Identity Provider(IP)
Relying Party(RP)
ClientClient would like to access a resource
RP provides identity requirements: format, claims & issuer of security token
1
2
User
3 Client shows which of known IPs can satisfy requirements
User selects an IP4
5Request to IPSecurity Token Service for security token providing user credentials
6
IP generates security token based on RP’s requirementswith display token and proof of possession for user
7User views token and approves the release of token
8
Token is released to RP with proof of possession RP reads claims and allows access
Adding Information Card Support to a Web SiteAdding Information Card Support to a Web Site
AgendaAgenda
Identity MetaSystemIdentity MetaSystem
What is CardSpace?What is CardSpace?
Information Card ProtocolInformation Card Protocol
Information Card ParticipantsInformation Card Participants
More SecurityMore Security
Participants – Identity ProviderParticipants – Identity Provider
Security TokenSecurity TokenServiceService
SSL CertificateSSL Certificate
Information Card Information Card Creation and Creation and ProvisioningProvisioning
Examples
Participants – relying partyParticipants – relying party
PolicyPolicyPolicyPolicy
Code to Code to process tokenprocess token
Code to Code to process tokenprocess token
SSL SSL CertificateCertificate
SSL SSL CertificateCertificate
Participants – ClientsParticipants – Clients
Browsers
Internet Explorer, Firefox,
etc. Non-Windows
Rich Clients
Converting a Traditional Web Site to Accept Information Cards
Converting a Traditional Web Site to Accept Information Cards
AgendaAgenda
Identity MetaSystemIdentity MetaSystem
What is CardSpace?What is CardSpace?
Information Card ProtocolInformation Card Protocol
Information Card ParticipantsInformation Card Participants
More SecurityMore Security
Extended Value SSL CertificatesExtended Value SSL Certificates
Better End Better End User User
feedbackfeedback
More More SecureSecure
ImplementedImplementedin Internet in Internet Explorer 7Explorer 7
ExtendExtends SSLs SSL
Accessing multiple web sites with a single Information CardAccessing multiple web sites with a single Information Card
Session SummarySession Summary
An Identity Metasystem Is NeededAn Identity Metasystem Is Needed
The Framework Is In PlaceThe Framework Is In Place
Need More ParticipantsNeed More Participants
ResourcesResources
CardSpace samples and articlesCardSpace samples and articles
http://cardspace.netfx3.comhttp://cardspace.netfx3.com
The Identity MetasystemThe Identity Metasystem
http://www.identityblog.comhttp://www.identityblog.com
MSDN Events ResourcesMSDN Events Resources
http://www.msdnevents.com/resourceshttp://www.msdnevents.com/resources
Lynn LangitLynn LangitDeveloper EvangelistDeveloper EvangelistMicrosoft CorporationMicrosoft Corporationhttp://blogs.msdn.com/SoCalDevGalhttp://blogs.msdn.com/SoCalDevGal
