Embed Size (px)
Citation preview
Enable Windows CardSpace and Information Cards in your web siteGarrett SerackCommunity Program ManagerMicrosoft Corporation
A long time ago
Authentication in an era past
video
Music: Kevin MacLeod
A long time ago
Authentication in an era past
video
Music: Kevin MacLeod
What's Changed?
At the core, very little Usernames and passwords still very prevalent
Graphics are a tad better
Shared Secrets
War Games
video
Music: Kevin MacLeodVideo: MGM © 1983
Shared Secrets
War Games
video
Music: Kevin MacLeodVideo: MGM © 1983
What have we learned?
Passwords shouldn’t be words like “pencil”Perhaps writing them down in a commonly accessible place isn't the wisest moveAt least we don't echo the letters back to the screen anymore Where is the accountability?
Information Cards in action
Garrett SerackCommunity Program ManagerFederated Identity Team
demo
Information Cards
Instead of using shared secrets to authenticate, we can use cryptography
PPIDs are unique to the user website relationship
Websites can have a common, consistent user experience
Reduce drop-off, with simplified sign-up
Enabling Information Cards
PreparationSign InAssociationRecoveryVisuals
SSL Protected Website
Preparing your web site
Preparing your database
Information Cards
UserID PPID IssuerID
FK1
PK UniqueID
Users
FirstName LastName EmailAddress
PK UserID
Sign In Experience
Does the Browser Support
Information Cards?
Perform Client Side Detection
Web Page withoutCard Support
<html>
Card Enabled Web Page
<html>
No Yes
Sign In Experience
Sign In process
Is this card associated
with an account?
The user is signed in
Please Sign In
or
Welcome back to the website
<html>
Choose:
Associate with an existing account
Create a new account
Choose a different card
<html>
<html>
Yes No
Sign In process
SignIn leads to Association
Start Over
Recovery Scenario
<html>
Choose:
Associate with an existing account
Create a new account
Choose a different card
Account Creation
<html>
<html>
Association - existing accounts
Send email confirmation
Authenticate via:
Username/Password
Proof of account<html>
Choose:
Associate with an existing account
Create a new account
Choose a different card<html>
Sign In:
<html>
Association to an existing acount
Association – Account Creation
Choose: Associate with an existing account
Create a new account
Choose a different card<html>
Optional validation
steps
Registration:
<html>The user is signed in
Welcometo the website
<html>
Explicit sign up
Implicit sign up
Account Creation - validation
Account Creation – card validation
Association –Account Maintenance
Recovery
Visuals – Card Image
Visuals – Passive Notification
The Bandit Project and Interoperable Information CardsPat FelstedBandit Project LeadNovell, Inc.
partner
Mike JonesDir. of Identity Partnerships
Microsoft Corporation
Industry Support for Information CardsIndustry Support for Information Cards
Based entirely on open
protocolsIdentity requires
cooperation – and you’re
seeing it today!Interoperable
software being built by
Novell, IBM, Sun, Ping Identity, BMC, VeriSign, …For Linux, MacOS, mobile devices, …
With browser support
happening forFirefox, Safari, …
Bandit ProjectBandit Project
Provides loosely-coupled open
source identity components
for Authentication, Authorization, and Audit
Information Card solutions built
from these components:
Identity Selector, Identity Provider, Relying PartyOn multiple platforms
Sponsored by Novell – with
open participation
Code contributor to Higgins open source identity
project
Interoperable Information CardsPat FelstedBandit Project LeadNovell, Inc.
demo
What you just sawWhat you just saw
Multiple platforms,
browsers, and identity selectors
All signing into a Joomla relying party site
Demo scenarios:IE7 and Windows CardSpace on WindowsFirefox 2.0 and Windows CardSpace on WindowsFirefox 2.0 and Bandit Identity Selector on LinuxFirefox 2.0 and Bandit Identity Selector on the Mac
Demonstrating protocol and
program interoperability
Understanding CardSpace
Coming Soon
Garrett Serack, Vittorio Bertucci, Caleb Baker
http://cardspace.netfx3.com
http://fearthecowboy.com
http://bandit-project.org
links
Answers!
Questions?
Please fill out your evaluation form
evaluation
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![AnalysingtheSecurityofGoogle’simplementation ofOpenIDConnect · 2015-08-10 · systems, such as OAuth 2.0, Shibboleth, CardSpace, OpenID, have been put forward [20, 25, 36]. As](https://img.pdfslide.us/doc/110x75/5f89f29d5489be77ed7c7c3c/analysingthesecurityofgoogleasimplementation-ofopenidconnect-2015-08-10-systems.jpg)
![Introduction - MicrosoftMS-NE… · Web view[WSPolicyAtt] BEA Systems, IBM, Microsoft Corporation, SAP, Sonic ... provides a programming ... to CardSpace and the system displays](https://img.pdfslide.us/doc/110x75/5ad4017e7f8b9a571e8bafbd/introduction-microsoft-ms-neweb-viewwspolicyatt-bea-systems-ibm-microsoft.jpg)
