From "Username and Password" to InfoCard
-
Upload
best-tech-videos -
Category
Documents
-
view
263 -
download
0
description
Transcript of From "Username and Password" to InfoCard
![Page 1: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/1.jpg)
From Username & Password
to "InfoCard"
Richard Turner
"InfoCard" Product Manager
Microsoft Corporation
Garrett Serack
Program Manager
Microsoft Corporation
![Page 2: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/2.jpg)
Agenda
Internet Identity Crisis
"InfoCard" Overview
Implementation
The Identity Metasystem
Getting "InfoCard"
![Page 3: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/3.jpg)
Suppliers & Partners
Businesses
Employees
Friends & Family
Consumers
![Page 4: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/4.jpg)
Who Are You?
![Page 5: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/5.jpg)
The Internet Identity Crisis
Phishing & Phraud
Password fatigue
Inconsistent, proprietary identification mechanisms
Lack of Identity Online
![Page 6: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/6.jpg)
Phishing & Phraud
New Phishing Sites by Month
December 2004 – December 2005
Dec
04
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
05
7,197
4,6304,367
5,2425,2594,564
4,280
3,3262,8542,870
2,6252,560
1,707
Source: http://www.antiphishing.org
![Page 7: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/7.jpg)
Password Fatigue
![Page 8: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/8.jpg)
"InfoCard"
Consistent user experience
Helps eliminate unames and passwords
Helps protect users from many forms of phishing & phraud attack
Support for two-factor authentication
Easier Safer
Built on WS-* Web Services Protocols
![Page 9: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/9.jpg)
"InfoCard" cards
Stored locally
Assertions about me
Not corroborated
Provided by banks, government, clubs, etc
Stored at STS
Metadata only
Richard’s Card Woodgrove Bank
![Page 10: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/10.jpg)
Private Desktop
Runs under separate desktop and restricted account
Isolates "InfoCard" from Windows desktop
Deters hacking attempts by user-mode processes
![Page 11: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/11.jpg)
Contoso Car Rental
![Page 12: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/12.jpg)
Participants
Relying Party (website)Identity Provider
User
![Page 13: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/13.jpg)
Login with Self Issued Card
Relying Party (website)
User
Login
![Page 14: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/14.jpg)
Select Self Issued Card
Relying Party (website)
User
![Page 15: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/15.jpg)
Create Token from Card
Relying Party (website)
User
![Page 16: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/16.jpg)
Sign, Encrypt & Send Token
Relying Party (website)
User
![Page 17: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/17.jpg)
Login with Managed Card
Relying Party (website)Identity Provider
User
Login
![Page 18: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/18.jpg)
Select Managed Card
Relying Party (website)Identity Provider
User
![Page 19: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/19.jpg)
Request Security Token
Relying Party (website)Identity Provider
User
Auth’:
X509, Kerb,
SIC, U/PWD
…
![Page 20: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/20.jpg)
Create Token from Card
Relying Party (website)Identity Provider
User
![Page 21: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/21.jpg)
Sign, Encrypt & Send Token
Relying Party (website)Identity Provider
User
![Page 22: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/22.jpg)
The Identity Metasystem
Identity layer for the Internet
Open, inclusive, standards-based model
Built upon “The Laws of Identity”
"InfoCard" is a client agent within the IDMS
![Page 23: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/23.jpg)
Building A Relying Party
![Page 24: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/24.jpg)
Integrating with “InfoCard”
Four key tasks:
1. Update the database
2. Create an association page
3. Update the sign in page
4. Update the registration page
![Page 25: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/25.jpg)
1. Associate a user with a card
CREATE PROCEDURE aspnet_infocard_associate (@UserId nvarchar(256), @card nvarchar(50) ) AS ...
CREATE PROCEDURE aspnet_infocard_lookup (@card nvarchar(50) ) AS ...
![Page 26: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/26.jpg)
2a. Create an association page
<!-- ... --><button onclick="javascript:return infocardlogin.submit();">
Update account with your Information Card</button>
<form name="infocardlogin" target="_self" method="post"><object type="application/x-informationcard" name="xmlToken"><param name="tokenType"
value="urn:oasis:names:tc:SAML:1.0:assertion"><param name="issuer“
value="http://schemas..../identity/issuer/self"><param name="requiredClaims"
value="http://.../claims/givenname,http://.../claims/surname,http://../claims/emailaddress,http://.../claims/privatepersonalidentifier">
</object></form>
<!-- ... -->
![Page 27: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/27.jpg)
2b. Create an association page
public partial class Associate_aspx : System.Web.UI.Page{
protected void Page_Load(object sender, EventArgs e){
// check if an xmlToken is postedstring xmlToken = Request["xmlToken"];if (xmlToken != null) {
TokenHelper tokenHelper = new TokenHelper(xmlToken);// get the unique idstring uniqueID = tokenHelper.getUniqueID();if (uniqueID != null && uniqueID != ""){
//store it with the account.MembershipUser user = Membership.GetUser();MembershipHelper.AssociateUser(
user.UserName, uniqueID );}
}}
}
![Page 28: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/28.jpg)
3a. Update the sign in page
<!-- ... --><button onclick="javascript:return infocardlogin.submit();">
Sign in with your Information Card</button>
<form name="infocardlogin" target="_self" method="post"><object type="application/x-informationcard" name="xmlToken"><param name="tokenType"
value="urn:oasis:names:tc:SAML:1.0:assertion"><param name="issuer“
value="http://schemas..../identity/issuer/self"><param name="requiredClaims"
value="http://.../claims/givenname,http://.../claims/surname,http://../claims/emailaddress,http://.../claims/privatepersonalidentifier">
</object></form>
<!-- ... -->
![Page 29: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/29.jpg)
3b. Update the sign in page
public partial class Login_aspx : System.Web.UI.Page{protected void Page_Load(object sender, EventArgs e){
string xmlToken = Request["xmlToken"];
TokenHelper tokenHelper = new TokenHelper(xmlToken);
// Lookup the account using the uniqueIdstring username = MembershipHelper.GetUser(
tokenHelper.getUniqueID());if (username != null) {MembershipUser user = Membership.GetUser(username);
// give the cookie back to the browser.FormsAuthentication.SetLoginCookie(user.UserName, false);
}}
}
![Page 30: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/30.jpg)
4a. Update the registration page
<!-- ... --><button onclick="javascript:return infocardlogin.submit();">
Register with your Information Card</button>
<form name="infocardlogin" target="_self" method="post"><object type="application/x-informationcard" name="xmlToken"><param name="tokenType"
value="urn:oasis:names:tc:SAML:1.0:assertion"><param name="issuer“
value="http://schemas..../identity/issuer/self"><param name="requiredClaims"
value="http://.../claims/givenname,http://.../claims/surname,http://../claims/emailaddress,http://.../claims/privatepersonalidentifier">
</object></form>
<!-- ... -->
![Page 31: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/31.jpg)
4b. Update the registration page
// ...
string xmlToken = Request["xmlToken"];TokenHelper tokenHelper = new TokenHelper(xmlToken);
string uniqueId = tokenHelper.getUniqueID();string emailAddress = tokenHelper.GetClaim(
“http://schemas.../emailaddress”);string username = tokenHelper.GetClaim(
“http://schemas.../givenname”);
if (username != null) {MembershipUser user = CreateUser( name , emailAddress ,... );MembershipHelper.AssociateUser( user.UserName, uniqueID );
}
// ...
![Page 32: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/32.jpg)
Summary
![Page 33: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/33.jpg)
WinFX: .NET to the core
![Page 34: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/34.jpg)
Getting WinFX & "InfoCard"
Built in to Windows Vista
Also available for Windows XP & Windows Server 2003
CTPs available today
Beta 2 coming
RTM 2nd half 2006
Q2 Q3 Q1
2006
Q2Q4Q1
2005
Q3 Q4
B1 CTPV1
RTM
![Page 35: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/35.jpg)
"InfoCard" Summary
Labs available in the MIX Sandbox!
Consistent authentication for digital identities
Reduces chances of being phished
Adopting takes little developer effort
![Page 36: From "Username and Password" to InfoCard](https://reader033.fdocuments.us/reader033/viewer/2022061117/54673e50b4af9f583f8b5730/html5/thumbnails/36.jpg)
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.