Intro to windows identity foundation
19
S Introduction to: laudio Sanchez | LinkedIn.com/in/ClaudioASanchez | @ClaudioASanch Single Sign On Evolved
-
Upload
claudio-sanchez -
Category
Technology
-
view
501 -
download
0
Transcript of Intro to windows identity foundation
S
Introduction to:
Claudio Sanchez | LinkedIn.com/in/ClaudioASanchez | @ClaudioASanchez
Single Sign On Evolved
Realtime feedback
@ClaudioASanchez
#CMAPCCWIF
#CMAPCC
Agenda Application Security
Federated Identity
What problem are we trying to solve?
Case study
Current state of affairs
Identity in Real Life
Terminology
The Federated Auth dance
Code demo
Q&A
Application Security
Not Sexy
Requires specialized knowledge
Often times, depends on the environment
Never hear about it, unless it fails
Federated Identity
Organization for the Advancement of Structured Information Standards (OASIS) WS-Federation WS-Trust SAML
OpenID, Oauth, Facebook Connect
The Face of WIF
(Expert) Vittorio Bertocci | Microsoft | Vibro.NET (Not an Expert) NOT Vittorio
LOL
What problem are we solving?
How many accounts/passwords do you currently have?
“Various Gartner studies have estimated that 25% to 35% of calls made to help desks are related to password resets”
“Analysts’ estimate costs at approximately $25 to $40 per call with four password reset calls per user per year ”
Case Study | Health Care
• Clinicians use an average of 6.4 passwords per day
• SSO solution can save an average of 9.51 minutes per day per clinician
• $2,675 per year, per clinician1
1 Based on a $135K/Year Salary, and 250 working days. Source: The Gartner Group, 2002 & The Ponemon Institute, 2010
• 700 full-time equivalent clinicians can save more than $1.88 million per year with an SSO solution in place.
• 1,051 patient beds• More than 1,710 full-time attending
physicians
$2,675 lost productivity per clinician*1,710 physicians=$4,574,250
Our apps are prisoners
Login.aspx Page1.aspx
CredentialTypes / APIs
CredentialStores
User AttributesStores
Each app is an island
Identity in Real Life
?
!?
ExternalizesAuthentication
Gets user info from the document
Terminology
Claim Anything that can be said about a user Name, email, age, role, gender, Sports Team Affiliation, etc
Security Token Serialized collection of claims Crypto-signed by issuer
Identity Provider (IdP) The issuer responsible for authenticating the user
Relaying Party An application configured to trust an IdP for authentication (Your
application)
Claims Can Set Your Application Free
Identity Provider
STS
Security Token
Claims Relying Party
Windows Azure ACS
Multiple apps
“One token to rule them all”
Code
Q & A
One last thing
LinkedIn.com/in/ClaudioASanchez
@ClaudioASanchez
http://ClaudioASanchez.blogspot.com
