steve plank “planky”microsoft

Lest we forgetwindows azure appfab

splank@microsoft.com

http://blogs.msdn.com/plankytronixx

agenda

• access control service• service bus• cache

connecting to the outside world

adUsername:

Password:

OK Cancel

adfs2acs

googleyahoolive id

facebook

appfabriclabsctp

available

now

tick box ip config

security token service

• service that issues tokens– give it something

• user-id/password• x.509 cert• another security token

– get a security token back• saml• swt• “cookie”• custom

“something” security token

claims transformation

sts

title

email

dept

tel no.

buyer

fred@abc.com

engineering

01234 567 890

title

email

dept

tel no.

purchaser

fred@abc.com

engineering

+441234 567 890

£limit

if title == “buyer” AND department == “engineering”: purchaselimit = “£5m”

if title == “buyer” AND department == “stationary”: purchaselimit = “£50”

£5m

roles

• claims store: stores claims:– email, firstname, telno, etc… active directory

• identity provider (ip): authenticate, issues tokens– user-id/pw, x.509, smartcard…. adfs2, acs

• federation provider (fp):– token in; token out. claims transformation… acs

• relying party (rp):– app that consumes tokens

• trust:– links rp-fp, fp-ip etc.

windows azure

wif

plankytronixx.com

acs/adfs authentication flow

app fab acs

web app

adfs 2

ad dc

ctrl-alt-del

federationtrust

trust

for more info

• blog post video: how adfs and acs work together– http://bit.ly/acsadfs

• blog post: federated identity primer– http://bit.ly/fednutshell

agenda

• access control service• service bus• cache

service bus

service bus• extends reach of

applications securely through the cloud

• enables multi-tenant apps to integrate with tenants’ on-premises services

• securely integrates partners outside of org boundaries

• extends reach of on-premises web services layer

• enables leveraging cloud quickly without having to rewrite apps

send

receive

app 1 app 2

receive

send

service remoting

service bus

access control

sender listener

access web services across the internetpublish services and communicate bi-

directionallyrpc-style request/response or duplex

eventing

service bus

access control

notify remote parties of eventssender transmits information to listeners

events are distributed unicast or multicast

listener

listener

sender

tunneling

service bus

access control

sender listener

transport existing complex protocols over simple protocols

(e.g. sql server named pipes over http)

protocol bridge

protocol bridge

agenda

• access control service• service bus• cache

appfabric caching usage

• based off the proven windows server appfabric caching capabilities– features: high availability, regions, notifications

• session state provider for windows azure applications– out-of-the-box asp.net providers for both session state and page

output caching

• programmatic cache layer– based on Windows server appFabric caching api– add/get/getandlock/getifnewer/put/putandunlock – typical cache-aside pattern

• released!

review

• access control service• service bus• cache

• blogs.msdn.com/plankytronixx

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.