BB44 Rich Randall Development Lead Microsoft Corporation Security Token Service trust Identity Selector Client 1.
Download ReportTranscript BB44 Rich Randall Development Lead Microsoft Corporation Security Token Service trust Identity Selector Client 1.
BB44 Rich Randall Development Lead Microsoft Corporation Security Token Service trust Identity Selector Client 1. Establish relationship using metadata End User 2. Read policy 5. Send claims Your App Claims Framework Application Server Established Trust Fabrikam STS Contoso STS Contoso Fabrikam Fabrikam Contoso Application Established Trust Fabrikam STS Contoso STS Contoso Fabrikam Fabrikam Contoso Application <html> <form method="post" action="TokenProcessingPage.aspx“> <OBJECT classid=“CLSID:19916E01-B44E-4e31-94A4-4696DF46157B" name="CardSpaceToken“ CODEBASE=“http://microsoft.com/CSV2.exe#Version=10,10,1,12"> <PARAM NAME="issuer" VALUE="http://contoso.com/issue" > <PARAM NAME="tokenType" VALUE="urn:oasis:names:tc:SAML:1.0:assertion" > <PARAM NAME="requiredClaims" VALUE=" http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalide ntifier " > </OBJECT> </form> </html> Managed Application Credential Provider Internet Explorer 7+ App code ObjectTag Extension (ActiveX Control) IdentitySelector.GetToken() Managed Wrapper Class ? GetToken() [native] GetToken() [native] Native Client API (infocardapi2.dll) Control Panel Native Client API (infocardapi2.dll) Federated Identity Client Service Identity Manager STS Card and Ledger Management Card Store Client Federation Manager Local Store WS-Trust and WS-Mex Client Sapphire Win32 Game World PDC Exhibitor Policy Claim: Email App User Federated App Claim: Admin Geneva Identity Server Claim: User Claims Store Claims Aware App Sharepoint Client Sharepoint Server IE IIS WinInet Sharepoint FedSSP FedSSP Credential Provider XML Token to Windows Token Translator CardSpace Service LSASS LSASS Windows Security Choose a card to submit The card will be used to authenticate to <computer> SanDisk USB drive (E:) Enter password to unlock you cards Password Remember this location Login Find your other cards Click here to select and connect to a web service that holds your cards. OK Cancel Windows Security Choose a card to submit The card will be used to authenticate to <computer> Real Me Personal card Card location: SanDisk USB drive (E:) This card was previously used at www.aaa.com Funny Me Login Personal card Card location: SanDisk USB drive (E:) Find your other cards Click here to select and connect to a web service that holds your cards. www.aaa.com Website requests a personal OK card Cancel Beta 1 October 2008 Beta 2 1st Half 2009 RTM 2nd Half 2009 www.microsoftpdc.com © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.