identity token claims Indicates who created this token and guards against changes Token Claim 1 Claim 2 Claim 3 ... Claim n Signature Example Claims Name Group Age.
Download ReportTranscript identity token claims Indicates who created this token and guards against changes Token Claim 1 Claim 2 Claim 3 ... Claim n Signature Example Claims Name Group Age.
identity token claims Indicates who created this token and guards against changes Token Claim 1 Claim 2 Claim 3 ... Claim n Signature Example Claims Name Group Age identity provider issuer security token service (STS) Identity Provider 2) Get information Security Token Service (STS) Account/ Attribute Store 3) Create and return token 1) Authenticate user and request token Token Browser or Client User 4) Use claims in token Identity Provider Application STS Identity Library 2) Submit token Token 1) Authenticate user and get token Token Browser or Client User 3) Verify token’s signature and check whether this STS is trusted List of Trusted STSs 5) Use claims in token Identity Providers STS STS Application STS Identity Library 1) Access application and learn token requirements Token 3) Authenticate user and get token for selected identity 4) Submit token Token Browser or Client Identity Selector 2) (Optionally) select an identity that matches those requirements User 5) Use claims in token Identity Providers AD FS 2.0 STS STS Application STS Windows Identity Foundation 1) Access application and learn token requirements Token 3) Authenticate user and get token for selected identity 4) Submit token Token Browser or Client CardSpace 2.0 2) (Optionally) select an identity that matches those requirements User Active Directory Domain Services AD FS 2.0 Application STS 5) Find claims required by application and create token 1) Login to domain and get Kerberos ticket 8) Use claims in token WIF 6) Receive token 4) Present Kerberos ticket and request token for selected identity Token 7) Submit token Token Browser or Client CardSpace 2.0 3) (Optionally) select an identity that matches those requirements User 2) Access application and learn token requirements Active Directory Domain Services AD FS 2.0 Application STS Token 3) Authenticate user and get token for selected identity 5) Use claims in token 4) Submit token Token Internet Browser or Client CardSpace 2.0 2) (Optionally) select an identity that matches those requirements User 1) Access application and learn token requirements WIF 5) Use claims in token Identity Providers Windows Live ID Other STS STS Token 3) Authenticate user and get token for selected identity Application WIF 4) Submit token Internet Browser or Client CardSpace 2.0 2) (Optionally) select an identity that matches those requirements User Token 1) Access application and learn token requirements identity federation Organization X Active Directory Domain Services Organization Y AD FS 2.0 STS STS Token 5) Use claims in token 3) Get token for selected identity 4) Submit token Token Browser or Client CardSpace 2.0 2) (Optionally) select an identity that matches those requirements User Application WIF 1) Access application and learn token requirements Trusted STSs: -Organization Y -Organization X Organization X Active Directory Domain Services Organization Y 2) Access Organization Y STS and learn token requirements AD FS 2.0 STS Token for STS Y Token for STS Y 5) Request token for application Token 6) Issue token for application STS Trusted STSs: -Organization X 8) Use claims in token 4) Get token for Organization Y STS 7) Submit token Browser or Client CardSpace 2.0 3) (Optionally) select an identity that matches those requirements User Token Application WIF 1) Access application and learn token requirements Trusted STSs: -Organization Y Active Directory Domain Services AD FS 2.0 5) Check policy for user, application X, and application Y STS Token for X 1) Get token for application X Token for X 4) Request token for application Y Token for Y 6) If policy allows, issue token for application Y 8) Use claims in token 7) Submit token Browser or Client Application X Token for X User 2) Submit token WIF Token for Y 3) Access application and learn token requirements Application Y WIF cards information card Identity Providers STS STS STS Browser or Client CardSpace 2.0 Information Card 1 Information Card 2 Information Card 3 Information Card 4 User http://www.davidchappell.com/writing/white_papers/ClaimsBased_Identity_for_Windows_v2.pdf SIA321 |Business Ready Security: Exploring the Identity and Access Management Solution SIA201 |Understanding Claims-Based Applications: An Overview of Active Directory Federation Services (AD FS) 2.0 and Windows Identity Foundation SIA302 | Identity and Access Management: Centralizing Application Authorization Using Active Directory Federation Services 2.0 SIA303|Identity and Access Management: Windows Identity Foundation and Windows Azure SIA304 | Identity and Access Management: Windows Identity Foundation Overview SIA305 | Top 5 Security and Privacy Challenges in Identity Infrastructures and How to Overcome Them with U-Prove SIA306 | Night of the Living Directory: Understanding the Windows Server 2008 R2 Active Directory Recycle Bin SIA307 | Identity and Access Management: Deploying Microsoft Forefront Identity Manager 2010 Certificate Management for Microsoft IT SIA318 | Microsoft Forefront Identity Manager 2010: Deploying FIM SIA319 | Microsoft Forefront Identity Manager 2010: In Production SIA326 | Identity and Access Management: Single Sign-on Across Organizations and the Cloud - Active Directory Federation Services 2.0 Architecture Drilldown SIA327 | Identity and Access Management: Managing Active Directory Using Microsoft Forefront Identity Manager SIA01-INT | Identity and Access Management: Best Practices for Deploying and Managing Active Directory Federation Services (AD-FS) 2.0 SIA03-INT | Identity and Access Management: Best Practices for Deploying and Managing Microsoft Forefront Identity Manager SIA06-INT | Identity and Access Management Solution Demos SIA02-HOL | Microsoft Forefront Identity Manager 2010 Overview SIA06-HOL | Identity and Access Management Solution: Business Ready Security with Microsoft Forefront and Active Directory Red SIA-5 & SIA-6 | Microsoft Forefront Identity and Access Management Solution Learn more about our solutions: http://www.microsoft.com/forefront Try our products: http://www.microsoft.com/forefront/trial www.microsoft.com/teched www.microsoft.com/learning http://microsoft.com/technet http://microsoft.com/msdn Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year