02-MS Online Identity - Session 1

Live Services
Synchronizing Life
Online Identity
Easing the pain of identity integration
Agenda Live Services
Synchronizing Life
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Session objectives and takeaways Live Services
Synchronizing Life
• At the end of this session the

audience should understand LiveID
and how to use it.
• Feel confident and comfortable to go
and start creating apps that use
LiveID.
Synchronizing Life
• LiveID OverView
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Microsoft Identity Software + Services Live Services
Synchronizing Life
One identity model that puts users in control of their identities
Flexibility via Enhances Developer

Standards Based
Choice Productivity
Claims-Based Access
Services
Live Micros .Net Access

Identity oft Control
Service Federat Service
Software
“Gene Micros Windo “Gene Live

ws va” Frame
Active CardS Frame work
Live ID within the Live Framework Live Services
Synchronizing Life
Libraries
.NET FX 3.5 APIs Silverlight APIs JavaScript APIs Client Controls Web Controls …
Tools &
Services
Resource Model
Developer
ATOM JSON POX RSS Binary XML Portal
AtomPub FeedSync
Resource
CRUD Sync URI-LINQ Triggers Auth/Z Hosting Introspection
Scripts
Core Data Communications App Model
Provisioning /
User Account
Identity P2P Catalog Management
Folders News
Device Mesh Notifications Hosting
Photos Favorites
Applications Presence Mesh Applications Angus Logan 10/2/08
Contacts Groups Replace HOSTING
App Data & Settings
Profile Calendar Visual Studio
Application Management Tools /
System Designers
Geospatial
Search
Live Operating Environment

Analytics
CRUD Sync App Hosting CRUD Sync Hosting
Resource Script
Auth/Z Angus
Analytics Logan 10/2/08
Resource Script Engine Auth/Z Local Store
Engine
Replace Hosting
Cache … P2P File Sys …
Cloud Client Angus Logan 10/2/08

Developer
Sandbox
Replace Hosting
Windows “Strata” Windows Embedded Windows Mobile Other
Live Services
Synchronizing Life
Live ID
Hotmail Messenger Spaces

Live Search Alerts
Live.com Live Search Sky Drive

Mail Photo Gallery Events
Maps
Expo Gallery Calendar Agents

Gadgets
Writer
Windows Live Contacts

for Mobile OneCare Toolbar QnA
Favorites
Find Identity User Data Notifications Infrastructure
Live Services
& Locate & Messaging
Synchronizing Life
Live Search Live ID Contacts Messenger Admin Center
Virtual Earth Photos Alerts Silverlight

Streaming
App Storage Agents
Terms of Service
The Life of an App Developer Live Services
Synchronizing Life
Business logic
…
Identity Provider availability and reliability
Anti-spam account detection IdP QoS
Trust relationship management
Child account legal and parental controlsOn-boarding Identity
Account sign-up / management “pain”
Different principal types
AuthN
Different authentication protocols
Operating Environment
Live ID Identity Services Principles Live Services
Synchronizing Life
Above all: SECURE!
Consume
Open & Rich
r+ Federatio Ease of
Standard functiona
Enterpris n friendly use
s-based lity
e
Live Services
Synchronizing Life
Integrating with Live ID

Steps to Identity Integration - APPZ Live Services
Synchronizing Life
Authentication
A Auth Protocols Principal Types
Policy
P Trust relationships Auth token policies
Profile
P Account registration Membership DB
AuthoriZation
Z Claims Roles Access control
Live Identity Services Live Services
Synchronizing Life
Integration SDKs
Web ••Web site integration Windows Live ID

••Co-branded user experience Web
Application ••Open source samples in 7 languages –
(Authentication C#, VB, Java, Perl, PHP, Ruby, Python Authentication
Web ••App provider accessing u Windows Live ID

ser data stored in Live Delegated
Application Services
(Delegation) ••Open source samples in 7 languages – Authentication
••ASP.NET controls
 simplified integration Windows Live
ASP.NET ••Controls: IDLogin, IDLoginView, Tools
Contacts, SilverlightStreaming
Windows Rich ••Rich client applications

Windows Live ID
••Windows Client OS
Client Client SDK
Application
Windows Live ID – Type of Identity Live Services
Synchronizing Life
Principal Types Credential

Types
• [Strong]
Password, Pin
• eID / Smart
card
• CardSpace
Types of Live ID Users The

Passwo
• Live / Hotmail rd
• EASI (“E-mail As Anti-
Pattern
Sign-In”) !
Synchronizing Life
• LiveID OverView
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Everything needs an ID - Why LiveID? Live Services
Synchronizing Life
• You the end user don’t have to worry about

setting up and maintaining the back end
infrastructure required for AuthZ and AuthN
• LiveID Services takes care of it for you.
• LiveID Services is always online, secure, backed
up and available
• Based on Open standards and platform neutral
• Easy to provision, access and use
• Technology agnostic
• Move seamlessly across multiple applications/
services - A Single Sign In service
• Last but not least – largest collection of users on
a system – close to half a billion users already use
LiveID. So it’s easy to tap into this vast existing
user base for your customer base or audience.
Live ID – Rich Functionality Live Services
Synchronizing Life
• Provides an identity platform: o r e

u c h m he
– An authentication platform M n d t
i
A delegation platform beh box!
– n
logi
– A federation platform
– A user and service provisioning platform
– The first line of anti-spam defense
• All delivered as Software + Services

– Cloud hosted authentication services
– Client SDK libraries – 6 languages / multi
platform
• ASP.NET (C# + VB), Java, Perl, Python, Ruby
Synchronizing Life
• LiveID OverView
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Live Services
Synchronizing Life
demo
Live Identity
Services
Web Authentication
Enabling apps
to be secure
Web Authentication Protocol Overview Live Services
Synchronizing Life
Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?

LinkID=91762
1 Relying Party Web Site

e.g., Contoso.com
End User
w/web 2 Integration Steps:
1. Register AppID
browser
4 2. Get WebAuth library module from
SDK
5 3. Use WL Tool ASP.NET controls –
IDLoginStatus and/or IDLoginView
4. Create Member ID association
2 page (optional)
5. Test & deploy!
3
4
Windows Live ID service
Windows Live Tools Live Services
Synchronizing Life
IDLoginStatus Control (ASP.NET)
• <live:IDLoginStatus
– ID="IDLoginStatus1"
– runat="server"
– ApplicationContext="welcomepage"
– BackColor="#E5ECE5“
– onserversignin=
• "IDLoginStatus1_ServerSignIn"
•onserversignout=
–"IDLoginStatus1_ServerSignOut"
• />
WebAuth Sign-in Control Live Services
Synchronizing Life
(Cross-platform HTML – URL decoded for readability)
• <iframe id="WebAuthControl"
– src="http://login.live.com/controls/
WebAuth.htm
?appid=<%=AppId%>
&context=welcomepage Existing: WebAuth.htm
&style=font-size=10pt;
– +font-family=verdana; New: WebAuthLogo.htm
– +font-style=normal;
– +font-weight=bold; New:
– +background=white; WebAuthButton.htm
– +color=black;"
• width="80px" height="20px">
• </iframe>
WebAuth Sign-in Messages Live Services
Synchronizing Life
Don’t panic! The SDK libraries handle all this for you!
••GET http://login.live.com/wlogin.srf
Sign-in ?appid=00167FFE80002700
&appctx=welcomepage
Request HTTP/1.1
...
••POST http://www.mydomain.com/
Encrypted Contents:
wl-handler.aspx HTTP/1.1appid=<applicationid
>
Sign-in action=login
&uid=<user
identifier>
Response &appctx=welcomepage &ts=<timestamp>
&sig=<signature>
&stoken=MA12BCF0012BAM567890
MABD123456ABCDEF12345667890
Live Services
Synchronizing Life
Live ID Services Web Authentication

Sign-in Screen Customization
Enabling seamless sign-in / sign-up user

experience
Customizable Sign-in Screen Live Services
Synchronizing Life
• Flexible sign-in customization options

allow creative and seamless user
Customizable Contents
Area (Orange)
Elements that can be
customized.
Partner Logo
Task integration statement Task statement
Product description
Sign up section
Header background
Customizable Theme
Area (Blue)
Elements cannot
Sign-up section
change.
Customize look & feel.
Font color
Background color
Button color
User tile color
Live ID description
color
Sign-in Screen Customization Live Services
Synchronizing Life
• <WhiteLabelProperties>
– <Logo>STRID_LOGO</Logo>
– <LogoAltText>STRID_LOGOALTTEXT</LogoAltText>
– <HeaderBkgndColor>#336633</HeaderBkgndColor>
– <BkgndColor>#e5ece5</BkgndColor>
– <FontColorLight>#b5781e</FontColorLight>
– <FontColorLink>#b5781e</FontColorLink>
– <ButtonColor>#9EB39B</ButtonColor>
– <ButtonBorder>#336633</ButtonBorder>
– <FontColor>black</FontColor>
– <UserTileColor>#C6D6B9</UserTileColor>
• </WhiteLabelProperties>
• <SiteLoginUIProperties>
– <Header id ="default">STRID_HEADER</Header>
– <Title id="default">STRID_TITLE</Title>
– <Subtitle id="default">STRID_SUBTITLE</Subtitle>
• </SiteLoginUIProperties>
• <StringTable>
– <Language langID="en">
• <String id="STRID_HEADER">To make a Reservation, Sign in with your Windows Live ID</String>
• <String id="STRID_TITLE">Welcome to AdventureWorks Resorts</String>
Customizable Registration Live Services
Synchronizing Life
• Flexible registration screen options

Header image
Task integration
Username
Password
Password
reset question
/ Alt e-mail
Profile info
CAPTCHA
ToS
Synchronizing Life
• LiveID OverView
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Live Services
Synchronizing Life
Live Identity Services

Delegated
Enabling
data portability
Delegated Auth Protocol Live Services
Synchronizing Life
Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?

LinkID=107420
End User “Granting Consent” phase (user must be

w/ browser
online)
Direct user to consent UI
Consent UI
(consent.live.com)
Receive consent token
Integration Steps: Application “Using Consent” Phase (user can be offline)

1. Register AppID Provider
2. Get DelAuth library (web site) Send delegation token Resource
module from SDK with API call to resource Provider (e.g.,
3. Create consent Windows
request URL link Receive data
Live Contacts)
4. Create auth
callback handler page
Send refresh token Windows Live ID
5. Create store for consent
tokens (optional) Delegation
6. Send RP data Receive new consent token Service
request and process reply
7. Test & deploy!
Requesting Delegated Auth Live Services
Synchronizing Life
• https://consent.live.com/
delegation.aspx
– ?ru=http://mydomain.myapp.com/ReturnURL.aspx
– &ps=Contacts.View,Contacts.Update
– &pl=http://mydomain.myapp.com/PrivacyPolicy.htm
1=Compact token, 2=SAML
– &ttype=1 token
– &mkt=en-US
– &app=appid%3d10000%26ts%3d1193445084%26ip
%3d157.56.190.178%26sig
%3d7HgcsIEheEVO30BuPAEJhJeB8Pz0xHBV%252f
%252bQD27AOdmI%253d
Application Verifier
token:
AppID, Timestamp, Client
IP, SHA256 signature
DelAuth Consent Token Response Live Services
Synchronizing Life
(URL Decoded)
• delt=EwCoARAnAAAUgxwUrFTrj0j98kTTv4OX
%2FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf
%2B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqd
S0HNJZW9xAUoD2MOqUz7RxqY
%2FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%2B2Iot56
mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5E
YNJqxMXG8tZhe87ylkvESebImX
%2B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu
6dZ5FbspeKlPCi7pxjevW1WAHuoJY9oow
%2FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w
8G9syt4%2F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2t
pW%2BBjFEgy8w%2Fc5wb66At7V4Vs1ccbiBJ7pC
%2F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6
kAAA%3D%3D
• &exp=1196836447
Delegated Auth Consent Refresh Live Services
Synchronizing Life
Request
• http://consent.live.com/RefreshToken.aspx
– ?ru=http://mydomain.myapp.com/
ReturnURL.aspx
– &ps=Contacts.View,Contacts.Update
– &reft=F7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0
nFx
– gB33czSkOgk0Ht5n8LGLZW2Mgo06dpFYonRF0e
0ha
– sWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI6RqYn
DS
– BgkNqKPQtUbIN%252F%252FXQ
%252B7qUnzyWvn
– SA%253D%253D
– &app=appid%3d10000%26ts
DelAuth Consent Refresh Live Services
Synchronizing Life
Response - Raw JSON

• {
– "ConsentToken":
– "delt%3dEwCoARAnAAAUgxwUrFTrj0j98kTTv4OX
%252FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf
%252B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqdS
0HNJZW9xAUoD2MOqUz7RxqY
%252FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%252B2Iot5
6mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5EYNJ
qxMXG8tZhe87ylkvESebImX
%252B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu6d
Z5FbspeKlPCi7pxjevW1WAHuoJY9oow
%252FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w8
G9syt4%252F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2tpW
%252BBjFEgy8w%252Fc5wb66At7V4Vs1ccbiBJ7pC
%252F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6k
AAA%253D%253D%26reft
%3dF7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0nFxgB33czSkOgk0Ht5n8L
GLZW2Mgo06dpFYonRF0e0hasWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI
6RqYnDSBgkNqKPQtUbIN%252F%252FXQ%252B7qUnzyWvnSA%253D
%253D%26skey%3diS30MXEnIJj7K6HpwUBrXR5isE9rN9zq%26offer
%3dContacts.View,Contacts.Update%3a1228350847%26exp
%3d1196836447%26sig%3dC1itgV6AL7%252F
%252BJFnML1unjGZ6nNNjQsrb8%252BcTtmNAzp8%253D%26lid
%3df8eb4468555a951e"
Delegated Auth Protocol Drilldown Live Services
Synchronizing Life
User’s 3rd Party WLID WL RP  Supplies ‘on behalf of’ functionality

Browser Website Service Service  App can act on behalf of the user
 Subject to user’s consent
Access 3rd party  For a specific “offer” only (eg Calendar.Read)
1 app
 For a defined time period
 Re-use / Extend existing building blocks
2 Redirect to
Consent  WS-Trust RequestSecurityToken ‘on-behalf of’
element
3 Request user
 Re-use existing tokens – SAML and Compact – with
consent & token
new elements – ‘appid’ and “Offer”
4 Redirect to 3rd party
 Use Roles and Sharing for storing Permissions
app w/ token
 Scenarios that are enabled
5Post token to app  Supply auth mechanism for 3rd parties to call WL APIs
– Facebook, match.com
6 Request user data  Exchange 14 calendar sharing
w/ app token  Application authentication – Echoes
7 Return data for the
 Existing WL services integrate easily
user to the app  RPS Validates the App token, same as auth Token
8  RPS is configured to map the API to the “Offer” in the
App render app token
data to user
9  App can perform additional AuthZ checks if needed
Renew  Basic flow
token  App needs a token to access WL API
10 Request  Send user to a consent URL with identifier for “Offer”
updated data
consent is needed for
11
render data to  User grants consent and a token is return to the App
user  App uses the token to make authenticated call WL
API
 Token has expiration. Can be renewed by the app if
consent is still valid
Synchronizing Life
• LiveID OverView
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Client SDK Live Services
Synchronizing Life
• Integrate Desktop Applications to use

Live ID
• SDK provides a managed API
• No need to worry about technical
details of authentication
– Live ID authentication manages this
process
• Not necessary to bother about storing
demo
Live Services
Synchronizing Life
Desktop Client Auth Demo

Live Services
Synchronizing Life
Announced at
PDC Windows Live ID
OpenID Provider
Embracing
Open
Standards
Windows Live ID OpenID Provider Live Services
Synchronizing Life
Microsoft is becoming an
OpenID Provider (OP)
Next Steps - Try the Live ID
Use your Windows Live ID account OP
1. Set up a Live ID INT account:
to https://setup.Live-INT.com/
sign-in to any OpenID 2.0 enabled 2. Set up OpenID alias: https://
What is OpenID? OpenID.Live-INT.com /beta/
Web site
• “Open ID is a free and easy way to use a single ManageOpenID.srf
digital identity across the Internet” 3. Users: Use OpenID 2.0 login
Source: OpenID Foundation - http://openid.net/
• OpenID eliminates the need for multiple URI:OpenID.Live-
usernames across different websites INT.com
Key Implementation Details 4. Library developers: Test
 Create
interop with the Live ID OP
OpenID Alias attached to your Live ID
account endpoint
 Authenticate
5. Web site owners: Test Live ID
with alias + account credentials
 Choice:
Either global unique (public) or pair-
wise anonymous (private) identifier returned to
RP
OpenID Sign-in Request Live Services
Synchronizing Life
(URL decoded for readability)
• GET http://openid.live-INT.com/OpenIDAuth.srf
– ?openid.mode=checkid_setup
– &openid.identity=http%3a%2f%2fopenid.live-int.com%2fjthelin
– &openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0
– &openid.claimed_id=http%3a%2f%2fopenid.live-int.com%2fjthelin
– &openid.realm=http%3a%2f%2flocalhost%3a49413%2f
– &openid.return_to=http%3a%2f%2flocalhost%3a49413%2flogin.aspx
%3fReturnUrl%3d%252fDefault.aspx%26token%3dAbu8voGNbjk2%252fH
%252bWGN4vgbrzsETS0aCY%252bCSc%252frV
%252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQ
podHRwOi8vanRoZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaH
R0cDovL3BpcC52ZXJpc2lnbmxhYnMuY29tL3NlcnZlcg0KMi4wDQo%253d
– &openid.assoc_handle=d7d181a0-632e-11dd-ba82-f91efcd7aef7
• HTTP/1.1
OpenID Sign-in Response Live Services
Synchronizing Life
(URL decoded for readability)

• GET /login.aspx
– ?ReturnUrl=/Default.aspx
– &token=Abu8voGNbjk2/H+WGN4vgbrzsETS0aCY+CSc/rV
+o6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8vanR
oZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaHR0cDovL3BpcC52ZXJpc2lnbm
xhYnMuY29tL3NlcnZlcg0KMi4wDQo=
– &openid.assoc_handle=d7d181a0-632e-11dd-ba82-f91efcd7aef7
– &openid.response_nonce=2008-08-05T20:42:15ZiBs=
– &openid.ns=http://specs.openid.net/auth/2.0
– &openid.mode=id_res
– &openid.op_endpoint=http://openid.live-int.com/openidauth.srf
– &openid.claimed_id=http://openid.live-int.com/jthelin
– &openid.sig=kdXRyifqU0vd6H4kjgY5kgwmq4nN5ZhXBSck/bfLMDg=
– &openid.identity=http://openid.live-int.com/jthelin
– &openid.signed=assoc_handle,identity,response_nonce,return_to,claimed_id,op_end
point
– &openid.return_to=http%3a%2f%2flocalhost%3a49413%2flogin.aspx%3fReturnUrl%3d
%252fDefault.aspx%26token%3dAbu8voGNbjk2%252fH%252bWGN4vgbrzsETS0aCY
%252bCSc%252frV
%252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQpodHRwOi8
Synchronizing Life
• LiveID OverView
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
demo
Live Services
Synchronizing Life
Live Contacts
Enabling apps to be secure – Delegated

Authentication
Synchronizing Life
• LiveID OverView
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Summary – Windows Live ID Live Services
Synchronizing Life
• The biggest identity provider on the planet!
• … but Live ID platform is much more than just the

familiar login box
• Various types of users and various authentication

models are supported
• Sign-in and Sign-up page customizations
• Increasing focus on enabling federation and enterprise

access to online services
• Ease-of-use is always the goal

..... and the challenge!
Summary Live Services
Synchronizing Life
Live Identity Services

Identity Integration
Web Authentication
Screen Customization
Delegated Authentication
Client Authentication
Federated Authentication
OpenID Support
Core Principles Into the

• Ease of use Future
• Rich functionality • More ease of
• Open and use – for users
Standards-based
• Personal + Easy and developers
• More
Questions?
Live Services
Synchronizing Life
Discussion
Please use microphones

Live Identity Services Live Services
Synchronizing Life
Resources and links

• Windows Live ID Developer Center - http://dev.live.com/liveid
– Windows Live ID Articles on MSDN - http://go.microsoft.com/fwlink/?LinkId=111111
– Windows Live ID Documentation on MSDN - http://msdn2.microsoft.com/en-us/library/
bb404787.aspx
– Windows Live ID Developer Forum - http://go.microsoft.com/fwlink/?LinkID=78146
– Windows Live ID Team Blog - http://winliveid.spaces.live.com
• Windows Live ID Whitepapers
– Introduction to Windows Live ID - http://msdn2.microsoft.com/en-us/library/
bb288408.aspx
– Understanding Windows Live Delegated Authentication - http://msdn2.microsoft.com/
en-us/library/cc287613.aspx
– Windows Live ID Federation - http://msdn2.microsoft.com/en-us/library/
cc287610.aspx
• Windows Live ID Documentation and SDKs
– Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?
LinkID=91762
Web Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkID=91761
– Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?
LinkID=107420
Delegated Authentication SDK Samples http://go.microsoft.com/fwlink/?LinkId=107419
– Windows Live ID Client SDK download - http://go.microsoft.com/fwlink/?LinkId=86974
• Delegated Authentication Resource Providers List - http://go.microsoft.com/
fwlink/?LinkID=108535

02-MS Online Identity - Session 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

02-MS Online Identity - Session 1

Uploaded by

Copyright:

Available Formats

Live Services

• At the end of this session the

One identity model that puts users in control of their identities

Flexibility via Enhances Developer

Live Micros .Net Access

“Gene Micros Windo “Gene Live

Live Operating Environment

CRUD Sync App Hosting CRUD Sync Hosting

Cloud Client Angus Logan 10/2/08

Hotmail Messenger Spaces

Live.com Live Search Sky Drive

Expo Gallery Calendar Agents

Windows Live Contacts

Live Search Live ID Contacts Messenger Admin Center

Virtual Earth Photos Alerts Silverlight

App Storage Agents

Above all: SECURE!

Integrating with Live ID

Web ••Web site integration Windows Live ID

Web ••App provider accessing u Windows Live ID

Windows Rich ••Rich client applications

Principal Types Credential

Types of Live ID Users The

• You the end user don’t have to worry about

• Provides an identity platform: o r e

• All delivered as Software + Services

Windows Live ID Web Authentication SDK Docs http://go.microsoft.com/fwlink/?

1 Relying Party Web Site

IDLoginStatus Control (ASP.NET)

(Cross-platform HTML – URL decoded for readability)

Live ID Services Web Authentication

Enabling seamless sign-in / sign-up user

• Flexible sign-in customization options

• Flexible registration screen options

Live Identity Services

Windows Live ID Delegated Authentication SDK Docs http://go.microsoft.com/fwlink/?

End User “Granting Consent” phase (user must be

Integration Steps: Application “Using Consent” Phase (user can be offline)

Response - Raw JSON

User’s 3rd Party WLID WL RP  Supplies ‘on behalf of’ functionality

• Integrate Desktop Applications to use

Desktop Client Auth Demo

(URL decoded for readability)

(URL decoded for readability)

Enabling apps to be secure – Delegated

• The biggest identity provider on the planet!

• … but Live ID platform is much more than just the

• Various types of users and various authentication

• Sign-in and Sign-up page customizations

• Increasing focus on enabling federation and enterprise

• Ease-of-use is always the goal

Live Identity Services

Core Principles Into the

Please use microphones

Resources and links

You might also like