Professional Documents
Culture Documents
Synchronizing Life
Online Identity
Easing the pain of identity integration
Agenda Live Services
Synchronizing Life
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Session objectives and takeaways Live Services
Synchronizing Life
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Microsoft Identity Software + Services Live Services
Synchronizing Life
Claims-Based Access
Services
Libraries
.NET FX 3.5 APIs Silverlight APIs JavaScript APIs Client Controls Web Controls …
Tools &
Services
Resource Model
Developer
ATOM JSON POX RSS Binary XML Portal
AtomPub FeedSync
Resource
CRUD Sync URI-LINQ Triggers Auth/Z Hosting Introspection
Scripts
Core Data Communications App Model
Provisioning /
User Account
Identity P2P Catalog Management
Folders News
Device Mesh Notifications Hosting
Photos Favorites
Applications Presence Mesh Applications Angus Logan 10/2/08
Contacts Groups Replace HOSTING
App Data & Settings
Profile Calendar Visual Studio
Application Management Tools /
System Designers
Geospatial
Search
Resource Script
Auth/Z Angus
Analytics Logan 10/2/08
Resource Script Engine Auth/Z Local Store
Engine
Replace Hosting
Cache … P2P File Sys …
Live ID
Terms of Service
The Life of an App Developer Live Services
Synchronizing Life
Business logic
…
Identity Provider availability and reliability
Anti-spam account detection IdP QoS
Trust relationship management
Child account legal and parental controlsOn-boarding Identity
Account sign-up / management “pain”
Different principal types
AuthN
Different authentication protocols
Operating Environment
Live ID Identity Services Principles Live Services
Synchronizing Life
Consume
Open & Rich
r+ Federatio Ease of
Standard functiona
Enterpris n friendly use
s-based lity
e
Live Services
Synchronizing Life
Authentication
A Auth Protocols Principal Types
Policy
P Trust relationships Auth token policies
Profile
P Account registration Membership DB
AuthoriZation
Z Claims Roles Access control
Live Identity Services Live Services
Synchronizing Life
Integration SDKs
••ASP.NET controls
simplified integration Windows Live
ASP.NET ••Controls: IDLogin, IDLoginView, Tools
Contacts, SilverlightStreaming
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Everything needs an ID - Why LiveID? Live Services
Synchronizing Life
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Live Services
Synchronizing Life
demo
Live Identity
Services
Web Authentication
Enabling apps
to be secure
Web Authentication Protocol Overview Live Services
Synchronizing Life
4
Windows Live ID service
Windows Live Tools Live Services
Synchronizing Life
• <live:IDLoginStatus
– ID="IDLoginStatus1"
– runat="server"
– ApplicationContext="welcomepage"
– BackColor="#E5ECE5“
– onserversignin=
• "IDLoginStatus1_ServerSignIn"
•onserversignout=
–"IDLoginStatus1_ServerSignOut"
• />
WebAuth Sign-in Control Live Services
Synchronizing Life
• <iframe id="WebAuthControl"
– src="http://login.live.com/controls/
WebAuth.htm
?appid=<%=AppId%>
&context=welcomepage Existing: WebAuth.htm
&style=font-size=10pt;
– +font-family=verdana; New: WebAuthLogo.htm
– +font-style=normal;
– +font-weight=bold; New:
– +background=white; WebAuthButton.htm
– +color=black;"
• width="80px" height="20px">
• </iframe>
WebAuth Sign-in Messages Live Services
Synchronizing Life
Don’t panic! The SDK libraries handle all this for you!
••GET http://login.live.com/wlogin.srf
Sign-in ?appid=00167FFE80002700
&appctx=welcomepage
Request HTTP/1.1
...
••POST http://www.mydomain.com/
Encrypted Contents:
wl-handler.aspx HTTP/1.1appid=<applicationid
>
Sign-in action=login
&uid=<user
identifier>
Response &appctx=welcomepage &ts=<timestamp>
&sig=<signature>
&stoken=MA12BCF0012BAM567890
MABD123456ABCDEF12345667890
Live Services
Synchronizing Life
Customizable Theme
Area (Blue)
Elements cannot
Sign-up section
change.
Customize look & feel.
Font color
Background color
Button color
User tile color
Live ID description
color
Sign-in Screen Customization Live Services
Synchronizing Life
• <WhiteLabelProperties>
– <Logo>STRID_LOGO</Logo>
– <LogoAltText>STRID_LOGOALTTEXT</LogoAltText>
– <HeaderBkgndColor>#336633</HeaderBkgndColor>
– <BkgndColor>#e5ece5</BkgndColor>
– <FontColorLight>#b5781e</FontColorLight>
– <FontColorLink>#b5781e</FontColorLink>
– <ButtonColor>#9EB39B</ButtonColor>
– <ButtonBorder>#336633</ButtonBorder>
– <FontColor>black</FontColor>
– <UserTileColor>#C6D6B9</UserTileColor>
• </WhiteLabelProperties>
• <SiteLoginUIProperties>
– <Header id ="default">STRID_HEADER</Header>
– <Title id="default">STRID_TITLE</Title>
– <Subtitle id="default">STRID_SUBTITLE</Subtitle>
• </SiteLoginUIProperties>
• <StringTable>
– <Language langID="en">
• <String id="STRID_HEADER">To make a Reservation, Sign in with your Windows Live ID</String>
• <String id="STRID_TITLE">Welcome to AdventureWorks Resorts</String>
Customizable Registration Live Services
Synchronizing Life
Task integration
Username
Password
Password
reset question
/ Alt e-mail
Profile info
CAPTCHA
ToS
Agenda Live Services
Synchronizing Life
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Live Services
Synchronizing Life
Don’t panic! The SDK libraries handle all this for you!
• https://consent.live.com/
delegation.aspx
– ?ru=http://mydomain.myapp.com/ReturnURL.aspx
– &ps=Contacts.View,Contacts.Update
– &pl=http://mydomain.myapp.com/PrivacyPolicy.htm
1=Compact token, 2=SAML
– &ttype=1 token
– &mkt=en-US
– &app=appid%3d10000%26ts%3d1193445084%26ip
%3d157.56.190.178%26sig
%3d7HgcsIEheEVO30BuPAEJhJeB8Pz0xHBV%252f
%252bQD27AOdmI%253d
Application Verifier
token:
AppID, Timestamp, Client
IP, SHA256 signature
DelAuth Consent Token Response Live Services
Synchronizing Life
(URL Decoded)
Don’t panic! The SDK libraries handle all this for you!
• delt=EwCoARAnAAAUgxwUrFTrj0j98kTTv4OX
%2FOkhSc2AADHt9dXtiWa4afIM1AtKBgDzW2LOYBmExjIAumf
%2B33MyPpGSnwrmtOc2aKG0Oz008Jg6a9Ss8a6L4zi8Za9gT85eqqd
S0HNJZW9xAUoD2MOqUz7RxqY
%2FpNhAWm6ndhFTj9VWWZYi7zIJJU7RgrIXEJrmQsHSKN1%2B2Iot56
mknEECA2YAAAi5VYs8bPiGofgAEiVBGu8ve8kv459FJn8ioXFJMR4f5E
YNJqxMXG8tZhe87ylkvESebImX
%2B4T8EGxxgDBTTHmEnK5PtoxJDTLJCSz4UJwRPAS0KW2H5TIi7Ecu
6dZ5FbspeKlPCi7pxjevW1WAHuoJY9oow
%2FgUCZhcxCusUg2Cg6LmpSm0KwacVzaXLEOwwpfUXtFSwpPsU8w
8G9syt4%2F0k1W4HJmdrqU1xqHO7ZEX3JBWpKBscNbKr5z3qCkO2t
pW%2BBjFEgy8w%2Fc5wb66At7V4Vs1ccbiBJ7pC
%2F0VjyfzKfBYNP2zniAmepap2jY780q73Czc10w0bfMr54cKMaDrK6
kAAA%3D%3D
• &exp=1196836447
Delegated Auth Consent Refresh Live Services
Synchronizing Life
Request
Don’t panic! The SDK libraries handle all this for you!
• http://consent.live.com/RefreshToken.aspx
– ?ru=http://mydomain.myapp.com/
ReturnURL.aspx
– &ps=Contacts.View,Contacts.Update
– &reft=F7BJdi2ojtPWXv7qVCKrhD0kU35Rf1k4wz0
nFx
– gB33czSkOgk0Ht5n8LGLZW2Mgo06dpFYonRF0e
0ha
– sWS91l37cf8sq2NaxyXJASrEdKoYOApPUBI6RqYn
DS
– BgkNqKPQtUbIN%252F%252FXQ
%252B7qUnzyWvn
– SA%253D%253D
– &app=appid%3d10000%26ts
DelAuth Consent Refresh Live Services
Synchronizing Life
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Client SDK Live Services
Synchronizing Life
Announced at
PDC Windows Live ID
OpenID Provider
Embracing
Open
Standards
Windows Live ID OpenID Provider Live Services
Synchronizing Life
Microsoft is becoming an
OpenID Provider (OP)
Next Steps - Try the Live ID
Use your Windows Live ID account OP
1. Set up a Live ID INT account:
to https://setup.Live-INT.com/
sign-in to any OpenID 2.0 enabled 2. Set up OpenID alias: https://
What is OpenID? OpenID.Live-INT.com /beta/
Web site
• “Open ID is a free and easy way to use a single ManageOpenID.srf
digital identity across the Internet” 3. Users: Use OpenID 2.0 login
Source: OpenID Foundation - http://openid.net/
• OpenID eliminates the need for multiple URI:OpenID.Live-
usernames across different websites INT.com
Key Implementation Details 4. Library developers: Test
Create
interop with the Live ID OP
OpenID Alias attached to your Live ID
account endpoint
Authenticate
5. Web site owners: Test Live ID
with alias + account credentials
Choice:
Either global unique (public) or pair-
wise anonymous (private) identifier returned to
RP
OpenID Sign-in Request Live Services
Synchronizing Life
Don’t panic! The SDK libraries handle all this for you!
• GET http://openid.live-INT.com/OpenIDAuth.srf
– ?openid.mode=checkid_setup
– &openid.identity=http%3a%2f%2fopenid.live-int.com%2fjthelin
– &openid.ns=http%3a%2f%2fspecs.openid.net%2fauth%2f2.0
– &openid.claimed_id=http%3a%2f%2fopenid.live-int.com%2fjthelin
– &openid.realm=http%3a%2f%2flocalhost%3a49413%2f
– &openid.return_to=http%3a%2f%2flocalhost%3a49413%2flogin.aspx
%3fReturnUrl%3d%252fDefault.aspx%26token%3dAbu8voGNbjk2%252fH
%252bWGN4vgbrzsETS0aCY%252bCSc%252frV
%252bo6kKaHR0cDovL2p0aGVsaW4ucGlwLnZlcmlzaWdubGFicy5jb20vDQ
podHRwOi8vanRoZWxpbi5waXAudmVyaXNpZ25sYWJzLmNvbS8NCg0KaH
R0cDovL3BpcC52ZXJpc2lnbmxhYnMuY29tL3NlcnZlcg0KMi4wDQo%253d
– &openid.assoc_handle=d7d181a0-632e-11dd-ba82-f91efcd7aef7
• HTTP/1.1
OpenID Sign-in Response Live Services
Synchronizing Life
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
demo
Live Services
Synchronizing Life
Live Contacts
• LiveID OverView
• Advantages and Drivers
• Types of Authentication
– WebAuth
– DelAuth
– ClientAuth
• Contacts
• Summary
• Discussion
Summary – Windows Live ID Live Services
Synchronizing Life
Web Authentication
Screen Customization
Delegated Authentication
Client Authentication
Federated Authentication
OpenID Support
Discussion