From "Username and Password" to InfoCard
-
Upload
goodfriday -
Category
Technology
-
view
784 -
download
0
description
Transcript of From "Username and Password" to InfoCard
![Page 1: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/1.jpg)
From Username & Password to "InfoCard"
Richard Turner"InfoCard" Product Manager
Microsoft Corporation
Garrett SerackProgram Manager
Microsoft Corporation
![Page 2: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/2.jpg)
AgendaAgenda
Internet Identity CrisisInternet Identity Crisis
"InfoCard" Overview"InfoCard" Overview
Implementation Implementation
The Identity MetasystemThe Identity Metasystem
Getting "InfoCard"Getting "InfoCard"
![Page 3: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/3.jpg)
Suppliers & Partners
Businesses
Employees
Friends & Family
Consumers
![Page 4: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/4.jpg)
Who Are You?Who Are You?
![Page 5: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/5.jpg)
The Internet Identity CrisisThe Internet Identity Crisis
Phishing & PhraudPhishing & Phraud
Password fatiguePassword fatigue
Inconsistent, proprietary identification Inconsistent, proprietary identification mechanismsmechanisms
Lack of Identity OnlineLack of Identity Online
![Page 6: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/6.jpg)
Phishing & PhraudPhishing & Phraud
New Phishing Sites by MonthNew Phishing Sites by Month
December 2004 – December 2005December 2004 – December 2005
Dec04
Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec05
7,197
4,6304,367
5,2425,2594,564
4,280
3,3262,8542,870
2,6252,560
1,707
Source: http://www.antiphishing.org
![Page 7: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/7.jpg)
Password FatiguePassword Fatigue
![Page 8: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/8.jpg)
"InfoCard""InfoCard"
Consistent Consistent user user experienceexperience
Helps Helps eliminate eliminate unames and unames and passwordspasswords
Helps protect Helps protect users from users from many forms of many forms of phishing & phishing & phraud attackphraud attack
Support for Support for two-factor two-factor authenticationauthentication
Easier Safer
Built on WS-* Web Services Protocols
![Page 9: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/9.jpg)
"InfoCard" cards"InfoCard" cards
Stored locallyStored locally
Assertions about meAssertions about me
Not corroboratedNot corroborated
Provided by banks, Provided by banks, government, clubs, government, clubs, etcetc
Stored at STSStored at STS
Metadata onlyMetadata only
Richard’s Card Woodgrove Bank
![Page 10: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/10.jpg)
Private DesktopPrivate Desktop
Runs under separate Runs under separate desktop and desktop and restricted accountrestricted account
Isolates "InfoCard" Isolates "InfoCard" from Windows from Windows desktopdesktop
Deters hacking Deters hacking attempts by user-attempts by user-mode processesmode processes
![Page 11: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/11.jpg)
Contoso Car Contoso Car RentalRental
![Page 12: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/12.jpg)
ParticipantsParticipants
Relying Party (website)Identity Provider
User
![Page 13: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/13.jpg)
Object Tag
Login with Self Issued CardLogin with Self Issued Card
Relying Party (website)
User
Login
![Page 14: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/14.jpg)
Select Self Issued CardSelect Self Issued Card
Relying Party (website)
User
![Page 15: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/15.jpg)
Create Token from CardCreate Token from Card
Relying Party (website)
User
![Page 16: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/16.jpg)
Sign, Encrypt & Send TokenSign, Encrypt & Send Token
Relying Party (website)
User
![Page 17: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/17.jpg)
Object Tag
Login with Managed CardLogin with Managed Card
Relying Party (website)Identity Provider
User
Login
![Page 18: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/18.jpg)
Select Managed CardSelect Managed Card
Relying Party (website)Identity Provider
User
![Page 19: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/19.jpg)
Request Security TokenRequest Security Token
Relying Party (website)Identity Provider
User
Auth’:X509, Kerb, SIC, U/PWD…
![Page 20: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/20.jpg)
Create Token from CardCreate Token from Card
Relying Party (website)Identity Provider
User
![Page 21: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/21.jpg)
Sign, Encrypt & Send TokenSign, Encrypt & Send Token
Relying Party (website)Identity Provider
User
![Page 22: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/22.jpg)
The Identity MetasystemThe Identity Metasystem
Identity layer for the InternetIdentity layer for the Internet
Open, inclusive, standards-based modelOpen, inclusive, standards-based model
Built upon “The Laws of Identity”Built upon “The Laws of Identity”
"InfoCard" is a client agent within the IDMS"InfoCard" is a client agent within the IDMS
![Page 23: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/23.jpg)
Building A Building A Relying PartyRelying Party
![Page 24: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/24.jpg)
Integrating with “InfoCard”Integrating with “InfoCard”
Four key tasks:Four key tasks:1.1. Update the databaseUpdate the database
2.2. Create an association pageCreate an association page
3.3. Update the sign in pageUpdate the sign in page
4.4. Update the registration pageUpdate the registration page
![Page 25: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/25.jpg)
1. Associate a user with a card1. Associate a user with a card
CREATE PROCEDURECREATE PROCEDURE aspnet_infocard_associate aspnet_infocard_associate (@UserId nvarchar(256), @card (@UserId nvarchar(256), @card nvarcharnvarchar(50) )(50) ) ASAS ......
CREATE PROCEDURECREATE PROCEDURE aspnet_infocard_lookup aspnet_infocard_lookup (@card (@card nvarcharnvarchar(50) )(50) ) ASAS ......
![Page 26: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/26.jpg)
2a. Create an association page2a. Create an association page
<!-- ... --><!-- ... --> <<buttonbutton onclickonclick="javascript:return infocardlogin.submit();">="javascript:return infocardlogin.submit();"> Update account with your Information CardUpdate account with your Information Card </</buttonbutton>>
<<formform namename="infocardlogin"="infocardlogin" targettarget="_self"="_self" methodmethod="post">="post"> <<objectobject typetype="application/x-informationcard"="application/x-informationcard" namename="xmlToken">="xmlToken"> <<paramparam namename="tokenType"="tokenType" valuevalue="urn:oasis:names:tc:SAML:1.0:assertion">="urn:oasis:names:tc:SAML:1.0:assertion"> <<paramparam namename="issuer“ ="issuer“ valuevalue="http://schemas..../identity/issuer/self">="http://schemas..../identity/issuer/self"> <<paramparam namename="requiredClaims"="requiredClaims" valuevalue="http://.../claims/givenname,="http://.../claims/givenname, http://.../claims/surname,http://.../claims/surname, http://../claims/emailaddress, http://../claims/emailaddress, http://.../claims/privatepersonalidentifier">http://.../claims/privatepersonalidentifier"> </</objectobject>> </</formform>><!-- ... --><!-- ... -->
![Page 27: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/27.jpg)
2b. Create an association page2b. Create an association page
publicpublic partialpartial classclass Associate_aspxAssociate_aspx : System.Web.UI. : System.Web.UI.PagePage{{ protectedprotected voidvoid Page_Load( Page_Load(objectobject sender, sender, EventArgsEventArgs e) e) {{ // check if an xmlToken is posted// check if an xmlToken is posted stringstring xmlToken = Request[ xmlToken = Request["xmlToken""xmlToken"];]; ifif (xmlToken != (xmlToken != nullnull) {) {
TokenHelperTokenHelper tokenHelper = tokenHelper = newnew TokenHelperTokenHelper(xmlToken);(xmlToken); // get the unique id// get the unique id stringstring uniqueID = tokenHelper.getUniqueID(); uniqueID = tokenHelper.getUniqueID(); ifif (uniqueID != (uniqueID != nullnull && uniqueID != && uniqueID != """")) {{ //store it with the account.//store it with the account. MembershipUserMembershipUser user = user = MembershipMembership.GetUser();.GetUser(); MembershipHelperMembershipHelper.AssociateUser(.AssociateUser(
user.UserName, uniqueID );user.UserName, uniqueID ); }} }} }}}}
![Page 28: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/28.jpg)
3a. Update the sign in page3a. Update the sign in page
<!-- ... --><!-- ... --> <<buttonbutton onclickonclick="javascript:return infocardlogin.submit();">="javascript:return infocardlogin.submit();"> Sign in with your Information CardSign in with your Information Card </</buttonbutton>>
<<formform namename="infocardlogin"="infocardlogin" targettarget="_self"="_self" methodmethod="post">="post"> <<objectobject typetype="application/x-informationcard"="application/x-informationcard" namename="xmlToken">="xmlToken"> <<paramparam namename="tokenType"="tokenType" valuevalue="urn:oasis:names:tc:SAML:1.0:assertion">="urn:oasis:names:tc:SAML:1.0:assertion"> <<paramparam namename="issuer“ ="issuer“ valuevalue="http://schemas..../identity/issuer/self">="http://schemas..../identity/issuer/self"> <<paramparam namename="requiredClaims"="requiredClaims" valuevalue="http://.../claims/givenname,="http://.../claims/givenname, http://.../claims/surname,http://.../claims/surname, http://../claims/emailaddress, http://../claims/emailaddress, http://.../claims/privatepersonalidentifier">http://.../claims/privatepersonalidentifier"> </</objectobject>> </</formform>><!-- ... --><!-- ... -->
![Page 29: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/29.jpg)
3b. Update the sign in page3b. Update the sign in page
publicpublic partialpartial classclass Login_aspxLogin_aspx : System.Web.UI. : System.Web.UI.PagePage{{ protectedprotected voidvoid Page_Load( Page_Load(objectobject sender, sender, EventArgsEventArgs e) e) {{ stringstring xmlToken = Request[ xmlToken = Request["xmlToken""xmlToken"];];
TokenHelperTokenHelper tokenHelper = tokenHelper = newnew TokenHelperTokenHelper(xmlToken);(xmlToken);
// Lookup the account using the uniqueId// Lookup the account using the uniqueId stringstring username = username = MembershipHelperMembershipHelper.GetUser(.GetUser( tokenHelper.getUniqueID());tokenHelper.getUniqueID()); ifif (username != (username != nullnull) {) { MembershipUserMembershipUser user = user = MembershipMembership.GetUser(username);.GetUser(username);
// give the cookie back to the browser.// give the cookie back to the browser. FormsAuthenticationFormsAuthentication.SetLoginCookie(user.UserName, .SetLoginCookie(user.UserName, falsefalse);); }} } } }}
![Page 30: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/30.jpg)
4a. Update the registration page4a. Update the registration page
<!-- ... --><!-- ... --> <<buttonbutton onclickonclick="javascript:return infocardlogin.submit();">="javascript:return infocardlogin.submit();"> Register with your Information CardRegister with your Information Card </</buttonbutton>>
<<formform namename="infocardlogin"="infocardlogin" targettarget="_self"="_self" methodmethod="post">="post"> <<objectobject typetype="application/x-informationcard"="application/x-informationcard" namename="xmlToken">="xmlToken"> <<paramparam namename="tokenType"="tokenType" valuevalue="urn:oasis:names:tc:SAML:1.0:assertion">="urn:oasis:names:tc:SAML:1.0:assertion"> <<paramparam namename="issuer“ ="issuer“ valuevalue="http://schemas..../identity/issuer/self">="http://schemas..../identity/issuer/self"> <<paramparam namename="requiredClaims"="requiredClaims" valuevalue="http://.../claims/givenname,="http://.../claims/givenname, http://.../claims/surname,http://.../claims/surname, http://../claims/emailaddress, http://../claims/emailaddress, http://.../claims/privatepersonalidentifier">http://.../claims/privatepersonalidentifier"> </</objectobject>> </</formform>><!-- ... --><!-- ... -->
![Page 31: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/31.jpg)
4b. Update the registration page4b. Update the registration page
// ...// ...
stringstring xmlToken = Request[ xmlToken = Request["xmlToken""xmlToken"];]; TokenHelperTokenHelper tokenHelper = tokenHelper = newnew TokenHelperTokenHelper(xmlToken);(xmlToken);
stringstring uniqueId = tokenHelper.getUniqueID(); uniqueId = tokenHelper.getUniqueID(); stringstring emailAddress = tokenHelper.GetClaim( emailAddress = tokenHelper.GetClaim( “ “http://schemas.../emailaddresshttp://schemas.../emailaddress”);”); stringstring username = tokenHelper.GetClaim( username = tokenHelper.GetClaim( “ “http://schemas.../givennamehttp://schemas.../givenname”);”);
ifif (username != (username != nullnull) {) { MembershipUser MembershipUser user = CreateUser( name , emailAddress ,... );user = CreateUser( name , emailAddress ,... ); MembershipHelperMembershipHelper.AssociateUser( user.UserName, uniqueID );.AssociateUser( user.UserName, uniqueID ); }}
// ...// ...
![Page 32: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/32.jpg)
SummarySummary
![Page 33: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/33.jpg)
WinFX: .NET to the coreWinFX: .NET to the core
![Page 34: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/34.jpg)
Getting WinFX & "InfoCard"Getting WinFX & "InfoCard"
Built in to Windows VistaBuilt in to Windows Vista
Also available for Windows XP & Windows Server Also available for Windows XP & Windows Server 20032003
CTPs available today CTPs available today
Beta 2 comingBeta 2 coming
RTM 2nd half 2006RTM 2nd half 2006
Q2 Q3 Q12006
Q2Q4Q12005
Q3 Q4
B1 CTPV1
RTM
![Page 35: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/35.jpg)
"InfoCard" Summary"InfoCard" Summary
Labs available in the MIX Sandbox!Labs available in the MIX Sandbox!
Consistent authentication for digital identities
Reduces chances of being phished
Adopting takes little developer effort
![Page 36: From "Username and Password" to InfoCard](https://reader033.fdocuments.net/reader033/viewer/2022061209/548ca5c7b4795938018b473e/html5/thumbnails/36.jpg)
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.