Documente Academic
Documente Profesional
Documente Cultură
Synchronizing Life
Microsoft
Federation Gateway
Microsoft Federation Gateway Service
Live Services
Synchronizing Life
Overview
• The
Federation
Gateway
Microsoft Federation Gateway Service Live Services
Synchronizing Life
Goal
• Allow users to sign in to online
services with familiar credentials
from any third-party domain
Solution
• The Federation Gateway Service
uses open standards to implement
a secure trust relationship between
Microsoft Federation Gateway Service Live Services
Synchronizing Life
Seamless
Sign-in to any
Live ID service
• The Microsoft Federation
Gateway service enables seamless S
Microsoft Federation Gateway Service Live Services
Synchronizing Life
Standards-based, cross-platform
identity federation
• Live ID Federation uses open standards
Resource Providers
• Resource providers (application hosters
& developers) can use the proven Live ID
Identity federation between trusted Live Services
Synchronizing Life
Federation of identities between Live Services
Synchronizing Life
Microsoft Federation Gateway Service Live Services
Synchronizing Life
Federation
Running Active an Active Directory org RPS
Server
Login UI
Directory and using WebAuth
the MSC to access - Username/
password
Online services - CardSpace
Active Directory Identity - Sign In assistant
- Token
Provider
Organization 2 WS-Trust
Federation
Is not running Active
Server
Directory but federates
their identity provider
with the Microsoft
Federation Gateway.
Custom Identity Store
WS-Trust Microsoft
WS-Fed Federation Gateway
Consumer Microsoft services
PC (Windows) Microsoft
Browser Services
Custom Application Microsoft
provided 3rd party
Windows Live 1st Party apps cloud based
CRM
services
APIs
Microsoft Outlook
“Strata”
Mobile Device (???)
Signing into a Signup Live Services
Synchronizing Life
Federation
Running Active an organization using RPS
Server
Login UI
Directory and using
the MSC to access any identity solution WebAuth
- Username/
password
Online services - CardSpace
Active Directory Identity - Sign In assistant
- Token
Provider
Organization 2 WS-Trust
Federation
Is not running Active
Server
Directory but federates
their identity provider
with the Microsoft
Federation Gateway.
Custom Identity Store
WS-Trust Microsoft
WS-Fed Federation Gateway
Consumer Microsoft services
PC (Windows) Microsoft
Browser Services
Custom Application Microsoft
provided 3rd party
Windows Live 1st Party apps cloud based
CRM
services
APIs
Microsoft Outlook
“Strata”
Mobile Device (???)
Microsoft Federation Gateway Service Live Services
Synchronizing Life
mary@fabrikam2.com
Microsoft Federation Gateway Service
Federation Gateway Service in Action
Live Services
Synchronizing Life
mary@fabrikam2.com
*************
Microsoft Federation Gateway Service Live Services
Synchronizing Life
Manual Setup
•
• Logout URL
• Partner URL
• X.509 Token signing certificate
• Partner Friendly name
Information That Windows Live ID Live Services
Synchronizing Life
• Necessary URL
• This will be in a WS-Federation
metadata document hosted by SSL
• Provided separately to each partners
Microsoft Federation Gateway Service Live Services
Synchronizing Life
More Information
• Live ID on dev.live.com:
http://dev.live.com/liveid/
• Live ID Federation white paper
http://msdn.microsoft.com/en-us/
library/cc287610.aspx