SESSION CODE SIA 305 Christian Paquin Senior Program

SESSION CODE: SIA 305 Christian Paquin Senior Program Manager Microsoft Corporation

Identity Provider (Id. P) Relying Party (RP) trust STS 4. Token response 3. Token request 1. Request access 2. Policy 5. Token Client

U-Prove technology

Gov Name: Alice Smith Address: 1234 Pine, Seattle, WA WA Over-21. : Over-21: true Coho Winery

Gov ? Name: Alice Smith Address: 1234 Pine, Seattle, WA Over-21: true Prove that you are over 21 and from WA Which adult from WA is this? Coho Winery

Identity Provider Relying Party trust IP IP STS B. Token response Client A. Token request 1. Request access 2. Policy 3. Token

One technology to meet the desired levels of security, privacy, and scalability Security Software Shared Hardware Pseudonymity Full identification Privacy Anonymity Scalability Offline Mixed Online

U-Prove CTP

Integration with Microsoft products http: //www. microsoft. com/u-prove

Integration with Microsoft products

OKS Registration E-Book OKS Feedback 1. Register online, get student information card 2. Prove registered student, view e-book online 3. Leave anonymous feedback German n. PA card Windows Card. Space 2. 0

Register the U-Prove WIF Extension in the application web. config <compilation> <assemblies> … <add assembly="Microsoft. Identity. Model. UProve, Version=3. 5. 0. 0, Culture=neutral, Public. Key. Token=31 BF 3856 AD 364 E 35"/> </assemblies> </compilation> … <microsoft. identity. Model> <service. Certificate>…</service. Certificate> <security. Token. Handlers> <add type="Microsoft. Identity. Model. UProve. Tokens. UProve. Presentation. Token. Handler, Microsoft. Identity. Model. UProve, Version=3. 5. 0. 0, Culture=neutral, Public. Key. Token=31 BF 3856 AD 364 E 35"> <issuer. Parameters. Store type="Sample. Issuer. Parameters. Store, UProve. Util, Version=1. 0. 0. 0, Culture=neutral" /> </add> </security. Token. Handlers> <audience. Uris>…</audience. Uris> </service> </microsoft. identity. Model>

Use Power. Shell to setup the server # Enable the Everyone. Scope Enable-ADFSRelying. Party. Trust -Target. Name Everyone. Scope # Adjust the lifetime of issued U-Prove tokens # Set-ADFSRelying. Party. Trust -Target. Name Everyone. Scope -Token. Lifetime 11520 # Adjust the number of U-Prove tokens issued # Set-ADFSProperties -Disconnected. Token. Count 25 # Generate Issuer parameters and private key (valid for 5 years) Set-ADFSIssuance. Parameters -Lifetime 1825. 00: 00. 00 # Export signed Issuer parameters $ip. Location = "c: userspublicissuance. xml" Export-ADFSIssuance. Parameters -Path c: issuerparams. xml # Update the information card to support for U-Prove tokens Update-ADFSInformation. Card

Questions?

http: //www. rsaconference. com/2010/usa/recordings/keynote-catalog. htm http: //channel 9. msdn. com/shows/Identity/Announcing-Microsofts-U-Prove-Community-Technical-Preview-CTP http: //edge. technet. com/Media/Learn-what-Microsofts-U-Prove-release-is-all-about http: //www. microsoft. com/u-prove http: //channel 9. msdn. com/shows/Identity/U-Prove-CTP-a-developers-perspective/

Enable more secure, identity-based access to applications on-premises and in the cloud from virtually any location or device PROTECT everywhere ACCESS anywhere INTEGRATE and EXTEND security SIMPLIFY security, MANAGE compliance • Provide more secure, • Control access across • Extend powerful self- • Enable access from virtually • Provide standards-based • Automate and simplify always-on access any device organizations interoperability service capabilities to users management tasks

Secure Messaging Secure Collaboration Information Protection Identity and Access Management Secure Endpoint

SIA 321 |Business Ready Security: Exploring the Identity and Access Management Solution SIA 201 |Understanding Claims-Based Applications: An Overview of Active Directory Federation Services (AD FS) 2. 0 and Windows Identity Foundation SIA 302 | Identity and Access Management: Centralizing Application Authorization Using Active Directory Federation Services 2. 0 SIA 303|Identity and Access Management: Windows Identity Foundation and Windows Azure SIA 304 | Identity and Access Management: Windows Identity Foundation Overview SIA 305 | Top 5 Security and Privacy Challenges in Identity Infrastructures and How to Overcome Them with U-Prove SIA 306 | Night of the Living Directory: Understanding the Windows Server 2008 R 2 Active Directory Recycle Bin SIA 307 | Identity and Access Management: Deploying Microsoft Forefront Identity Manager 2010 Certificate Management for Microsoft IT SIA 318 | Microsoft Forefront Identity Manager 2010: Deploying FIM SIA 319 | Microsoft Forefront Identity Manager 2010: In Production SIA 326 | Identity and Access Management: Single Sign-on Across Organizations and the Cloud - Active Directory Federation Services 2. 0 Architecture Drilldown SIA 327 | Identity and Access Management: Managing Active Directory Using Microsoft Forefront Identity Manager SIA 01 -INT | Identity and Access Management: Best Practices for Deploying and Managing Active Directory Federation Services (AD-FS) 2. 0 SIA 03 -INT | Identity and Access Management: Best Practices for Deploying and Managing Microsoft Forefront Identity Manager SIA 06 -INT | Identity and Access Management Solution Demos SIA 02 -HOL | Microsoft Forefront Identity Manager 2010 Overview SIA 06 -HOL | Identity and Access Management Solution: Business Ready Security with Microsoft Forefront and Active Directory Red SIA-5 & SIA-6 | Microsoft Forefront Identity and Access Management Solution

Learn more about our solutions: http: //www. microsoft. com/forefront Try our products: http: //www. microsoft. com/forefront/trial

www. microsoft. com/teched www. microsoft. com/learning http: //microsoft. com/technet http: //microsoft. com/msdn

Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31 st http: //northamerica. msteched. com/registration You can also register at the North America 2011 kiosk located at registration Join us in Atlanta next year