E N D
2. Agenda ADFS The Need
ADFS Scenarios
ADFS Architecture
4. Existing IDM ApproachesExtending your network to external users
5. Business Costs of Partner Account Management
6. Vision for Identity ManagementExtending Access Through Web Services
7. WS-FederationCross-organization, multi-vendor interoperability Web Services Federation Language
Defines messages to enable security realms to federate & exchange security tokens
Built upon WS-Security, WS-Trust
Wide industry support
Authors: BEA, IBM, Microsoft, RSA, VeriSign
Workshop: IBM, OpenNetwork, Oblix, Netegrity, RSA, PingID
Two “profiles” of the model defined
Passive (web browser) clients – HTTP/S
Active (smart/rich) clients – SOAP
8. Scenario: Identity Federation Credentials, authentication managed in “home realm” by partner organization, in AD or other solution
Auth via Windows Integrated, web-based, client-side certs
Authorization through AzMan, ASP.Net Roles, NT Impersonation & ACL’s, raw claims
Single sign-on across security boundaries (internal & external)
9. Scenario: Web SSO Credentials managed in AD/ADAM at resource
Authentication via forms, client-side certs
Authorization through AzMan, ASP.Net Roles, NT Impersonation & ACLs, raw claims
Single sign-on to farm of web apps
10. ADFS Components
11. ADFS Components
12. ADFS Components
13. ADFS Components
14. ADFS Authentication Flow
15. ADFS Promotes Organizational Efficiency
16. ADFS Improves Security & Regulatory Compliance
17. ????? ??? ????? ? - ADFS
??????? ??????
?????? ? - ADFS
18. ???? ???ADFS