Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
Looking to rent a book? Rent A Guide to Claims-Based Identity and Access Control: Authentication and Authorization for Services and the Web [ISBN: 9780735640597] for the semester, quarter, and short term or search our site for other textbooks by Baier, Dominick. Renting a textbook can save you up to 90% from the cost of buying.
Dominick Baier splits his time between being an independent security consultant and an instructor for DevelopMentor - teaching and authoring the ASP.NET and the .NET security curriculum. He has a degree in computer science (German Diplom Ingenieur), is a certified BS7799/ISO17799 Lead Auditor and speaks at various conferences (WinDev, DevWeek, ADC) about application security. When not teaching he spends his time researching security, doing audits and penetration tests and helps other developers around the world to build more secure applications. Dominick maintains a security blog at http://www.leastprivilege.com.
Vittorio Bertocci is a Senior Architect Evangelist in the Windows Azure Platform Evangelism team with Microsoft® Corp. After four years in the Italian Microsoft Consulting Services, Vittorio moved to the U.S. headquarters in Redmond, where he has spent the past four years helping customers deploy solutions based on identity and access management, SOA, and services. He currently focuses on all things identity, working with the developer's community, large enterprises and partners. Vittorio is a published author; he frequently speaks about identity at international conferences and maintains a popular blog at http://blogs.msdn.com/vbertocci.
Keith Brown is a co-founder of Pluralsight, a premier Microsoft® .NET training provider. Keith is the author of Pluralsight's Applied .NET Security course as well as several books, including The .NET Developer's Guide to Windows® Security, which is available both in print and on the Web. Learn more at www.pluralsight.com/keith
Matias Woloski is an Enterprise Architect at Southworks S.R.L. He's been involved in software development for 6 yeasr. Currently, he's working with the patterns & practices team at Microsoft® in a Scrum-driven project. He maintains a blog at http://blogs.southworks.net/mwoloski/
Eugenio Pace works in the Software and Services group for the Microsoft® Architecture Strategy team. He develops architecture guidance to help ISVs, Hosters and Companies, build, run and consume software delivered as a service. His blog can be found at http://blogs.msdn.com/eugeniop/
Foreword | |
Kim Cameron | p. ix |
Stuart Kwan | p. xi |
Preface | |
Who This Book Is For | p. xii |
Why This Book Is Pertinent Now | p. xiv |
A Note About Terminology | p. xiv |
How This Book Is Structured | p. xvi |
What You Need to Use the Code | p. xxi |
Who's Who | p. xix |
Acknowledgements | p. xxi |
An Introduction to Claims | |
What Do Claims Provide? | p. 1 |
Not Every System Needs Cliams | p. 2 |
Claims Simplify Authentication Logic | p. 3 |
A Familiar Example | p. 3 |
What Makes a Good Claim? | p. 5 |
Understanding Issuers and ADFS | p. 6 |
User Anonymity | p. 7 |
Implementing Claims-Based Identity | p. 7 |
Add Logic to Your Applications to Support Claims | p. 7 |
Acquire or Build an Issuer | p. 8 |
Configure Your Application to Trust the Issuer | p. 8 |
Configure the Issuer to Know About the Application | p. 9 |
A Summary of Benefits | p. 10 |
Moving On | p. 10 |
Claims-Based Architectures | |
A Closer Look at Claims-Based Architectures | p. 12 |
Browser-Based Applications | p. 13 |
Smart Clients | p. 20 |
Federating Identity Across Realms | p. 22 |
The Benefits of Cross-Realm Identity | p. 23 |
How Federated Identity Works | p. 24 |
Home Realm Discovery | p. 26 |
Design Considerations for Claims-Based Applications | p. 28 |
What Makes a Good Claim? | p. 28 |
How Can You Uniquely Identify One User From Another? | p. 29 |
How Can You Get a List of All Possible Users and All Possible Claims? | p. 29 |
Where Should Claims Be Issued? | p. 30 |
Claims-Based Single Sign-On for the Web | |
The Premise | p. 33 |
Goals and Requirements | p. 35 |
Overview of the Solution | p. 36 |
Inside the Implementation | p. 38 |
a-Expense Before Claims | p. 39 |
a-Expense with Claims | p. 41 |
a-Order Before Claims | p. 48 |
a-Order with Claims | p. 49 |
Signing Out of an Application | p. 50 |
Setup and Physical Deployment | p. 50 |
Using a Mock Issuer | p. 50 |
Isolating Active Directory | p. 51 |
Converting to a Production Issuer | p. 52 |
Enabling Internet Access | p. 52 |
Variation-Moving to Windows Azure | p. 52 |
More Information | p. 56 |
Federated Identity for Web Applications | |
The Premise | p. 57 |
Goals and Requirements | p. 58 |
Overview of the Solution | p. 58 |
Benefits and Limitations | p. 63 |
Inside the Implementation | p. 63 |
Setup and Physical Deployment | p. 63 |
Using Mock Issuers for Development and Testing | p. 63 |
Establishing Trust Relationships | p. 64 |
More Information | p. 65 |
Federated Identity for Web Services | |
The Premise | p. 67 |
Goals and Requirements | p. 68 |
Overview of the Solution | p. 68 |
Inside the Implementation | p. 70 |
Implementing the Web Service | p. 70 |
Implementing the Active Client | p. 72 |
Implementing the Authorization Strategy | p. 75 |
Debugging the Application | p. 76 |
Setup and Physical Deployment | p. 77 |
Configuring ADFS 2.0 for Web Services | p. 77 |
Federated Identity with Multiple Partners | |
The Premise | p. 81 |
Goals and Requirements | p. 82 |
Overview of the Solution | p. 83 |
Using Claims in Fabrikam Shipping | p. 86 |
Inside the Implementation | p. 88 |
Setup and Physical Deployment | p. 97 |
Establishing the Trust Relationship | p. 97 |
User-Configurable Claims Transformation Rules | p. 99 |
Using Fedutil | p. 101 |
Message Sequences | p. 103 |
The Browser-Based Scenario | p. 104 |
The Active Client Scenario | p. 116 |
Industry Standards | p. 123 |
Security Assertion Markup Language (SAML) | p. 123 |
WS-Federation | p. 123 |
WS-Federation: Passive Requestor Profile | p. 123 |
WS-Security | p. 124 |
WS-SecureConversation | p. 124 |
WS-Trust | p. 124 |
XML Encryption | p. 124 |
Certificates | p. 125 |
Certificates for Browser-Based Applications | p. 125 |
On the Issuer (Browser Scenario) | p. 127 |
On the Web Application Server | p. 127 |
Certificates for Active Clients | p. 128 |
On the Issuer (Active Scenario) | p. 128 |
On the Web Service Host | p. 130 |
On the Active Client Host | p. 132 |
Glossary | p. 133 |
Index | p. 143 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.