View
219
Download
2
Category
Preview:
Citation preview
steve plank “planky”microsoft
Lest we forgetwindows azure appfab
splank@microsoft.com
http://blogs.msdn.com/plankytronixx
agenda
• access control service• service bus• cache
connecting to the outside world
adUsername:
Password:
OK Cancel
adfs2acs
googleyahoolive id
appfabriclabsctp
available
now
tick box ip config
security token service
• service that issues tokens– give it something
• user-id/password• x.509 cert• another security token
– get a security token back• saml• swt• “cookie”• custom
“something” security token
claims transformation
sts
title
dept
tel no.
buyer
fred@abc.com
engineering
01234 567 890
title
dept
tel no.
purchaser
fred@abc.com
engineering
+441234 567 890
£limit
if title == “buyer” AND department == “engineering”: purchaselimit = “£5m”
if title == “buyer” AND department == “stationary”: purchaselimit = “£50”
£5m
roles
• claims store: stores claims:– email, firstname, telno, etc… active directory
• identity provider (ip): authenticate, issues tokens– user-id/pw, x.509, smartcard…. adfs2, acs
• federation provider (fp):– token in; token out. claims transformation… acs
• relying party (rp):– app that consumes tokens
• trust:– links rp-fp, fp-ip etc.
windows azure
wif
plankytronixx.com
acs/adfs authentication flow
app fab acs
web app
adfs 2
ad dc
ctrl-alt-del
federationtrust
trust
for more info
• blog post video: how adfs and acs work together– http://bit.ly/acsadfs
• blog post: federated identity primer– http://bit.ly/fednutshell
agenda
• access control service• service bus• cache
service bus
service bus• extends reach of
applications securely through the cloud
• enables multi-tenant apps to integrate with tenants’ on-premises services
• securely integrates partners outside of org boundaries
• extends reach of on-premises web services layer
• enables leveraging cloud quickly without having to rewrite apps
send
receive
app 1 app 2
receive
send
service remoting
service bus
access control
sender listener
access web services across the internetpublish services and communicate bi-
directionallyrpc-style request/response or duplex
eventing
service bus
access control
notify remote parties of eventssender transmits information to listeners
events are distributed unicast or multicast
listener
listener
sender
tunneling
service bus
access control
sender listener
transport existing complex protocols over simple protocols
(e.g. sql server named pipes over http)
protocol bridge
protocol bridge
agenda
• access control service• service bus• cache
appfabric caching usage
• based off the proven windows server appfabric caching capabilities– features: high availability, regions, notifications
• session state provider for windows azure applications– out-of-the-box asp.net providers for both session state and page
output caching
• programmatic cache layer– based on Windows server appFabric caching api– add/get/getandlock/getifnewer/put/putandunlock – typical cache-aside pattern
• released!
review
• access control service• service bus• cache
• blogs.msdn.com/plankytronixx
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Recommended