Document 6585305

Transcription

Document 6585305
1
2
How to securely store and roam credentials
Secure storage
Credential isolation
Roaming
My Photo App
App Foo
Sky Drive
(Microsoft Account)
Desktop PC
My Photo App
Tablet PC
My Photo App
Typical OAuth flow
7. Data access
6. Authorization token (Redirect URL)
1. Authorization Request (Start URL)
Application
User
Online
service
No browser control
No credential isolation
Web authentication broker
7. Data access
WinRT
Web auth broker
6. Authorization token (Redirect URL)
1. Authorization request (Start URL)
Dialog
Windows Store app
User
Online
service
Easy to use
Credential isolation
Supports secure SSO
Architecture
App’s
App Container
Different
App Container
Medium
Integrity Level
1
2
6
3a
4
3b
5
SSO mode allows users to
authenticate to services
without having to re-enter
credentials every time
WAB supports SSO
Apps need to opt-in
https://contoso.com
Contoso verifies the redirect URL for its apps
(e.g. MyPhotoApp registered ms-app://S-1-5-4321)
https://contoso.com?ContosoAppID=MyPhotoApp,
redirectURI=ms-app://S-1-5-4321,…
SID: S-1-5-4321
MyPhotoApp
User Mode (App Container)
Kernel Mode
User Mode (Medium)
Icon
Title text
Header color
to do the following:
Stylized web page
How to expose account-related options in your app’s UI
Inconsistent account UX
Extra work for you
How to expose accounts related options in your app’s UI
Intuitive & consistent account UX
Saves you time
Key takeaways
Sign in once. And that’s it.
Microsoft Account & Services - Live SDK
Sign up or
give up?
Online service providers - WebAuthBroker
Optimize your online service for best results
Cred Management - Credential Locker
Accounts UX – Accounts Control
http://isdk.dev.live.com
http://www.github.com/liveservices
http://msdn.microsoft.com/en-us/library/windows/apps/hh465283.aspx
http://msdn.microsoft.com/en-us/library/windows/apps/hh465069.aspx
http://msdn.microsoft.com/enus/library/windows/apps/windows.ui.applicationsettings.accountssettingspanecommandsrequestedeventargs.aspx