Channel 9

Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

MSDN

Activity Profile

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements
Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Jorgen Thelin on the Microsoft Federation Gateway

Embed code for this video

Copy the code above to embed our video on your website/blog.

Close

Video format

Option selected may change based on video formats available and browser capability.

Close

Download

How do I download the videos?

  • To download, right click the file type you would like and pick “Save target as…” or “Save link as…”

Why should I download videos from Channel9?

  • It's an easy way to save the videos you like locally.
  • You can save the videos in order to watch them offline.
  • If all you want is to hear the audio, you can download the MP3!

Which version should I choose?

  • If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
  • If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
  • If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
  • If you just want to hear the audio of the video, choose the MP3 file.

Right click “Save as…”

  • High Quality WMV (PC, Xbox, MCE)

    File size

    122.8 MB
  • MP3 (Audio only)

    File size

    13.4 MB
  • MP4 (iPod, Zune HD)

    File size

    105.8 MB
  • Mid Quality WMV (Lo-band, Mobile)

    File size

    224.9 MB
  • WMV (WMV Video)

    File size

    213.0 B
Jorgen Thelin, Senior Program Manager, looks after key identity services in Microsoft such as Windows Live ID and the Microsoft Federation Gateway (MFG).
In today's interview Jorgen describes the role of MFG, and touches on the many wonders it enables: using AD accounts to SSO (single sign on) access to Microsoft Business Online Services such as Dynamics CRM, allowing the 550 million owners of a Live ID account to gain access to your federated applications developed with Windows Identity Foundation, and much more.
Jorgen also takes the chance to tell the story of the Microsoft Services Connector (MSC), from its inception to the decision of consolidating its functionalities in Active Directory Federation Services 2.0 (see the Microsoft Online Service Federation Utility preview).
Finally, Jorgen gives us a taste of the future of MFG: non-AD directories, SAML2.0 protocol and the new scenarios that those exciting features will enable.
 
URL references:
The Microsoft Federation Gateway on MSDN
Jorgen's blog
The Identity key topic on Channel 9

Tags:

Follow the Discussion

  • metadojometadojo

    great work.

    Question... where does ACS fit in.

     

    I see how MFG helps you reduce the complexity of establishing trust relationships with multiple IPs.

    But inside my application or RP i would need to have logic to differentiate between people from IPx , LiveID or IPy.

    Would ACS fit in here between the MFG and RP.. mapping all incoming claims to some normalized set that my app or organization understands.

     

    If so wondering why this was not mentioned.

     

    thanks.

  • Jorgen Thelin - MSFTjthelin

    Yes, ACS fits in nicely between MFG and the RP, as you suggest.

     

    I find it useful to think of ACS in one of two ways in relation to MFG, depending on which perspetive I am coming at it from:

    1. Either, MFG (and IdP's in general) provides the authentication / base identity claims layer, and there is another architecture layer above that which handles authorization (eg ACS).
    2. Or, ACS is a resource STS that is downstream from MFG. To MFG whatever relying parties and/or STS's (or even chain of RPs/STSs) are downstream is just a black box -- MFG issues tokens and sends them to the next address for that RP, and whether that be ACS or direct to an application is not something that MFG needs to know.

    In general, an app will always have some kind of authorization / permissioning logic somewhere -- and whether that be provided by the app itself or offloaded to ACS is a design choice that is pretty much completely invisible to MFG.

     

    Hope this helps explain the relationshiop between MFG and ACS.

     

    - Jorgen

  • Travis Spencertravisspenc​er

    Am I correct that the MFG is an FP-STS and it is never an IP-STS?  From watching the video, it sounds like the actual IdP is never the MFG, but the MFG has the capability to federate with thousands or even millions of IP-STSs (a WS-Federation/WS-Trust thunking layer for the IdP).  Because of its tight relationship with LiveID, an IP-STS, it seems like the MFG gets improperly called an IP-STS or IdP sometimes when it is in fact not.  If I am correct here, it would be helpful to call the MFG an FP-STS when describing it because many of us have this frame of reference, making this technology easier to come to terms with.

     

    The eventual support for SAML 2 and interoperability with PingFederate will be fantastic.  Looking forward to that.

     

    Great video.  Thanks for taking the time to produce it.

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.

More episodes in this show

See More

Related posts

Creative Commons License

© 2013 Microsoft. Except where designated as licensed by
Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License,
Microsoft reserves all rights associated with the materials on this site.