 | | |
| | |
|
Spaces home  Windows Live IDProfileFriendsBlogMore |  Tools   |
Windows Live IDIdentity gateway for Microsoft online services
Delivering Data Portability – Delegated Authentication SDK v1.0Today the Windows Live™ ID team released the Delegated Authentication SDK v1.0, which provides a platform-neutral way for Web applications to access customers’ information from Windows Live services while customers remain in firm control of their own data. This release is part of a broader announcement of a whole set of releases from the Windows Live Platform team that are described by our boss David Treadwell in his blog posting today. Windows Live Delegated Authentication is a feature that gives Windows Live ID customers the ability to consent to the scoped release of their personal information to particular Web sites in a reliable yet flexible manner. Customers grant (or withhold) consent by means of a straightforward user interface, as shown here:
Delegated Authentication is a way to grant access to personal information, but with more precise control over permissions and usage than the current binary decision (that is, fully on or fully off) that comes with the generally bad practice of handing over your account credentials to another Web site. Simultaneously with the debut of Delegated Authentication, the Windows Live Contacts and Windows Live Photos teams have released updates to their services to use this new feature, enabling customers to permit other Web applications to access their photo albums or their Hotmail® / Messenger contact lists. This is a big step in delivering real, user-centric data portability—giving Windows Live customers explicit control over releasing their information from Windows Live services and sharing that data with other applications that they want to use. The value of allowing software to access our personal data across multiple Web sites can be huge in terms of:
Windows Live Delegated Authentication is the strategic delegation platform for Microsoft Web properties, and is built on the proven, highly scalable technology used by the Windows Live ID authentication service. Delegated Authentication is an evolution of the earlier prototype Cumulus PGUX Alpha release (a.k.a. Windows Live Data) seen at MIX07. The PGUX system will be phased out during the next six months, and during that time we’ll be working with any developers currently using the PGUX service to help them make the transition to the Windows Live ID Delegated Authentication system. A white paper is available to provide a high-level overview of how Delegated Authentication works and how it can be implemented and used by Web application providers. More details are provided in the Delegated Authentication SDK documentation on MSDN®. The SDK release includes sample applications for each of six different programming languages: ASP.NET, Java, Perl, PHP, Python, and Ruby. The use of this SDK is governed by the Windows Live Platform Terms of Service. Delegated Authentication is the strategic programming model for consent-based data portability for all Windows Live services going forward. More Windows Live services will be releasing support for this feature in the coming months; the Resource Provider Directory shows the current list of Windows Live services that support Delegated Authentication and the status of each release. Windows Live Delegated Authentication is both a powerful enabler of a new class of user-centered Web services, and also an opportunity for users to take back control of their own personal data and make informed decisions before releasing that data to other parties.
-- Jorgen Thelin, Senior Program Manager, Windows Live Identity Services
Some Typical Scenarios for Windows Live Delegated AuthenticationHere are some scenarios that illustrate how Windows Live Delegated Authentication might be used. Social Networking Address Book – A social network site can synchronize a customer’s Windows Live Contacts list with his or her “friends” lists from other social networking sites, to ensure that the customer can keep e-mail and contact information updated as friends change jobs or move around the country. Family Photo Album – A family Web-site service could automatically retrieve the latest digital photographs from each individual family member’s personal photo-hosting account, to create an up-to-date snapshot of family activities. Resources· Understanding Windows Live Delegated Authentication white paper · Windows Live ID Delegated Authentication SDK · Windows Live ID Delegated Authentication SDK documentation · Windows Live Platform Terms of Service · Windows Live Delegated Authentication - Resource Provider Directory · Windows Live ID - Development Support Forum · Windows Live ID Developer Home Page · Windows Live Contacts Developer Home Page · Windows Live Photo APIs Developer Home Page · David Treadwell’s Windows Live Platform Announcement blog posting Windows Live ID adopts Extended Validation (EV) SSL Certificates.Windows Live ID is very committed to the safety of its users. To further protect the users against phishing, Windows Live ID has adopted Extended Validation (EV) SSL Certificates. EV SSL certificates require a company to undergo an extensive vetting process and provide users additional assurance about the identity and authenticity of web sites they visit. Thus when a user visits Live ID in IE7, the address bar will turn green and the identity of the company that owns the website – in this instance ‘Microsoft Corporation [US]’ – is displayed. You can get more information on EV certificates here.
Users of sites (such as Hotmail, Spaces, and Microsoft partner sites) that use Live ID authentication can now enjoy the additional protection and verified identity provided by EV SSL. Remember that in order to enjoy the additional assurance provided by EV SSL, users will have to use a newer browser that supports EV SSL, such as Internet Explorer 7. Windows Live ID is the first large scale authentication service to adopt EV certificates; our over 380 million users can now enjoy the additional protection offered by EV over 1.2 billion times a day when they login.
-- Nayna Mutha, Program Manager Windows Live ID adds Beta support for Information Cards with Windows CardSpace!
Windows CardSpace is a new way to sign in securely and conveniently into websites. And now you can use CardSpace with your Windows Live ID account! Using CardSpace with Windows Live ID means you don’t use a password to sign-in. Instead, just send your Information Card to Live ID to identify you and get signed into Hotmail, Windows Live Spaces or any other site that accepts Windows Live ID. And it is incredibly easy to use CardSpace with your Live ID. Just follow this link (here) to get going in minutes!
If you are using Windows Vista, you are all ready to use CardSpace! If you are on Windows XP or Windows 2003, you will need to get IE 7.0, our newest and coolest browser and .Net 3.0 with CardSpace support (if you don’t already have them). You will also need to add an Information Card to your Live ID account. To install these components and add an Information Card to your Live ID account, visit the Windows Live ID Information Card management page. Also go to that page to make changes to the Information Card added to your Live ID account.
Once you’ve added an Information Card to your Live ID account, sign in using the Information Card. You will be amazed at how easy it is! BTW, that Windows Live ID CardSpace support is still a “Beta”. We are still working on it and know a bunch of things that could be better. But do let us know your wish list; it is always good to get feedback.
Nayna Mutha, Program Manager - LiveID Rob Franco, Lead Program Manager - Windows CardSpace Windows Live ID Web Authentication SDK for Developers Is Released
Windows Live ID Web Authentication allows sites who want to integrate with the Windows Live services and platform. We are releasing a set of tools that make this integration easier than ever.
Web Authentication works by sending your users to the Windows Live ID sign-in page by means of a specially formatted link. The service then directs them back to your Web site along with a unique, site-specific identifier that you can use to manage personalized content, assign user rights, and perform other tasks for the authenticated user. Sign-in and account management is performed by Windows Live ID, so you don't have to worry about implementing these details.
Included with the Web Authentication software development kit (SDK) are QuickStart sample applications in the ASP.NET, Java, Perl, PHP, Python, and Ruby programming languages. You can get the sample applications for this SDK from the Web Authentication download page on Microsoft.com.
The benefits of incorporating Windows Live ID into your Web site include:
· The ability to use Windows Live gadgets, APIs and controls to incorporate authenticated Windows Live services into your site. · An HTTP-based, platform-neutral interface for implementing Windows Live ID authentication in your existing site, even if it is hosted by a third-party. · Ability to make authentication and Windows Live integration easy for over 380 million consumers.
Try it out! Click here to see the Web Authentication SDK documentation and click here to download the QuickStart sample application for your platform. In minutes, your site will be Windows Live ID enabled!
Your feedback is greatly appreciated and will help us refine this product. Post your comments and questions to the Windows Live ID Discussion Forum.
-- Kyle Young, Lead Program Manager Windows Live ID Client 1.0 SDK Alpha REFRESH -- Now available!You can now download the new version of the Windows Live™ ID Client 1.0 SDK, the Client Alpha Refresh. This release includes some software updates, and keeps us on our way to the final 1.0 release by the end of this year. As always, we take your feedback very seriously, so please let us know what you want to see in future releases by posting to our forum. With the Alpha refresh release, we introduce the Windows Live ID Client 1.0 SDK (more briefly referred to as Client Auth) sample application Shoe Buddy that premiered at the MIX conference. Shoe Buddy demos a real application that would download shoes from different online stores into a smart client, making it easier to search. By pulling together inventory from multiple sources, the shopper has a single purchasing experience (one shopping cart, one transaction) when in reality the products come from multiple vendors. Shoe Buddy also incorporates Client Auth’s functionality to interact with Windows Live Spaces. Not only can shoppers search and purchase their shoes in the application, they can also blog about the shoes directly from the smart client. The purpose of the demo is to show how adding Client Auth to the application increases the value to both the developer and the shopper. By letting the shopper blog about their shoes from within the natural flow of the smart client shopping experience, they can easily share the details of their discoveries with their friends and family. Creating an e-mail or copying the information to IM is much more involved than automatically posting both the picture and the description of the shoes to the shopper’s blog. The shopper is now, in essence, advertising the developer’s Shoe Buddy products to their social network. Both parties win. So do you want to play around with Shoe Buddy? Live in a Box’s 0.3 Alpha now includes Client Auth and Shoe Buddy. Live in a Box is a project on CodePlex that lets you play with the different Windows Live technologies. Check out our sample application and make sure that you tell us about applications that you build with Client Auth. - Sarah Faulkner, Program Manager Windows Live ID is going to MIX 07!Windows Live ID is going to be at MIX 07, Microsoft’s conference for the consumer web and the people that make it interesting. We’re going to talk about how you, our developers can integrate with us to build cool new applications that use authenticated user data from Windows Live. (Subject to user control, of course!) We’ll be featured in the 30 Minute Social Application session Monday afternoon. We’ll also be at the Windows Live Mashup event on Sunday and Monday. What’s more, you can meet us face-to-face at the Windows Live ID open mic chat on Tuesday. Please stop by if you have any questions for us or just want to say hello. See you there! -- Neelamadhaba Mahapatro, Arshad Ahmad, Lynn Ayres Windows Live ID Client 1.0 SDK Alpha Release AnnouncementWindows Live ID Client 1.0 SDK Alpha Is Released! The Windows Live ID Client 1.0 SDK provides a managed API for Windows Live sign-in authentication. Included in the release is a sample application with its source code, so that you can build your own client applications. The sample application demonstrates the following functions: · Users can sign in to your application using the sleek Windows Live-designed authentication user interface. · Users can save their user name and/or password so that their sign-in information persists the next time they run the application. · From within the sample application, users can create a blog that is automatically posted on their Windows Live Space. · The application will launch an Internet browser, and users are automatically signed in to their Windows Live Space.
The benefits of implementing the Windows Live ID authentication service include: · No need to worry about the technical details of authentication! The Windows Live ID authentication service manages this process for you. · Don’t bother worrying about how to store and retrieve user account information! The Windows Live ID service uses the same functionality as Messenger to cache the user name and/or password for use in subsequent user sign ins. · Forget about creating, storing, and maintaining user accounts! The Windows Live ID service hosts and manages the Web flows and account services to enable account sign up, credential viewing and updating, and profile management. · Gain hundreds of millions of potential users of your application! By enabling Windows Live accounts direct sign in to your application, anyone with a Windows Live ID can become a user of your product. The Windows Live ID team is working on new and improved features to the Windows Live ID Client 1.0 SDK, which will be announced on dev.live.com.
Please download the SDK and let us know what you think. Your feedback is greatly appreciated and will help us shape the final product. Post your feedback and support requests to the Windows Live ID discussion forum on dev.live.com.
Click here to download the Windows Live ID Client 1.0 SDK Alpha release from connect.microsoft.com!
Adding our RSS feed to live.comYou can use this handy link to add our RSS feed to live.com:
Questions about Windows Live Sign-in AssistantOver the past few weeks, we’ve received a ton of fantastic feedback from everyone on the Windows Live Sign-in Assistant and how much better our new Windows Live sign-in experience is. Thanks to everyone for the great feedback!
We’ve noticed a steady stream of questions on certain aspects of the Sign-in Assistant so we wanted to answer some questions in a concise manner to clarify any confusion. As always, leave us comments if there is still anything that isn’t clear!
Q: How do I install the Windows Live Sign-in Assistant?
A: Currently, the Windows Live Sign-in Assistant is only available as an option when you install the Live Messenger beta. Previously, the beta was “invite only”, but it was recently opened up to all users. See our previous blog post on how to get the beta.
During the install process for the Live Messenger client, there is an option that says ‘Install the Windows Live Sign-in Assistant”. Make sure you check that option during install otherwise it won’t install :) Many people have skipped over this option during the Live Messenger install process. We're working with the Messenger team on how to improve the messaging during setup to improve discoverability.
Q: I have the Windows Live Sign-in Assistant installed but I’m not getting multiple users shown on the sign-in screen. How do I fix this?
A: The 2 most common reasons for multiple users not working are:
1) You are using Firefox. Currently the Windows Live Sign-in Assistant is for Internet Explorer. We are working on full support for Firefox, but unfortunately were not able to get it into V1. We recognize that customers use Windows Live services from multiple devices and computers, so we will continue to do work here to figure out a good solution. I would like to note that our Windows Live Mail team has been doing a bunch of work to get the richer Live Mail experience working with Firefox -- check it out .
2) You previously installed a Messenger beta. Many people installed an earlier pre-beta version of Live Messenger (older than build 689) which included a version of the Sign-in Assistant. Since this was a pre-release version, it will not work on our sign-in UI. If this applies to you, use “Add/Remove Programs” in the Control Panel and remove BOTH Live Messenger beta and the Windows Live Sign-in Assistant (you have to uninstall both). After that, go to http://ideas.live.com and re-install the official Live Messenger beta which will install the correct, and working, version of the Windows Live Sign-in Asssitant.
Q: All I see is a blue “buddy” icon on the sign-in screen. How can I get my Messenger or MSN Spaces display picture to show?
A: At this time we don’t support showing your Messenger or MSN Spaces display picture. We are, however, looking to make improvements on this in the future. Stay tuned for some cool work in this area!
-Trevin Chow, Lead Program Manager Get on the Live Messenger Beta automatically
Sign-in support for multiple IDsDo you have multiple Windows Live ID accounts? Do you use the same Windows account with more than one person? Do you switch between these accounts frequently? If you answered yes to these questions, you’re in for some good news!
Today we are shipping the Windows Live Sign-in Assistant which is an Internet Explorer add-on that comes included with Windows Live Smart Clients, such as Windows Live Messenger. The goal of this add-on is to help make your sign-in experience faster and more convenient for users that have more than one Windows Live ID account.
Easily choose which account you want to use
Multiple Windows Live ID accounts are often used on a particular computer, either because multiple people share a computer (like in a family home), or, because you are an individual user with multiple accounts (for example, separate accounts for ‘work’ and ‘home’). A key feature that Windows Live ID sign-in experience will offer is the ability for our users to save multiple credentials on their machine. These multiple accounts will be shown as a list on the sign-in page – you’re even able to save your password for each of these accounts, eliminating the need to re-type your password everytime you want to change your identity! (Note: if you use a shared/public computer, we do not recommend saving your password) Take a look at this screenshot taken from one of our test environments:
(click to enlarge):
True Password Persistence!
Before the Windows Live Sign-in Assistant, the ‘save my password’ option caused your sign-in state to be persisted across multiple browser sessions (it was a persistent cookie), but hitting “sign-out” at any page would delete the cookie and the next time you wanted to log in, you were prompted for your password again.
This was a frustrating experience for users.
With the Sign-in Assistant installed, the ‘save my password’ box will work just like it does in Messenger – it will keep the password in a local credential store (we use the Windows Credential Manager). If you’ve chosen to save your password, all it takes to sign in is a single click on the appropriate user tile. This is a huge improvement over the previous experience. We’ve also made it very easy for you to remove your saved password, just click on “remove” link and the member name and password are deleted from the credential store. You are in still in control of when your credentials are saved.
One credential list shared by Windows Live smart clients and browser applications
The list of users that is shown on the sign-in page is actually the same saved user list used by Windows Live desktop applications, meaning that if you save a credential in Windows Live Messenger, it will be shown by your browser on the Windows Live ID sign-in page! If you choose to “save my password” on the Windows Live sign-in page, your username and password will show up on the user list in Windows Live Messenger. This will unify the experience across Windows Live ID enabled applications. This also means that choosing “remove” on the Windows Live Sign-in page will remove the saved ID/password for all applications on your machine. This is a fundamental shift from our previous sign-in experience and different from other sign-in experience you may be using. However, the upside of this is that it unifies all the Windows Live services and clients as a single product under Windows Live ID.
How can you get the Sign-in Assistant, and when can I start using the new UI? You can get the Windows Live Sign in Assistant with the upcoming version of Windows Live Messenger 8.0 Beta (you can sign up for the beta at http://ideas.live.com). Make sure you check the box on install that says “Windows Live Sign-in Assistant”. The enhancements will be seen only on Windows Live sites which have the new Windows Live Sign-in UI enabled (checkout Lynn’s previous post on the new sign-in experience).
How does it work?
The Sign-in Assistant consists of two components – an ActiveX control and a browser helper object. These components provide an interface to our sign-in UI that allows it to make calls to the Windows Live ID client runtime libraries. Using those libraries, we are able to enumerate and perform functions on the accounts stored in the Windows Live common credential store. The common credential store is stored within the Windows Credential Manager and is where all of your Windows Live ID accounts get stored when you say “remember me” in Windows Live Messenger. In short, the BHO/ActiveX allows us to unite the user list between all Windows Live apps to enable rich scenarios without the limitations of HTTP cookies.
What are the implications to installing the Sign-in Assistant?
Installing the Sign-in Assistant simply means your sign-in experience will be more convenient and faster, especially for users who have more than one Windows Live ID. The sole purpose of the Sign-in Assistant is to enhance the Windows Live ID sign-in experience. The Sign-in Assistant contains no spyware, does not track your surfing patterns or behavior and is not related to the delivery of advertisements. If you decide that the Sign-in Assistant is not for you, you can disable it by going to the Tools menu in IE, selecting “Manage Add-ons”, highlighting “Windows Live Sign-in Helper”, and then choosing “Disable” in the settings box. Alternatively, you can remove it permanently by using the “Add/Remove Programs” dialogue in the Control Panel (it shows up as “Windows Live Sign-in Assistant”). That said, we hope that you’ll like the enhanced sign-in experience and choose to keep the Sign-in Assistant running!
That’s all for now
We’re very excited about the richness of the sign-in experience and the scenarios we’ll be able to unlock in the future, including authentication state transfer from the web to a desktop client (we’ll post more on this in the near future)!
Make sure you check the “install windows live sign-in assistant” box when you install the upcoming version of Windows Live Messenger 8.0 beta and don’t forget to leave us feedback (good or bad) after you’ve tried it out.
-Mark Wong and Erren Lester, Program Managers
FAQs
New! Q: I installed the Live Messenger beta and the Windows Live Sign-in Assistant but I only see a single user on the sign-in screen. What's going on? A: For those having troubles getting the multi-account feature on sign-in, it's likely because you are either (a) using a browser other than Internet Explorer, or (b) previously installed a Live Messenger beta with an old build of the Sign-in Assistant.
If you fall into (a), you can solve it by using IE :) We wanted to support more browsers in this initial release, but had to make some feature cuts along the way to ensure we shipped on time. We are actively looking at increasing non-IE browser support in the future.
If you fall into (b), use "Add/Remove Programs" in Control Panel and uninstall both Live Messenger and The "Windows Live Sign-in Assistant". Then you can reinstall the official Live Messenger Beta from http://ideas.live.com. This official beta version will install the correct, and working, version of the Sign-in Assistant for you.
Q: You have 2 components, a BHO portion and an ActiveX control, what does the BHO component do?
A: The BHO inspects some of the traffic to and from the login.live.com domain during sign-in. The BHO only acts when data is coming from or going to this domain. We do not save or track your internet usage. We only do things like save passwords and get and save authentication states.
Q: Oh, ok, so you save my passwords and use them to help me sign-in at Live.com. What other passwords does Microsoft monitor and save?
A: None, we only look and save your Windows LiveID information, and only if you explicitly choose ‘remember me’ or ‘remember my password’. If you don’t have the Sign-in Assistant installed, our behavior is the same as in the past strictly utilizing HTTP cookies. We will never store, save, or otherwise interact with any data that is not directly relevant to authentication with a Windows Live ID. For more information about how our service handles your personal information, check out the official Microsoft Online Services privacy policy. New sign-in UI.. it's alive!Today we are rolling out a new sign-in experience for Windows Live sites like Live.com, Ideas, Mail, Expo, Favorites and Custom Domains. This is the next step in our Windows Live ID deployment. When our team first started working on Windows Live ID, we were really excited because it gave us an opportunity to rethink the sign-in experience. In the past, signing in has been cumbersome for users. The user knows that they are who they say they are, but they have to prove it by remembering an ID and password and typing them in. When you have a service that operates at such large scale as Windows Live ID, delaying users even a few seconds with a poor experience can result in a net loss of thousands of hours wasted across the world per year. We take the responsibility to deliver a good sign-in experience very seriously. You can see the following improvements to the Windows Live sign-in experience today:
Finally, you don’t need to sign up for a new account to sign in to Windows Live sites. You can use your existing Hotmail, MSN, or Passport account. This new sign-in UI you'll see today isn't the last thing you'll see from the Windows Live ID team -- more innovative features are coming! Next week we’ll have more information from more members of our team on how the sign-in UI was implemented as well as more exciting features you’ll see in the coming months in the sign-in experience for Windows Live.
- Lynn Ayres, Mark Wong, Trevin Chow, Erren Lester, Brian Perrin and Brian Kramp Windows Live ID deploymentQuestion #1: What service has over 300 million users and does nearly a billion authentications per day?
Answer: Windows Live ID!
Question #2: What service is being deployed right under your nose, while still maintaining its stellar availability?
Answer: Windows Live ID!
That's right, we’re nearly complete with our deployment of the Windows Live ID service! It's a good thing that you haven’t noticed, otherwise we would have been in serious trouble since it would have meant something went wrong :) The first thing to point out is that all the sign-ins will start going to our new URL, which is login.live.com. The second thing is that you'll notice in the footer of our "classic" sign-in UI are the words "Windows Live ID" :) Our new sign-in experience that I've mentioned before will begin to light up over the next week or so at partners like Live Mail, Expo and www.live.com. In fact, Lynn Ayres, one of the PMs on our team responsible for user experience and design of the new Windows Live ID Sign-in UI will be blogging very soon on this very topic in the next few days. Stay tuned for more info!
-Trevin Chow, Lead Program Manager Windows Live ID whitepaperFresh off the press on MSDN is our whitepaper on the Windows Live ID service. This is a great primer on Windows Live ID, how it is positioned within the Identity Metasystem and what you can look forward to in the future with respect to the platform.
Some excerpts to wet your appetite:
Whitepaper: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlive/html/winliveidserv.asp
-Trevin Chow, Lead Program Manager The beginning of Windows Live IDWelcome to the Windows Live ID team blog! This is our inaugural “Hello World!” post to introduce Windows Live ID.
Windows Live ID is the upgrade/replacement for the Microsoft Passport service and is the identity and authentication gateway service for cross-device access to Microsoft online services, such as Windows Live, MSN, Office Live and Xbox Live. Is this the authentication service for the world? No :-) It's designed for use with Microsoft online services and by Microsoft-affiliated close partners who integrate with Windows Live services to offer combined innovations to our mutual customers. We will continue to support the Passport user base of 300+ Million accounts and seamlessly upgrade these accounts to Windows Live IDs. Partners who have already implemented Passport are already compatible with Windows Live ID. Windows Live ID is being designed to be an identity provider among many within the Identity Metasystem. In the future, we will support Federated identity scenarios via WS-* and support InfoCards. For developers we will be providing rich programmable interfaces via server and client SDKs to give third party application developers access to authenticated Microsoft Live services and APIs. Over the next few weeks as we complete our deployment, you will see the Windows Live ID service come alive through our respective partners sites and services. The first thing you’ll notice as early as today is that the word Passport is being replaced by Windows Live ID. But it isn't a rebranding exercise -- there is stuff going on under the hood. This will be more understandable in the coming weeks and months when you start seeing the new, exciting Windows Live sign-in UI. Not only is the page load time significantly reduced, but you will see some really cool innovative features that we’re sure you’ll love :) What do you need to do as a consumer? Nothing! Just keep logging into your Windows Live and MSN services as you normally do. Or try out some new ones at ideas.live.com. We'll be sharing more about Windows Live ID here as it rolls out...for all those interested in identity and authentication service, come on back. And let us know what you think! -Trevin Chow, Lead Program Manager |
|
|||||
|
|
Invite as friend