Friday, August 14, 2015

Musings : So you want to be an Identity guru

This is in the Microsoft space because that's where I play.

And I don't dabble in FIM (now called MIM) so I won't cover that area.

This is somewhat of a progressive post - I'll keep adding to it as and when.

It's based on my personal experience - kind of how I got here.

First of all be very clear - it's not easy and it involves a lot of commitment - which implies after-hours reading etc.

Secondly, you need to decide the scope. Is it ADFS, WIF, ACS, ADAL, OWIN, Azure AD, on premises AD etc?

OK - that's a huge list right there, And no, I'm not an expert in all theses field but I know my way around them and I know where to look when I need information.

Thirdly, do you want to be (in cloud terms) PaaS or IaaS (Platform or Infrastructure as a Service) i.e. do you want to be coding an OWIN interface or do you want to be installing ADFS and figuring out firewall, VIP and VPN rules?

You have to be across both but I'm more a PaaS kind of guy.

Perhaps the best way to start is to have a look at the samples section below, choose one, down load, run, get it working, see how it works, use Fiddler to see the actual protocol on the wire etc.

So in no particular order:

Certificates - how to generate, how to install, how to troubleshoot.

Cryptography

You don't need a deep knowledge but you need to understand the basics e.g. public / private keys.

I personally own:

The Code Book: The Secret History of Codes and Code-breaking
Cryptography: A Very Short Introduction (Very Short Introductions) (Actually, the whole VSI series is worth a look),
Cryptanalysis
Codes, Ciphers and Secret Writing 

and the heavy artillery!

Applied Cryptography: Protocols, Algorithms and Source Code in C

Blogs

AD blog
Ask Premier Field Engineering
Ask Directory Services
Cloud Identity -Vittorio Bertocci's blog - must read
The Access Onion
leastprivilege

Microsoft Identity Books

A Guide to Claims-Based Identity and Access Control
(You can buy it but it's a free download).
Programming Windows Identity Foundation
Microsoft Windows Identity Foundation Cookbook
Modern Authentication with Active Directory for Web Applications

Forums

You need to get to the point where you can jump in and actively contribute - don't worry - we don't bite and new blood is always welcome.

stackoverflow - There are tags for adfs, wif, adal, saml-2.0 etc.
Claims based access platform (CBA) code name Geneva - Geneva was the original code name for ADFS

Protocols

WS Federation

WS Federation

SAML 2.0

How To Learn SAML
SAML Technical Overview

OAuth 2

OAuth 2.0 
OpenID Connect

Samples

Microsoft Azure Active Directory Samples and Documentation

These include ADAL samples and samples of how to use all the different protocols.

Enjoy!

No comments: