1 2 How to securely store and roam credentials Secure storage Credential isolation Roaming My Photo App App Foo Sky Drive (Microsoft Account) Desktop PC My Photo App Tablet PC My Photo App Typical OAuth flow 7. Data access 6. Authorization token (Redirect URL) 1. Authorization Request (Start URL) Application User Online service No browser control No credential isolation Web authentication broker 7. Data access WinRT Web auth broker 6. Authorization token (Redirect URL) 1. Authorization request (Start URL) Dialog Windows Store app User Online service Easy to use Credential isolation Supports secure SSO Architecture App’s App Container Different App Container Medium Integrity Level 1 2 6 3a 4 3b 5 SSO mode allows users to authenticate to services without having to re-enter credentials every time WAB supports SSO Apps need to opt-in https://contoso.com Contoso verifies the redirect URL for its apps (e.g. MyPhotoApp registered ms-app://S-1-5-4321) https://contoso.com?ContosoAppID=MyPhotoApp, redirectURI=ms-app://S-1-5-4321,… SID: S-1-5-4321 MyPhotoApp User Mode (App Container) Kernel Mode User Mode (Medium) Icon Title text Header color to do the following: Stylized web page How to expose account-related options in your app’s UI Inconsistent account UX Extra work for you How to expose accounts related options in your app’s UI Intuitive & consistent account UX Saves you time Key takeaways Sign in once. And that’s it. Microsoft Account & Services - Live SDK Sign up or give up? Online service providers - WebAuthBroker Optimize your online service for best results Cred Management - Credential Locker Accounts UX – Accounts Control http://isdk.dev.live.com http://www.github.com/liveservices http://msdn.microsoft.com/en-us/library/windows/apps/hh465283.aspx http://msdn.microsoft.com/en-us/library/windows/apps/hh465069.aspx http://msdn.microsoft.com/enus/library/windows/apps/windows.ui.applicationsettings.accountssettingspanecommandsrequestedeventargs.aspx