About

I work as an associate consultant for the Germany-based company thinktecture (http://www.thinktecture.com). My main area of focus is security in general and identity & access control in particular. I help customers around the world implementing claims-based identity, single sign-on, authorization and federation in their web applications, services and APIs. I am also an international conference speaker and the author of “Developing more-secure ASP.NET Application” and co-author of the Microsoft Patterns & Practices “Guide to Claims-based Identity and Access Control”.

106 Responses to About

  1. Karamer says:

    Hi Dom

    I’m pretty new to all this security, identity and access control stuff, but have to tell you that the stuff you have made available is awesome and has been a great help whilst beginning to understand this area. Awesome job, Thanks!.

    I have been playing around with Identity server and Authorization server whilst trying to architect a solution. Ideally what I am looking at is using windows Azure ACS as federation provider which a web application will trust. This will me to the configure ACS to trust multiple identity providers which allows one code base to scale to numerous customers with different identity providers (SAS). Having read a lot of stuff, mostly produced by yourself!, and prototyped the scenario, I am comfortable with this part of things.

    However I also need to provide a web api to be consumed by mobile devices and so wanted to use oauth 2 to secure this (resource owner flow in this case) , and this is the reason i was looking at your Authorization Server to help issue access tokens. Having quickly looked at the code it looks as if the resource owner endpoint authenticates with the configured identity provider. In this situation I wont be able to authenticate with just one identity provider as this is federated. Is there any way the Authorization Server can support federated identity in the same way that Windows Azure ACS does for the web application?

    Any help on whether this is/can be supported and some pointers in the right direction to implement this would be much appreciated.

    Thanks
    K

  2. Karamer says:

    Actually, as an addition to the above, it wouldn’t only just be limited to the resource owner flow, but also would need to be able to support the authorization code flow.

  3. skrv7 says:

    How do I contact you for consulting engagement?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s