1
00:00:07,530 --> 00:00:16,560
Identity for duration allows you to provide identification, authentication and authorization across

2
00:00:16,560 --> 00:00:19,410
organizational and platform boundaries.

3
00:00:20,570 --> 00:00:29,510
You can implement identity for duration, either within a single organization to allow access to diverse

4
00:00:29,510 --> 00:00:38,090
web applications or between organizations that have an established trust relationship to establish an

5
00:00:38,090 --> 00:00:40,310
identity for duration partnership.

6
00:00:40,670 --> 00:00:45,890
Both partners agree to create a federated trust relationship.

7
00:00:46,700 --> 00:00:56,210
An ongoing business relationship is the basis for this federated draft, and it allows the organizations

8
00:00:56,210 --> 00:00:58,910
to implement business processes.

9
00:00:59,450 --> 00:01:02,000
The business relationship identifies.

10
00:01:03,140 --> 00:01:10,700
Please know that federated trusted mode is not the same as a forest trust that organisations can configure

11
00:01:10,700 --> 00:01:14,570
between days forests in a federated trust.

12
00:01:14,870 --> 00:01:22,670
The ADF has servers in two organisations, never have to communicate directly with each other.

13
00:01:23,120 --> 00:01:30,110
In addition, all communication in a federated deployment Agua or H2, it appears.

14
00:01:30,410 --> 00:01:36,890
So you do not need to open multiple boards on any fire walls to allow for duration.

15
00:01:37,870 --> 00:01:48,460
As part of the Federated Trust, each partner defines each of its resources are accessible to the other

16
00:01:48,460 --> 00:01:53,590
organization and how access to their resources is allowed.

17
00:01:54,100 --> 00:02:02,170
For example, to update a sales forecast, a sales representative might need to collect information

18
00:02:02,440 --> 00:02:07,930
from a supplier database that is hosted on the Suppliers Network.

19
00:02:08,530 --> 00:02:16,690
The administrator of the domain for the sales representative is responsible for ensuring that the appropriate

20
00:02:16,690 --> 00:02:24,460
sales representatives are members of the group that requires access to the supplier's database.

21
00:02:25,150 --> 00:02:32,680
The administrator of the organization in which the database is located is the responsible for ensuring

22
00:02:33,010 --> 00:02:39,280
that the partners employees have access only to the data that they are required.

23
00:02:40,360 --> 00:02:42,760
In an identity for duration solution.

24
00:02:43,030 --> 00:02:52,780
The organization in which users are located stores, owns and manages user identities and their associated

25
00:02:52,780 --> 00:02:57,640
credentials as part of the Identity Federation Trust.

26
00:02:58,150 --> 00:03:09,220
Each organization also defines how user identifiers identities are shared in a security enhanced manner

27
00:03:09,580 --> 00:03:12,700
to restrict access to resources.

28
00:03:13,300 --> 00:03:22,900
Each partner defines the services that it makes available to trusted partners and customers, and it

29
00:03:22,900 --> 00:03:27,910
defines which are the organizations and users it trusts.

30
00:03:29,460 --> 00:03:29,860
It.

31
00:03:29,910 --> 00:03:39,480
Each partner also defines both what types of credentials and requests it accepts and its privacy policies

32
00:03:39,480 --> 00:03:45,270
to help ensure that private information is not accessible within the trust.

33
00:03:46,520 --> 00:03:51,800
You can also use identity for duration within a single organization.

34
00:03:52,100 --> 00:04:00,140
For example, an organization might plan to deploy several web based applications that require authentication

35
00:04:00,830 --> 00:04:02,450
by using an A.D. offense.

36
00:04:02,720 --> 00:04:10,430
The organization can implement one authentication solution for all of the applications.

37
00:04:11,240 --> 00:04:14,060
Making sure making it easier to.

38
00:04:14,360 --> 00:04:15,650
For users to.

39
00:04:16,880 --> 00:04:22,600
In multiple internal domains or forests to access the application.

40
00:04:23,140 --> 00:04:30,730
The solution can extend to external partners in the future without requiring developers to change the

41
00:04:30,730 --> 00:04:31,570
application.

42
00:04:32,690 --> 00:04:40,490
Next up, we'll be talking about what our claims based identity and claims based authentication.