This is the first of quite a few posts about the new release wave of Live products. Stay tuned for more!

At MIX07 they announced a delegation framework in Alpha, that was called Windows Live Data (aka Cumulus). Over the past year the Live ID team (Identity Services) have developed a new cross-Windows Live delegated authentication which today is being released as a 1.0 final (watch this space).

Windows Live ID Delegated Authentication provides a platform-neutral way for Web applications to access customers’ information from Windows Live services while the customers remain in firm control of their own data. This is a big step in delivering real, user-centric data portability—giving Windows Live customers explicit control over sharing their information from Windows Live services. Windows Live ID Delegated Authentication is an end to end solution for offer provisioning, token exchange, token format and token renewal. Consumers are able to grant and revoke permission via a web interface.

Technical breakdown after the jump.

What’s New between Cumulus (aka Live Data) and Live ID Delegated Authentication 1.0 ?

Users have more control
• Now able to select the duration period a third party can access their content.
• Can now select item level permissions e.g. can select if they wish to share a specific contact.

Other:
• The code runs on the front end servers of the resource providers therefore data is no longer proxy’d via the Cumulus front end services.
• The authorization is now DelegatedToken dt=”THE DELEGATED TOKEN”
• Applications can be provisioned i.e. they have told Windows Live ID who they are – this is done at http://msm.live.com/app/ the benefit of this is the tokens posted back to the server are encrypted using a shared secret.
• The tokens can be returned via HTTP instead of HTTPS; there is a matrix of which content will be returned via HTTP/HTTPS/HTTP(s) for a provisioned application e.g. a website which is not provisioned (i.e. tokens are sent in clear text) and does not receive the tokens on an SSL enabled site will only receive a short term delegation token).

The token structure returned contains:
• Consent Token
• Offers
• Offer Name
• Offer Expiry
• Refresh Token (used to request a new delegation token)
• Delegation Token (short lived, defaults to 12 hours) – used to call services.
• Location ID (typically a user’s public identifier, also known as a CID e.g. dcc7f76fcd6c161a)

typically this flow would occur in a popup – for an example see http://angusbackgroundmotion.mslivelabs-int.com/ (sign up using forms based authentication, then go Friends for the entire experience).

Public Links:
o   Live ID Blog (rss)
o   Hello World (ASP.NET)
o   Hello World (PHP by the community)
o   Understanding Windows Live Delegated Authentication Whitepaper
o   Windows Live ID Delegated Authentication SDK
o   Windows Live ID Delegated Authentication SDK documentation
o   Windows Live Platform Terms of Service
o   Windows Live Delegated Authentication - Resource Provider Directory
o   Windows Live ID - Development Support Forum
o   Windows Live ID Developer Home Page
o   Windows Live Contacts Developer Home Page
o   Windows Live Photo APIs Developer Home Page
o   Windows Live Platform Terms of Service
o   David Treadwell’s Windows Live Platform Announcement blog posting