An IBM Proof of TechnologySecuring and managing mobileapplications using Worklight                               © 2012 IB...
IBM SoftwareAgenda    Securing mobile applications using Worklight    Managing mobile applications using Worklight    Dist...
IBM SoftwareWorklight Server                                                                           Performs Data Trans...
IBM SoftwareWorklight Console               • Application Version Management               • Push management              ...
IBM SoftwareSecuring mobile applications requires a multi-pronged approach    Validate installed applications    • Must en...
IBM SoftwareEnsuring application authenticity with Worklight    Application authenticity checks protect against corruption...
IBM SoftwareDevice provisioning and authentication    A form of mobile device authentication      – Prior to application a...
IBM SoftwareUser authentication in Worklight    Worklight provides an extensible framework for authentication of mobile ap...
IBM SoftwareIntegrating with WebSphere Application Server security    An Authenticator and login module are provided for a...
IBM SoftwareAgenda     Securing mobile applications using Worklight     Managing mobile applications using Worklight     D...
IBM SoftwareManaging mobile applications with IBM Worklight     The Worklight Server provides many application management ...
IBM SoftwareApplication versioning      Device specific       versions are        uncoupled         Supports          mult...
IBM SoftwareDirect application update                                                                    Native Shell     ...
IBM SoftwareAnalyze application usage with out-of-the-box reports Worklight utilizes audited information to provide severa...
IBM SoftwareReport extensibility and customization using IBM Cognos15             Securing and managing mobile application...
IBM SoftwareAgenda     Securing mobile applications using Worklight     Managing mobile applications using Worklight     D...
IBM SoftwareIBM Worklight Application Center The Application Center provides a means for developers and testers to publish...
IBM SoftwareUsing the Application Center mobile application18             Securing and managing mobile applications using ...
IBM SoftwareRating and feedback displays in the Application Center19             Securing and managing mobile applications...
IBM Software20             Securing and managing mobile applications using Worklight   © 2012 IBM Corporation
IBM Software        ITALIAN                 HINDI                     FRENCH                           JAPANESE          B...
IBM SoftwareReference materialsFor more information: IBM Worklight Training Modules   – http://www-01.ibm.com/software/mob...
Upcoming SlideShare
Loading in …5
×

IBM Mobile Foundation POT - Part 3 securing and managing mobile appilcations using Worklight

2,198 views
2,140 views

Published on

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,198
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
127
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

IBM Mobile Foundation POT - Part 3 securing and managing mobile appilcations using Worklight

  1. 1. An IBM Proof of TechnologySecuring and managing mobileapplications using Worklight © 2012 IBM Corporation
  2. 2. IBM SoftwareAgenda Securing mobile applications using Worklight Managing mobile applications using Worklight Distributing mobile applications using IBM Application Center2 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  3. 3. IBM SoftwareWorklight Server Performs Data Transformation to streamline back- end data for mobile consumption Built-in Adapters with support for SOAP, REST, SQL, Cast Iron, as well as a custom Adapter development interface Server and device Security control Supports Physical Clustering for high availability Controls Application Deployment and Versioning Push Notification administration Analytics including user adoption and usage data3 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  4. 4. IBM SoftwareWorklight Console • Application Version Management • Push management • Usage reports • Configurable audit log • Administrative dashboards for: • Deployed applications • Installed adapters • Push notifications • Data export to BI enterprise systems4 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  5. 5. IBM SoftwareSecuring mobile applications requires a multi-pronged approach Validate installed applications • Must ensure the validity of applications connecting to enterprise systems Validate user devices • Must ensure that only specific applications on specific devices can connect to enterprise systems Validate user identity • Must be able to authenticate mobile application users5 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  6. 6. IBM SoftwareEnsuring application authenticity with Worklight Application authenticity checks protect against corruption of installed applications When enabled the Worklight Server checks properties of a connecting application against a previously known value of these properties Various options available for authenticity checking: – Disabled – the IBM Worklight Server does not test the authenticity of the app (despite the developer settings). – Enabled, servicing – the IBM Worklight Server tests the authenticity of the app. If the app fails the test, the IBM Worklight Server outputs an information message to the log but services the app. – Enabled, blocking – the IBM Worklight Server tests the authenticity of the app. If the app fails the test, the IBM Worklight Server outputs an information message to the log and blocks the app. Authenticity checking is enabled in the application-descriptor.xml6 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  7. 7. IBM SoftwareDevice provisioning and authentication A form of mobile device authentication – Prior to application authenticity and user authentication. – Asserts that the device and application have confirmed identity prior to allowing access to the Worklight server. – Can use a 3rd party system to confirm and provide a client certificate Three modes of provisioning are supported: – No provisioning: In this mode the provisioning process does not happen. This mode is suitable during the development cycle to temporarily disable the provisioning for the application. – Auto-provisioning: In this mode the Worklight Server automatically issues a certificate for the device and application data provided by the client application. This option should only be used in conjunction with Worklight’s application authenticity features are enabled. – Custom provisioning: In this mode the Worklight Server is augmented with custom logic that controls the device and application provisioning process. This logic can involve integration with an external system, such as a mobile device manager (MDM), that can issue the client certificate based on out-of-band data obtained from the app, or can instruct the Worklight Server to do so.7 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  8. 8. IBM SoftwareUser authentication in Worklight Worklight provides an extensible framework for authentication of mobile application users The framework consists of Realms, Authenticators, and Login Modules – Realms encapsulate the description of how users are authenticated for a particular application – Authenticators are responsible for the collection of user credentials – Login modules are responsible for the validation of user credentials IBM Worklight provides a number of Authenticators and Login Modules that only require configuration from the user The user authentication framework is also extensible by the application developer – Allows for the implementation of custom credential gathering (e.g. via biometrics) as well as for integration with existing security systems8 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  9. 9. IBM SoftwareIntegrating with WebSphere Application Server security An Authenticator and login module are provided for authentication via LTPA tokens – No custom coding required by the user Authenticator understands where to look for the LTPA token in the HTTP header Login module can validate those credentials with a user registry defined in WebSphere Application Server LTPA token can also be propagated to back end data sources required by the mobile application thus supporting a Single Sign On approach 1. Call Protected Procedure IBM Worklight Server Session authentication 2. Request Authentication9 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  10. 10. IBM SoftwareAgenda Securing mobile applications using Worklight Managing mobile applications using Worklight Distributing mobile applications using IBM Application Center10 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  11. 11. IBM SoftwareManaging mobile applications with IBM Worklight The Worklight Server provides many application management features that are exposed to users via the Worklight Console IBM Worklight allows users to deploy multiple versions of a single application concurrently IBM Worklight provides the capability to manage the status of a deployed application – Active – Active, Notifying – Disabled IBM Worklight provides the capability to directly update a deployed application11 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  12. 12. IBM SoftwareApplication versioning Device specific versions are uncoupled Supports multiple versions on the same platform12 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  13. 13. IBM SoftwareDirect application update Native Shell 1. Web resources packaged with app to ensure initial offline 1 Download Pre-packaged availability resources 2. Web resources transferred to App Store apps cache storage 2 Transfer 3. App checks for updates on Check for startup and foreground events 3 updates 4. Updated web resources Cached downloaded when necessary Worklight Web resources Server resources Update web 4 resource13 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  14. 14. IBM SoftwareAnalyze application usage with out-of-the-box reports Worklight utilizes audited information to provide several usage reports for your consumption – Daily visits per application – Daily hits per application – Total visits per application – Newly detected devices per application – Total unique devices – per server or cluster Access reports via Eclipse using the BIRT plugin The BIRT reports are fully customizable and extensible – Fully documented data model to allow other reporting or BI tools to create additional custom reports14 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  15. 15. IBM SoftwareReport extensibility and customization using IBM Cognos15 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  16. 16. IBM SoftwareAgenda Securing mobile applications using Worklight Managing mobile applications using Worklight Distributing mobile applications using IBM Application Center16 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  17. 17. IBM SoftwareIBM Worklight Application Center The Application Center provides a means for developers and testers to publish and share applications with key stakeholders during the delivery cycle Application owners upload applications to the Application Center and provide various information about the application Stakeholders install the Application Center mobile application to view, install, rate, and provide feedback on applications in the Application Center The Application Center is included with IBM Worklight and comes pre-installed on the Worklight Server – Users must install the mobile application to their device17 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  18. 18. IBM SoftwareUsing the Application Center mobile application18 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  19. 19. IBM SoftwareRating and feedback displays in the Application Center19 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  20. 20. IBM Software20 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  21. 21. IBM Software ITALIAN HINDI FRENCH JAPANESE BRAZILIAN PORTUGUESE SIMPLIFIED CHINESE TRADITIONAL CHINESE SPANISH RUSSIAN TAMIL THAI GERMAN ARABIC We appreciate your feedback. Please fill out the survey form in order to improve this educational event.21 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
  22. 22. IBM SoftwareReference materialsFor more information: IBM Worklight Training Modules – http://www-01.ibm.com/software/mobile-solutions/worklight/library/ IBM Worklight User Documentation – http://www-01.ibm.com/software/mobile-solutions/worklight/library/v50/documentation/22 Securing and managing mobile applications using Worklight © 2012 IBM Corporation

×