Security in Practice
Upcoming SlideShare
Loading in...5
×
 

Security in Practice

on

  • 3,012 views

"Security in Practice" @ WSO2Con 2011

"Security in Practice" @ WSO2Con 2011

Statistics

Views

Total Views
3,012
Views on SlideShare
1,712
Embed Views
1,300

Actions

Likes
0
Downloads
28
Comments
0

28 Embeds 1,300

http://blog.facilelogin.com 787
http://hasini-gunasinghe.blogspot.com 404
http://hasini-gunasinghe.blogspot.in 36
http://hasini-gunasinghe.blogspot.de 15
http://hasini-gunasinghe.blogspot.co.uk 6
http://hasini-gunasinghe.blogspot.fr 5
http://hasini-gunasinghe.blogspot.ch 4
http://hasini-gunasinghe.blogspot.ca 4
http://hasini-gunasinghe.blogspot.co.nz 4
http://www.hasini-gunasinghe.blogspot.com 4
http://hasini-gunasinghe.blogspot.ru 3
http://hasini-gunasinghe.blogspot.tw 3
http://hasini-gunasinghe.blogspot.co.il 3
http://hasini-gunasinghe.blogspot.fi 3
http://hasini-gunasinghe.blogspot.it 3
http://hasini-gunasinghe.blogspot.ro 2
http://hasini-gunasinghe.blogspot.co.at 2
http://hasini-gunasinghe.blogspot.se 2
http://hasini-gunasinghe.blogspot.hk 1
http://hasini-gunasinghe.blogspot.com.es 1
http://hasini-gunasinghe.blogspot.mx 1
http://hasini-gunasinghe.blogspot.be 1
http://hasini-gunasinghe.blogspot.kr 1
http://hasini-gunasinghe.blogspot.sg 1
http://127.0.0.1:8775 1
http://hasini-gunasinghe.blogspot.com HTTP 1
http://hasini-gunasinghe.blogspot.jp 1
http://hasini-gunasinghe.blogspot.com.au 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security in Practice Security in Practice Presentation Transcript

  • Prabath SiriwardenaSoftware Architect & Senior Manager
  • OAUTH 2.0! OAUTH 1.0! SCIM! OpenID CONNECT! InfoCard! SAML! AUTH SUB!WS-S*! OpenID! SPML! Passport!
  • Image  Credits  :  http://manzeal.com/are-­‐we-­‐%E2%80%98stretching-­‐the-­‐envelope%E2%80%99-­‐with-­‐the-­‐jargon/  
  • ¡  Decentralized  Single  Sign  On  ¡  Single  user  profile  ¡  Widely  used  for  community  &   collaboration  aspects    ¡  Multifactor  Authentication   [Infocard,  XMPP]    
  • EPF RMV …
  • PortalEPF RMV …
  • PortalEPF RMV …
  • ¡  Single  Sign  On  /  Single  Logout  ¡  Widely  used  *aaS  providers            [Google  Apps,  Salesforce]  ¡   SAML2  Web  SSO  Profile  ¡  Used  in  WSO2  StratosLive  
  • ¡  Key  Distribution  Center  [KDC]  
  • ¡  Supports  WS-­‐Trust  1.3/1.4  ¡  SAML  1.0/1.1/2.0  token  profiles  ¡   Claim  management  
  • Resource  Security Token Service Consumer  App  Domain  A   Domain  B  
  • ¡   Identity  Delegation  ¡  Securing  RESTful  services  ¡   2-­‐legged  &  3-­‐legged  OAuth  ¡   XACML  integration  with  OAuth  ¡  OAuth  2.0  support    in  progress  
  • Consumer  App   Registers  consumer  key/secret   Obtains  request  token   Obtains  authorized  request  token  
  • Consumer  App   Obtains  access  token   access  token   Validates   Resource  
  • Defines Policy Administration PointAdministrator
  • Access Policy Enforcement Point Policy Decision Point
  • Access Policy Enforcement Point Policy Decision Point
  • Policy PolicyDecision Information Point Point
  • ¡  The  de-­‐facto  standard  for  authorization  ¡  Support  for  multiple  PIPs  ¡  Policy  distribution  ¡  Decision  /  Attribute  caching  ¡  UI  wizard  for  defining  policies  ¡  Notifications  on  policy  updates  ¡  TryIt  tool  
  • EntitlementService     EntitlementPolicyAdminService     SOAP   SOAP   Attribute Finder Policy Decision Point Extensions Decision Policy Extensions Administration Cache Attribute Point Cache XACML Engine Default Finder Policy Cache LDAP
  • ¡  User  stores  with  LDAP/AD/JDBC  ¡  OpenID  ¡   SAML2  ¡   Kerberos  ¡   Information  Cards    ¡   XACML  ¡   OAuth  ¡   Security  Token  Service  with  WS-­‐Trust  
  • ¡  SCIM  ¡  XDAS  ¡   WS-­‐XACML