Security in Practice

2,996 views
2,904 views

Published on

"Security in Practice" @ WSO2Con 2011

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,996
On SlideShare
0
From Embeds
0
Number of Embeds
1,357
Actions
Shares
0
Downloads
33
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Security in Practice

  1. 1. Prabath SiriwardenaSoftware Architect & Senior Manager
  2. 2. OAUTH 2.0! OAUTH 1.0! SCIM! OpenID CONNECT! InfoCard! SAML! AUTH SUB!WS-S*! OpenID! SPML! Passport!
  3. 3. Image  Credits  :  http://manzeal.com/are-­‐we-­‐%E2%80%98stretching-­‐the-­‐envelope%E2%80%99-­‐with-­‐the-­‐jargon/  
  4. 4. ¡  Decentralized  Single  Sign  On  ¡  Single  user  profile  ¡  Widely  used  for  community  &   collaboration  aspects    ¡  Multifactor  Authentication   [Infocard,  XMPP]    
  5. 5. EPF RMV …
  6. 6. PortalEPF RMV …
  7. 7. PortalEPF RMV …
  8. 8. ¡  Single  Sign  On  /  Single  Logout  ¡  Widely  used  *aaS  providers            [Google  Apps,  Salesforce]  ¡   SAML2  Web  SSO  Profile  ¡  Used  in  WSO2  StratosLive  
  9. 9. ¡  Key  Distribution  Center  [KDC]  
  10. 10. ¡  Supports  WS-­‐Trust  1.3/1.4  ¡  SAML  1.0/1.1/2.0  token  profiles  ¡   Claim  management  
  11. 11. Resource  Security Token Service Consumer  App  Domain  A   Domain  B  
  12. 12. ¡   Identity  Delegation  ¡  Securing  RESTful  services  ¡   2-­‐legged  &  3-­‐legged  OAuth  ¡   XACML  integration  with  OAuth  ¡  OAuth  2.0  support    in  progress  
  13. 13. Consumer  App   Registers  consumer  key/secret   Obtains  request  token   Obtains  authorized  request  token  
  14. 14. Consumer  App   Obtains  access  token   access  token   Validates   Resource  
  15. 15. Defines Policy Administration PointAdministrator
  16. 16. Access Policy Enforcement Point Policy Decision Point
  17. 17. Access Policy Enforcement Point Policy Decision Point
  18. 18. Policy PolicyDecision Information Point Point
  19. 19. ¡  The  de-­‐facto  standard  for  authorization  ¡  Support  for  multiple  PIPs  ¡  Policy  distribution  ¡  Decision  /  Attribute  caching  ¡  UI  wizard  for  defining  policies  ¡  Notifications  on  policy  updates  ¡  TryIt  tool  
  20. 20. EntitlementService     EntitlementPolicyAdminService     SOAP   SOAP   Attribute Finder Policy Decision Point Extensions Decision Policy Extensions Administration Cache Attribute Point Cache XACML Engine Default Finder Policy Cache LDAP
  21. 21. ¡  User  stores  with  LDAP/AD/JDBC  ¡  OpenID  ¡   SAML2  ¡   Kerberos  ¡   Information  Cards    ¡   XACML  ¡   OAuth  ¡   Security  Token  Service  with  WS-­‐Trust  
  22. 22. ¡  SCIM  ¡  XDAS  ¡   WS-­‐XACML  

×