5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Distinguished Engineer, CA
 

5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Distinguished Engineer, CA

on

  • 580 views

Scott Morrison, SVP & Distinguished Engineer, CA Technologies presents on Mobile Strategy during the Wavefront Wireless Summits

Scott Morrison, SVP & Distinguished Engineer, CA Technologies presents on Mobile Strategy during the Wavefront Wireless Summits

Statistics

Views

Total Views
580
Views on SlideShare
580
Embed Views
0

Actions

Likes
0
Downloads
16
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • APIs come with their own problems. You never have just one API. So quickly the issue is scaling access and management.
  • APIs come with their own problems. You never have just one API. So quickly the issue is scaling access and management.

5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Distinguished Engineer, CA 5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Distinguished Engineer, CA Presentation Transcript

  • 5 Reasons Why APIs Must Be A Part Of Your Mobile Strategy K. Scott Morrison Senior Vice President and Distinguished Engineer February 2014 © 2014 CA. All rights reserved.
  • 5 reasons why APIs must be part of your mobile strategy
  • Layer 7 SecureSpan Gateway Secure and Manage Enterprise APIs Gateway Cluster at Edge of Network API/Service Servers  DMZ deployment  Hardware appliance, virtual appliance or software Firewall 2 Firewall 1 … Enterprise Network Cloud SSG Cluster Mobile Devices API/Service Client Partners 3 Directory Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted View slide
  • The MAG SDK 4 Copyright © 2013 CA. All 2013 CA. All rights reserved. © rights reserved. No unauthorized copying or distribution permitted View slide
  • The Essence of the Problem: Secure Mobile Access to Apps and Data API/Service Servers How Do We Make APIs Available?  Firewall mazes Firewall 2  Diversity of clients and back end systems  Clients and servers change at different rates Firewall 1 Directory Enterprise Network Internet Of Particular Interest:  Authentication, Authorization & SSO  Secure Transmission API/Service Client 5 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • We Want Classic SSO In An Active Profile For REST API/Service Servers Could leverage WS-Fed here  SAML’s second act? Directory Internet Apps making RESTful API calls 6 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • But We Also Want Local App SSO API/Service Servers “Like a VPN… but without all of the negatives” Single Sign On App Group (these apps will share sign-on sessions) A B C So now it’s getting interesting… 7 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • Mobile OS Isolation is an issue App layer Persistence layer Silos 8 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • Self Service: User should be able to log out if device is lost or stolen 9 Copyright 2013 CA. CA. reserved. No unauthorized copying or Copyright ©©2012All rights All rights reserved. distribution permitted
  • Solution: Native Single Sign-On SDK For Mobile Developers Strong Security for Mobile Apps API Servers  Cross-platform and built for a consumer or BYOD world  100% Standards-based using OAuth+OpenID Connect  X-app SSO with multi-factor auth & secure channel  X.509 Certificate provisioning for strong auth and transaction signing One time PIN SMS, APNS, call Enterprise Network iPhone App-sharable Secure Key Store Android 10 iPad Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • Client Deployment Strategy  Don’t make me work hard – But give me a strong and extensible security model  Transfer of security responsibility – Let developers do what they do best  Simple SDK – Align with common development time environments  iOS, Android, Javascript, etc  Mirror REST frameworks  Future – Aspects, wrapping, etc. 11 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • Three Important Entities All three are managed by the SDK+MAG User Apps Devices 12 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • Protocol Strategy OAuth + OpenID Connect  Profiled for mobile  Clear distinction between device, user and app Authorization Server username/password A B ID Token C Per app 13 Access Token/Refresh Token Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • Questions?
  • K. Scott Morrison Distinguished Engineer Scott.Morrison@ca.com @KScottMorrison slideshare.net/CAinc linkedin.com/KScottMorrison ca.com