• Like

5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Distinguished Engineer, CA

  • 396 views
Uploaded on

Scott Morrison, SVP & Distinguished Engineer, CA Technologies presents on Mobile Strategy during the Wavefront Wireless Summits

Scott Morrison, SVP & Distinguished Engineer, CA Technologies presents on Mobile Strategy during the Wavefront Wireless Summits

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
396
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
17
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • APIs come with their own problems. You never have just one API. So quickly the issue is scaling access and management.
  • APIs come with their own problems. You never have just one API. So quickly the issue is scaling access and management.

Transcript

  • 1. 5 Reasons Why APIs Must Be A Part Of Your Mobile Strategy K. Scott Morrison Senior Vice President and Distinguished Engineer February 2014 © 2014 CA. All rights reserved.
  • 2. 5 reasons why APIs must be part of your mobile strategy
  • 3. Layer 7 SecureSpan Gateway Secure and Manage Enterprise APIs Gateway Cluster at Edge of Network API/Service Servers  DMZ deployment  Hardware appliance, virtual appliance or software Firewall 2 Firewall 1 … Enterprise Network Cloud SSG Cluster Mobile Devices API/Service Client Partners 3 Directory Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 4. The MAG SDK 4 Copyright © 2013 CA. All 2013 CA. All rights reserved. © rights reserved. No unauthorized copying or distribution permitted
  • 5. The Essence of the Problem: Secure Mobile Access to Apps and Data API/Service Servers How Do We Make APIs Available?  Firewall mazes Firewall 2  Diversity of clients and back end systems  Clients and servers change at different rates Firewall 1 Directory Enterprise Network Internet Of Particular Interest:  Authentication, Authorization & SSO  Secure Transmission API/Service Client 5 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 6. We Want Classic SSO In An Active Profile For REST API/Service Servers Could leverage WS-Fed here  SAML’s second act? Directory Internet Apps making RESTful API calls 6 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 7. But We Also Want Local App SSO API/Service Servers “Like a VPN… but without all of the negatives” Single Sign On App Group (these apps will share sign-on sessions) A B C So now it’s getting interesting… 7 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 8. Mobile OS Isolation is an issue App layer Persistence layer Silos 8 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 9. Self Service: User should be able to log out if device is lost or stolen 9 Copyright 2013 CA. CA. reserved. No unauthorized copying or Copyright ©©2012All rights All rights reserved. distribution permitted
  • 10. Solution: Native Single Sign-On SDK For Mobile Developers Strong Security for Mobile Apps API Servers  Cross-platform and built for a consumer or BYOD world  100% Standards-based using OAuth+OpenID Connect  X-app SSO with multi-factor auth & secure channel  X.509 Certificate provisioning for strong auth and transaction signing One time PIN SMS, APNS, call Enterprise Network iPhone App-sharable Secure Key Store Android 10 iPad Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 11. Client Deployment Strategy  Don’t make me work hard – But give me a strong and extensible security model  Transfer of security responsibility – Let developers do what they do best  Simple SDK – Align with common development time environments  iOS, Android, Javascript, etc  Mirror REST frameworks  Future – Aspects, wrapping, etc. 11 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 12. Three Important Entities All three are managed by the SDK+MAG User Apps Devices 12 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 13. Protocol Strategy OAuth + OpenID Connect  Profiled for mobile  Clear distinction between device, user and app Authorization Server username/password A B ID Token C Per app 13 Access Token/Refresh Token Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
  • 14. Questions?
  • 15. K. Scott Morrison Distinguished Engineer Scott.Morrison@ca.com @KScottMorrison slideshare.net/CAinc linkedin.com/KScottMorrison ca.com