0
5 Reasons Why APIs Must Be A
Part Of Your Mobile Strategy

K. Scott Morrison
Senior Vice President and Distinguished Engin...
5 reasons why APIs
must be part of your
mobile strategy
Layer 7 SecureSpan Gateway
Secure and Manage Enterprise APIs
Gateway Cluster at Edge of Network

API/Service
Servers

 DM...
The MAG SDK

4

Copyright © 2013 CA. All 2013 CA. All rights reserved.
© rights reserved. No unauthorized copying or distr...
The Essence of the Problem:
Secure Mobile Access to Apps and Data
API/Service
Servers

How Do We Make APIs Available?
 Fi...
We Want Classic SSO In An Active Profile For REST
API/Service
Servers

Could leverage WS-Fed here
 SAML’s second act?

Di...
But We Also Want Local App SSO
API/Service
Servers

“Like a VPN… but without all
of the negatives”
Single Sign On App Grou...
Mobile OS Isolation is an issue

App layer

Persistence layer
Silos
8

Copyright © 2013 CA. All rights reserved. No unauth...
Self Service: User should be able to log out if device
is lost or stolen

9

Copyright 2013 CA. CA. reserved. No unauthori...
Solution: Native Single Sign-On SDK For Mobile
Developers
Strong Security for Mobile Apps

API Servers

 Cross-platform a...
Client Deployment Strategy
 Don’t make me work hard
– But give me a strong and extensible security model

 Transfer of s...
Three Important Entities
All three are managed by the SDK+MAG

User

Apps

Devices

12

Copyright © 2013 CA. All rights re...
Protocol Strategy
OAuth + OpenID Connect
 Profiled for mobile
 Clear distinction between device, user and app
Authorizat...
Questions?
K. Scott Morrison
Distinguished Engineer
Scott.Morrison@ca.com
@KScottMorrison

slideshare.net/CAinc
linkedin.com/KScottMo...
Upcoming SlideShare
Loading in...5
×

5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Distinguished Engineer, CA

569

Published on

Scott Morrison, SVP & Distinguished Engineer, CA Technologies presents on Mobile Strategy during the Wavefront Wireless Summits

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
569
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • APIs come with their own problems. You never have just one API. So quickly the issue is scaling access and management.
  • APIs come with their own problems. You never have just one API. So quickly the issue is scaling access and management.
  • Transcript of "5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Distinguished Engineer, CA"

    1. 1. 5 Reasons Why APIs Must Be A Part Of Your Mobile Strategy K. Scott Morrison Senior Vice President and Distinguished Engineer February 2014 © 2014 CA. All rights reserved.
    2. 2. 5 reasons why APIs must be part of your mobile strategy
    3. 3. Layer 7 SecureSpan Gateway Secure and Manage Enterprise APIs Gateway Cluster at Edge of Network API/Service Servers  DMZ deployment  Hardware appliance, virtual appliance or software Firewall 2 Firewall 1 … Enterprise Network Cloud SSG Cluster Mobile Devices API/Service Client Partners 3 Directory Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    4. 4. The MAG SDK 4 Copyright © 2013 CA. All 2013 CA. All rights reserved. © rights reserved. No unauthorized copying or distribution permitted
    5. 5. The Essence of the Problem: Secure Mobile Access to Apps and Data API/Service Servers How Do We Make APIs Available?  Firewall mazes Firewall 2  Diversity of clients and back end systems  Clients and servers change at different rates Firewall 1 Directory Enterprise Network Internet Of Particular Interest:  Authentication, Authorization & SSO  Secure Transmission API/Service Client 5 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    6. 6. We Want Classic SSO In An Active Profile For REST API/Service Servers Could leverage WS-Fed here  SAML’s second act? Directory Internet Apps making RESTful API calls 6 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    7. 7. But We Also Want Local App SSO API/Service Servers “Like a VPN… but without all of the negatives” Single Sign On App Group (these apps will share sign-on sessions) A B C So now it’s getting interesting… 7 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    8. 8. Mobile OS Isolation is an issue App layer Persistence layer Silos 8 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    9. 9. Self Service: User should be able to log out if device is lost or stolen 9 Copyright 2013 CA. CA. reserved. No unauthorized copying or Copyright ©©2012All rights All rights reserved. distribution permitted
    10. 10. Solution: Native Single Sign-On SDK For Mobile Developers Strong Security for Mobile Apps API Servers  Cross-platform and built for a consumer or BYOD world  100% Standards-based using OAuth+OpenID Connect  X-app SSO with multi-factor auth & secure channel  X.509 Certificate provisioning for strong auth and transaction signing One time PIN SMS, APNS, call Enterprise Network iPhone App-sharable Secure Key Store Android 10 iPad Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    11. 11. Client Deployment Strategy  Don’t make me work hard – But give me a strong and extensible security model  Transfer of security responsibility – Let developers do what they do best  Simple SDK – Align with common development time environments  iOS, Android, Javascript, etc  Mirror REST frameworks  Future – Aspects, wrapping, etc. 11 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    12. 12. Three Important Entities All three are managed by the SDK+MAG User Apps Devices 12 Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    13. 13. Protocol Strategy OAuth + OpenID Connect  Profiled for mobile  Clear distinction between device, user and app Authorization Server username/password A B ID Token C Per app 13 Access Token/Refresh Token Copyright © 2013 CA. All rights reserved. No unauthorized copying or distribution permitted
    14. 14. Questions?
    15. 15. K. Scott Morrison Distinguished Engineer Scott.Morrison@ca.com @KScottMorrison slideshare.net/CAinc linkedin.com/KScottMorrison ca.com
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×