Patterns & Practices in Mobile SSO
Prabath Siriwardena, Director of Security, WSO2
About	
  WSO2	
  
๏  Global	
  enterprise,	
  founded	
  in	
  
2005	
  by	
  acknowledged	
  leaders	
  in	
  
XML,	
  we...
What	
  WSO2	
  Deliver	
  
Within the first decade of the 21st century
– internet worldwide increased from 350
million to more than 2 billion.
Mobile phone subscribers increased from
750 million to 5 billion
Today it’s around 6 billion
Only 30% of mobile users, password
protect their mobile devices
Many SaaS providers ignore multifactor
authentication for mobile applications
113 cell phones are lost or stolen every
minute in the U.S and $7 million worth
of smartphones are lost daily
62% of mobile workers
currently use their personal smartphones
for work
http://www.websense.com/assets/reports/websense-2013-threat-report.pdf
Mobile Device Management systems need
to be an integral part of the corporate
Identity Management
Cloud service providers are becoming
mobile friendly with REST/JSON APIs
OAuth 2.0 dominates
Mobile and API security
Avoid using Resource Owner Password
OAuth grant type
Mobile applications secured with OAuth
can be vulnerable to phishing
Your Facebook or Twitter account
credentials can be quite easily phished
through your mobile phone - than from a
laptop co...
The need to bake-in client key and the
secret key into the mobile app itself is an
issue yet to solve
OAuth has given a better failover
capability to mobile applications in case
of an attack
It takes an average of 20 seconds
for a user to log into a resource
Single Sign On increases user
productivity
Browser based Single Sign On
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
Native Single Sign On
Native App Native IdP App
Mobile Device
OpenID Foundation is working on
standardizing Native Single Sign On based on
OpenID Connect
Federated Single Sign On
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
SAML2 IdP
SAML2 IdP
Federated Single Sign On with
heterogeneous Authorization Servers
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
Federation Hub
Authorization Server (IdP)
1
Native IdP Proxy App
2
Native IdP App
3
Native IdP App
4
Native IdP App
5
Native IdP App
Contact us !
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSO
Upcoming SlideShare
Loading in...5
×

Patterns and Practices in Mobile SSO

697

Published on

Published in: Technology
1 Comment
1 Like
Statistics
Notes
No Downloads
Views
Total Views
697
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
36
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide

Patterns and Practices in Mobile SSO

  1. 1. Patterns & Practices in Mobile SSO Prabath Siriwardena, Director of Security, WSO2
  2. 2. About  WSO2   ๏  Global  enterprise,  founded  in   2005  by  acknowledged  leaders  in   XML,  web  services    technologies,   standards    and  open  source   ๏  Provides  only  open  source   pla:orm-­‐as-­‐a-­‐service  for  private,   public  and  hybrid  cloud   deployments   ๏  All  WSO2  products  are  100%  open   source  and  released  under  the   Apache  License  Version  2.0.   ๏  Is  an  AcIve  Member  of  OASIS,   Cloud  Security  Alliance,  OSGi   Alliance,  AMQP  Working  Group,   OpenID  FoundaIon  and  W3C.   ๏  Driven  by  InnovaIon   ๏  Launched  first  open  source  API   Management  soluIon  in  2012   ๏  Launched  App  Factory  in  2Q  2013   ๏  Launched  Enterprise  Store  and   first  open  source  Mobile  soluIon   in  4Q  2013    
  3. 3. What  WSO2  Deliver  
  4. 4. Within the first decade of the 21st century – internet worldwide increased from 350 million to more than 2 billion.
  5. 5. Mobile phone subscribers increased from 750 million to 5 billion Today it’s around 6 billion
  6. 6. Only 30% of mobile users, password protect their mobile devices
  7. 7. Many SaaS providers ignore multifactor authentication for mobile applications
  8. 8. 113 cell phones are lost or stolen every minute in the U.S and $7 million worth of smartphones are lost daily
  9. 9. 62% of mobile workers currently use their personal smartphones for work
  10. 10. http://www.websense.com/assets/reports/websense-2013-threat-report.pdf
  11. 11. Mobile Device Management systems need to be an integral part of the corporate Identity Management
  12. 12. Cloud service providers are becoming mobile friendly with REST/JSON APIs
  13. 13. OAuth 2.0 dominates Mobile and API security
  14. 14. Avoid using Resource Owner Password OAuth grant type
  15. 15. Mobile applications secured with OAuth can be vulnerable to phishing
  16. 16. Your Facebook or Twitter account credentials can be quite easily phished through your mobile phone - than from a laptop computer
  17. 17. The need to bake-in client key and the secret key into the mobile app itself is an issue yet to solve
  18. 18. OAuth has given a better failover capability to mobile applications in case of an attack
  19. 19. It takes an average of 20 seconds for a user to log into a resource
  20. 20. Single Sign On increases user productivity
  21. 21. Browser based Single Sign On Native App Native Web Browser Authorization Server (IdP) Mobile Device
  22. 22. Native Single Sign On Native App Native IdP App Mobile Device
  23. 23. OpenID Foundation is working on standardizing Native Single Sign On based on OpenID Connect
  24. 24. Federated Single Sign On Native App Native Web Browser Authorization Server (IdP) Mobile Device SAML2 IdP SAML2 IdP
  25. 25. Federated Single Sign On with heterogeneous Authorization Servers
  26. 26. Native App Native Web Browser Authorization Server (IdP) Mobile Device Federation Hub Authorization Server (IdP)
  27. 27. 1 Native IdP Proxy App
  28. 28. 2 Native IdP App
  29. 29. 3 Native IdP App
  30. 30. 4 Native IdP App
  31. 31. 5 Native IdP App
  32. 32. Contact us !
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×