Patterns and Practices in Mobile SSO


Published on

Published in: Technology
1 Comment
1 Like
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Patterns and Practices in Mobile SSO

  1. 1. Patterns & Practices in Mobile SSO Prabath Siriwardena, Director of Security, WSO2
  2. 2. About  WSO2   ๏  Global  enterprise,  founded  in   2005  by  acknowledged  leaders  in   XML,  web  services    technologies,   standards    and  open  source   ๏  Provides  only  open  source   pla:orm-­‐as-­‐a-­‐service  for  private,   public  and  hybrid  cloud   deployments   ๏  All  WSO2  products  are  100%  open   source  and  released  under  the   Apache  License  Version  2.0.   ๏  Is  an  AcIve  Member  of  OASIS,   Cloud  Security  Alliance,  OSGi   Alliance,  AMQP  Working  Group,   OpenID  FoundaIon  and  W3C.   ๏  Driven  by  InnovaIon   ๏  Launched  first  open  source  API   Management  soluIon  in  2012   ๏  Launched  App  Factory  in  2Q  2013   ๏  Launched  Enterprise  Store  and   first  open  source  Mobile  soluIon   in  4Q  2013    
  3. 3. What  WSO2  Deliver  
  4. 4. Within the first decade of the 21st century – internet worldwide increased from 350 million to more than 2 billion.
  5. 5. Mobile phone subscribers increased from 750 million to 5 billion Today it’s around 6 billion
  6. 6. Only 30% of mobile users, password protect their mobile devices
  7. 7. Many SaaS providers ignore multifactor authentication for mobile applications
  8. 8. 113 cell phones are lost or stolen every minute in the U.S and $7 million worth of smartphones are lost daily
  9. 9. 62% of mobile workers currently use their personal smartphones for work
  10. 10.
  11. 11. Mobile Device Management systems need to be an integral part of the corporate Identity Management
  12. 12. Cloud service providers are becoming mobile friendly with REST/JSON APIs
  13. 13. OAuth 2.0 dominates Mobile and API security
  14. 14. Avoid using Resource Owner Password OAuth grant type
  15. 15. Mobile applications secured with OAuth can be vulnerable to phishing
  16. 16. Your Facebook or Twitter account credentials can be quite easily phished through your mobile phone - than from a laptop computer
  17. 17. The need to bake-in client key and the secret key into the mobile app itself is an issue yet to solve
  18. 18. OAuth has given a better failover capability to mobile applications in case of an attack
  19. 19. It takes an average of 20 seconds for a user to log into a resource
  20. 20. Single Sign On increases user productivity
  21. 21. Browser based Single Sign On Native App Native Web Browser Authorization Server (IdP) Mobile Device
  22. 22. Native Single Sign On Native App Native IdP App Mobile Device
  23. 23. OpenID Foundation is working on standardizing Native Single Sign On based on OpenID Connect
  24. 24. Federated Single Sign On Native App Native Web Browser Authorization Server (IdP) Mobile Device SAML2 IdP SAML2 IdP
  25. 25. Federated Single Sign On with heterogeneous Authorization Servers
  26. 26. Native App Native Web Browser Authorization Server (IdP) Mobile Device Federation Hub Authorization Server (IdP)
  27. 27. 1 Native IdP Proxy App
  28. 28. 2 Native IdP App
  29. 29. 3 Native IdP App
  30. 30. 4 Native IdP App
  31. 31. 5 Native IdP App
  32. 32. Contact us !