Your SlideShare is downloading. ×

Security in Practice

3,385

Published on

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,385
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
70
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Prabath SiriwardenaSoftware Architect & Senior Manager
  • 2. OAUTH 2.0! OAUTH 1.0! SCIM! OpenID CONNECT! InfoCard! SAML! AUTH SUB!WS-S*! OpenID! SPML! Passport!
  • 3. Image  Credits  :  http://manzeal.com/are-­‐we-­‐%E2%80%98stretching-­‐the-­‐envelope%E2%80%99-­‐with-­‐the-­‐jargon/  
  • 4. ¡  Decentralized  Single  Sign  On  ¡  Single  user  profile  ¡  Widely  used  for  community  &   collaboration  aspects    ¡  Multifactor  Authentication   [Infocard,  XMPP]    
  • 5. EPF RMV …
  • 6. PortalEPF RMV …
  • 7. PortalEPF RMV …
  • 8. ¡  Single  Sign  On  /  Single  Logout  ¡  Widely  used  *aaS  providers            [Google  Apps,  Salesforce]  ¡   SAML2  Web  SSO  Profile  ¡  Used  in  WSO2  StratosLive  
  • 9. ¡  Key  Distribution  Center  [KDC]  
  • 10. ¡  Supports  WS-­‐Trust  1.3/1.4  ¡  SAML  1.0/1.1/2.0  token  profiles  ¡   Claim  management  
  • 11. Resource  Security Token Service Consumer  App  Domain  A   Domain  B  
  • 12. ¡   Identity  Delegation  ¡  Securing  RESTful  services  ¡   2-­‐legged  &  3-­‐legged  OAuth  ¡   XACML  integration  with  OAuth  ¡  OAuth  2.0  support    in  progress  
  • 13. Consumer  App   Registers  consumer  key/secret   Obtains  request  token   Obtains  authorized  request  token  
  • 14. Consumer  App   Obtains  access  token   access  token   Validates   Resource  
  • 15. Defines Policy Administration PointAdministrator
  • 16. Access Policy Enforcement Point Policy Decision Point
  • 17. Access Policy Enforcement Point Policy Decision Point
  • 18. Policy PolicyDecision Information Point Point
  • 19. ¡  The  de-­‐facto  standard  for  authorization  ¡  Support  for  multiple  PIPs  ¡  Policy  distribution  ¡  Decision  /  Attribute  caching  ¡  UI  wizard  for  defining  policies  ¡  Notifications  on  policy  updates  ¡  TryIt  tool  
  • 20. EntitlementService     EntitlementPolicyAdminService     SOAP   SOAP   Attribute Finder Policy Decision Point Extensions Decision Policy Extensions Administration Cache Attribute Point Cache XACML Engine Default Finder Policy Cache LDAP
  • 21. ¡  User  stores  with  LDAP/AD/JDBC  ¡  OpenID  ¡   SAML2  ¡   Kerberos  ¡   Information  Cards    ¡   XACML  ¡   OAuth  ¡   Security  Token  Service  with  WS-­‐Trust  
  • 22. ¡  SCIM  ¡  XDAS  ¡   WS-­‐XACML  

×