SlideShare a Scribd company logo

Security Patterns with WSO2 ESB

WSO2
WSO2
TechnologyEducation
1 of 42
Download to read offline
May. 2014 Senior  So(ware  Engineer   Isuru  Udana   Security  Pa1erns  with   WSO2  ESB   Jeewantha  Dharmaparakrama   So(ware  Engineer        
About the Presenters ๏  Jeewantha  Dharmaparakrama                      So?ware  Engineer  WSO2                  jeewantha@wso2.com       ๏  Isuru  Udana                Senior  So?ware  Engineer  WSO2                isuruu@wso2.com    
About  WSO2   ๏  Global  enterprise,  founded  in  2005  by   acknowledged  leaders  in  XML,  web   services    technologies,  standards    and   open  source   ๏  Provides  only  open  source  plaKorm-­‐as-­‐ a-­‐service  for  private,  public  and  hybrid   cloud  deployments   ๏  All  WSO2  products  are  100%  open   source  and  released  under  the  Apache   License  Version  2.0.   ๏  Is  an  AcSve  Member  of  OASIS,  Cloud   Security  Alliance,  OSGi  Alliance,  AMQP   Working  Group,  OpenID  FoundaSon   and  W3C.   ๏  Driven  by  InnovaSon   ๏  Launched  first  open  source  API   Management  soluSon  in  2012   ๏  Launched  App  Factory  in  2Q  2013   ๏  Launched  Enterprise  Store  and   first  open  source  Mobile  soluSon   in  4Q  2013  
What  WSO2  delivers  
Outline •  Security  with  WSO2  ESB   •  WS-­‐Security   •  Transport  Level  Security   •  OAuth  and  EnStlement   •  Some  of  the  commonly  used  Security  Pa1erns  in  SOA   •  AuthenScaSon  pa1erns   •  AuthorizaSon  pa1erns   •  Data  ConfidenSality   •  Data  integrity  and  non  repudiaSon   •  QnA  
Security Requirements •  AuthenScaSon     •  AuthorizaSon   •  ConfidenSality   •  Integrity     •  Non  repudiaSon   •  Availability    
WSO2 ESB •  A  lightweight,  high  performance  ESB   •  Feature  rich  and  standards  compliant   •  SOAP  and  WS-­‐*  standards   •  REST  support   •  Domain  specific  protocol  support  (eg:  FIX,  HL7)   •  User  friendly  and  highly  extensible   •  100%  free  and  open  source  with  commercial  support        
Security with WSO2 ESB •  WS-­‐Security   •  Transport  Level  Security   •  OAuth  and  EnStlement  
WS-Security with WSO2 ESB •  WS  Security  is  an  extension  to  SOAP  to  apply  security  to  Web   services   •  Provides  Message  level  security   •  Apache  Rampart  handles  WS-­‐Security  at  ESB   •  Policy  (WS-­‐SecurityPolicy)  driven  
WS-Security with WSO2 ESB... Unsecured Services
WS-Security with WSO2 ESB... Exposing Unsecured Services as Secured
WS-Security with WSO2 ESB...
WS-Security with WSO2 ESB... Exposing Secured Services as Unsecured
WS-Security with WSO2 ESB... Security Transition
Transport Level Security HTTPS Transport •  High  performance  PassThrough  Transport   Supports,   •  SSL   •  Mutual  SSL   •  SSL  Profiles    (Inbound  and  Outbound)   •  VerificaSon  of  cerSficate  revocaSon  (OCSP/CRL)   •  SSL  Tunneling    
HTTPS Transport
Mutual SSL •  Client  and  the  server  authenScaSng  each  other   •  Similar  to  SSL  but  with  the  addiSon  of  client  authenScaSon   •  Server  request  the  client  to  provide  a  cerSficate   •  Typically  used  when  extra  level  of  security  is  needed.   •  Extra  cost  involved    
Demo 1: Mutual SSL
SSL Outbound Profiles •  Allows  to  specify  different  SSL  profiles  for  different  backend  servers   •  Each  profile  has  a  separate  KeyStore  and  a  TrustStore   •  Allows  to  connect  to  different  target  servers  using  different  cerSficates  and   idenSSes    
SSL Inbound Profiles •  Allows  to  specify  different  SSL  profiles  for  different  IPs  of  Server   •  Each  profile  has  a  separate  KeyStore  and  a  TrustStore    
Verification of Certificate Revocation -­‐  A  cerSficate  has  an  expiry  Sme.   -­‐  What  if  a  cerSficate  get  revoked  before  the  expiraSon  Sme  ?     -­‐  There  should  be  a  way  to  make  those  cerSficates  untrustworthy.   •  CerSficate  RevocaSon  List  (CRL)   •  Online  CerSficate  Status  Protocol  (OCSP)    
CRL •  CerSficate  RevocaSon  List  (CRL)  is  a  list  of  cerSficates  that  have   been  revoked  by  it’s  issuer  (CA)   •  EnSSes  presenSng  those  (revoked)  cerSficates  should  no  longer  be   trusted   •  A  CRL  is  generated  and  published  periodically    
OCSP •  Online  CerSficate  Status  Protocol  offers  an  alternaSve  to  a  cerSficate  revocaSon  list   (CRL)   •  Real-­‐Sme  revocaSon  status  during  the  cerSficate  verificaSon  process    
SSL Tunneling •  If  a  proxy  service  connects  to  a  back-­‐end  server  through  a  proxy  server,  we  can   enable  SSL  Tunneling  through  the  proxy  server   •  SSL  Tunneling  prevents  any  intermediary  proxy  servers  from  interfering  with  the   communicaSon    
OAuth mediator •  Used  for  constrained  access  delegaSon.   •  The  client  has  to  get  an  OAuth  access  token  from  the  AuthorizaSon   server   •  When  a  client  sends  a  request  with  an  OAuth  token,  OAuth   mediator  will  get  the  access  token  validated  from  the  AuthorizaSon   server.     Example  configuraSon:     <oauthService  xmlns="h1p://ws.apache.org/ns/synapse"  remoteServiceUrl=" h1ps://localhost:9443/service"  username="foo"  password="bar"  />      
Entitlement mediator •  Intercepts  requests  and  evaluates  the  acSons  performed  by  the   user  against  an  eXtensible  Access  Control  Markup  Language  (XACML)  policy.   •  WSO2  IdenSty  Server  can  be  used  as  the  XACML  Policy  Decision   Point  (PDP)  where  the  policy  is  set.   •  WSO2  ESB  serves  as  the  XACML  Policy  Enforcement  Point  (PEP)   where  the  policy  is  enforced.  
Some common security patterns with WSO2 ESB AuthenScaSon   •   Direct  authenScaSon   •   Brokered  authenScaSon.     •  Protocol  transiSon   •   Trusted  subsystem  
Direct Authentication
Brokered Authentication •  Security  Token  Service  -­‐  SAML  AsserSons   •  Kerberos                 h1p://wso2.com/library/arScles/2012/07/kerberos-­‐authenScaSon-­‐using-­‐wso2-­‐products/  
Protocol Transition
Trusted Subsystem
Some common security patterns with WSO2 ESB Contd.. AuthorizaSon   •   Role  based  access  control   •   Claim  based  authorizaSon   •   Constrained  access  delegaSon  
Role based Access Control
Claim based Authorization AuthorizaSon  based  on  Claims  carried  in  SAML  token  using  EnStlement   Mediator                         h1ps://docs.wso2.org/display/ESB481/EnStlement+Mediator
Constrained Access Delegation Using OAuth Mediator https://docs.wso2.org/display/ESB481/OAuth+Mediator
Constrained Access Delegation Contd. 1.  Client  gets  registered  with  the  AuthorizaSon  server  (WSO2  IS)   2.  AuthorizaSon  server  generates  client  ID  and  client  secrete  for  the   registered  client.  
Constrained Access Delegation 3.  Client  requests  AuthorizaSon  server  for  the  OAuth  access          token  for  the  resource  providing  the  clientID  and  secret   curl  -­‐u  <Client_id>:<Client_secret>     -­‐k  -­‐d  "grant_type=<strong>password</strong>&amp;username=admin&amp;password=admin"     -­‐H  "Content-­‐Type:applicaSon/x-­‐www-­‐form-­‐urlencoded"  h1ps://localhost:9444/oauth2endpoints/token     4.  AuthorizaSon  server  will  provide  the  access  token  to  the  client   {"token_type":"bearer","expires_in":810,   "refresh_token":"8dd86285b6ccde955ce4ab65f41871cb",   "access_token":"4eb7939a6db20a0eddcd44e59badcb6"}s     5.  Client  will  send  the  access  token  in  an  AuthorizaSon  HTTP  header  to   the  resource  server  via  WSO2  ESB.     curl  -­‐H  "AuthorizaSon:Bearer  4eb7939a6db20a0eddcd44e59badcb6"  -­‐v      h1p://localhost:8282/stockquote/view/IBM     6.  OAuth  mediator  in  WSO2  ESB  does  the  access  token              verificaSon  with  the  AuthorizaSon  server  (WSO2  IS)      
Some common security patterns with WSO2 ESB Contd.. ConfidenSality   Data  encrypSon  with  WS-­‐Security     Non  RepudiaSon  +  Integrity   Data  signing  with  WS-­‐Security  
Demo 2: WS-Sec Sign and Encryption
QnA
Business  Model  
Contact  us  !  

Recommended

Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow WSO2
 
Wso2 tutorial
Wso2 tutorialWso2 tutorial
Wso2 tutorialArmando Ramirez Vila
 
Resilient Enterprise Messaging with WSO2 ESB
Resilient Enterprise Messaging with WSO2 ESBResilient Enterprise Messaging with WSO2 ESB
Resilient Enterprise Messaging with WSO2 ESBWSO2
 
Introduction to WSO2 ESB
Introduction to WSO2 ESB Introduction to WSO2 ESB
Introduction to WSO2 ESB WSO2
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB WSO2
 
WSO2-ESB - The backbone of Enterprise Integration
WSO2-ESB - The backbone of Enterprise IntegrationWSO2-ESB - The backbone of Enterprise Integration
WSO2-ESB - The backbone of Enterprise IntegrationKasun Indrasiri
 
Rest api webinar(3)
Rest api webinar(3)Rest api webinar(3)
Rest api webinar(3)WSO2
 
WSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2 ESB - The Fastest Open Source ESB with Superior Integration CapabilitiesWSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2 ESB - The Fastest Open Source ESB with Superior Integration CapabilitiesWSO2
 

Recommended

Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow Introduction to ESB Architecture and Message Flow
Introduction to ESB Architecture and Message Flow WSO2
 
Wso2 tutorial
Wso2 tutorialWso2 tutorial
Wso2 tutorialArmando Ramirez Vila
 
Resilient Enterprise Messaging with WSO2 ESB
Resilient Enterprise Messaging with WSO2 ESBResilient Enterprise Messaging with WSO2 ESB
Resilient Enterprise Messaging with WSO2 ESBWSO2
 
Introduction to WSO2 ESB
Introduction to WSO2 ESB Introduction to WSO2 ESB
Introduction to WSO2 ESB WSO2
 
Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB Restful Integration with WSO2 ESB
Restful Integration with WSO2 ESB WSO2
 
WSO2-ESB - The backbone of Enterprise Integration
WSO2-ESB - The backbone of Enterprise IntegrationWSO2-ESB - The backbone of Enterprise Integration
WSO2-ESB - The backbone of Enterprise IntegrationKasun Indrasiri
 
Rest api webinar(3)
Rest api webinar(3)Rest api webinar(3)
Rest api webinar(3)WSO2
 
WSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2 ESB - The Fastest Open Source ESB with Superior Integration CapabilitiesWSO2 ESB - The Fastest Open Source ESB with Superior Integration Capabilities
WSO2 ESB - The Fastest Open Source ESB with Superior Integration CapabilitiesWSO2
 
Reliable Messaging /Guaranteed delivery
Reliable Messaging /Guaranteed deliveryReliable Messaging /Guaranteed delivery
Reliable Messaging /Guaranteed deliveryWSO2
 
Reliable System Integration and Scaling with WSO2 Message Broker
Reliable System Integration and Scaling with WSO2 Message BrokerReliable System Integration and Scaling with WSO2 Message Broker
Reliable System Integration and Scaling with WSO2 Message BrokerWSO2
 
Implementing advanced integration patterns with WSO2 ESB
Implementing advanced integration patterns with WSO2 ESBImplementing advanced integration patterns with WSO2 ESB
Implementing advanced integration patterns with WSO2 ESBWSO2
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of IntegrationPaul Fremantle
 
CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?Daniel Kulp
 
Apache CXF - New Features
Apache CXF - New FeaturesApache CXF - New Features
Apache CXF - New FeaturesDaniel Kulp
 
Apache CXF New Directions in Integration
Apache CXF New Directions in IntegrationApache CXF New Directions in Integration
Apache CXF New Directions in IntegrationDaniel Kulp
 
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and Composition
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and CompositionWSO2Con USA 2015: Building Web Apps with Reusable UI Components and Composition
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and CompositionWSO2
 
Soap vs. rest - which is right web service protocol for your need?
Soap vs. rest - which is right web service protocol for your need?Soap vs. rest - which is right web service protocol for your need?
Soap vs. rest - which is right web service protocol for your need?Vijay Prasad Gupta
 
Understanding SOAP and REST basics and differences
Understanding SOAP and REST basics and differencesUnderstanding SOAP and REST basics and differences
Understanding SOAP and REST basics and differencesBhavendra Chavan
 
Integration Patterns with WSO2 ESB and WSO2 BPS
Integration Patterns with WSO2 ESB and WSO2 BPS Integration Patterns with WSO2 ESB and WSO2 BPS
Integration Patterns with WSO2 ESB and WSO2 BPS WSO2
 
Apache CXF Security Solutions
Apache CXF Security SolutionsApache CXF Security Solutions
Apache CXF Security SolutionsDaniel Kulp
 
Windows Communication Foundation (WCF) Service
Windows Communication Foundation (WCF) ServiceWindows Communication Foundation (WCF) Service
Windows Communication Foundation (WCF) ServiceSj Lim
 
WCF tutorial
WCF tutorialWCF tutorial
WCF tutorialAbhi Arya
 
WCF And ASMX Web Services
WCF And ASMX Web ServicesWCF And ASMX Web Services
WCF And ASMX Web ServicesManny Siddiqui MCS, MBA, PMP
 
Web api vs asp.net
Web api vs asp.netWeb api vs asp.net
Web api vs asp.netMicky S
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityPaul Fremantle
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API GatewayRakesh Gujjarlapudi
 
Jax WS JAX RS and Java Web Apps with WSO2 Platform
Jax WS JAX RS and Java Web Apps with WSO2 PlatformJax WS JAX RS and Java Web Apps with WSO2 Platform
Jax WS JAX RS and Java Web Apps with WSO2 PlatformWSO2
 
Wso2 Synergies Esb Registry
Wso2 Synergies Esb RegistryWso2 Synergies Esb Registry
Wso2 Synergies Esb RegistryWSO2
 
Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBWSO2
 

More Related Content

What's hot

Reliable Messaging /Guaranteed delivery
Reliable Messaging /Guaranteed deliveryReliable Messaging /Guaranteed delivery
Reliable Messaging /Guaranteed deliveryWSO2
 
Reliable System Integration and Scaling with WSO2 Message Broker
Reliable System Integration and Scaling with WSO2 Message BrokerReliable System Integration and Scaling with WSO2 Message Broker
Reliable System Integration and Scaling with WSO2 Message BrokerWSO2
 
Implementing advanced integration patterns with WSO2 ESB
Implementing advanced integration patterns with WSO2 ESBImplementing advanced integration patterns with WSO2 ESB
Implementing advanced integration patterns with WSO2 ESBWSO2
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of IntegrationPaul Fremantle
 
CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?Daniel Kulp
 
Apache CXF - New Features
Apache CXF - New FeaturesApache CXF - New Features
Apache CXF - New FeaturesDaniel Kulp
 
Apache CXF New Directions in Integration
Apache CXF New Directions in IntegrationApache CXF New Directions in Integration
Apache CXF New Directions in IntegrationDaniel Kulp
 
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and Composition
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and CompositionWSO2Con USA 2015: Building Web Apps with Reusable UI Components and Composition
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and CompositionWSO2
 
Soap vs. rest - which is right web service protocol for your need?
Soap vs. rest - which is right web service protocol for your need?Soap vs. rest - which is right web service protocol for your need?
Soap vs. rest - which is right web service protocol for your need?Vijay Prasad Gupta
 
Understanding SOAP and REST basics and differences
Understanding SOAP and REST basics and differencesUnderstanding SOAP and REST basics and differences
Understanding SOAP and REST basics and differencesBhavendra Chavan
 
Integration Patterns with WSO2 ESB and WSO2 BPS
Integration Patterns with WSO2 ESB and WSO2 BPS Integration Patterns with WSO2 ESB and WSO2 BPS
Integration Patterns with WSO2 ESB and WSO2 BPS WSO2
 
Apache CXF Security Solutions
Apache CXF Security SolutionsApache CXF Security Solutions
Apache CXF Security SolutionsDaniel Kulp
 
Windows Communication Foundation (WCF) Service
Windows Communication Foundation (WCF) ServiceWindows Communication Foundation (WCF) Service
Windows Communication Foundation (WCF) ServiceSj Lim
 
WCF tutorial
WCF tutorialWCF tutorial
WCF tutorialAbhi Arya
 
Web api vs asp.net
Web api vs asp.netWeb api vs asp.net
Web api vs asp.netMicky S
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityPaul Fremantle
 
Jax WS JAX RS and Java Web Apps with WSO2 Platform
Jax WS JAX RS and Java Web Apps with WSO2 PlatformJax WS JAX RS and Java Web Apps with WSO2 Platform
Jax WS JAX RS and Java Web Apps with WSO2 PlatformWSO2
 
Wso2 Synergies Esb Registry
Wso2 Synergies Esb RegistryWso2 Synergies Esb Registry
Wso2 Synergies Esb RegistryWSO2
 

What's hot (20)

Reliable Messaging /Guaranteed delivery
Reliable Messaging /Guaranteed deliveryReliable Messaging /Guaranteed delivery
Reliable Messaging /Guaranteed delivery
 
Reliable System Integration and Scaling with WSO2 Message Broker
Reliable System Integration and Scaling with WSO2 Message BrokerReliable System Integration and Scaling with WSO2 Message Broker
Reliable System Integration and Scaling with WSO2 Message Broker
 
Implementing advanced integration patterns with WSO2 ESB
Implementing advanced integration patterns with WSO2 ESBImplementing advanced integration patterns with WSO2 ESB
Implementing advanced integration patterns with WSO2 ESB
 
The Evolution of Integration
The Evolution of IntegrationThe Evolution of Integration
The Evolution of Integration
 
CXF 3.0, What's new?
CXF 3.0, What's new?CXF 3.0, What's new?
CXF 3.0, What's new?
 
Apache CXF - New Features
Apache CXF - New FeaturesApache CXF - New Features
Apache CXF - New Features
 
Apache CXF New Directions in Integration
Apache CXF New Directions in IntegrationApache CXF New Directions in Integration
Apache CXF New Directions in Integration
 
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and Composition
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and CompositionWSO2Con USA 2015: Building Web Apps with Reusable UI Components and Composition
WSO2Con USA 2015: Building Web Apps with Reusable UI Components and Composition
 
Soap vs. rest - which is right web service protocol for your need?
Soap vs. rest - which is right web service protocol for your need?Soap vs. rest - which is right web service protocol for your need?
Soap vs. rest - which is right web service protocol for your need?
 
Understanding SOAP and REST basics and differences
Understanding SOAP and REST basics and differencesUnderstanding SOAP and REST basics and differences
Understanding SOAP and REST basics and differences
 
Integration Patterns with WSO2 ESB and WSO2 BPS
Integration Patterns with WSO2 ESB and WSO2 BPS Integration Patterns with WSO2 ESB and WSO2 BPS
Integration Patterns with WSO2 ESB and WSO2 BPS
 
Apache CXF Security Solutions
Apache CXF Security SolutionsApache CXF Security Solutions
Apache CXF Security Solutions
 
Windows Communication Foundation (WCF) Service
Windows Communication Foundation (WCF) ServiceWindows Communication Foundation (WCF) Service
Windows Communication Foundation (WCF) Service
 
WCF tutorial
WCF tutorialWCF tutorial
WCF tutorial
 
WCF And ASMX Web Services
WCF And ASMX Web ServicesWCF And ASMX Web Services
WCF And ASMX Web Services
 
Web api vs asp.net
Web api vs asp.netWeb api vs asp.net
Web api vs asp.net
 
Stratos and PaaS for London Java Community
Stratos and PaaS for London Java CommunityStratos and PaaS for London Java Community
Stratos and PaaS for London Java Community
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API Gateway
 
Jax WS JAX RS and Java Web Apps with WSO2 Platform
Jax WS JAX RS and Java Web Apps with WSO2 PlatformJax WS JAX RS and Java Web Apps with WSO2 Platform
Jax WS JAX RS and Java Web Apps with WSO2 Platform
 
Wso2 Synergies Esb Registry
Wso2 Synergies Esb RegistryWso2 Synergies Esb Registry
Wso2 Synergies Esb Registry
 

Viewers also liked

Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBWSO2
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBWSO2
 
Learn with WSO2 - API Security
Learn with WSO2 - API Security Learn with WSO2 - API Security
Learn with WSO2 - API Security WSO2
 
Implementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformImplementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformWSO2
 
Authorization Enterprise Design Pattern
Authorization Enterprise Design PatternAuthorization Enterprise Design Pattern
Authorization Enterprise Design PatternNick Bogden
 
Extended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformExtended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformWSO2
 
WSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementWSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementEdgar Silva
 
Advance operator and technique in genetic algorithm
Advance operator and technique in genetic algorithmAdvance operator and technique in genetic algorithm
Advance operator and technique in genetic algorithmHarshana Madusanka Jayamaha
 
ESB and SOA
ESB and SOAESB and SOA
ESB and SOAWSO2
 
WSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2
 
Wso2 esb-maintenance-guide
Wso2 esb-maintenance-guideWso2 esb-maintenance-guide
Wso2 esb-maintenance-guideChanaka Fernando
 
API designing with WSO2 API Manager
API designing with WSO2 API ManagerAPI designing with WSO2 API Manager
API designing with WSO2 API ManagerWSO2
 
WSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
WSO2Con USA 2017: Analytics Patterns for Your Digital EnterpriseWSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
WSO2Con USA 2017: Analytics Patterns for Your Digital EnterpriseWSO2
 
WSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
WSO2Con ASIA 2016: WSO2 Integration Platform Deep DiveWSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
WSO2Con ASIA 2016: WSO2 Integration Platform Deep DiveWSO2
 
Wso2 esb 5.0.0 product release webinar
Wso2 esb 5.0.0 product release webinarWso2 esb 5.0.0 product release webinar
Wso2 esb 5.0.0 product release webinarChanaka Fernando
 

Viewers also liked (20)

Security Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESBSecurity Patterns with the WSO2 ESB
Security Patterns with the WSO2 ESB
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESB
 
Learn with WSO2 - API Security
Learn with WSO2 - API Security Learn with WSO2 - API Security
Learn with WSO2 - API Security
 
Implementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformImplementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management Platform
 
Authorization Enterprise Design Pattern
Authorization Enterprise Design PatternAuthorization Enterprise Design Pattern
Authorization Enterprise Design Pattern
 
Extended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformExtended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management Platform
 
WSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementWSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API Management
 
Clipping ( Cohen-Sutherland Algorithm )
Clipping ( Cohen-Sutherland Algorithm )Clipping ( Cohen-Sutherland Algorithm )
Clipping ( Cohen-Sutherland Algorithm )
 
Advance operator and technique in genetic algorithm
Advance operator and technique in genetic algorithmAdvance operator and technique in genetic algorithm
Advance operator and technique in genetic algorithm
 
ESB and SOA
ESB and SOAESB and SOA
ESB and SOA
 
Artificial Neural Network Topology
Artificial Neural Network TopologyArtificial Neural Network Topology
Artificial Neural Network Topology
 
Distributed System - Security
Distributed System - SecurityDistributed System - Security
Distributed System - Security
 
WSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery Channel
 
Wso2 esb-maintenance-guide
Wso2 esb-maintenance-guideWso2 esb-maintenance-guide
Wso2 esb-maintenance-guide
 
API designing with WSO2 API Manager
API designing with WSO2 API ManagerAPI designing with WSO2 API Manager
API designing with WSO2 API Manager
 
WSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
WSO2Con USA 2017: Analytics Patterns for Your Digital EnterpriseWSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
WSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
 
WSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
WSO2Con ASIA 2016: WSO2 Integration Platform Deep DiveWSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
WSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
 
Wso2 esb-rest-integration
Wso2 esb-rest-integrationWso2 esb-rest-integration
Wso2 esb-rest-integration
 
Wso2 esb 5.0.0 product release webinar
Wso2 esb 5.0.0 product release webinarWso2 esb 5.0.0 product release webinar
Wso2 esb 5.0.0 product release webinar
 
Operating system critical section
Operating system critical sectionOperating system critical section
Operating system critical section
 

Similar to Security Patterns with WSO2 ESB

Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscapeSagara Gunathunga
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Hybrid integration platform reference architecture
Hybrid integration platform reference architectureHybrid integration platform reference architecture
Hybrid integration platform reference architectureChanaka Fernando
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSZlatan Dzinic
 
Day 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS CloudDay 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS CloudAmazon Web Services
 
Exploring the WSO2 ESB 4.7
Exploring the WSO2 ESB 4.7 Exploring the WSO2 ESB 4.7
Exploring the WSO2 ESB 4.7 WSO2
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 PlatformWSO2
 
DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2Pratik Khasnabis
 
Skype for business mobility
Skype for business mobilitySkype for business mobility
Skype for business mobilityFabrizio Volpe
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXCisco Canada
 

Similar to Security Patterns with WSO2 ESB (20)

Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measures
 
ieeehs042204d
ieeehs042204dieeehs042204d
ieeehs042204d
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
Microservices Security landscape
Microservices Security landscapeMicroservices Security landscape
Microservices Security landscape
 
OpenSSO Tech Overview Aquarium
OpenSSO Tech Overview AquariumOpenSSO Tech Overview Aquarium
OpenSSO Tech Overview Aquarium
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Aws landing zone. journey to the cloud
Aws landing zone. journey to the cloudAws landing zone. journey to the cloud
Aws landing zone. journey to the cloud
 
Hybrid integration platform reference architecture
Hybrid integration platform reference architectureHybrid integration platform reference architecture
Hybrid integration platform reference architecture
 
Security Avalanche
Security AvalancheSecurity Avalanche
Security Avalanche
 
Framework WSo2 orientato ai servizi
Framework WSo2 orientato ai serviziFramework WSo2 orientato ai servizi
Framework WSo2 orientato ai servizi
 
Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWS
 
Day 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS CloudDay 4 - Securing Your Business on the AWS Cloud
Day 4 - Securing Your Business on the AWS Cloud
 
Exploring the WSO2 ESB 4.7
Exploring the WSO2 ESB 4.7 Exploring the WSO2 ESB 4.7
Exploring the WSO2 ESB 4.7
 
Introducing the WSO2 Platform
Introducing the WSO2 PlatformIntroducing the WSO2 Platform
Introducing the WSO2 Platform
 
DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2
 
Skype for business mobility
Skype for business mobilitySkype for business mobility
Skype for business mobility
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Deploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CXDeploying Next Generation Firewalling with ASA - CX
Deploying Next Generation Firewalling with ASA - CX
 

More from WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

More from WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Security Patterns with WSO2 ESB

  • 1. May. 2014 Senior  So(ware  Engineer   Isuru  Udana   Security  Pa1erns  with   WSO2  ESB   Jeewantha  Dharmaparakrama   So(ware  Engineer        
  • 2. About the Presenters ๏  Jeewantha  Dharmaparakrama                      So?ware  Engineer  WSO2                  jeewantha@wso2.com       ๏  Isuru  Udana                Senior  So?ware  Engineer  WSO2                isuruu@wso2.com    
  • 3. About  WSO2   ๏  Global  enterprise,  founded  in  2005  by   acknowledged  leaders  in  XML,  web   services    technologies,  standards    and   open  source   ๏  Provides  only  open  source  plaKorm-­‐as-­‐ a-­‐service  for  private,  public  and  hybrid   cloud  deployments   ๏  All  WSO2  products  are  100%  open   source  and  released  under  the  Apache   License  Version  2.0.   ๏  Is  an  AcSve  Member  of  OASIS,  Cloud   Security  Alliance,  OSGi  Alliance,  AMQP   Working  Group,  OpenID  FoundaSon   and  W3C.   ๏  Driven  by  InnovaSon   ๏  Launched  first  open  source  API   Management  soluSon  in  2012   ๏  Launched  App  Factory  in  2Q  2013   ๏  Launched  Enterprise  Store  and   first  open  source  Mobile  soluSon   in  4Q  2013  
  • 5. Outline •  Security  with  WSO2  ESB   •  WS-­‐Security   •  Transport  Level  Security   •  OAuth  and  EnStlement   •  Some  of  the  commonly  used  Security  Pa1erns  in  SOA   •  AuthenScaSon  pa1erns   •  AuthorizaSon  pa1erns   •  Data  ConfidenSality   •  Data  integrity  and  non  repudiaSon   •  QnA  
  • 6. Security Requirements •  AuthenScaSon     •  AuthorizaSon   •  ConfidenSality   •  Integrity     •  Non  repudiaSon   •  Availability    
  • 7. WSO2 ESB •  A  lightweight,  high  performance  ESB   •  Feature  rich  and  standards  compliant   •  SOAP  and  WS-­‐*  standards   •  REST  support   •  Domain  specific  protocol  support  (eg:  FIX,  HL7)   •  User  friendly  and  highly  extensible   •  100%  free  and  open  source  with  commercial  support        
  • 8. Security with WSO2 ESB •  WS-­‐Security   •  Transport  Level  Security   •  OAuth  and  EnStlement  
  • 9. WS-Security with WSO2 ESB •  WS  Security  is  an  extension  to  SOAP  to  apply  security  to  Web   services   •  Provides  Message  level  security   •  Apache  Rampart  handles  WS-­‐Security  at  ESB   •  Policy  (WS-­‐SecurityPolicy)  driven  
  • 10. WS-Security with WSO2 ESB... Unsecured Services
  • 11. WS-Security with WSO2 ESB... Exposing Unsecured Services as Secured
  • 13. WS-Security with WSO2 ESB... Exposing Secured Services as Unsecured
  • 14. WS-Security with WSO2 ESB... Security Transition
  • 15. Transport Level Security HTTPS Transport •  High  performance  PassThrough  Transport   Supports,   •  SSL   •  Mutual  SSL   •  SSL  Profiles    (Inbound  and  Outbound)   •  VerificaSon  of  cerSficate  revocaSon  (OCSP/CRL)   •  SSL  Tunneling    
  • 17. Mutual SSL •  Client  and  the  server  authenScaSng  each  other   •  Similar  to  SSL  but  with  the  addiSon  of  client  authenScaSon   •  Server  request  the  client  to  provide  a  cerSficate   •  Typically  used  when  extra  level  of  security  is  needed.   •  Extra  cost  involved    
  • 19. SSL Outbound Profiles •  Allows  to  specify  different  SSL  profiles  for  different  backend  servers   •  Each  profile  has  a  separate  KeyStore  and  a  TrustStore   •  Allows  to  connect  to  different  target  servers  using  different  cerSficates  and   idenSSes    
  • 20. SSL Inbound Profiles •  Allows  to  specify  different  SSL  profiles  for  different  IPs  of  Server   •  Each  profile  has  a  separate  KeyStore  and  a  TrustStore    
  • 21. Verification of Certificate Revocation -­‐  A  cerSficate  has  an  expiry  Sme.   -­‐  What  if  a  cerSficate  get  revoked  before  the  expiraSon  Sme  ?     -­‐  There  should  be  a  way  to  make  those  cerSficates  untrustworthy.   •  CerSficate  RevocaSon  List  (CRL)   •  Online  CerSficate  Status  Protocol  (OCSP)    
  • 22. CRL •  CerSficate  RevocaSon  List  (CRL)  is  a  list  of  cerSficates  that  have   been  revoked  by  it’s  issuer  (CA)   •  EnSSes  presenSng  those  (revoked)  cerSficates  should  no  longer  be   trusted   •  A  CRL  is  generated  and  published  periodically    
  • 23. OCSP •  Online  CerSficate  Status  Protocol  offers  an  alternaSve  to  a  cerSficate  revocaSon  list   (CRL)   •  Real-­‐Sme  revocaSon  status  during  the  cerSficate  verificaSon  process    
  • 24. SSL Tunneling •  If  a  proxy  service  connects  to  a  back-­‐end  server  through  a  proxy  server,  we  can   enable  SSL  Tunneling  through  the  proxy  server   •  SSL  Tunneling  prevents  any  intermediary  proxy  servers  from  interfering  with  the   communicaSon    
  • 25. OAuth mediator •  Used  for  constrained  access  delegaSon.   •  The  client  has  to  get  an  OAuth  access  token  from  the  AuthorizaSon   server   •  When  a  client  sends  a  request  with  an  OAuth  token,  OAuth   mediator  will  get  the  access  token  validated  from  the  AuthorizaSon   server.     Example  configuraSon:     <oauthService  xmlns="h1p://ws.apache.org/ns/synapse"  remoteServiceUrl=" h1ps://localhost:9443/service"  username="foo"  password="bar"  />      
  • 26. Entitlement mediator •  Intercepts  requests  and  evaluates  the  acSons  performed  by  the   user  against  an  eXtensible  Access  Control  Markup  Language  (XACML)  policy.   •  WSO2  IdenSty  Server  can  be  used  as  the  XACML  Policy  Decision   Point  (PDP)  where  the  policy  is  set.   •  WSO2  ESB  serves  as  the  XACML  Policy  Enforcement  Point  (PEP)   where  the  policy  is  enforced.  
  • 27. Some common security patterns with WSO2 ESB AuthenScaSon   •   Direct  authenScaSon   •   Brokered  authenScaSon.     •  Protocol  transiSon   •   Trusted  subsystem  
  • 29. Brokered Authentication •  Security  Token  Service  -­‐  SAML  AsserSons   •  Kerberos                 h1p://wso2.com/library/arScles/2012/07/kerberos-­‐authenScaSon-­‐using-­‐wso2-­‐products/  
  • 32. Some common security patterns with WSO2 ESB Contd.. AuthorizaSon   •   Role  based  access  control   •   Claim  based  authorizaSon   •   Constrained  access  delegaSon  
  • 33. Role based Access Control
  • 34. Claim based Authorization AuthorizaSon  based  on  Claims  carried  in  SAML  token  using  EnStlement   Mediator                         h1ps://docs.wso2.org/display/ESB481/EnStlement+Mediator
  • 35. Constrained Access Delegation Using OAuth Mediator https://docs.wso2.org/display/ESB481/OAuth+Mediator
  • 36. Constrained Access Delegation Contd. 1.  Client  gets  registered  with  the  AuthorizaSon  server  (WSO2  IS)   2.  AuthorizaSon  server  generates  client  ID  and  client  secrete  for  the   registered  client.  
  • 37. Constrained Access Delegation 3.  Client  requests  AuthorizaSon  server  for  the  OAuth  access          token  for  the  resource  providing  the  clientID  and  secret   curl  -­‐u  <Client_id>:<Client_secret>     -­‐k  -­‐d  "grant_type=<strong>password</strong>&amp;username=admin&amp;password=admin"     -­‐H  "Content-­‐Type:applicaSon/x-­‐www-­‐form-­‐urlencoded"  h1ps://localhost:9444/oauth2endpoints/token     4.  AuthorizaSon  server  will  provide  the  access  token  to  the  client   {"token_type":"bearer","expires_in":810,   "refresh_token":"8dd86285b6ccde955ce4ab65f41871cb",   "access_token":"4eb7939a6db20a0eddcd44e59badcb6"}s     5.  Client  will  send  the  access  token  in  an  AuthorizaSon  HTTP  header  to   the  resource  server  via  WSO2  ESB.     curl  -­‐H  "AuthorizaSon:Bearer  4eb7939a6db20a0eddcd44e59badcb6"  -­‐v      h1p://localhost:8282/stockquote/view/IBM     6.  OAuth  mediator  in  WSO2  ESB  does  the  access  token              verificaSon  with  the  AuthorizaSon  server  (WSO2  IS)      
  • 38. Some common security patterns with WSO2 ESB Contd.. ConfidenSality   Data  encrypSon  with  WS-­‐Security     Non  RepudiaSon  +  Integrity   Data  signing  with  WS-­‐Security  
  • 39. Demo 2: WS-Sec Sign and Encryption
  • 40. QnA