SlideShare a Scribd company logo

The lazy programmer`s way to secure application

Download as PPTX, PDF
L
Lev Maltsev

Security is a complex part of software development. And usually implementing it in our applications we met with these simple but tricky challenges: build secure and user-friendly registration and authentication flow, protect data, prevent unauthorized access. All of this cost a lot of development effort. But why we need to start developing it each time from scratch? You can assign this task to identity and access management solutions. Join this talk, to find out, how to less than in hour get production ready authentication flow, login and registration forms, Single-Sign-On and separate storage for user data. Learn about the box solutions we have nowadays. Real cases of usage, cons and pros of this approach.

Technology
1 of 22
The lazy programmer`s way to secure application Lev Maltsev JEEConf 2019
• 8+ years in software development • Companies: Credit Europe Bank NL EPAM • Technologies: Java, SQL, Spring, JPA, JMS, JS L E V M A LT S E V 2 LEAD DEVELOPER, EPAM
AGENDA W H Y W E A R E H E R E ? A R C H I T E C T U R E O V E R V I E W D E M O B O X S O L U T I O N S S U M M A R Y Q A & L I N K S 3
WHAT PROBLEM WE WANT TO SOLVE? 4
Identity management, also known as identity and access management (IAM) is a discipline that "enables the right individuals to access the right resources at the right times and for the right reasons" 5
End user motivations • Let me in • Recognize me • Protect my data 6
Business goals • Security: Authentication & authorization mechanism, TFA, Federation • Cloud & microservices friendly • Profile data reporting • Easy integration of new clients, SSO, Social login • General Data Protection Regulation adapted • Fast time-to-market 7
Project overview 8
SOLUTION 9
Hight Level Solution Diagram 10 Website Mobile app Partner website User SSO IDP openrestricted Access Management Multi-factor authentication Customer storage Service secured External Services Identity Management Console
Keycloak 11 • Centralized User management • Flexible Authentication & Authorization • Single Sign-on & Social login • Open source https://www.keycloak.org/index.html
Single Sign On 12 SSO is an umbrella term for any time a user can login to multiple applications while only authenticating once. • One credentials per multiply services • Shared user identity across different resources • Centralized set of access privileges
Federated identity. Protocols 13 Federated identity is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. Protocols: SAML 2.0 Xml More mature More complex Open ID Connect / OAuth 2 Json Simple Bearer token
JSON Web Tokens JWT 14 A JSON Web Token (JWT) is a JSON object that is defined in RFC 7519 as a safe way to represent a set of information between two parties. The token is composed of a header, a payload, and a signature.
DEMO 15
SAAS SOLUTIONS 16
Key Features • Hosted on vendor side • Support • Administration console • UI builder for Auth related elements on your web pages/apps • Reporting functionality • Consent management • REST API • Various SDK • Social networks integration
SUMMARY 18
Tasty things • Significantly reduce of development effort • Security outsourcing • Unify security approach • OOTB features 19
Before you dive in this • Costs • Hard to integrate with legacy systems • Customizable, but some extras are not possible at all • Sometimes works not as expected • Hard to move from one solution to another 20
Q&A
Thank you and good luck • https://en.wikipedia.org/wiki/Identity_management • https://www.keycloak.org/ • Customer IAM Whiteboard: https://www.youtube.com/watch?v=ora2c5TlKOY • https://www.pingidentity.com/en/company/blog/2017/08/22/part_2_the_value_that_only_ciam_can_deliver.html • https://www.janrain.com/resources/industry-research/forrester-wavetm-customer-identity-and-access-management-q2-2017 • https://manage.auth0.com/#/applications/EFS5r4jqiOuD4GjeIYw07092AbvNuHUj/quickstart • https://jwt.io/

Recommended

Trust, Blockchains, and Self-Soveriegn Identity
Trust, Blockchains, and Self-Soveriegn IdentityTrust, Blockchains, and Self-Soveriegn Identity
Trust, Blockchains, and Self-Soveriegn IdentityPhil Windley
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Gluu
 
Pimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersPimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersForgeRock
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaSDrew Koenig
 
Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Systems, Inc.
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...ForgeRock
 

Recommended

Trust, Blockchains, and Self-Soveriegn Identity
Trust, Blockchains, and Self-Soveriegn IdentityTrust, Blockchains, and Self-Soveriegn Identity
Trust, Blockchains, and Self-Soveriegn IdentityPhil Windley
 
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...
WSO2Con USA 2017: Identity and Access Management in the Era of Digital Transf...WSO2
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Shibboleth identity provider (idp) what it is, and why you should consider a ...
Shibboleth identity provider (idp) what it is, and why you should consider a ...Gluu
 
Pimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersPimping the ForgeRock Identity Platform for a Billion Users
Pimping the ForgeRock Identity Platform for a Billion UsersForgeRock
 
IdM vs. IDaaS
IdM vs. IDaaSIdM vs. IDaaS
IdM vs. IDaaSDrew Koenig
 
Hitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Privileged Access Manager
Hitachi ID Privileged Access ManagerHitachi ID Systems, Inc.
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...ForgeRock
 
SWXG 2010.6.9 v2
SWXG 2010.6.9 v2SWXG 2010.6.9 v2
SWXG 2010.6.9 v2Paul Trevithick
 
Identity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationIdentity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationUthaiyashankar
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingForgeRock
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ONShambhavi Sahay
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
The New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT EraThe New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT EraForgeRock
 
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...ForgeRock
 
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Eve Maler
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Jonathan Schultz
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSOAjit Dadresa
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect DesignRajat Jain
 
Single sign on
Single sign onSingle sign on
Single sign onguest64ab8e
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
Lynn Fy07 Q4 Msdn Events Copy
Lynn Fy07 Q4 Msdn Events CopyLynn Fy07 Q4 Msdn Events Copy
Lynn Fy07 Q4 Msdn Events Copyllangit
 
eMAS Indentity and Access Management
eMAS Indentity and Access ManagementeMAS Indentity and Access Management
eMAS Indentity and Access ManagementKalyana Sundaram
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM ReconciliationAidy Tificate
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 

More Related Content

What's hot

Identity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationIdentity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationUthaiyashankar
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialVMware Tanzu
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
The New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT EraThe New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT EraForgeRock
 
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...ForgeRock
 
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Eve Maler
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum
 
Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Jonathan Schultz
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSOAjit Dadresa
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect DesignRajat Jain
 
Lynn Fy07 Q4 Msdn Events Copy
Lynn Fy07 Q4 Msdn Events CopyLynn Fy07 Q4 Msdn Events Copy
Lynn Fy07 Q4 Msdn Events Copyllangit
 
eMAS Indentity and Access Management
eMAS Indentity and Access ManagementeMAS Indentity and Access Management
eMAS Indentity and Access ManagementKalyana Sundaram
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionCA API Management
 

What's hot (20)

SWXG 2010.6.9 v2
SWXG 2010.6.9 v2SWXG 2010.6.9 v2
SWXG 2010.6.9 v2
 
Identity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationIdentity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital Transformation
 
Cloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony FinancialCloud Native Journey in Synchrony Financial
Cloud Native Journey in Synchrony Financial
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management Introduction
 
Identity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael DowlingIdentity Live Sydney 2017 - Michael Dowling
Identity Live Sydney 2017 - Michael Dowling
 
SINGLE SIGN-ON
SINGLE SIGN-ONSINGLE SIGN-ON
SINGLE SIGN-ON
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
The New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT EraThe New Venn of Access Control in the API-Mobile-IOT Era
The New Venn of Access Control in the API-Mobile-IOT Era
 
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
Sydney Identity Summit: Compound Eye: An Approach To A National Identity Ecos...
 
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
Consumerizing Industrial IoT Access Control: Using UMA to Add Privacy and Usa...
 
Evolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access managementEvolveum: All you need to know about identity & access management
Evolveum: All you need to know about identity & access management
 
Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010Claims Based Authentication in SharePoint 2010
Claims Based Authentication in SharePoint 2010
 
Single sign on - SSO
Single sign on - SSOSingle sign on - SSO
Single sign on - SSO
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect Design
 
Single sign on
Single sign onSingle sign on
Single sign on
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Lynn Fy07 Q4 Msdn Events Copy
Lynn Fy07 Q4 Msdn Events CopyLynn Fy07 Q4 Msdn Events Copy
Lynn Fy07 Q4 Msdn Events Copy
 
eMAS Indentity and Access Management
eMAS Indentity and Access ManagementeMAS Indentity and Access Management
eMAS Indentity and Access Management
 
Identity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT MissionIdentity Management for the 21st Century IT Mission
Identity Management for the 21st Century IT Mission
 
IDM Reconciliation
IDM ReconciliationIDM Reconciliation
IDM Reconciliation
 

Similar to The lazy programmer`s way to secure application

JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...Paris Open Source Summit
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NGWorteks
 
RSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud IdentityRSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud IdentityMike Schwartz
 
The Role of Data Virtualization in an API Economy
The Role of Data Virtualization in an API EconomyThe Role of Data Virtualization in an API Economy
The Role of Data Virtualization in an API EconomyDenodo
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementManish Harsh
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptmamathajagarlamudi2
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Andrew Hughes
 
Logincat MFA and SSO
Logincat MFA and SSOLogincat MFA and SSO
Logincat MFA and SSORohit Kapoor
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
GWAVACon 2015: GWAVA + COC AG Solution Development
GWAVACon 2015: GWAVA + COC AG Solution DevelopmentGWAVACon 2015: GWAVA + COC AG Solution Development
GWAVACon 2015: GWAVA + COC AG Solution DevelopmentGWAVA
 
CIS14: Identity at Scale: Next Gen Federation Architectures
CIS14: Identity at Scale: Next Gen Federation ArchitecturesCIS14: Identity at Scale: Next Gen Federation Architectures
CIS14: Identity at Scale: Next Gen Federation ArchitecturesCloudIDSummit
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONInfosec Train
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
Openstack identity protocols unconference
Openstack identity protocols unconferenceOpenstack identity protocols unconference
Openstack identity protocols unconferenceDavid Waite
 

Similar to The lazy programmer`s way to secure application (20)

JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...
 
Hitachi ID Identity Manager
Hitachi ID Identity ManagerHitachi ID Identity Manager
Hitachi ID Identity Manager
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...
 
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG
 
RSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud IdentityRSA Europe: Future of Cloud Identity
RSA Europe: Future of Cloud Identity
 
The Role of Data Virtualization in an API Economy
The Role of Data Virtualization in an API EconomyThe Role of Data Virtualization in an API Economy
The Role of Data Virtualization in an API Economy
 
Single Sign On 101
Single Sign On 101Single Sign On 101
Single Sign On 101
 
SSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy ManagementSSO IN/With Drupal and Identitiy Management
SSO IN/With Drupal and Identitiy Management
 
Identity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.pptIdentity_and_Access_Management_Overview.ppt
Identity_and_Access_Management_Overview.ppt
 
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
Digital Identity Landscape for Vancouver IAM Meetup 2017 12-19
 
Logincat MFA and SSO
Logincat MFA and SSOLogincat MFA and SSO
Logincat MFA and SSO
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
GWAVACon 2015: GWAVA + COC AG Solution Development
GWAVACon 2015: GWAVA + COC AG Solution DevelopmentGWAVACon 2015: GWAVA + COC AG Solution Development
GWAVACon 2015: GWAVA + COC AG Solution Development
 
Codemash-2017
Codemash-2017Codemash-2017
Codemash-2017
 
CIS14: Identity at Scale: Next Gen Federation Architectures
CIS14: Identity at Scale: Next Gen Federation ArchitecturesCIS14: Identity at Scale: Next Gen Federation Architectures
CIS14: Identity at Scale: Next Gen Federation Architectures
 
TOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTIONTOP SAILPOINT INTERVIEW QUESTION
TOP SAILPOINT INTERVIEW QUESTION
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
Openstack identity protocols unconference
Openstack identity protocols unconferenceOpenstack identity protocols unconference
Openstack identity protocols unconference
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

The lazy programmer`s way to secure application

  • 1. The lazy programmer`s way to secure application Lev Maltsev JEEConf 2019
  • 2. • 8+ years in software development • Companies: Credit Europe Bank NL EPAM • Technologies: Java, SQL, Spring, JPA, JMS, JS L E V M A LT S E V 2 LEAD DEVELOPER, EPAM
  • 3. AGENDA W H Y W E A R E H E R E ? A R C H I T E C T U R E O V E R V I E W D E M O B O X S O L U T I O N S S U M M A R Y Q A & L I N K S 3
  • 4. WHAT PROBLEM WE WANT TO SOLVE? 4
  • 5. Identity management, also known as identity and access management (IAM) is a discipline that "enables the right individuals to access the right resources at the right times and for the right reasons" 5
  • 6. End user motivations • Let me in • Recognize me • Protect my data 6
  • 7. Business goals • Security: Authentication & authorization mechanism, TFA, Federation • Cloud & microservices friendly • Profile data reporting • Easy integration of new clients, SSO, Social login • General Data Protection Regulation adapted • Fast time-to-market 7
  • 10. Hight Level Solution Diagram 10 Website Mobile app Partner website User SSO IDP openrestricted Access Management Multi-factor authentication Customer storage Service secured External Services Identity Management Console
  • 11. Keycloak 11 • Centralized User management • Flexible Authentication & Authorization • Single Sign-on & Social login • Open source https://www.keycloak.org/index.html
  • 12. Single Sign On 12 SSO is an umbrella term for any time a user can login to multiple applications while only authenticating once. • One credentials per multiply services • Shared user identity across different resources • Centralized set of access privileges
  • 13. Federated identity. Protocols 13 Federated identity is the means of linking a person's electronic identity and attributes, stored across multiple distinct identity management systems. Protocols: SAML 2.0 Xml More mature More complex Open ID Connect / OAuth 2 Json Simple Bearer token
  • 14. JSON Web Tokens JWT 14 A JSON Web Token (JWT) is a JSON object that is defined in RFC 7519 as a safe way to represent a set of information between two parties. The token is composed of a header, a payload, and a signature.
  • 17. Key Features • Hosted on vendor side • Support • Administration console • UI builder for Auth related elements on your web pages/apps • Reporting functionality • Consent management • REST API • Various SDK • Social networks integration
  • 19. Tasty things • Significantly reduce of development effort • Security outsourcing • Unify security approach • OOTB features 19
  • 20. Before you dive in this • Costs • Hard to integrate with legacy systems • Customizable, but some extras are not possible at all • Sometimes works not as expected • Hard to move from one solution to another 20
  • 21. Q&A
  • 22. Thank you and good luck • https://en.wikipedia.org/wiki/Identity_management • https://www.keycloak.org/ • Customer IAM Whiteboard: https://www.youtube.com/watch?v=ora2c5TlKOY • https://www.pingidentity.com/en/company/blog/2017/08/22/part_2_the_value_that_only_ciam_can_deliver.html • https://www.janrain.com/resources/industry-research/forrester-wavetm-customer-identity-and-access-management-q2-2017 • https://manage.auth0.com/#/applications/EFS5r4jqiOuD4GjeIYw07092AbvNuHUj/quickstart • https://jwt.io/