Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Wilma - Lesson 3. Securing a REST API

614 views

Published on

PEP Proxy Wilma GE. Lesson 3. Securing a REST API

Álvaro Alonso
UPM-DIT. Security Chapter

Video at https://edu.fiware.org/course/view.php?id=131

FIWARE Academy
https://edu.fiware.org

http://fiware.org

Published in: Engineering
  • Be the first to comment

Wilma - Lesson 3. Securing a REST API

  1. 1. PEP Proxy - Wilma GE Lesson 3 - Securing a REST API Álvaro Alonso. UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso
  2. 2. Contents • Checking Authentication • Checking Basic Authorization • Checking Advanced Authorization
  3. 3. Main concepts • Authentication – Check if a user is a registered user • Basic Authorization – Check if a user has permissions to access a resource – HTTP verb + resource path • Advanced Authorization – Check if a user has permissions to access a resource – Custom XACML policies
  4. 4. Main concepts - Authentication Backend Service REST API HTTP request + TOKEN Wilma User Keyrock GE TOKEN OK + user info
  5. 5. Main concepts – Basic Authorization Backend Service REST API HTTP request + TOKEN Wilma User Keyrock GE AutZForce GE
  6. 6. Main concepts – Advanced Authorization Backend Service REST API HTTP request + TOKEN Wilma * User Keyrock GE AutZForce GE
  7. 7. Guidelines • Requests to Wilma $ curl --header "X-Auth-Token:z2zXk...ANOXvZrmvxvSg" http://proxy_host
  8. 8. Documentation • XACML 3.0 – http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec- os-en.html • AuthZForce GE – http://catalogue.fiware.org/enablers/authorization-pdp- authzforce/documentation
  9. 9. PEP Proxy - Wilma GE Lesson 3 - Securing a REST API Álvaro Alonso. UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

×