Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Basic 
Security 
Concepts 
essential 
for 
all 
Architects 
It is quite shame that a number Industry professionals includi...
Upcoming SlideShare
Loading in …5
×

Basic security concepts essential for all architects

442 views

Published on

Basic security concepts essential for all architects

Published in: Business
  • Be the first to comment

  • Be the first to like this

Basic security concepts essential for all architects

  1. 1. Basic Security Concepts essential for all Architects It is quite shame that a number Industry professionals including a large number of architects don't understand the difference between identity, Authentication and authorisation. Allow me to describe it very simple way - Your identity is verified through a process/magic call "Authentication". Identity is typical, that you present to verify your authentication (username/password, fingerprint, and retina. You are Mr Bill, but how someone will verify your Identity, it is through Authentication. Secondly, still a high portion of Architects in BFS domain believes that we can authenticate through/via database/master data. Let me correct it very simple way " No banking products identified a person through database, for user authentication, the industry solution is LDAPv3, and never use DB. Again, majority of professionals including architects doesn't understand that you can get an Authorisation Token through Web Single Sign On. SAML2.0, OpenID, OAUTH2.0 are capable to contain various authorisation parameters such as authorisation, group membership, entitlement etc. So -> Key Points KP1. Authentication (through valid Identity) KP2. Your Identity will be store in to LDAPv3/meta Data " it will never store in to Database". For details information please read "Database Vs. LDAPv3" KP3. Once you have identified correctly, your profile can be retrieve from database " so profile can be store in to database "Master Data" KP4. Once you have Identified properly, i.e. after successful authentication, next step will be Authorisation, which will give you a soft token, i.e. what all operations you are entitle to do so such as "can you access all floor, can you open a locker, can you access VIP area etc.?” KP5. Again LDAPv3 can store your authorisation parameter such as ACL, group membership, roles, policies etc. During this process you can also get a SSO token " in simple example, a single key/hob that will give you access to more than 1 buildings" KP6. Typical Authorisation token are SAML2.0, OUATH2.0, OpenID etc. +KP – Key point

×