Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Adding Identity Management and Access Control to your Application

2,463 views

Published on

Adding Identity Management and Access Control to your Application in the FIWARE ecosystem

Published in: Technology
  • Be the first to comment

Adding Identity Management and Access Control to your Application

  1. 1. Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
  2. 2. Identity Manager 2
  3. 3. Identity Manager 3 Account
  4. 4. Oauth 2.0 Login with
  5. 5. FIWARE Account (Identity Manager) Demo 5
  6. 6. OAuth 2.0 6
  7. 7. Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
  8. 8. Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
  9. 9. Oauth 2.0 Demo 9
  10. 10. Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
  11. 11. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  12. 12. Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  13. 13. Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  14. 14. Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  15. 15. Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
  16. 16. Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
  17. 17. FIWARE Proxy Demo 17
  18. 18. Documentation • FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
  19. 19. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

×