Authentication, authorization, and data access controls are standard requirements for most data-centric apps. And in a traditional client-server environment, these are often the most time-consuming features to implement, even for experts. In this session, you'll learn about Database.com's unique approach to user authentication with OAuth, user types, and a built-in and flexible data sharing model.
Watch this webinar to learn about:
:: Common authentication patterns such as OAuth and SAML
:: How functional access controls provide simple administration of a user's permissions
:: How record-level access provides granularity of control at enterprise scale
:: How all three authorization and authentication patterns work together to do most of the work for you
Date: This webinar took place on Feb 23, 2012
More details: http://wiki.developerforce.com/page/Webinar:_Security
1. Security in the Cloud Webinar
Adam Torman
Senior Product Manager
@atorman
Bud Vieira
Senior Product Manager
@aavra
Chuck Mortimore
Senior Director, Product Management
@cmort
2. Safe Harbor
Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any
such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could
differ materially from the results expressed or implied by the forward-looking statements we make. All statements
other than statements of historical fact could be deemed forward-looking, including any projections of product or
service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding
strategies or plans of management for future operations, statements of belief, any statements concerning new,
planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and
delivering new functionality for our service, new products and services, our new business model, our past operating
losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting,
breach of our security measures, the outcome of intellectual property and other litigation, risks associated with
possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history,
our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and
successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and
selling to larger enterprise customers. Further information on potential factors that could affect the financial results of
salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31,
2011. This documents and others containing important disclosures are available on the SEC Filings section of the
Investor Information section of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements
are not currently available and may not be delivered on time or at all. Customers who purchase our services should
make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no
obligation and does not intend to update these forward-looking statements.
6. Enterprise Data Collaboration Platform
§ Trusted by the enterprise
§ Designed for social collaboration
§ Open for any language, platform, or device
§ Support for mobile applications
8. Authentication and Database.com
§ Two primary mechanisms for authentication
§ Direct db access with a privileged user
– 1 highly privileged user to access the data
– Classic integration and database connection model
§ Individual user accounts
– Each user has a named account
– Propagates Identity all they way to the database tier
– Can simplify the development of authentication
– Allows granular authorization at the data tier
9. What is OAuth?
§ An open protocol to allow secure API access in a simple
and standard method from desktop and web
applications
§ Standardization of common, successful API patterns
§ Standard track in IETF
– Salesforce.com, Google, Microsoft, Facebook, Twitter, Yahoo,
Oracle, etc.
10. Why Use OAuth
§ Simple
– Protocol is HTTP based.
– Interfaces are already done
– Allows you to focus on your value add
§ Works great for mobile
– Salesforce mobile and desktop clients are switching
– No need for API token
§ Stops the password anti-pattern
– Reduce the security and management issues with passwords
11. Direct DB Access with a Privileged User
§ User Name / Password Flow
– Used for simple server to server integration use-cases
POST /services/oauth/token HTTP/1.1!
Host: login.salesforce.com!
grant_type=password&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}
&redirect_uri={REDIRECT_URI}&username={USERNAME}&password={PASSWORD}!
!
!
!
!
HTTP/1.1 200 OK!
Content-Type: application/json!
!
{"id":"https://login.salesforce.com/id/00D300000000mlxEAA/
00530000000gKV8AAM","issued_at":"1313612089200","instance_url":"https://
cmort-developer-edition.my.salesforce.com","signature":"NRbIb/
EnYBfxKz9hApUI70Pl/Rog1S8ArsTHoxbj4eg=","access_token":"00D300000000mlx!
AQoAQKtgvm50TODcRU3QboID1DctJIssSMRPWIdVmXcAF9vbqIppVOGIVGZ6MR2xzS2TjQix.bW3
ZHH9OnColDSH.5fg_rM"}!
12. Individual User Accounts
§ Web Server Flow
– Web servers can protect secrets. Code returned to callback
URL and exchanged for a token via a POST
§ User Agent Flow
– Used for Javascript, Mobile, and Desktop. Token returned
directly to callback URL behind # fragment
13. How Does It Work?
1) Device opens a browser
with authorization URL
2) User is Authenticated
3) User Authorizes App
4) Tokens returned to device
17. Step 3: Use your Token
GET /some/resource HTTP/1.1
Host: na1.salesforce.com
Authorization: Oauth czZCaGRSa3F0MzpnWDFmQm
18. Using a Token
§ Token Response:
– XML or JSON
– access_token: an API only SID
– refresh_token: a token you can use to get new access_tokens
– instance_url: the user’s instance
– id: a url that is both a unique id for the user and a getUserInfo
§ Using it with the API
– REST: HTTP Header: “Authorization: OAuth <access_token>”
– SOAP: place access token in SOAP header like a SID
19. Identity URL Service
§ Return a central identity url
– https://login.salesforce.com/id/{orgid}/{userid}
§ Basic profile information similar to GetUserInfo
§ Discovery service for API endpoints
§ Chatter Status and photos
§ Working to standardize this as “OpenID Connect”
22. Adam Torman and Bud Vieira
Sr. Product Managers
Administration and Sharing
23. User Provisioning
§ Add multiple users
quickly
§ Add single users
with more detail
§ Use the sObject
API for bulk
§ Use REST API
§ Use SAML for
upsert
25. How do Profiles and Sharing Work Together
Keep the simple simple and make the complex possible
§ Profiles § Sharing
– What tables and columns – What rows can I access
can I access – Read/Write/Transfer/Full
– Read/Create/Edit/Delete
Event Table
ü Read
ü Read
ü Create Name Description
ü Write
ü Edit Authentication: A Practical Guide Practical Guide…
q Delete
Keynote 1 Welcome to Dream…
q Read
q Edit
26. Demo: Access to the Dreamforce Event Object
Event Table
Name Description
Authentication: A Practical… Practical Guide…
Welcome to
Keynote 1
Dream…
Developer Zone Welcome Devs
Metallica! Killer Show
27. What’s a permission set?
§ Like profiles, a permission set is a collection of
permissions and settings that allow users to do things in
Salesforce.
§ What a user can do is determined by one profile plus
permission sets
28. Demo: Least Privilege Permissions
Db.com w/Events Profile
q Read
q Edit
Event Table
Name Description
Authentication: A
Practical Guide…
Practical…
Keynote 1 Welcome to Dream…
Developer Zone Welcome Devs
ü Read
q Edit
Event Description Permission Set
29. Highlights of the Sharing Toolbox
!
default sharing model for all users
Org Wide Defaults
management access to data
Role Hierarchy
target access to specific groups
Sharing Rules
most granular – complete control
Programmatic Sharing
30. Demo: Opening up Sharing Access to Events
Event_Share Table
User Level Reason
Demo User Full Owner
Event Owner Full Owner
Demo User Read Sharing Rule
Demo User Read Custom
31. Key Take Aways
§ We have many ways to handle single sign on – take
your pick
§ There are privileged users, admin users, and everyone
in between
§ Profiles and Sharing work together to keep the simple
simple and make the complex scale
32. Resources
Security Wiki
http://wiki.developerforce.com/page/Security
Force.com Security Overview
http://wiki.developerforce.com/page/An_Overview_of_Force.com_Security
Security Implementation Guide
https://na1.salesforce.com/help/doc/en/salesforce_security_impl_guide.pdf
Security Cookbook Recipes
http://developer.force.com/cookbook/category/security/recent
I <3 Permission Sets DF11 Presentation
http://www.youtube.com/watch?v=arXxUgH9cD4
Using Apex Managed Sharing to Create Custom Record Sharing Logic
http://wiki.developerforce.com/page/
Using_Apex_Managed_Sharing_to_Create_Custom_Record_Sharing_Logic
Digging Deeper into Oauth 2.0 on Force.com
http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com