SlideShare a Scribd company logo

CIS2015-NAPPS-FirstResponders

Download as PPTX, PDF
Adam Lewis
Adam Lewis

This document discusses the need for an identity ecosystem to enable single sign-on and centralized credential management for first responders. It provides examples of how various public safety mobile applications could leverage APIs protected by access tokens to securely share identity and context information. This would allow real-time health monitoring, location tracking, video streaming, and records access on a single authenticated device. The examples show how a trusted authority could issue access tokens to enable these different use cases throughout a first responder's shift.

1 of 19
1 MissionCriticalAPIsandNAPPS Adam Lewis – Motorola Solutions – Chief Technology Office Mission Critical APIs and NAPPS
3 MissionCriticalAPIsandNAPPS Who We Are
4 MissionCriticalAPIsandNAPPS Health APIs Presence & Location Key Mgmt Home Agency Public Safety LTE will usher in a new era of mobile applications for First Responders
5 MissionCriticalAPIsandNAPPS EACH OF THESE APPLICATIONS IS GOING TO NEED TO KNOW WHO THE RESPONDER IS AND WHAT THEY ARE AUTHORIZED TO DO
6 MissionCriticalAPIsandNAPPS Friday, 17 October 2008
7 MissionCriticalAPIsandNAPPS In a Nutshell Problem: Identity solved independently = overall solution complexity + inconvenience to both the administrator and the end- user + weakened security + obstacle to interoperability Public Safety needs an Identity Ecosystem Enabling: centralized credential management Enabling: migration path to strong authentication Enabling: SSO across native and web apps And it must be built upon open standards.
8 MissionCriticalAPIsandNAPPS Question It’s 6 a.m. Do you know where your first responder is?
9 MissionCriticalAPIsandNAPPS Gesture Recognition Holster/ Weapon Sensor Augmented Reality Eye- wear Wrist Display& Biometric Sensors Heart rate sensor Camera Time: 6:00 a.m. CONNECTED FIRST RESPONDER BRINGING WEARABLES TO MISSION CRITICAL WORKGROUP COMMUNICATIONS
10 MissionCriticalAPIsandNAPPS GRABS A SHARED BROADBAND DEVICE FROM THE FLEET CHARGING STATION. PROCEEDS TO FLEET VEHICLE Time: 6:10 a.m.
11 MissionCriticalAPIsandNAPPS Kill Header OFFICER ENTERS VEHICLE AND LOGS ONTO THEIR DEVICE LITTLE DOES OFFICER KNOW, MAGIC BEGINS TO HAPPEN BEHIND THE SCENES Time: 6:15 a.m.
12 MissionCriticalAPIsandNAPPS WEBVIEW-DRIVEN AUTHENTICATION ENABLES TA TO BE AGNOSTIC TO AUTHENTICATION THIS IS HUGE UA AuthZ EP Token EP AppInfo EP TA Time: 6:15 a.m. HTTP/1.1 302 Found Location: https://client.example.com/cb?code=SplxlOBeZ QQYbYS6WxSbIA POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form- urlencoded grant_type=authorization_code&code=SplxlOB eZQQYbYS6WxSbIA &redirect_uri=https://client.example.com/cb HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" } https://server.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &redirect_uri=https://client.example.org/cb &scope=openid napps GET /AppInfo/service Authorization: Bearer SlAV32hkKG Cache-Control: no-cache Application Metadata tailored to User roles
13 MissionCriticalAPIsandNAPPS TA PAN service Context API (health, sight, gun) Time: 6:15 a.m. grant_type=refresh_token& refresh_token=qANLTbu17rk17lPsze cHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:context_api HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hk KG", "token_type":"bearer", "expires_in":3600, }
14 MissionCriticalAPIsandNAPPS TA Real-time Video App Real-time Video Intelligence Home Agency Time: 9:17 a.m. grant_type=refresh_token& refresh_token=qANLTbu17rk17lPsze cHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:video_api In-vehicle camera beings streaming live video back to dispatch center Notification sent to all responders within vicinity based upon location context HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hk KG", "token_type":"bearer", "expires_in":3600, }
15 MissionCriticalAPIsandNAPPS TA Records Lookup App Time: 12:35 p.m. grant_type=refresh_token& refresh_token=qANLTbu17rk17lPsze cHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:records_api HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" } HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, } POST /token.oauth2 HTTP/1.1 Host: as.example.com Content-Type: application/x-www-form- urlencoded grant_type=urn.ietf.params.oauth.grant- type.jwt-bearer &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6IjE 2In0. eyJpc3Mi[...omitted for brevity...]. J9l-ZhwP[...omitted for brevity...] Public Safety SaaS OFFICER PULLS OVER DRIVER DUE TO SUSPICION USES NATIVE MOBILE APP TO RUN THE LICENSE PLATE AGAINST A CLOUD- EXPOSED APIJWT Id_token identifies user as being a sworn law enforcement offier
16 MissionCriticalAPIsandNAPPS OFFICER PULLS OVER ANOTHER VEHICLE BECAUSE OF BROKEN TAIL LIGHT PASSENGER BEGINS TO FLEE – OFFICER BEGINS TO PURSUE SUSPECT ON FOOT CHASE Health APIs Presence & Location Key Mgmt Home Agency Time: 6:15 p.m. First Responder’s elevated heart rate seamlessly communicated to context & health monitoring APIs, protected by previously-obtained access token Dispatcher at command central alerted Other responder within same vicinity are dispatched for backup
17 MissionCriticalAPIsandNAPPS TA Web Launcher InitSSO EP Time: 7:10 p.m. grant_type=refresh_token& refresh_token=qANLTbu17rk17lPsze cHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:nief HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hk KG", "token_type":"bearer", "expires_in":3600, } SAML response GET /initsso.ep/service?target=NIEF HTTP/1.1 Host: server.example.com:9031 Authorization: Bearer qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH
18 MissionCriticalAPIsandNAPPS LOGOUT
19 MissionCriticalAPIsandNAPPS And in Closing … • Questions? • Comments? • Scrutiny? • Thank you! :-) adam.lewis@motorolasolutions.com

Recommended

CIS2016 - MCPTT Connect
CIS2016 - MCPTT ConnectCIS2016 - MCPTT Connect
CIS2016 - MCPTT Connect
Adam Lewis
 
The future of critical voice and data: converged communications platforms
The future of critical voice and data: converged communications platformsThe future of critical voice and data: converged communications platforms
The future of critical voice and data: converged communications platforms
Jonathan Stubing
 
Why the Community Needs Open Source for IoT
Why the Community Needs Open Source for IoTWhy the Community Needs Open Source for IoT
Why the Community Needs Open Source for IoT
Ian Skerrett
 
Brkcld 2215
Brkcld 2215Brkcld 2215
Brkcld 2215
JuanCarlosMuruchi
 
Opinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RANOpinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RAN
3G4G
 
URLLC 2017 (#URLLC2017) conference summary
URLLC 2017 (#URLLC2017) conference summaryURLLC 2017 (#URLLC2017) conference summary
URLLC 2017 (#URLLC2017) conference summary
3G4G
 
Web rtc infrastructure the hard parts v4
Web rtc infrastructure the hard parts v4Web rtc infrastructure the hard parts v4
Web rtc infrastructure the hard parts v4
Dialogic Inc.
 
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
Solace
 

Recommended

CIS2016 - MCPTT Connect
CIS2016 - MCPTT ConnectCIS2016 - MCPTT Connect
CIS2016 - MCPTT Connect
Adam Lewis
 
The future of critical voice and data: converged communications platforms
The future of critical voice and data: converged communications platformsThe future of critical voice and data: converged communications platforms
The future of critical voice and data: converged communications platforms
Jonathan Stubing
 
Why the Community Needs Open Source for IoT
Why the Community Needs Open Source for IoTWhy the Community Needs Open Source for IoT
Why the Community Needs Open Source for IoT
Ian Skerrett
 
Brkcld 2215
Brkcld 2215Brkcld 2215
Brkcld 2215
JuanCarlosMuruchi
 
Opinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RANOpinion: Why do so many new RAN players love Open RAN
Opinion: Why do so many new RAN players love Open RAN
3G4G
 
URLLC 2017 (#URLLC2017) conference summary
URLLC 2017 (#URLLC2017) conference summaryURLLC 2017 (#URLLC2017) conference summary
URLLC 2017 (#URLLC2017) conference summary
3G4G
 
Web rtc infrastructure the hard parts v4
Web rtc infrastructure the hard parts v4Web rtc infrastructure the hard parts v4
Web rtc infrastructure the hard parts v4
Dialogic Inc.
 
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
Solace
 
Self Organized Networks in Mixed 2G and 4G
Self Organized Networks in Mixed 2G and 4GSelf Organized Networks in Mixed 2G and 4G
Self Organized Networks in Mixed 2G and 4G
l-fy
 
LTE Asia 2013 - Policy Control & Abstraction
LTE Asia 2013 - Policy Control & AbstractionLTE Asia 2013 - Policy Control & Abstraction
LTE Asia 2013 - Policy Control & Abstraction
Patrick Nijsters
 
Part 10: 5G Use cases - 5G for Absolute Beginners
Part 10: 5G Use cases - 5G for Absolute BeginnersPart 10: 5G Use cases - 5G for Absolute Beginners
Part 10: 5G Use cases - 5G for Absolute Beginners
3G4G
 
Value Added Services and WebRTC
Value Added Services and WebRTCValue Added Services and WebRTC
Value Added Services and WebRTC
Dialogic Inc.
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
Cisco Canada
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
NAIM Networks, Inc.
 
WebRTC Infrastructure the Hard Parts: Media
WebRTC Infrastructure the Hard Parts: MediaWebRTC Infrastructure the Hard Parts: Media
WebRTC Infrastructure the Hard Parts: Media
Dialogic Inc.
 
Achieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfvAchieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfv
Dialogic Inc.
 
IPv6 cross border communication challenges
IPv6 cross border communication challengesIPv6 cross border communication challenges
IPv6 cross border communication challenges
Governments ENabled with IPv6
 
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
Patrick Lopez
 
Wearables and IoT Strategy
Wearables and IoT StrategyWearables and IoT Strategy
Wearables and IoT Strategy
AllSeen Alliance
 
Telefonica CCN and SDN / NFV
Telefonica CCN and SDN / NFVTelefonica CCN and SDN / NFV
Telefonica CCN and SDN / NFV
Patrick Lopez
 
Idate digi world 2015 - lora alliance - v(0.2)
Idate digi world 2015 - lora alliance - v(0.2)Idate digi world 2015 - lora alliance - v(0.2)
Idate digi world 2015 - lora alliance - v(0.2)
Thierry Lestable
 
CIS 2015- NAPPS within Public Safety- Adam Lewis
CIS 2015- NAPPS within Public Safety- Adam LewisCIS 2015- NAPPS within Public Safety- Adam Lewis
CIS 2015- NAPPS within Public Safety- Adam Lewis
CloudIDSummit
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Puppet
 
Bosc talk 7-15-2011x
Bosc talk 7-15-2011xBosc talk 7-15-2011x
Bosc talk 7-15-2011x
Bioinformatics Open Source Conference
 
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
Rosemary Wang
 
Elastic Morocco Meetup Nov 2020
Elastic Morocco Meetup Nov 2020Elastic Morocco Meetup Nov 2020
Elastic Morocco Meetup Nov 2020
Anna Ossowski
 
StackStrom: If-This-Than-That for Devops Automation
StackStrom: If-This-Than-That for Devops AutomationStackStrom: If-This-Than-That for Devops Automation
StackStrom: If-This-Than-That for Devops Automation
Dmitri Zimine
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Amazon Web Services
 
REST in Peace
REST in PeaceREST in Peace
REST in Peace
Kate Marshalkina
 
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
Sid Ugrankar
 

More Related Content

What's hot

Self Organized Networks in Mixed 2G and 4G
Self Organized Networks in Mixed 2G and 4GSelf Organized Networks in Mixed 2G and 4G
Self Organized Networks in Mixed 2G and 4G
l-fy
 
LTE Asia 2013 - Policy Control & Abstraction
LTE Asia 2013 - Policy Control & AbstractionLTE Asia 2013 - Policy Control & Abstraction
LTE Asia 2013 - Policy Control & Abstraction
Patrick Nijsters
 
Part 10: 5G Use cases - 5G for Absolute Beginners
Part 10: 5G Use cases - 5G for Absolute BeginnersPart 10: 5G Use cases - 5G for Absolute Beginners
Part 10: 5G Use cases - 5G for Absolute Beginners
3G4G
 
Value Added Services and WebRTC
Value Added Services and WebRTCValue Added Services and WebRTC
Value Added Services and WebRTC
Dialogic Inc.
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
Cisco Canada
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
NAIM Networks, Inc.
 
WebRTC Infrastructure the Hard Parts: Media
WebRTC Infrastructure the Hard Parts: MediaWebRTC Infrastructure the Hard Parts: Media
WebRTC Infrastructure the Hard Parts: Media
Dialogic Inc.
 
Achieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfvAchieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfv
Dialogic Inc.
 
IPv6 cross border communication challenges
IPv6 cross border communication challengesIPv6 cross border communication challenges
IPv6 cross border communication challenges
Governments ENabled with IPv6
 
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
Patrick Lopez
 
Wearables and IoT Strategy
Wearables and IoT StrategyWearables and IoT Strategy
Wearables and IoT Strategy
AllSeen Alliance
 
Telefonica CCN and SDN / NFV
Telefonica CCN and SDN / NFVTelefonica CCN and SDN / NFV
Telefonica CCN and SDN / NFV
Patrick Lopez
 
Idate digi world 2015 - lora alliance - v(0.2)
Idate digi world 2015 - lora alliance - v(0.2)Idate digi world 2015 - lora alliance - v(0.2)
Idate digi world 2015 - lora alliance - v(0.2)
Thierry Lestable
 

What's hot (13)

Self Organized Networks in Mixed 2G and 4G
Self Organized Networks in Mixed 2G and 4GSelf Organized Networks in Mixed 2G and 4G
Self Organized Networks in Mixed 2G and 4G
 
LTE Asia 2013 - Policy Control & Abstraction
LTE Asia 2013 - Policy Control & AbstractionLTE Asia 2013 - Policy Control & Abstraction
LTE Asia 2013 - Policy Control & Abstraction
 
Part 10: 5G Use cases - 5G for Absolute Beginners
Part 10: 5G Use cases - 5G for Absolute BeginnersPart 10: 5G Use cases - 5G for Absolute Beginners
Part 10: 5G Use cases - 5G for Absolute Beginners
 
Value Added Services and WebRTC
Value Added Services and WebRTCValue Added Services and WebRTC
Value Added Services and WebRTC
 
Cisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicingCisco Connect Toronto 2018 network-slicing
Cisco Connect Toronto 2018 network-slicing
 
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFVOVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
OVNC 2015-THE NEW IP - Open Networking Architecture with SDN & NFV
 
WebRTC Infrastructure the Hard Parts: Media
WebRTC Infrastructure the Hard Parts: MediaWebRTC Infrastructure the Hard Parts: Media
WebRTC Infrastructure the Hard Parts: Media
 
Achieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfvAchieving real time voice and video virtualized network functionality in nfv
Achieving real time voice and video virtualized network functionality in nfv
 
IPv6 cross border communication challenges
IPv6 cross border communication challengesIPv6 cross border communication challenges
IPv6 cross border communication challenges
 
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
{Ca} SDN NFV in wireless networks 2015 for LTE world Summit
 
Wearables and IoT Strategy
Wearables and IoT StrategyWearables and IoT Strategy
Wearables and IoT Strategy
 
Telefonica CCN and SDN / NFV
Telefonica CCN and SDN / NFVTelefonica CCN and SDN / NFV
Telefonica CCN and SDN / NFV
 
Idate digi world 2015 - lora alliance - v(0.2)
Idate digi world 2015 - lora alliance - v(0.2)Idate digi world 2015 - lora alliance - v(0.2)
Idate digi world 2015 - lora alliance - v(0.2)
 

Similar to CIS2015-NAPPS-FirstResponders

CIS 2015- NAPPS within Public Safety- Adam Lewis
CIS 2015- NAPPS within Public Safety- Adam LewisCIS 2015- NAPPS within Public Safety- Adam Lewis
CIS 2015- NAPPS within Public Safety- Adam Lewis
CloudIDSummit
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Puppet
 
Bosc talk 7-15-2011x
Bosc talk 7-15-2011xBosc talk 7-15-2011x
Bosc talk 7-15-2011x
Bioinformatics Open Source Conference
 
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
Rosemary Wang
 
Elastic Morocco Meetup Nov 2020
Elastic Morocco Meetup Nov 2020Elastic Morocco Meetup Nov 2020
Elastic Morocco Meetup Nov 2020
Anna Ossowski
 
StackStrom: If-This-Than-That for Devops Automation
StackStrom: If-This-Than-That for Devops AutomationStackStrom: If-This-Than-That for Devops Automation
StackStrom: If-This-Than-That for Devops Automation
Dmitri Zimine
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Amazon Web Services
 
REST in Peace
REST in PeaceREST in Peace
REST in Peace
Kate Marshalkina
 
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
Sid Ugrankar
 
TADHack Oracle Alerant Optare Webinar
TADHack Oracle Alerant Optare WebinarTADHack Oracle Alerant Optare Webinar
TADHack Oracle Alerant Optare Webinar
Alan Quayle
 
Micro service architecture
Micro service architectureMicro service architecture
Micro service architecture
uEngine Solutions
 
MyATM
MyATMMyATM
MyATM
AnupKhanal3
 
Making Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience ReportMaking Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience Report
QAware GmbH
 
KinomaJS on Microcontroller
KinomaJS on MicrocontrollerKinomaJS on Microcontroller
KinomaJS on Microcontroller
Ryuji Ishiguro
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
CA API Management
 
2016 02-04 howard look tidepool attd 2016 v2
2016 02-04 howard look tidepool attd 2016 v22016 02-04 howard look tidepool attd 2016 v2
2016 02-04 howard look tidepool attd 2016 v2
Tidepool
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
Javan Rasokat
 
PLNOG 18 - Piotr Wojciechowski - REST API czyli jak miękko wejść w programowa...
PLNOG 18 - Piotr Wojciechowski - REST API czyli jak miękko wejść w programowa...PLNOG 18 - Piotr Wojciechowski - REST API czyli jak miękko wejść w programowa...
PLNOG 18 - Piotr Wojciechowski - REST API czyli jak miękko wejść w programowa...
PROIDEA
 
Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠
Integris Security LLC
 
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge AuthenticationBlockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authentication
dsapps
 

Similar to CIS2015-NAPPS-FirstResponders (20)

CIS 2015- NAPPS within Public Safety- Adam Lewis
CIS 2015- NAPPS within Public Safety- Adam LewisCIS 2015- NAPPS within Public Safety- Adam Lewis
CIS 2015- NAPPS within Public Safety- Adam Lewis
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
 
Bosc talk 7-15-2011x
Bosc talk 7-15-2011xBosc talk 7-15-2011x
Bosc talk 7-15-2011x
 
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
ThoughtWorks Tech Talks NYC: DevOops, 10 Ops Things You Might Have Forgotten ...
 
Elastic Morocco Meetup Nov 2020
Elastic Morocco Meetup Nov 2020Elastic Morocco Meetup Nov 2020
Elastic Morocco Meetup Nov 2020
 
StackStrom: If-This-Than-That for Devops Automation
StackStrom: If-This-Than-That for Devops AutomationStackStrom: If-This-Than-That for Devops Automation
StackStrom: If-This-Than-That for Devops Automation
 
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
Mobile App Performance: Getting the Most from APIs (MBL203) | AWS re:Invent ...
 
REST in Peace
REST in PeaceREST in Peace
REST in Peace
 
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
Us67903 using universo_online_marcioghiraldelli_paymentgatewaymonitoringwiths...
 
TADHack Oracle Alerant Optare Webinar
TADHack Oracle Alerant Optare WebinarTADHack Oracle Alerant Optare Webinar
TADHack Oracle Alerant Optare Webinar
 
Micro service architecture
Micro service architectureMicro service architecture
Micro service architecture
 
MyATM
MyATMMyATM
MyATM
 
Making Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience ReportMaking Runtime Data Useful for Incident Diagnosis: An Experience Report
Making Runtime Data Useful for Incident Diagnosis: An Experience Report
 
KinomaJS on Microcontroller
KinomaJS on MicrocontrollerKinomaJS on Microcontroller
KinomaJS on Microcontroller
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
2016 02-04 howard look tidepool attd 2016 v2
2016 02-04 howard look tidepool attd 2016 v22016 02-04 howard look tidepool attd 2016 v2
2016 02-04 howard look tidepool attd 2016 v2
 
OWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA TestersOWASP ZAP Workshop for QA Testers
OWASP ZAP Workshop for QA Testers
 
PLNOG 18 - Piotr Wojciechowski - REST API czyli jak miękko wejść w programowa...
PLNOG 18 - Piotr Wojciechowski - REST API czyli jak miękko wejść w programowa...PLNOG 18 - Piotr Wojciechowski - REST API czyli jak miękko wejść w programowa...
PLNOG 18 - Piotr Wojciechowski - REST API czyli jak miękko wejść w programowa...
 
Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠
 
Blockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge AuthenticationBlockchain and IAM for IOT Edge Authentication
Blockchain and IAM for IOT Edge Authentication
 

CIS2015-NAPPS-FirstResponders

  • 1. 1 MissionCriticalAPIsandNAPPS Adam Lewis – Motorola Solutions – Chief Technology Office Mission Critical APIs and NAPPS
  • 2.
  • 4. 4 MissionCriticalAPIsandNAPPS Health APIs Presence & Location Key Mgmt Home Agency Public Safety LTE will usher in a new era of mobile applications for First Responders
  • 5. 5 MissionCriticalAPIsandNAPPS EACH OF THESE APPLICATIONS IS GOING TO NEED TO KNOW WHO THE RESPONDER IS AND WHAT THEY ARE AUTHORIZED TO DO
  • 7. 7 MissionCriticalAPIsandNAPPS In a Nutshell Problem: Identity solved independently = overall solution complexity + inconvenience to both the administrator and the end- user + weakened security + obstacle to interoperability Public Safety needs an Identity Ecosystem Enabling: centralized credential management Enabling: migration path to strong authentication Enabling: SSO across native and web apps And it must be built upon open standards.
  • 8. 8 MissionCriticalAPIsandNAPPS Question It’s 6 a.m. Do you know where your first responder is?
  • 9. 9 MissionCriticalAPIsandNAPPS Gesture Recognition Holster/ Weapon Sensor Augmented Reality Eye- wear Wrist Display& Biometric Sensors Heart rate sensor Camera Time: 6:00 a.m. CONNECTED FIRST RESPONDER BRINGING WEARABLES TO MISSION CRITICAL WORKGROUP COMMUNICATIONS
  • 10. 10 MissionCriticalAPIsandNAPPS GRABS A SHARED BROADBAND DEVICE FROM THE FLEET CHARGING STATION. PROCEEDS TO FLEET VEHICLE Time: 6:10 a.m.
  • 11. 11 MissionCriticalAPIsandNAPPS Kill Header OFFICER ENTERS VEHICLE AND LOGS ONTO THEIR DEVICE LITTLE DOES OFFICER KNOW, MAGIC BEGINS TO HAPPEN BEHIND THE SCENES Time: 6:15 a.m.
  • 12. 12 MissionCriticalAPIsandNAPPS WEBVIEW-DRIVEN AUTHENTICATION ENABLES TA TO BE AGNOSTIC TO AUTHENTICATION THIS IS HUGE UA AuthZ EP Token EP AppInfo EP TA Time: 6:15 a.m. HTTP/1.1 302 Found Location: https://client.example.com/cb?code=SplxlOBeZ QQYbYS6WxSbIA POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form- urlencoded grant_type=authorization_code&code=SplxlOB eZQQYbYS6WxSbIA &redirect_uri=https://client.example.com/cb HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" } https://server.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &redirect_uri=https://client.example.org/cb &scope=openid napps GET /AppInfo/service Authorization: Bearer SlAV32hkKG Cache-Control: no-cache Application Metadata tailored to User roles
  • 13. 13 MissionCriticalAPIsandNAPPS TA PAN service Context API (health, sight, gun) Time: 6:15 a.m. grant_type=refresh_token& refresh_token=qANLTbu17rk17lPsze cHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:context_api HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hk KG", "token_type":"bearer", "expires_in":3600, }
  • 14. 14 MissionCriticalAPIsandNAPPS TA Real-time Video App Real-time Video Intelligence Home Agency Time: 9:17 a.m. grant_type=refresh_token& refresh_token=qANLTbu17rk17lPsze cHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:video_api In-vehicle camera beings streaming live video back to dispatch center Notification sent to all responders within vicinity based upon location context HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hk KG", "token_type":"bearer", "expires_in":3600, }
  • 15. 15 MissionCriticalAPIsandNAPPS TA Records Lookup App Time: 12:35 p.m. grant_type=refresh_token& refresh_token=qANLTbu17rk17lPsze cHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:records_api HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" } HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, } POST /token.oauth2 HTTP/1.1 Host: as.example.com Content-Type: application/x-www-form- urlencoded grant_type=urn.ietf.params.oauth.grant- type.jwt-bearer &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6IjE 2In0. eyJpc3Mi[...omitted for brevity...]. J9l-ZhwP[...omitted for brevity...] Public Safety SaaS OFFICER PULLS OVER DRIVER DUE TO SUSPICION USES NATIVE MOBILE APP TO RUN THE LICENSE PLATE AGAINST A CLOUD- EXPOSED APIJWT Id_token identifies user as being a sworn law enforcement offier
  • 16. 16 MissionCriticalAPIsandNAPPS OFFICER PULLS OVER ANOTHER VEHICLE BECAUSE OF BROKEN TAIL LIGHT PASSENGER BEGINS TO FLEE – OFFICER BEGINS TO PURSUE SUSPECT ON FOOT CHASE Health APIs Presence & Location Key Mgmt Home Agency Time: 6:15 p.m. First Responder’s elevated heart rate seamlessly communicated to context & health monitoring APIs, protected by previously-obtained access token Dispatcher at command central alerted Other responder within same vicinity are dispatched for backup
  • 17. 17 MissionCriticalAPIsandNAPPS TA Web Launcher InitSSO EP Time: 7:10 p.m. grant_type=refresh_token& refresh_token=qANLTbu17rk17lPsze cHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:nief HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hk KG", "token_type":"bearer", "expires_in":3600, } SAML response GET /initsso.ep/service?target=NIEF HTTP/1.1 Host: server.example.com:9031 Authorization: Bearer qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH
  • 19. 19 MissionCriticalAPIsandNAPPS And in Closing … • Questions? • Comments? • Scrutiny? • Thank you! :-) adam.lewis@motorolasolutions.com

Editor's Notes

  1. Public Safety Community of Interest is riding the same wave of mobile, cloud and APIs as other Communities of Interest, public citizens TA = Token Agent UA = User Agent
  2. And we cannot ask the agency IT admin to maintain credentials separately in each application. Or for the first responder to remember the identity & credential combinations for a dozen different systems
  3. https://www.youtube.com/watch?v=Gca8_xn6rSg https://www.youtube.com/watch?v=gD4hXzZg34M https://www.youtube.com/watch?v=u2Wo7749-j4 (best) https://www.youtube.com/watch?v=tM33PcvmfNA (connected first responder)
  4. The map shows the incident, and navigation button that will plot the fastest route to it. (Whether on foot or in a car). You’ll also see other units that are responding so you can see who’s there to help, and what other resources are the area that the officer should be aware of. You’ll also see more information on the incident, that can include images of the suspect, arrest history, known associates, firearm, information relevant to the address of the incident.
  5. BOOTSTRAP
  6. Wearable technology begins to communicate with backend APIs
  7. Wearable technology begins to communicate with backend APIs
  8. Key Takeaway - LTE is gaining traction in public safety.   LTE is gaining traction in public safety as the mobile broadband standard.   It is estimated that by 2020, there will be 4 million public safety LTE users worldwide.   Globally, the discussion has on how broadband will be deployed. I’m sure you have heard of certain agencies’ adoption of broadband for their public safety operations.   For example, the US government is planning to build a dedicated public safety network, known as FirstNet. FirstNet will likely be the first high-speed, nationwide network with dedicated spectrum for public safety.   Let’s take a look at the broadband deployment models evolving around the world.   _____________________________________________ Source(s): PS LTE growth 60% between 2014 – 2020 – IMS Research, 2011 IMS Research, “IMS Research Report: Broadband Public Safety Risk Using Public Cellular Networks,” 2011 It is estimated that by 2020, there will be 4 million private public safety LTE subscribers worldwide. – IMS Research, 2011 IMS Research, “IMS Research Report: Broadband Public Safety Risk Using Public Cellular Networks