SlideShare a Scribd company logo

Adding Identity Management and Access Control to your Application, Authorization

Download as PPTX, PDF
Fernando Lopez Aguilar
Fernando Lopez Aguilar

Adding Identity Management and Access Control to your Application, Authorization using the FIWARE components: Identity Management, PEP Proxy, Access Control (PDP/PAP).

Technology
1 of 39
Adding Identity Management and Access Control to your Application, Authorization Daniel Morán, Fernando López Telefónica I+D FIWARE daniel.moranjimenez@telefonica.com fernando.lopezaguilar@telefonica.com http://bit.ly/fiware-authorization
Identity Manager 2
Identity Manager 3 Account
OAuth 2.0 4
OAuth 2.0 Login with
Oauth 2.0 Message Flow 6 Web App Account redirect request access-token access-token Get access-code OAuthLibrary Request user info using access-token Browser login Acces s code RS + IDM
Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example- client 7
Preliminary steps with IdM at FIWARE Account Portal Add an application 8
Preliminary steps with IdM at FIWARE Account Portal Set/create roles and permissions for application 9
Preliminary steps with IdM at FIWARE Account Portal Add new permissions if needed 10
Preliminary steps with IdM at FIWARE Account Portal Result: OAuth credentials for the application
First, we have to redirect user to the IdM web site in order to login and authorize the access to the new application (identified by its client_id). https://a.b.c.d/oauth2/authorize?response_type=code&client_id=9 OAuth 2.0 messages flow 1) Redirect 12
OAuth 2.0 messages flow 1) Redirect 13
After introducing user/password to login and clicking the “Accept” button (needed only once), the browser redirect us back to the web page of our application: http://e.f.g.h/login?code=ZNYy2HpyO1oMzalQ9- N2T1AIc0tnhTCuCziEG91PiPZPZYkJotzIBfZZlImfw4U7QpAwsgEGw4iakEL0n2FHlg IdM uses the callback URL specified in the registration of the application (Cloud Portal, in this example). We get the “code” value, which will be used in order to authenticate user. OAuth 2.0 messages flow 2) Access code 14
In order to request an access-token, without the knowledge of the credentials of the user: curl -v --insecure -X POST https://a.b.c.d/oauth2/token -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic MjowYjE5MmUwZDlmMDFkOTgyNjdmMjM2NTM4YzZhNDlmODMxMGNhNmJlN TA2ODg4OTc2MDJhODk1ODVhYmQ2YTYyODRiMGU0MDY4MTBkMjc2YTYzNmE2 Yzg1NTg2MjJhZGFjZjIyYmM3ZDg5MjNiNWVkYWQ2ZmU0ODhlNmZhOGRjZg==" - d "grant_type=authorization_code&code=ZNYy2HpyO1oMzalQ9- N2T1AIc0tnhTCuCziEG91PiPZPZYkJotzIBfZZlImfw4U7QpAwsgEGw4iakEL0n2FHlg &redirect_uri=http://e.f.g.h/login" Where: Authorization is calculated as Base64(Client_ID:Client_Secret) from application credentials (see slide 11) code is the access-code obtained in the former step and redirect_uri is the callback url the access-code was sent to (see previous slide) OAuth 2.0 messages flow 3) Request access token 15
The previous request will return the following information: HTTP/1.1 200 OK Content-Type: application/json { "access_token": "3- EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80 _XLUziWOFdCs7qSHELlA", "expires_in": 2591999, "refresh_token": "vEUA4j5oie7DCAzYy9PpXxgV4UsGJZx1B0ooEB- ewumULG_D2DdRs5dAtau-GXWeziWsvAQLEv9OIfG2DXP9lg", "token_type": "bearer" } OAuth 2.0 messages flow 4) Access token 16
Securing your backend
Web Applications and GEs 18 Generic Enabler Account Request+ access-token Oauth2 flows access-token OK + user info (roles) Web App OAuthLibrary access_token
Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 19
Securing your back-end 20 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
Securing your back-end: the XACML model 21 Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Administration Point (PAP) Backend to secure AdminUser Access Control
Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
Level 1: Authentication 23 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
Level 2: Basic Authorization 24 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info Oauth2 flows access_token Access Control roles + verb + path OK
Policies creation in IdM 1) Edit application properties 25
Policies creation in IdM 2) Create a new role 26
27 Policies creation in IdM 3) Add a new permission
Policies creation in IdM 4) Edit permissions 28
Level 3: Advanced Authorization 29 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy extension Oauth2 flows access_token Access Control access-token OK + user info roles + XACML <Request> OK
30 Policies creation in IdM 4) Change to advanced mode
31 Policies creation in IdM 5) Fill in the rule field
Permissions in XACML format may include 1 or more resources and 1 or several actions, e.g.: <Rule RuleId="PR:Manage" Effect="Permit"> <Description>Rule: Permission example</Description> <Target> <Resources> <Resource> <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[PATH]</AttributeValue> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" /> </ResourceMatch> </Resource> </Resources> … 32 Policies creation in IdM Sample XACML rule content
… <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[VERB]</AttributeValue> <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" /> </ActionMatch> </Action> </Actions> </Target> </Rule> 33 Policies creation in IdM Sample XACML rule content
<?xml version="1.0" encoding="UTF-8"?> <Request> <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:resource"> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#int”> /test1/pruebas/create </AttributeValue> </Attribute> […] </Attributes> [..] <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> POST </AttributeValue> </Attribute> </Attributes> </Request> 34 Policies creation in IdM Sample XACML request content
Security GEs – IdM - KeyRock • Keystone + Horizon +Extensions • APIs – OAuth2 – Keystone v3 – SCIM 2.0 • Source Code – https://github.com/ging/fi-ware-idm • Documentation – http://catalogue.fiware.org/enablers/identity- management-keyrock • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client 35
Security GEs – Authorization PDP/PAP - AuthZForce • Policy Decision Point • Policy Administration Point • XACML 3.0 • Documentation – http://catalogue.fi-ware.org/enablers/access-control-tha- implementation/documentation 36
Security GEs – PEP Proxy - Wilma • Policy Enforcement Point • Compatible with OAuth2 and Keystone tokens • Source code: – https://github.com/ging/fi-ware-pep-proxy • Documentation – http://catalogue.fiware.org/enablers/pep-proxy-wilma 37
Security GEs • Privacy GE • Cyber Sec GE • Trustworthy Factory GE 38
Adding Identity Management and Access Control to your Application, Authorization Daniel Morán, Fernando López Telefónica I+D FIWARE daniel.moranjimenez@telefonica.com fernando.lopezaguilar@telefonica.com

Recommended

IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID ManagementMiguel García González
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabathWSO2
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RSFrank Kim
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
Hybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksHybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksRayhan Chowdhury
 

Recommended

IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID ManagementMiguel García González
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabathWSO2
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RSFrank Kim
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
Hybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksHybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksRayhan Chowdhury
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0Uwe Friedrichsen
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsJon Todd
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0Karl McGuinness
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJSrobertjd
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying RESTKirsten Hunter
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Introduction to OAuth
Introduction to OAuthIntroduction to OAuth
Introduction to OAuthPaul Osman
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security EcosystemPrabath Siriwardena
 
Pentest Expectations
Pentest ExpectationsPentest Expectations
Pentest ExpectationsIhor Uzhvenko
 
OAuth1.0
OAuth1.0OAuth1.0
OAuth1.0G Jayendra Kartheek
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSHüseyin BABAL
 
Secure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication Micron Technology
 
Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Fernando Lopez Aguilar
 
How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2Fernando Lopez Aguilar
 

More Related Content

What's hot

Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsJon Todd
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJSrobertjd
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
Introduction to OAuth
Introduction to OAuthIntroduction to OAuth
Introduction to OAuthPaul Osman
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security EcosystemPrabath Siriwardena
 
Pentest Expectations
Pentest ExpectationsPentest Expectations
Pentest ExpectationsIhor Uzhvenko
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSHüseyin BABAL
 
Secure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication Micron Technology
 

What's hot (20)

Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
Demystifying OAuth 2.0
Demystifying OAuth 2.0Demystifying OAuth 2.0
Demystifying OAuth 2.0
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
Introduction to OAuth
Introduction to OAuthIntroduction to OAuth
Introduction to OAuth
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
 
Pentest Expectations
Pentest ExpectationsPentest Expectations
Pentest Expectations
 
OAuth1.0
OAuth1.0OAuth1.0
OAuth1.0
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Token Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJSToken Based Authentication Systems with AngularJS & NodeJS
Token Based Authentication Systems with AngularJS & NodeJS
 
Secure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusionSecure Code Warrior - Local file inclusion
Secure Code Warrior - Local file inclusion
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
 
2016 pycontw web api authentication
2016 pycontw web api authentication 2016 pycontw web api authentication
2016 pycontw web api authentication
 

Viewers also liked

Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Fernando Lopez Aguilar
 
How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2Fernando Lopez Aguilar
 
Daryl Walker-Smith - Camp Digital 2015
Daryl Walker-Smith - Camp Digital 2015Daryl Walker-Smith - Camp Digital 2015
Daryl Walker-Smith - Camp Digital 2015Nexer Digital
 
Cloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewCloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewÁlvaro Alonso González
 
Fiware ops demo meeting (health) (06 07-15)
Fiware ops demo meeting (health) (06 07-15)Fiware ops demo meeting (health) (06 07-15)
Fiware ops demo meeting (health) (06 07-15)Fernando Lopez Aguilar
 
Cloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceCloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceÁlvaro Alonso González
 
Fiware ops demo meeting (health) (09 06-15)
Fiware ops demo meeting (health) (09 06-15)Fiware ops demo meeting (health) (09 06-15)
Fiware ops demo meeting (health) (09 06-15)Fernando Lopez Aguilar
 
FIWARE Lab architecture, an open point to start the installation of a new region
FIWARE Lab architecture, an open point to start the installation of a new regionFIWARE Lab architecture, an open point to start the installation of a new region
FIWARE Lab architecture, an open point to start the installation of a new regionFernando Lopez Aguilar
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudSetting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudFernando Lopez Aguilar
 

Viewers also liked (14)

Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...
 
How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2How to deploy spark instance using ansible 2.0 in fiware lab v2
How to deploy spark instance using ansible 2.0 in fiware lab v2
 
Daryl Walker-Smith - Camp Digital 2015
Daryl Walker-Smith - Camp Digital 2015Daryl Walker-Smith - Camp Digital 2015
Daryl Walker-Smith - Camp Digital 2015
 
Cloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewCloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal Overview
 
Fiware ops demo meeting (health) (06 07-15)
Fiware ops demo meeting (health) (06 07-15)Fiware ops demo meeting (health) (06 07-15)
Fiware ops demo meeting (health) (06 07-15)
 
Cloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceCloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an Instance
 
Fiware ops demo meeting (health) (09 06-15)
Fiware ops demo meeting (health) (09 06-15)Fiware ops demo meeting (health) (09 06-15)
Fiware ops demo meeting (health) (09 06-15)
 
Cloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. IntroductionCloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. Introduction
 
FIWARE Lab architecture, an open point to start the installation of a new region
FIWARE Lab architecture, an open point to start the installation of a new regionFIWARE Lab architecture, an open point to start the installation of a new region
FIWARE Lab architecture, an open point to start the installation of a new region
 
What is FIWARE Lab
What is FIWARE LabWhat is FIWARE Lab
What is FIWARE Lab
 
Simple docker hosting in FIWARE Lab
Simple docker hosting in FIWARE LabSimple docker hosting in FIWARE Lab
Simple docker hosting in FIWARE Lab
 
Using fiware lab cloud
Using fiware lab cloudUsing fiware lab cloud
Using fiware lab cloud
 
Federating new FIWARE Lab nodes
Federating new FIWARE Lab nodesFederating new FIWARE Lab nodes
Federating new FIWARE Lab nodes
 
Setting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab CloudSetting up your virtual infrastructure using FIWARE Lab Cloud
Setting up your virtual infrastructure using FIWARE Lab Cloud
 

Similar to Adding Identity Management and Access Control to your Application, Authorization

iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesErick Belluci Tedeschi
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemWSO2
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect ProtocolClément OUDOT
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
 
Nk API - examples
Nk API - examplesNk API - examples
Nk API - examplesnasza-klasa
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and LibraryKenji Otsuka
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleMattia Reggiani
 
02 banking trojans-thomassiebert
02 banking trojans-thomassiebert02 banking trojans-thomassiebert
02 banking trojans-thomassiebertgeeksec80
 
Authentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresAuthentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresCorley S.r.l.
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect ProtocolClément OUDOT
 

Similar to Adding Identity Management and Access Control to your Application, Authorization (20)

iMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within MicroservicesiMasters Intercon 2016 - Identity within Microservices
iMasters Intercon 2016 - Identity within Microservices
 
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
 
Esquema de pasos de ejecución IdM
Esquema de pasos de ejecución IdMEsquema de pasos de ejecución IdM
Esquema de pasos de ejecución IdM
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity Manager
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
 
Nk API - examples
Nk API - examplesNk API - examples
Nk API - examples
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
OAuth 2.0 and Library
OAuth 2.0 and LibraryOAuth 2.0 and Library
OAuth 2.0 and Library
 
OAuth and Open-id
OAuth and Open-idOAuth and Open-id
OAuth and Open-id
 
A simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 exampleA simple PHP LinkedIn OAuth 2.0 example
A simple PHP LinkedIn OAuth 2.0 example
 
02 banking trojans-thomassiebert
02 banking trojans-thomassiebert02 banking trojans-thomassiebert
02 banking trojans-thomassiebert
 
Authentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructuresAuthentication and authorization in res tful infrastructures
Authentication and authorization in res tful infrastructures
 
testupload
testuploadtestupload
testupload
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect Protocol
 

More from Fernando Lopez Aguilar

Building the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE LabBuilding the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE LabFernando Lopez Aguilar
 
Big Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREBig Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREFernando Lopez Aguilar
 
Operational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudOperational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudFernando Lopez Aguilar
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoFernando Lopez Aguilar
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFernando Lopez Aguilar
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Fernando Lopez Aguilar
 
Cloud and Big Data in the agriculture sector
Cloud and Big Data in the agriculture sectorCloud and Big Data in the agriculture sector
Cloud and Big Data in the agriculture sectorFernando Lopez Aguilar
 
Context Information Management in IoT enabled smart systems - the basics
Context Information Management in IoT enabled smart systems - the basicsContext Information Management in IoT enabled smart systems - the basics
Context Information Management in IoT enabled smart systems - the basicsFernando Lopez Aguilar
 

More from Fernando Lopez Aguilar (20)

Introduction to FIWARE technology
Introduction to FIWARE technologyIntroduction to FIWARE technology
Introduction to FIWARE technology
 
DW2020 Data Models - FIWARE Platform
DW2020 Data Models - FIWARE PlatformDW2020 Data Models - FIWARE Platform
DW2020 Data Models - FIWARE Platform
 
FIWARE and Smart Data Models
FIWARE and Smart Data ModelsFIWARE and Smart Data Models
FIWARE and Smart Data Models
 
How to deploy a smart city platform?
How to deploy a smart city platform?How to deploy a smart city platform?
How to deploy a smart city platform?
 
Building the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE LabBuilding the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE Lab
 
Data Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LDData Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LD
 
FIWARE and Robotics
FIWARE and RoboticsFIWARE and Robotics
FIWARE and Robotics
 
Big Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREBig Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWARE
 
Operational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudOperational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloud
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)
 
How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
 
Core Context Management
Core Context ManagementCore Context Management
Core Context Management
 
What is an IoT Agent
What is an IoT AgentWhat is an IoT Agent
What is an IoT Agent
 
FIWARE Overview
FIWARE OverviewFIWARE Overview
FIWARE Overview
 
Overview of the FIWARE Ecosystem
Overview of the FIWARE EcosystemOverview of the FIWARE Ecosystem
Overview of the FIWARE Ecosystem
 
Cloud and Big Data in the agriculture sector
Cloud and Big Data in the agriculture sectorCloud and Big Data in the agriculture sector
Cloud and Big Data in the agriculture sector
 
Berlin OpenStack Summit'18
Berlin OpenStack Summit'18Berlin OpenStack Summit'18
Berlin OpenStack Summit'18
 
Context Information Management in IoT enabled smart systems - the basics
Context Information Management in IoT enabled smart systems - the basicsContext Information Management in IoT enabled smart systems - the basics
Context Information Management in IoT enabled smart systems - the basics
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

Adding Identity Management and Access Control to your Application, Authorization

  • 1. Adding Identity Management and Access Control to your Application, Authorization Daniel Morán, Fernando López Telefónica I+D FIWARE daniel.moranjimenez@telefonica.com fernando.lopezaguilar@telefonica.com http://bit.ly/fiware-authorization
  • 6. Oauth 2.0 Message Flow 6 Web App Account redirect request access-token access-token Get access-code OAuthLibrary Request user info using access-token Browser login Acces s code RS + IDM
  • 7. Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example- client 7
  • 8. Preliminary steps with IdM at FIWARE Account Portal Add an application 8
  • 9. Preliminary steps with IdM at FIWARE Account Portal Set/create roles and permissions for application 9
  • 10. Preliminary steps with IdM at FIWARE Account Portal Add new permissions if needed 10
  • 11. Preliminary steps with IdM at FIWARE Account Portal Result: OAuth credentials for the application
  • 12. First, we have to redirect user to the IdM web site in order to login and authorize the access to the new application (identified by its client_id). https://a.b.c.d/oauth2/authorize?response_type=code&client_id=9 OAuth 2.0 messages flow 1) Redirect 12
  • 13. OAuth 2.0 messages flow 1) Redirect 13
  • 14. After introducing user/password to login and clicking the “Accept” button (needed only once), the browser redirect us back to the web page of our application: http://e.f.g.h/login?code=ZNYy2HpyO1oMzalQ9- N2T1AIc0tnhTCuCziEG91PiPZPZYkJotzIBfZZlImfw4U7QpAwsgEGw4iakEL0n2FHlg IdM uses the callback URL specified in the registration of the application (Cloud Portal, in this example). We get the “code” value, which will be used in order to authenticate user. OAuth 2.0 messages flow 2) Access code 14
  • 15. In order to request an access-token, without the knowledge of the credentials of the user: curl -v --insecure -X POST https://a.b.c.d/oauth2/token -H "Content-Type: application/x-www-form-urlencoded" -H "Authorization: Basic MjowYjE5MmUwZDlmMDFkOTgyNjdmMjM2NTM4YzZhNDlmODMxMGNhNmJlN TA2ODg4OTc2MDJhODk1ODVhYmQ2YTYyODRiMGU0MDY4MTBkMjc2YTYzNmE2 Yzg1NTg2MjJhZGFjZjIyYmM3ZDg5MjNiNWVkYWQ2ZmU0ODhlNmZhOGRjZg==" - d "grant_type=authorization_code&code=ZNYy2HpyO1oMzalQ9- N2T1AIc0tnhTCuCziEG91PiPZPZYkJotzIBfZZlImfw4U7QpAwsgEGw4iakEL0n2FHlg &redirect_uri=http://e.f.g.h/login" Where: Authorization is calculated as Base64(Client_ID:Client_Secret) from application credentials (see slide 11) code is the access-code obtained in the former step and redirect_uri is the callback url the access-code was sent to (see previous slide) OAuth 2.0 messages flow 3) Request access token 15
  • 16. The previous request will return the following information: HTTP/1.1 200 OK Content-Type: application/json { "access_token": "3- EoxEo3tUas9tQJvxnDsAqkUEi38Ftmy5Ou_vPWNAtA9qyusJdP1LCB835b4WOB80 _XLUziWOFdCs7qSHELlA", "expires_in": 2591999, "refresh_token": "vEUA4j5oie7DCAzYy9PpXxgV4UsGJZx1B0ooEB- ewumULG_D2DdRs5dAtau-GXWeziWsvAQLEv9OIfG2DXP9lg", "token_type": "bearer" } OAuth 2.0 messages flow 4) Access token 16
  • 18. Web Applications and GEs 18 Generic Enabler Account Request+ access-token Oauth2 flows access-token OK + user info (roles) Web App OAuthLibrary access_token
  • 19. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 19
  • 20. Securing your back-end 20 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
  • 21. Securing your back-end: the XACML model 21 Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Administration Point (PAP) Backend to secure AdminUser Access Control
  • 22. Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  • 23. Level 1: Authentication 23 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
  • 24. Level 2: Basic Authorization 24 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info Oauth2 flows access_token Access Control roles + verb + path OK
  • 25. Policies creation in IdM 1) Edit application properties 25
  • 26. Policies creation in IdM 2) Create a new role 26
  • 27. 27 Policies creation in IdM 3) Add a new permission
  • 28. Policies creation in IdM 4) Edit permissions 28
  • 29. Level 3: Advanced Authorization 29 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy extension Oauth2 flows access_token Access Control access-token OK + user info roles + XACML <Request> OK
  • 30. 30 Policies creation in IdM 4) Change to advanced mode
  • 31. 31 Policies creation in IdM 5) Fill in the rule field
  • 32. Permissions in XACML format may include 1 or more resources and 1 or several actions, e.g.: <Rule RuleId="PR:Manage" Effect="Permit"> <Description>Rule: Permission example</Description> <Target> <Resources> <Resource> <ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[PATH]</AttributeValue> <ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" /> </ResourceMatch> </Resource> </Resources> … 32 Policies creation in IdM Sample XACML rule content
  • 33. … <Actions> <Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">[VERB]</AttributeValue> <ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" /> </ActionMatch> </Action> </Actions> </Target> </Rule> 33 Policies creation in IdM Sample XACML rule content
  • 34. <?xml version="1.0" encoding="UTF-8"?> <Request> <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:resource"> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#int”> /test1/pruebas/create </AttributeValue> </Attribute> […] </Attributes> [..] <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action"> <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"> POST </AttributeValue> </Attribute> </Attributes> </Request> 34 Policies creation in IdM Sample XACML request content
  • 35. Security GEs – IdM - KeyRock • Keystone + Horizon +Extensions • APIs – OAuth2 – Keystone v3 – SCIM 2.0 • Source Code – https://github.com/ging/fi-ware-idm • Documentation – http://catalogue.fiware.org/enablers/identity- management-keyrock • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client 35
  • 36. Security GEs – Authorization PDP/PAP - AuthZForce • Policy Decision Point • Policy Administration Point • XACML 3.0 • Documentation – http://catalogue.fi-ware.org/enablers/access-control-tha- implementation/documentation 36
  • 37. Security GEs – PEP Proxy - Wilma • Policy Enforcement Point • Compatible with OAuth2 and Keystone tokens • Source code: – https://github.com/ging/fi-ware-pep-proxy • Documentation – http://catalogue.fiware.org/enablers/pep-proxy-wilma 37
  • 38. Security GEs • Privacy GE • Cyber Sec GE • Trustworthy Factory GE 38
  • 39. Adding Identity Management and Access Control to your Application, Authorization Daniel Morán, Fernando López Telefónica I+D FIWARE daniel.moranjimenez@telefonica.com fernando.lopezaguilar@telefonica.com

Editor's Notes

  1. Python Base64.b64encode(‘Client ID:Client Secret’)