SlideShare a Scribd company logo

Security Patterns with the WSO2 ESB

WSO2
WSO2
TechnologyBusiness
1 of 54
Download to read offline
Hasini Gunasinghe Software Engineer-WSO2
 Security requirements of a SOA solution in healthcare domain.  Security patterns to accomplish them.  Implementing patterns with WSO2 ESB.
Hospital Services Channelling consultation Physicians’ Patients’ data data Ceycare Systems Medical Laboratory Collaboration with medical Services research institutes Medical Test results Medical statistics
 Why SOA?  Expose legacy sytem components as services.  Loose coupling  Interoperability  Flexibility  Business process composition.
 Why security in SOA?  Business assets exposed to outside as services to be discovered.  Should facilitates interoperability, flexibility.
 Identification and authentication  Authorization  Intergrity  Privacy  Security auditing  Survivability  Non-repudiation Source: Security in SOA-Based Healthcare System
Requirement: Services need to identify and verify the claimed identity of internal users of the organization.
Pattern: Authentication Patterns:  Direct Authentication - Authenticating users with credentials stored internally. - Credentials can be : - Username/password - Username token - X.509 certificates
Patient’s Records: Name: Credential 3 Age: Histroy: 1 Secured Proxy 2 Ceycare credential store
Requirement: Services need to identify and verify the claimed identity of external users – from partner organizations.
Pattern: Authentication Patterns:  Brokered Authentication  Authenticating users outside the organization boundary.  Ceycare trusts a token issued by a trusted party in partner organization.  Brokered authentication based on WS-Trust with SAML.
Scenario 1: Authentication accross organizational boundries CeyCare 4 Patient’s Records: Secure Token Name: Service of Age: CeyMed Histroy: 2 Secured Proxy 3 CeyMed 1 credential store CeyMed
Requirement: Facilitate communication between clients and services which talk in different authentication mechanisms.
Pattern: Resource Access Patterns:  Protocol Transition  ESB authenticates clients with the auth mechanism that they understand – eg: UT  Transform credentials in the form that service understands - eg: Basic Auth
Patient’s Records: Name: Age: Histroy: BasicAuth Header 3 1 2 Username Token Ceycare credential store
Requirements: - Avoid user credentials to be passed to backend service. - Avoid user bypassing security processing.
Pattern: Resource Access Patterns:  Trusted sub system pattern  User authenticates to ESB with his/her credentials.  BE service trusts ESB.  ESB accesses BE service on behalf of authenticated user.
Patient’s Records: Name: ESB Age: Credential Histroy: 3 User Credential Secured Proxy 1 2 Ceycare credential store
Requirement: Control access based on privileges of the users. Eg: Users in role: ‘Physician’ can update patients’ records while users in role: ‘Lab technologist’ can only view records
Pattern: Authorization patterns  Role based access control:  Assign users to roles.  Grant privileges to roles.  This is a coarse grained authorization model.
Requirement: Control access based on user’s claims, in a fine grained manner. Eg: Heart patients data could only be accessed by Physicians with job title: “Cardiologists”
Pattern: Authorization patterns  Claim based authorization :  Provides fine grained authorization.  Policy based access control with XACML – provides flexibilty.
Authorization based on claims carried in SAML token. Heart Patient’s Records: (4) Allow/deny Name: access Age: Histroy: SAML Token Secured Proxy 1 (3) Authorization decision Entitlement PAP, PDP, Mediator (2) XACML PIP [PEP] Authorization request
Requirement: Delegating access: Eg: Application in a phisician’s mobile device needs to retrieve channelling appointments from his account in Ceycare System.
Pattern: Authorization patterns  Constrained delegation using OAuth: 1. Mobile app authenticates to authorization server. 2. Mobile app requests authorization from resource owner. 3. Resource owner authenticates to authorization server. 4. Resource owner grants permissions to the application to access resource on behalf of him. 5. Application obtains access token from access grant. 6. Resource server (ESB) validates access token. 7. Allow/Deny access to BE resource.
Chanelling appointments Name: Time: (7) Allow/ Hospital: Access request+ deny Access Token OAuth access 5 Mediator (6) Validate Access Token Authorization 1 request (4) Access Token 2 Authorization (3) Authorization grant grant
Requirements:  Protect sensitive personal data during transmission from :  tampering  unauthorized access  Non-repudiation - A patient’s account should show who has updated his/her medical records.
Patterns: Message protection patterns:  Data origin authentication and intergrity - digital signatures.  Data confidentiality - digital encyption.
Example Configuration:
Example Configuration:
Requirement: Avoid exposing sensitive data through exceptions.  Legacy application code might throw exceptions containing sensitive information.  Need to filter those expections when system is exposed to external parties.
Pattern: Boundry defense pattern  Exception shielding: - Sanitize unsafe exception data by replacing it with non-harmful exception message. - Enrich mediator of ESB.
 Example un-safe message:
 Example Configuration:
Requirement: Log security incidents to trace system abuse: - Failed login attempts - Unauthorized access attempts to services
Pattern: Boundry defense pattern:  Audit Intercepter  All messages flow through the a gateway of the system. (ESB)  Necessary auditing is done by the logging at the gateway. (Log mediators of ESB)
Example Configuration:
Requirement: Prevent denial of service attacks caused by replaying valid messages.
Pattern: Boundray defense pattern  Replay mitigation: - Apply throttling rules at the entry point (ESB). - Validate message freshness by WS-Security mechanisms (Timestamp).
Applying throttling rules in ESB: Control access at three different levels through throttling: 1. Global 2. Service 3. Operation
 Throttling at global level:
 Throttling at service level:
 Configuring throttling in ESB:
 Example Time Stamp in WS-Security Header:
Requriement: Mitigate damages to the system from messages with malicious content : - SQL injection - X-Doc attacks
Pattern: Boundray defense pattern  Message validation : - XML Schema validation. - Regular expression validation to avoid SQL injections contained in strings. - Validation & Filter mediators of ESB.
 Examlpe SQL Injection attack: Query: SELECT * FROM p r e s c r i p t i o n s WHERE pat i ent ID = ' + $pat i ent ID +' ; If $pat i ent ID = 3 5 2 1 ' ; DROP TABLE p a t i e n t s ; Resulting query causing SQL injection: SELECT FROM p r e s c r i p t i o n s WHERE pat i ent ID = ' 3 5 2 1 ' ; DROP TABLE p a t i e n t s ; Source: Security in SOA-Based Healthcare System
 Example Configuration:
 Security requierments related to a healthcare SOA solution.  Security patterns used to accomplish them.  How WSO2 ESB fits in the security patterns.
 WSO2 Security & Identity Gateway solution white paper: http://wso2.com/casestudies/wso2-security-and- identity-gateway-solution/  Security in SOA based healthcare systems: By Richard Sassoon
Selected Customers https://ail.google.com/mail/u/0/?ui=2&ik=ad9a e58f41&view=att&th=1331a70983344a32&atti d=0.1&disp=thd&realattid=f_gtxto6mk0&zw
• QuickStart • Development Support • Development Services • Production Support • Turnkey Solutions • WSO2 Mobile Services Solution • WSO2 FIX Gateway Solution • WSO2 SAP Gateway Solution
Contact us:  bizdev@wso2.com

Recommended

Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009Deborah Obasogie
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 

Recommended

Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
OS Security 2009
OS Security 2009OS Security 2009
OS Security 2009Deborah Obasogie
 
Network Security Tools and applications
Network Security Tools and applicationsNetwork Security Tools and applications
Network Security Tools and applicationswebhostingguy
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Ch 5: Port Scanning
Ch 5: Port ScanningCh 5: Port Scanning
Ch 5: Port ScanningSam Bowne
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancen|u - The Open Security Community
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
Cyber security
Cyber securityCyber security
Cyber securityManjushree Mashal
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 
Security Patterns with WSO2 ESB
Security Patterns with WSO2 ESBSecurity Patterns with WSO2 ESB
Security Patterns with WSO2 ESBWSO2
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBWSO2
 

More Related Content

What's hot

Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing ExplainedRand W. Hirt
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Gaurav Sharma
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Mohammed Adam
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber securitySelf-employed
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention systemNikhil Raj
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography pptThushara92
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security conceptsG Prachi
 

What's hot (20)

Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
Pen Testing Explained
Pen Testing ExplainedPen Testing Explained
Pen Testing Explained
 
Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)Denial of Service Attacks (DoS/DDoS)
Denial of Service Attacks (DoS/DDoS)
 
Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics Vulnerability assessment & Penetration testing Basics
Vulnerability assessment & Penetration testing Basics
 
Introduction to cyber security
Introduction to cyber securityIntroduction to cyber security
Introduction to cyber security
 
Intrusion detection and prevention system
Intrusion detection and prevention systemIntrusion detection and prevention system
Intrusion detection and prevention system
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 
Cyber security
Cyber securityCyber security
Cyber security
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
User authentication
User authenticationUser authentication
User authentication
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
Network security cryptography ppt
Network security cryptography pptNetwork security cryptography ppt
Network security cryptography ppt
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Computer security concepts
Computer security conceptsComputer security concepts
Computer security concepts
 

Viewers also liked

Security Patterns with WSO2 ESB
Security Patterns with WSO2 ESBSecurity Patterns with WSO2 ESB
Security Patterns with WSO2 ESBWSO2
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBWSO2
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityWSO2
 
Sonic 7 Hentchel Performance Tuning
Sonic 7 Hentchel Performance TuningSonic 7 Hentchel Performance Tuning
Sonic 7 Hentchel Performance Tuninga i
 
Аутентификационный центр
Аутентификационный центрАутентификационный центр
Аутентификационный центрКРОК
 
Разработка интеграционных сервисов в рамках проекта развития удаленных канало...
Разработка интеграционных сервисов в рамках проекта развития удаленных канало...Разработка интеграционных сервисов в рамках проекта развития удаленных канало...
Разработка интеграционных сервисов в рамках проекта развития удаленных канало...КРОК
 
WSO2 ESB Integration with REST
WSO2 ESB Integration with RESTWSO2 ESB Integration with REST
WSO2 ESB Integration with RESTWSO2
 
Learn with WSO2 - API Security
Learn with WSO2 - API Security Learn with WSO2 - API Security
Learn with WSO2 - API Security WSO2
 
Implementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformImplementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformWSO2
 
Authorization Enterprise Design Pattern
Authorization Enterprise Design PatternAuthorization Enterprise Design Pattern
Authorization Enterprise Design PatternNick Bogden
 
WSO2Con 2013 - WSO2 as a Crypto Platform
WSO2Con 2013 - WSO2 as a Crypto PlatformWSO2Con 2013 - WSO2 as a Crypto Platform
WSO2Con 2013 - WSO2 as a Crypto PlatformRoger CARHUATOCTO
 
Extended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformExtended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformWSO2
 
WSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementWSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementEdgar Silva
 
Agile в кровавом энтерпрайзе / Асхат Уразбаев (ScrumTrek)
Agile в кровавом энтерпрайзе / Асхат Уразбаев (ScrumTrek)Agile в кровавом энтерпрайзе / Асхат Уразбаев (ScrumTrek)
Agile в кровавом энтерпрайзе / Асхат Уразбаев (ScrumTrek)Ontico
 
WSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2
 
API designing with WSO2 API Manager
API designing with WSO2 API ManagerAPI designing with WSO2 API Manager
API designing with WSO2 API ManagerWSO2
 
WSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
WSO2Con USA 2017: Analytics Patterns for Your Digital EnterpriseWSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
WSO2Con USA 2017: Analytics Patterns for Your Digital EnterpriseWSO2
 
WSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
WSO2Con ASIA 2016: WSO2 Integration Platform Deep DiveWSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
WSO2Con ASIA 2016: WSO2 Integration Platform Deep DiveWSO2
 
Shock freezers
Shock freezersShock freezers
Shock freezersscatania
 

Viewers also liked (20)

Security Patterns with WSO2 ESB
Security Patterns with WSO2 ESBSecurity Patterns with WSO2 ESB
Security Patterns with WSO2 ESB
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESB
 
Patterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise SecurityPatterns and Antipatterns in Enterprise Security
Patterns and Antipatterns in Enterprise Security
 
Sonic 7 Hentchel Performance Tuning
Sonic 7 Hentchel Performance TuningSonic 7 Hentchel Performance Tuning
Sonic 7 Hentchel Performance Tuning
 
Аутентификационный центр
Аутентификационный центрАутентификационный центр
Аутентификационный центр
 
Разработка интеграционных сервисов в рамках проекта развития удаленных канало...
Разработка интеграционных сервисов в рамках проекта развития удаленных канало...Разработка интеграционных сервисов в рамках проекта развития удаленных канало...
Разработка интеграционных сервисов в рамках проекта развития удаленных канало...
 
WSO2 ESB Integration with REST
WSO2 ESB Integration with RESTWSO2 ESB Integration with REST
WSO2 ESB Integration with REST
 
Learn with WSO2 - API Security
Learn with WSO2 - API Security Learn with WSO2 - API Security
Learn with WSO2 - API Security
 
Implementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management PlatformImplementing API Facade using WSO2 API Management Platform
Implementing API Facade using WSO2 API Management Platform
 
Authorization Enterprise Design Pattern
Authorization Enterprise Design PatternAuthorization Enterprise Design Pattern
Authorization Enterprise Design Pattern
 
WSO2Con 2013 - WSO2 as a Crypto Platform
WSO2Con 2013 - WSO2 as a Crypto PlatformWSO2Con 2013 - WSO2 as a Crypto Platform
WSO2Con 2013 - WSO2 as a Crypto Platform
 
Extended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management PlatformExtended Security with WSO2 API Management Platform
Extended Security with WSO2 API Management Platform
 
Wso2 tutorial
Wso2 tutorialWso2 tutorial
Wso2 tutorial
 
WSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API ManagementWSO2 API Manager : Going beyond the just API Management
WSO2 API Manager : Going beyond the just API Management
 
Agile в кровавом энтерпрайзе / Асхат Уразбаев (ScrumTrek)
Agile в кровавом энтерпрайзе / Асхат Уразбаев (ScrumTrek)Agile в кровавом энтерпрайзе / Асхат Уразбаев (ScrumTrek)
Agile в кровавом энтерпрайзе / Асхат Уразбаев (ScrumTrek)
 
WSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery ChannelWSO2Con USA 2017: Cloud as a Delivery Channel
WSO2Con USA 2017: Cloud as a Delivery Channel
 
API designing with WSO2 API Manager
API designing with WSO2 API ManagerAPI designing with WSO2 API Manager
API designing with WSO2 API Manager
 
WSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
WSO2Con USA 2017: Analytics Patterns for Your Digital EnterpriseWSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
WSO2Con USA 2017: Analytics Patterns for Your Digital Enterprise
 
WSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
WSO2Con ASIA 2016: WSO2 Integration Platform Deep DiveWSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
WSO2Con ASIA 2016: WSO2 Integration Platform Deep Dive
 
Shock freezers
Shock freezersShock freezers
Shock freezers
 

Similar to Security Patterns with the WSO2 ESB

Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4Deepak John
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersIAEME Publication
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersIAEME Publication
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
Better Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern AppsBetter Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern AppsShrivatsa Upadhye
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
api-security-Jan23.pptxsdfffffffffffffffffffffffffffff
api-security-Jan23.pptxsdfffffffffffffffffffffffffffffapi-security-Jan23.pptxsdfffffffffffffffffffffffffffff
api-security-Jan23.pptxsdfffffffffffffffffffffffffffffDucAnhLe56
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossASRoger CARHUATOCTO
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?Oliver Pfaff
 
Privacypreservingauthenticationbiometrics 100228075830-phpapp02
Privacypreservingauthenticationbiometrics 100228075830-phpapp02Privacypreservingauthenticationbiometrics 100228075830-phpapp02
Privacypreservingauthenticationbiometrics 100228075830-phpapp02Hai Nguyen
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcarePharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcareSSIMeetup
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication IJMER
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web SecurityOliver Pfaff
 
When and Why Would I use Oauth2?
When and Why Would I use Oauth2?When and Why Would I use Oauth2?
When and Why Would I use Oauth2?Dave Syer
 
Federated SOA Security Example From the Dutch National Healthcare Exchange
Federated SOA Security Example From the Dutch National Healthcare Exchange Federated SOA Security Example From the Dutch National Healthcare Exchange
Federated SOA Security Example From the Dutch National Healthcare Exchange CA API Management
 

Similar to Security Patterns with the WSO2 ESB (20)

Presentation
PresentationPresentation
Presentation
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
 
Unit 5
Unit 5Unit 5
Unit 5
 
Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
Better Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern AppsBetter Together: JWT and Hashi Vault in Modern Apps
Better Together: JWT and Hashi Vault in Modern Apps
 
Week3 lecture
Week3 lectureWeek3 lecture
Week3 lecture
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenario
 
api-security-Jan23.pptxsdfffffffffffffffffffffffffffff
api-security-Jan23.pptxsdfffffffffffffffffffffffffffffapi-security-Jan23.pptxsdfffffffffffffffffffffffffffff
api-security-Jan23.pptxsdfffffffffffffffffffffffffffff
 
Identity Federation on JBossAS
Identity Federation on JBossASIdentity Federation on JBossAS
Identity Federation on JBossAS
 
SOA Security - So What?
SOA Security - So What?SOA Security - So What?
SOA Security - So What?
 
Privacypreservingauthenticationbiometrics 100228075830-phpapp02
Privacypreservingauthenticationbiometrics 100228075830-phpapp02Privacypreservingauthenticationbiometrics 100228075830-phpapp02
Privacypreservingauthenticationbiometrics 100228075830-phpapp02
 
ch14.ppt
ch14.pptch14.ppt
ch14.ppt
 
PharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for HealthcarePharmaLedger: A Digital Trust Ecosystem for Healthcare
PharmaLedger: A Digital Trust Ecosystem for Healthcare
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
 
New Trends in Web Security
New Trends in Web SecurityNew Trends in Web Security
New Trends in Web Security
 
Ch14
Ch14Ch14
Ch14
 
When and Why Would I use Oauth2?
When and Why Would I use Oauth2?When and Why Would I use Oauth2?
When and Why Would I use Oauth2?
 
Federated SOA Security Example From the Dutch National Healthcare Exchange
Federated SOA Security Example From the Dutch National Healthcare Exchange Federated SOA Security Example From the Dutch National Healthcare Exchange
Federated SOA Security Example From the Dutch National Healthcare Exchange
 

More from WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

More from WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

Security Patterns with the WSO2 ESB

  • 2. Security requirements of a SOA solution in healthcare domain.  Security patterns to accomplish them.  Implementing patterns with WSO2 ESB.
  • 3. Hospital Services Channelling consultation Physicians’ Patients’ data data Ceycare Systems Medical Laboratory Collaboration with medical Services research institutes Medical Test results Medical statistics
  • 4. Why SOA?  Expose legacy sytem components as services.  Loose coupling  Interoperability  Flexibility  Business process composition.
  • 5. Why security in SOA?  Business assets exposed to outside as services to be discovered.  Should facilitates interoperability, flexibility.
  • 6.  Identification and authentication  Authorization  Intergrity  Privacy  Security auditing  Survivability  Non-repudiation Source: Security in SOA-Based Healthcare System
  • 7. Requirement: Services need to identify and verify the claimed identity of internal users of the organization.
  • 8. Pattern: Authentication Patterns:  Direct Authentication - Authenticating users with credentials stored internally. - Credentials can be : - Username/password - Username token - X.509 certificates
  • 9. Patient’s Records: Name: Credential 3 Age: Histroy: 1 Secured Proxy 2 Ceycare credential store
  • 10. Requirement: Services need to identify and verify the claimed identity of external users – from partner organizations.
  • 11. Pattern: Authentication Patterns:  Brokered Authentication  Authenticating users outside the organization boundary.  Ceycare trusts a token issued by a trusted party in partner organization.  Brokered authentication based on WS-Trust with SAML.
  • 12. Scenario 1: Authentication accross organizational boundries CeyCare 4 Patient’s Records: Secure Token Name: Service of Age: CeyMed Histroy: 2 Secured Proxy 3 CeyMed 1 credential store CeyMed
  • 13. Requirement: Facilitate communication between clients and services which talk in different authentication mechanisms.
  • 14. Pattern: Resource Access Patterns:  Protocol Transition  ESB authenticates clients with the auth mechanism that they understand – eg: UT  Transform credentials in the form that service understands - eg: Basic Auth
  • 15. Patient’s Records: Name: Age: Histroy: BasicAuth Header 3 1 2 Username Token Ceycare credential store
  • 16. Requirements: - Avoid user credentials to be passed to backend service. - Avoid user bypassing security processing.
  • 17. Pattern: Resource Access Patterns:  Trusted sub system pattern  User authenticates to ESB with his/her credentials.  BE service trusts ESB.  ESB accesses BE service on behalf of authenticated user.
  • 18. Patient’s Records: Name: ESB Age: Credential Histroy: 3 User Credential Secured Proxy 1 2 Ceycare credential store
  • 19. Requirement: Control access based on privileges of the users. Eg: Users in role: ‘Physician’ can update patients’ records while users in role: ‘Lab technologist’ can only view records
  • 20. Pattern: Authorization patterns  Role based access control:  Assign users to roles.  Grant privileges to roles.  This is a coarse grained authorization model.
  • 21. Requirement: Control access based on user’s claims, in a fine grained manner. Eg: Heart patients data could only be accessed by Physicians with job title: “Cardiologists”
  • 22. Pattern: Authorization patterns  Claim based authorization :  Provides fine grained authorization.  Policy based access control with XACML – provides flexibilty.
  • 23. Authorization based on claims carried in SAML token. Heart Patient’s Records: (4) Allow/deny Name: access Age: Histroy: SAML Token Secured Proxy 1 (3) Authorization decision Entitlement PAP, PDP, Mediator (2) XACML PIP [PEP] Authorization request
  • 24. Requirement: Delegating access: Eg: Application in a phisician’s mobile device needs to retrieve channelling appointments from his account in Ceycare System.
  • 25. Pattern: Authorization patterns  Constrained delegation using OAuth: 1. Mobile app authenticates to authorization server. 2. Mobile app requests authorization from resource owner. 3. Resource owner authenticates to authorization server. 4. Resource owner grants permissions to the application to access resource on behalf of him. 5. Application obtains access token from access grant. 6. Resource server (ESB) validates access token. 7. Allow/Deny access to BE resource.
  • 26. Chanelling appointments Name: Time: (7) Allow/ Hospital: Access request+ deny Access Token OAuth access 5 Mediator (6) Validate Access Token Authorization 1 request (4) Access Token 2 Authorization (3) Authorization grant grant
  • 27. Requirements:  Protect sensitive personal data during transmission from :  tampering  unauthorized access  Non-repudiation - A patient’s account should show who has updated his/her medical records.
  • 28. Patterns: Message protection patterns:  Data origin authentication and intergrity - digital signatures.  Data confidentiality - digital encyption.
  • 31. Requirement: Avoid exposing sensitive data through exceptions.  Legacy application code might throw exceptions containing sensitive information.  Need to filter those expections when system is exposed to external parties.
  • 32. Pattern: Boundry defense pattern  Exception shielding: - Sanitize unsafe exception data by replacing it with non-harmful exception message. - Enrich mediator of ESB.
  • 33. Example un-safe message:
  • 34. Example Configuration:
  • 35. Requirement: Log security incidents to trace system abuse: - Failed login attempts - Unauthorized access attempts to services
  • 36. Pattern: Boundry defense pattern:  Audit Intercepter  All messages flow through the a gateway of the system. (ESB)  Necessary auditing is done by the logging at the gateway. (Log mediators of ESB)
  • 38. Requirement: Prevent denial of service attacks caused by replaying valid messages.
  • 39. Pattern: Boundray defense pattern  Replay mitigation: - Apply throttling rules at the entry point (ESB). - Validate message freshness by WS-Security mechanisms (Timestamp).
  • 40. Applying throttling rules in ESB: Control access at three different levels through throttling: 1. Global 2. Service 3. Operation
  • 41. Throttling at global level:
  • 42. Throttling at service level:
  • 43. Configuring throttling in ESB:
  • 44. Example Time Stamp in WS-Security Header:
  • 45. Requriement: Mitigate damages to the system from messages with malicious content : - SQL injection - X-Doc attacks
  • 46. Pattern: Boundray defense pattern  Message validation : - XML Schema validation. - Regular expression validation to avoid SQL injections contained in strings. - Validation & Filter mediators of ESB.
  • 47. Examlpe SQL Injection attack: Query: SELECT * FROM p r e s c r i p t i o n s WHERE pat i ent ID = ' + $pat i ent ID +' ; If $pat i ent ID = 3 5 2 1 ' ; DROP TABLE p a t i e n t s ; Resulting query causing SQL injection: SELECT FROM p r e s c r i p t i o n s WHERE pat i ent ID = ' 3 5 2 1 ' ; DROP TABLE p a t i e n t s ; Source: Security in SOA-Based Healthcare System
  • 48. Example Configuration:
  • 49. Security requierments related to a healthcare SOA solution.  Security patterns used to accomplish them.  How WSO2 ESB fits in the security patterns.
  • 50. WSO2 Security & Identity Gateway solution white paper: http://wso2.com/casestudies/wso2-security-and- identity-gateway-solution/  Security in SOA based healthcare systems: By Richard Sassoon
  • 51.
  • 52. Selected Customers https://ail.google.com/mail/u/0/?ui=2&ik=ad9a e58f41&view=att&th=1331a70983344a32&atti d=0.1&disp=thd&realattid=f_gtxto6mk0&zw
  • 53. • QuickStart • Development Support • Development Services • Production Support • Turnkey Solutions • WSO2 Mobile Services Solution • WSO2 FIX Gateway Solution • WSO2 SAP Gateway Solution