Authentication Server

•Descargar como PPTX, PDF•

0 recomendaciones•916 vistas

The objective of this presentation is to implement an Authentication provider that can be used simply to authenticate users only once. This may be like the one you use for authenticating yourself on Facebook, LinkedIn, or Google. The authentication should be Web-based and/or API-based and should authenticate against our LDAP Server. This provider should also remember which third-party systems are authorized to authenticate against this server and what information, if any, shared.

Tecnología

Slide 1
Slide 1

Authentication Server (OAuth2 or similar)
The objective of this presentation is to implement an Authentication
provider that can be used simply to authenticate users only once. This
may be like the one you use for authenticating yourself on
Facebook, LinkedIn, or Google.

The authentication should be Web-based and/or API-based and should
authenticate against our LDAP Server.
This provider should also remember which third-party systems are
authorized to authenticate against this server and what information, if
any, shared.

Authentication Client
Once a user is authenticated, they should not be required to enter login
details again in this system.
If the user is not logged in, a login screen should be
presented similar to Facebook connect or Google login.
Authentication will be done on Authentication provider
server and client will get no username/password ever.

Slide 2

Authentication
Server
Abhishek Chikane

Slide 3

Story
Active Directory

User Id- Password User Info

App1 App2 App3 Apps…

Slide 4

Story – Current Activities
Active Directory

User Id- Password User Info

App1 App2 App3 Apps…

Slide 5

Story – Protected Resources
Active Directory

User Id- Password User Info 2
1

App

3

Slide 6

Scenario - One

CCI Connect is the name given to Authentication Server

Slide 7

Scenario - Two

CCI Connect is the name given to Authentication Server

Slide 9

Why ?

Used for Authentication Authentication Authorization

To share Identity Identity Data

How it is
Centralized Decentralized Centralized
handled?

Consumer
Optional No Yes
registration

Slide 11

Architecture
OAuth 1.0
HTTP LDAP

App 1

CCI
Connect

Active
Directory

App 2

Slide 12

Communication – First time login
Browser App 1 CCI Connect Active Directory
Login with CCI Connect
Get Request Token

Request Token
Authorize
Redirect to CCI Connect Auth. Page

Send Username – Password for Auth.
Authenticate User

Auth. Result
Access Token
Access resources

Resource data to Callback
Redirect to App1 page

OAuth 1.0
HTTP LDAP

Slide 13

Communication – Remembered User
Browser App 1 CCI Connect Active Directory
Login with CCI Connect
Get Request Token

Request Token
Authorize

Access Token
Access resources

Resource data to Callback
Redirect to App1 page

OAuth 1.0
HTTP LDAP

Slide 14

Features
Security
• OAuth1.0

Control
• Centralized authentication process
• Centralized controlling of shared Active Directory
protected resources

Flexibility and Ease of Use
• Third party apps can use any OAuth1.0 client API

Slide 15

Features in detail…
Security
• For each access third party app has to follow OAuth1.0
protocol
• Uses HMAC – SHA1
• No user password is shared with third party app

Control
• User can revoke access to remembered browsers from
CCI connect
• Third party apps can be registered or removed
• Activity monitoring on CCI connect

Flexibility and Ease of Use
• No need to use HTTPS to implement OAuth protocol
• All data returned from CCI connect is in JSON format in
case of successful authentication

Slide 16

Technologies Used

• CAS
• Java based OAuth 1.0 • JOSSO
service provider library • Spring Security Framework
Extension

Más contenido relacionado

La actualidad más candente

Single Sign On with OAuth and OpenID

Gasperi Jerome

OAuth

Iván Fernández Perea

Stateless Auth using OAUTH2 & JWT

Mobiliya

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

O Dell Secure360 Presentation5 12 10b

Bruce O'Dell

OAuth 2.0 and OpenID Connect

Jacob Combs

AWS Cloud Kata 2014 | Jakarta - 2-2 Mobile

Amazon Web Services

As products and companies move towards IoT model, users and machines alike need to interact with various APIs. Securing these APIs in a connected world can be a challenge faced by many. Fortunately, there are open standards addressing even the most complex of use cases - OAuth, OpenID and OpenID Connect happen to be widely adopted and have a growing support across many API and Identity Providers. In this session I'll talk about these standards, and walk through common use cases/flows from an API Provider as well as consumer's side. We will explore how these standards come together to not only secure the APIs, but also manage identity.

Securing your APIs with OAuth, OpenID, and OpenID Connect

Manish Pandit

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

Claims-Based Identity, Facebook, and the Cloud

Danny Jessee

Microservice security with spring security 5.1,Oauth 2.0 and open id connect

Nilanjan Roy

CHATON - MULTIPLATFORM COMMUNICATIONS

IT Weekend

Claims Based Authentication A Beginners Guide

Phuong Nguyen

In this talk from the Dublin Websummit 2014 AWS Technical Evangelist Danilo Poccia discusses building mobile apps on AWS. This talk includes an introduction to the AWS mobile services that were launched earlier in 2014 and how you can use these services to fulfill common application functions such as authenticating users, synchronizing data and analyzing user behavior, as well as providing direct access to other AWS services from with your Android or iOS applicatons.

Building Mobile Apps on AWS at Websummit Diublin

Amazon Web Services

Dale Olds, Senior Staff Engineer, VMware If identity is the new perimeter, then users must be able to access applications anywhere: on premise, in the cloud or on partner sites. To enable this access we must take identity information into other worlds, and there is no Babel Fish. This session will explain how to enable access to distributed applications without making users feel like Marvin the Paranoid Android. We will cover topics like federated authentication, browser single sign-on and delegated authorization for cloud APIs. Standards in this area are essential, but SAML, OAuth2, SCIM and OpenID can sound like Vogon poetry. We'll touch on the standards, but keep the Vogon poetry to a minimum.

CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds

CloudIDSummit

A great api is hard to find

Dan Diephouse

We’ll see with a real application how to use AWS Mobile Services & SDK to focus the development your mobile app on the unique features of your implementation, using high level services such as Amazon Cognito (for identity and data synchronization across devices), Amazon SNS (for Mobile Push notifications), Amazon Mobile Analytics (to understand your users), Amazon S3 (for object storage), Amazon DynamoDB (for low-latency NoSQL database), or Amazon Kinesis (for data streaming) directly from the device, optimizing performance and costs of the solution.

Cloud-powered Cross-platform Mobile Apps on AWS

Danilo Poccia

Securing online services by combining smart cards and web-based applications

Olivier Potonniée

Understanding Claim based Authentication

Mohammad Yousri

How to deploy SharePoint 2010 to external users?

rlsoft

La actualidad más candente (20)

Single Sign On with OAuth and OpenID

OAuth

Stateless Auth using OAUTH2 & JWT

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

O Dell Secure360 Presentation5 12 10b

OAuth 2.0 and OpenID Connect

AWS Cloud Kata 2014 | Jakarta - 2-2 Mobile

Securing your APIs with OAuth, OpenID, and OpenID Connect

SharePoint 2010, Claims-Based Identity, Facebook, and the Cloud

Claims-Based Identity, Facebook, and the Cloud

Microservice security with spring security 5.1,Oauth 2.0 and open id connect

CHATON - MULTIPLATFORM COMMUNICATIONS

Claims Based Authentication A Beginners Guide

Building Mobile Apps on AWS at Websummit Diublin

CIS13: Taking the Hyperspace Bypass: Controlling User Access to Other Worlds

A great api is hard to find

Cloud-powered Cross-platform Mobile Apps on AWS

Securing online services by combining smart cards and web-based applications

Understanding Claim based Authentication

How to deploy SharePoint 2010 to external users?

Similar a Authentication Server

Enterprise Access Control Patterns for Rest and Web APIs

CA API Management

Oauth2.0

Yasmine Gaber

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...

Brian Campbell

My 2012 homerun in IT-security: For many years nothing happened in Web security - with respect to security-enabling the HTTP stack. This is not true anymore: game-changing innovations do emerge right now. Their impact will - likely - be pervasive. It is important to understand what exactly is being launched, why this is happening and which forces are driving this. This presentation establishes this context and elaborates on the implications.

New Trends in Web Security

Oliver Pfaff

API Management and Mobile App Enablement

CA API Management

Single sign-on Across Mobile Applications from RSAConference

CA API Management

Stateless Auth using OAuth2 & JWT

Gaurav Roy

Identity management for cloud deployed applications can be a challenge. Often users will want to leverage an existing social network or corporate identity. Now we have to worry about dealing with multiple APIs, any updates to those APIs, or the addition of new identity providers. Windows Azure Access Control Services offers a better way! ACS allows for federated user authentication via popular social networks and Active Directory. In this session we’ll provide a crash course in claims as they relate to identity management. We’ll discuss why claims are important and how to add additional claims beyond what is provided by the identity providers. We'll also take a look at Windows Azure Active Directory and see how to manage corporate identities in the cloud.

Using Windows Azure for Solving Identity Management Challenges (Visual Studio...

Michael Collier

OAuth - Don’t Throw the Baby Out with the Bathwater

Apigee | Google Cloud

The adoption of Mobile and Cloud applications drives API traffic across domains. OAuth 2.0 is being implemented in complex enterprise environments where new authorization endpoints are combined with various existing identity components, in various configurations. Handshakes are federated to help provide a single sign-on experience across applications and enhance adoption. Mediation between tokens at the edge of each domain helps extend existing data to new channels. Core grant types, extension grant types, custom schemes, standards, patterns and use cases – let us count the ways in which API access control is applied. This presentation will examine the role of API management infrastructure in API Security, API Access Control and API Federation and its interaction with enterprise infrastructure, social identity and application developers.

API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...

CA API Management

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...

APIsecure_ Official

Why Assertion-based Access Token is preferred to Handle-based one?

Hitachi, Ltd. OSS Solution Center.

Ionic Auth Connect: Single Sign-on Made Easy

Ionic Framework

Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...

Amazon Web Services

Melbourne API Management Seminar

CA API Management

My private cloud overview

davidwchadwick

Understanding how emerging standards like OAuth and OpenID Connect impact federation Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience. This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards. You Will Learn Best practices for federating identity across mobile and cloud How emerging identity federation standards will impact your infrastructure How to implement an identity-centric API security and management infrastructure Presenters Ehud Amiri Director, Product Management, CA Technologies Francois Lascelles Chief Architect, Layer 7

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

CA API Management

Adding Identity Management and Access Control to your Application

Fernando Lopez Aguilar

OAuth 2.0 101

Anand Sharma

Taming Beastly Web Applications with Server-Side OSGi

mrdon

Similar a Authentication Server (20)

Enterprise Access Control Patterns for Rest and Web APIs

Oauth2.0

OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...

New Trends in Web Security

API Management and Mobile App Enablement

Single sign-on Across Mobile Applications from RSAConference

Stateless Auth using OAuth2 & JWT

Using Windows Azure for Solving Identity Management Challenges (Visual Studio...

OAuth - Don’t Throw the Baby Out with the Bathwater

API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...

Why Assertion-based Access Token is preferred to Handle-based one?

Ionic Auth Connect: Single Sign-on Made Easy

Raleigh DevDay 2017: Managing User Onboarding, Sign-up, Sign-in, Identity and...

Melbourne API Management Seminar

My private cloud overview

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

Adding Identity Management and Access Control to your Application

OAuth 2.0 101

Taming Beastly Web Applications with Server-Side OSGi

Más de Abhishek Chikane

MediaWiki for ALM

Abhishek Chikane

Tracking universal immunization

Abhishek Chikane

Web Application Architecture

Abhishek Chikane

Creating Hardware Inventory

Abhishek Chikane

Porting Java App To Cloud

Abhishek Chikane

Cloud Computing And Salesforce

Abhishek Chikane

Changing Trends In Cloud Computing

Abhishek Chikane

Live broadcasting

Abhishek Chikane

Logger implementation

Abhishek Chikane

CAPTCHA

Abhishek Chikane

Más de Abhishek Chikane (10)

MediaWiki for ALM

Tracking universal immunization

Web Application Architecture

Creating Hardware Inventory

Porting Java App To Cloud

Cloud Computing And Salesforce

Changing Trends In Cloud Computing

Live broadcasting

Logger implementation

CAPTCHA

Último

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

MINDCTI Revenue Release Quarter One 2024

MIND CTI

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Authentication Server

1. Slide 1 Slide 1 Authentication Server (OAuth2 or similar) The objective of this presentation is to implement an Authentication provider that can be used simply to authenticate users only once. This may be like the one you use for authenticating yourself on Facebook, LinkedIn, or Google. The authentication should be Web-based and/or API-based and should authenticate against our LDAP Server. This provider should also remember which third-party systems are authorized to authenticate against this server and what information, if any, shared. Authentication Client Once a user is authenticated, they should not be required to enter login details again in this system. If the user is not logged in, a login screen should be presented similar to Facebook connect or Google login. Authentication will be done on Authentication provider server and client will get no username/password ever.

2. Slide 2 Authentication Server Abhishek Chikane

3. Slide 3 Story Active Directory User Id- Password User Info App1 App2 App3 Apps…

4. Slide 4 Story – Current Activities Active Directory User Id- Password User Info App1 App2 App3 Apps…

5. Slide 5 Story – Protected Resources Active Directory User Id- Password User Info 2 1 App 3

6. Slide 6 Scenario - One CCI Connect is the name given to Authentication Server

7. Slide 7 Scenario - Two CCI Connect is the name given to Authentication Server

8. Slide 8 Scenario - Three

9. Slide 9 Why ? Used for Authentication Authentication Authorization To share Identity Identity Data How it is Centralized Decentralized Centralized handled? Consumer Optional No Yes registration

10. Slide 10 Why 1.0 ? 1.0

11. Slide 11 Architecture OAuth 1.0 HTTP LDAP App 1 CCI Connect Active Directory App 2

12. Slide 12 Communication – First time login Browser App 1 CCI Connect Active Directory Login with CCI Connect Get Request Token Request Token Authorize Redirect to CCI Connect Auth. Page Send Username – Password for Auth. Authenticate User Auth. Result Access Token Access resources Resource data to Callback Redirect to App1 page OAuth 1.0 HTTP LDAP

13. Slide 13 Communication – Remembered User Browser App 1 CCI Connect Active Directory Login with CCI Connect Get Request Token Request Token Authorize Access Token Access resources Resource data to Callback Redirect to App1 page OAuth 1.0 HTTP LDAP

14. Slide 14 Features Security • OAuth1.0 Control • Centralized authentication process • Centralized controlling of shared Active Directory protected resources Flexibility and Ease of Use • Third party apps can use any OAuth1.0 client API

15. Slide 15 Features in detail… Security • For each access third party app has to follow OAuth1.0 protocol • Uses HMAC – SHA1 • No user password is shared with third party app Control • User can revoke access to remembered browsers from CCI connect • Third party apps can be registered or removed • Activity monitoring on CCI connect Flexibility and Ease of Use • No need to use HTTPS to implement OAuth protocol • All data returned from CCI connect is in JSON format in case of successful authentication

16. Slide 16 Technologies Used • CAS • Java based OAuth 1.0 • JOSSO service provider library • Spring Security Framework Extension

17. Slide 22 Slide 17 Thanks

Authentication Server

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Authentication Server

Similar a Authentication Server (20)

Más de Abhishek Chikane

Más de Abhishek Chikane (10)

Último

Último (20)

Authentication Server