SlideShare una empresa de Scribd logo

Single Sign-on Framework in Tizen

Ryo Jin
Ryo Jin

Single Sign-on Framework in Tizen - Jaska Uimonen, Intel

Tecnología
1 de 13
Descargar para leer sin conexión
Single Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen
2 Introduction Architecture Demonstration
What is the problem that Single Sign-on systems are aiming to solve? Source: xkcd.com/1200
What is gSSO? ● A system for storing sensitive user data (credentials is the term for it) securely* ● Provides implementations of common** operations and authentication protocols that use those credentials and the API to access it ● Written entirely in C using Glib and its class and object system (Gobject) ● License: LGPL 2.1+ * the word 'securely' will be explained in a moment ** what exactly is meant by 'common' operations will also be explained in a moment
What is 'security' as understood by gSSO? (1/2) Credentials are stored in a database, and the database must be stored on disk so that only gsso can access it – The details of such secure storage are handled by plugins – By default classic Unix permissions on the database file are used – The database can also be encrypted on disk using ecryptfs – Other platform security mechanisms can be utilized by writing additional plugins
What is 'security' as understood by gSSO? (2/2) Access to each credential must be allowed only to explicitly listed applications – Each credential has an access control list – Checks against this list are performed by an access control plugin – The default plugin is using filesystem paths to perform checks – There is also a plugin that is using SMACK labels – There is also support for access controlling applications, if they are not standalone binaries, but scripts that run in a runtime
What are the common operations that use credentials? ● Applications do not access credentials directly (again, this is good for security) ● Applications initiate an operation on a credential from a list of allowed operations (mechanisms) ● List of allowed methods/mechanisms is stored together with the credential in a database ● Method is a class implemented by a plugin ● Mechanisms are functions of a method With that said, the methods fall broadly into two categories: ● Offline (do not send anything over the network) ● Online (usually, authentication protocols to get access to some service)
Offline methods ● The simplest method: store and retrieve a username/password pair – Can be used for password management, or when the password is sent directly over the network (not a good idea!) – Implemented by 'password' plugin ● X.509 – Handles operations with X.509 certificates such as sign, verify, encrypt and decrypt, without exposing the related keys to applications ● Generic encryption/decryption engine – The key is never exposed to the applications ● Front-end to specialized security hardware (such as a trusted execution engine or a smart card) – Provides a common API to applications, so they don't have to implement a hardware specific API
Online methods ● OAuth version 1 and 2 – Very popular mechanism for authorizing applications to access online services. Used by Google, Facebook, Twitter, Microsoft, LinkedIn, Amazon, Yahoo,... pretty much everybody. – Typically involves showing the user a webpage which asks if the user trusts some application to access some data from a service, and if the user does, the application gets a magic access string (a 'token') – GSSO implements the client side of OAuth 1 and 2 RFC standards fully, even though they are rather large :) ● SASL – A set of mechanisms for challenge/response based authentication – Used in IMAP, SMTP, XMPP, LDAP, IRC,... – GSSO implements the most common mechanisms ● HTTP Digest authentication
Architecture – all the pieces together
Architecture – functional flow
Demo placeholder! (see notes)
Conclusion http://01.org/gsso LGPL 2.1+ Git repositories, mailing lists, bug tracker, IRC channel, documentation, tarball downloads, etc. All of that can be found at the above address

Recomendados

Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
n|u - The Open Security Community
 
Ch18
Ch18Ch18
Ch18
Joe Christensen
 
Ch20
Ch20Ch20
Ch20
Joe Christensen
 
Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Paula Januszkiewicz
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
Sameera Amjad
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
Jeff Suratt
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
أحلام انصارى
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
UTD Computer Security Group
 

Recomendados

Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
Struts validation framework - Part1 [null Bangalore] [Dec 2013 meet]
n|u - The Open Security Community
 
Ch18
Ch18Ch18
Ch18
Joe Christensen
 
Ch20
Ch20Ch20
Ch20
Joe Christensen
 
Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Microsoft Ignite session: Explore adventures in the underland: forensic techn...
Paula Januszkiewicz
 
Malware forensics
Malware forensicsMalware forensics
Malware forensics
Sameera Amjad
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
Jeff Suratt
 
Operating system vulnerability and control
Operating system vulnerability and control Operating system vulnerability and control
Operating system vulnerability and control
أحلام انصارى
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
UTD Computer Security Group
 
Web application security
Web application securityWeb application security
Web application security
Akhil Raj
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
AlienVault
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Ertugrul Akbas
 
Enterprise Network Design and Deployment
Enterprise Network Design and Deployment Enterprise Network Design and Deployment
Enterprise Network Design and Deployment
Sandeep Yadav
 
Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookhey
amiable_indian
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learning
securityxploded
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database Server
Fahri Firdausillah
 
Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007
Anton Chuvakin
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
BeyondTrust
 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commands
Rhydham Joshi
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
Sam Bowne
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Toshiharu Harada, Ph.D
 
Gear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design GuideGear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design Guide
Ryo Jin
 
Thomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architectureThomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architecture
GBC Finland
 
Isabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing ArtsIsabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing Arts
artsking
 
Simple Energy Brand Book
Simple Energy Brand BookSimple Energy Brand Book
Simple Energy Brand Book
Brooke Webster
 
Performing art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciencesPerforming art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciences
Madhulika Sanyal
 
Scale & Proportion
Scale & ProportionScale & Proportion
Scale & Proportion
Kia Mosenthal
 
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & RhythmUnity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
tanyalangford
 
how to make architecture graduation project
how to make architecture graduation project how to make architecture graduation project
how to make architecture graduation project
Eman Ateek
 
Principles of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etcPrinciples of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etc
Stanly Sunny
 

Más contenido relacionado

La actualidad más candente

OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
AlienVault
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
BeyondTrust
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
BeyondTrust
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Toshiharu Harada, Ph.D
 

La actualidad más candente (13)

Web application security
Web application securityWeb application security
Web application security
 
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5
 
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...
 
Enterprise Network Design and Deployment
Enterprise Network Design and Deployment Enterprise Network Design and Deployment
Enterprise Network Design and Deployment
 
Bug Finding - K.K.Mookhey
Bug Finding - K.K.MookheyBug Finding - K.K.Mookhey
Bug Finding - K.K.Mookhey
 
Malicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine LearningMalicious Client Detection Using Machine Learning
Malicious Client Detection Using Machine Learning
 
Hardening Database Server
Hardening Database ServerHardening Database Server
Hardening Database Server
 
Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007Web Proxy Log Analysis and Management 2007
Web Proxy Log Analysis and Management 2007
 
Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...Hacker techniques for bypassing existing antivirus solutions & how to build a...
Hacker techniques for bypassing existing antivirus solutions & how to build a...
 
A walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commandsA walk through Windows firewall and Netsh commands
A walk through Windows firewall and Netsh commands
 
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsAvoiding the 10 Deadliest and Most Common Sins for Securing Windows
Avoiding the 10 Deadliest and Most Common Sins for Securing Windows
 
CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3CNIT 126: Ch 2 & 3
CNIT 126: Ch 2 & 3
 
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
Chained Enforceable Re-authentication Barrier Ensures Really Unbreakable Secu...
 

Destacado

Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & RhythmUnity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
tanyalangford
 
JT Performing Arts Center
JT Performing Arts Center JT Performing Arts Center
JT Performing Arts Center
Paul Abraham (deepaul)
 
JAWAHAR KALA KENDRA
JAWAHAR KALA KENDRAJAWAHAR KALA KENDRA
JAWAHAR KALA KENDRA
Sumit Raina
 
Theory of architecture
Theory of architectureTheory of architecture
Theory of architecture
Krishna Jhawar
 
Design Thinking Process
Design Thinking ProcessDesign Thinking Process
Design Thinking Process
Heyy Gus
 

Destacado (20)

Gear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design GuideGear Fit2 Watchface Design Guide
Gear Fit2 Watchface Design Guide
 
Thomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architectureThomas Speck: Biomimetic architecture
Thomas Speck: Biomimetic architecture
 
Isabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing ArtsIsabelle Bader Centre for the Performing Arts
Isabelle Bader Centre for the Performing Arts
 
Simple Energy Brand Book
Simple Energy Brand BookSimple Energy Brand Book
Simple Energy Brand Book
 
Performing art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciencesPerforming art centre acoustics and anthropos sciences
Performing art centre acoustics and anthropos sciences
 
Scale & Proportion
Scale & ProportionScale & Proportion
Scale & Proportion
 
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & RhythmUnity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
Unity, Balance, Scale & Proportion, Contrast, Emphasis & Repetition & Rhythm
 
how to make architecture graduation project
how to make architecture graduation project how to make architecture graduation project
how to make architecture graduation project
 
Principles of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etcPrinciples of design theory of design module 2 proportion,scale, hierarchy etc
Principles of design theory of design module 2 proportion,scale, hierarchy etc
 
JT Performing Arts Center
JT Performing Arts Center JT Performing Arts Center
JT Performing Arts Center
 
Zaha hadid heydar aliyev cultural centre
Zaha hadid heydar aliyev cultural centreZaha hadid heydar aliyev cultural centre
Zaha hadid heydar aliyev cultural centre
 
Thesis Report
Thesis ReportThesis Report
Thesis Report
 
Jawahar kala kendra Case study
Jawahar kala kendra Case studyJawahar kala kendra Case study
Jawahar kala kendra Case study
 
JAWAHAR KALA KENDRA
JAWAHAR KALA KENDRAJAWAHAR KALA KENDRA
JAWAHAR KALA KENDRA
 
Principle of architecture
Principle of architecturePrinciple of architecture
Principle of architecture
 
Theory of architecture
Theory of architectureTheory of architecture
Theory of architecture
 
Design Thinking Process
Design Thinking ProcessDesign Thinking Process
Design Thinking Process
 
Concept sheet - Thesis
Concept sheet - ThesisConcept sheet - Thesis
Concept sheet - Thesis
 
5 Type Of Architecture Design Process
5 Type Of Architecture Design Process 5 Type Of Architecture Design Process
5 Type Of Architecture Design Process
 
2010 Thesis Project
2010 Thesis Project2010 Thesis Project
2010 Thesis Project
 

Similar a Single Sign-on Framework in Tizen

Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
Giuseppe Paterno'
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
jemtallon
 
[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers
OWASP
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
jemtallon
 
Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsm
iaemedu
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
7wounders
 

Similar a Single Sign-on Framework in Tizen (20)

Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005Overview of NSA Security Enhanced Linux - FOSS.IN/2005
Overview of NSA Security Enhanced Linux - FOSS.IN/2005
 
CISSP Week 14
CISSP Week 14CISSP Week 14
CISSP Week 14
 
[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers[OWASP Poland Day] Application security - daily questions & answers
[OWASP Poland Day] Application security - daily questions & answers
 
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5James Jara Portfolio 2014 - InfoSec White Paper- Part 5
James Jara Portfolio 2014 - InfoSec White Paper- Part 5
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
Internship msc cs
Internship msc csInternship msc cs
Internship msc cs
 
Application Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs SecurityApplication Explosion How to Manage Productivity vs Security
Application Explosion How to Manage Productivity vs Security
 
Cryptography and system security
Cryptography and system securityCryptography and system security
Cryptography and system security
 
CISSP Week 22
CISSP Week 22CISSP Week 22
CISSP Week 22
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
Chapter 09
Chapter 09Chapter 09
Chapter 09
 
Process behaviour modelling using lsm
Process behaviour modelling using lsmProcess behaviour modelling using lsm
Process behaviour modelling using lsm
 
Avanan Platform.pdf
Avanan Platform.pdfAvanan Platform.pdf
Avanan Platform.pdf
 
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015
 
DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019DevSecOps: What Why and How : Blackhat 2019
DevSecOps: What Why and How : Blackhat 2019
 
3. security architecture and models
3. security architecture and models3. security architecture and models
3. security architecture and models
 
Operating system security
Operating system securityOperating system security
Operating system security
 
SECURITY SYSTEM INTEGRATION
SECURITY SYSTEM INTEGRATIONSECURITY SYSTEM INTEGRATION
SECURITY SYSTEM INTEGRATION
 

Más de Ryo Jin

Más de Ryo Jin (20)

Why is EFL used on Tizen?
Why is EFL used on Tizen?Why is EFL used on Tizen?
Why is EFL used on Tizen?
 
Samsung Z4 User Manual
Samsung Z4 User ManualSamsung Z4 User Manual
Samsung Z4 User Manual
 
Samsung ARTIK 050 (ARTIK ZERO) Modules Data Sheet
Samsung ARTIK 050 (ARTIK ZERO) Modules Data SheetSamsung ARTIK 050 (ARTIK ZERO) Modules Data Sheet
Samsung ARTIK 050 (ARTIK ZERO) Modules Data Sheet
 
Introduction to Watch Face Development with Tizen Studio
Introduction to Watch Face Development with Tizen StudioIntroduction to Watch Face Development with Tizen Studio
Introduction to Watch Face Development with Tizen Studio
 
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan DriverTizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver
 
Panduan Penggunaan Perangkat Wearable Tizen
Panduan Penggunaan Perangkat Wearable TizenPanduan Penggunaan Perangkat Wearable Tizen
Panduan Penggunaan Perangkat Wearable Tizen
 
Cara Menggunakan Smartphone Tizen
Cara Menggunakan Smartphone TizenCara Menggunakan Smartphone Tizen
Cara Menggunakan Smartphone Tizen
 
Samsung Indonesia: Tizen Store
Samsung Indonesia: Tizen StoreSamsung Indonesia: Tizen Store
Samsung Indonesia: Tizen Store
 
Samsung Indonesia: Tizen Wearables
Samsung Indonesia: Tizen WearablesSamsung Indonesia: Tizen Wearables
Samsung Indonesia: Tizen Wearables
 
Samsung Indonesia: Tizen Web Apps
Samsung Indonesia: Tizen Web AppsSamsung Indonesia: Tizen Web Apps
Samsung Indonesia: Tizen Web Apps
 
Samsung Indonesia: Tizen Native App
Samsung Indonesia: Tizen Native AppSamsung Indonesia: Tizen Native App
Samsung Indonesia: Tizen Native App
 
Samsung Indonesia: Tizen Platform Overview and IoT
Samsung Indonesia: Tizen Platform Overview and IoTSamsung Indonesia: Tizen Platform Overview and IoT
Samsung Indonesia: Tizen Platform Overview and IoT
 
Russian Tizen Project
Russian Tizen ProjectRussian Tizen Project
Russian Tizen Project
 
Samsung SM-R360 Tizen User Manual
Samsung SM-R360 Tizen User ManualSamsung SM-R360 Tizen User Manual
Samsung SM-R360 Tizen User Manual
 
Tizen Micro Profile for IoT device
Tizen Micro Profile for IoT deviceTizen Micro Profile for IoT device
Tizen Micro Profile for IoT device
 
Panduan Dasar Pemrograman Tizen
Panduan Dasar Pemrograman TizenPanduan Dasar Pemrograman Tizen
Panduan Dasar Pemrograman Tizen
 
The Story of Enlightenment, EFL, Tizen and Wayland
The Story of Enlightenment, EFL, Tizen and WaylandThe Story of Enlightenment, EFL, Tizen and Wayland
The Story of Enlightenment, EFL, Tizen and Wayland
 
Tizen PASS
Tizen PASSTizen PASS
Tizen PASS
 
Tizen PASS
Tizen PASSTizen PASS
Tizen PASS
 
Samsung Gear UI Design Guidelines
Samsung Gear UI Design GuidelinesSamsung Gear UI Design Guidelines
Samsung Gear UI Design Guidelines
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Single Sign-on Framework in Tizen

  • 1. Single Sign-On Framework in Tizen Contributors: Alexander Kanavin, Jussi Laako, Jaska Uimonen
  • 3. What is the problem that Single Sign-on systems are aiming to solve? Source: xkcd.com/1200
  • 4. What is gSSO? ● A system for storing sensitive user data (credentials is the term for it) securely* ● Provides implementations of common** operations and authentication protocols that use those credentials and the API to access it ● Written entirely in C using Glib and its class and object system (Gobject) ● License: LGPL 2.1+ * the word 'securely' will be explained in a moment ** what exactly is meant by 'common' operations will also be explained in a moment
  • 5. What is 'security' as understood by gSSO? (1/2) Credentials are stored in a database, and the database must be stored on disk so that only gsso can access it – The details of such secure storage are handled by plugins – By default classic Unix permissions on the database file are used – The database can also be encrypted on disk using ecryptfs – Other platform security mechanisms can be utilized by writing additional plugins
  • 6. What is 'security' as understood by gSSO? (2/2) Access to each credential must be allowed only to explicitly listed applications – Each credential has an access control list – Checks against this list are performed by an access control plugin – The default plugin is using filesystem paths to perform checks – There is also a plugin that is using SMACK labels – There is also support for access controlling applications, if they are not standalone binaries, but scripts that run in a runtime
  • 7. What are the common operations that use credentials? ● Applications do not access credentials directly (again, this is good for security) ● Applications initiate an operation on a credential from a list of allowed operations (mechanisms) ● List of allowed methods/mechanisms is stored together with the credential in a database ● Method is a class implemented by a plugin ● Mechanisms are functions of a method With that said, the methods fall broadly into two categories: ● Offline (do not send anything over the network) ● Online (usually, authentication protocols to get access to some service)
  • 8. Offline methods ● The simplest method: store and retrieve a username/password pair – Can be used for password management, or when the password is sent directly over the network (not a good idea!) – Implemented by 'password' plugin ● X.509 – Handles operations with X.509 certificates such as sign, verify, encrypt and decrypt, without exposing the related keys to applications ● Generic encryption/decryption engine – The key is never exposed to the applications ● Front-end to specialized security hardware (such as a trusted execution engine or a smart card) – Provides a common API to applications, so they don't have to implement a hardware specific API
  • 9. Online methods ● OAuth version 1 and 2 – Very popular mechanism for authorizing applications to access online services. Used by Google, Facebook, Twitter, Microsoft, LinkedIn, Amazon, Yahoo,... pretty much everybody. – Typically involves showing the user a webpage which asks if the user trusts some application to access some data from a service, and if the user does, the application gets a magic access string (a 'token') – GSSO implements the client side of OAuth 1 and 2 RFC standards fully, even though they are rather large :) ● SASL – A set of mechanisms for challenge/response based authentication – Used in IMAP, SMTP, XMPP, LDAP, IRC,... – GSSO implements the most common mechanisms ● HTTP Digest authentication
  • 10. Architecture – all the pieces together
  • 13. Conclusion http://01.org/gsso LGPL 2.1+ Git repositories, mailing lists, bug tracker, IRC channel, documentation, tarball downloads, etc. All of that can be found at the above address