SlideShare a Scribd company logo

FIware Identity Manager

Joaquín Salvachúa
Joaquín Salvachúa

FIware Identity Manager

Software
1 of 20
Download to read offline
Adding Identity Management and Access Control to your Application Joaquin Salvachua -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso  
Identity Manager 3
Identity Manager 4 Account  
FIWARE Account (Identity Manager) Demo 5
OAuth 2.0 6
OAuth 2.0                                Login  with  
Oauth 2.0 Message Flow 8 Web  App   Account   redirect   request  access-­‐token   access-­‐token   access-­‐code   OAuth  Library   Request  user  info  using  access-­‐token  
Oauth 2.0 Libraries •  http://oauth.net/2/ –  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. •  Example using Node.js –  https://github.com/ging/oauth2-example- client 9
Oauth 2.0 Demo 10
Web Applications and GEs 11     Generic  Enabler   Account   Request  +   access-­‐token   Oauth2  flows   access-­‐token   OK  +  user  info  (roles)   Web  App   OAuth  Library   access_token  
Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 12
Securing your back-end 13 Back-­‐end   Apps   Account   Request  +   access-­‐token   Web  App   Oauth  Library   Proxy   access-­‐token   OK  +  user  info  (roles)   Oauth2  flows   access_token  
Securing your back-end •  Level 1: Authentication –  Check if a user has a FIWARE account •  Level 2: Basic Authorization –  Checks if a user has permissions to access a resource –  HTTP verb + resource path •  Level 3: Advanced Authorization –  Custom XACML policies
Level 1: Authentication 15 Back-­‐end   Apps   Account   Request  +   access-­‐token   Web  App   Oauth  Library   PEP  Proxy   access-­‐token   OK  +  user  info  (roles)   Oauth2  flows   access_token  
Level 2: Basic Authorization 16 Back-­‐end   Apps   Account   Request  +   access-­‐token   Web  App   Oauth  Library   PEP  Proxy   access-­‐token   OK  +  user  info   Oauth2  flows   access_token   Auth  PDP   GE   roles  +  verb  +  path   OK  
Level 3: Advanced Authorization 17 Back-­‐end   Apps   Account   Request  +   access-­‐token   Web  App   Oauth  Library   PEP  Proxy  extension   Oauth2  flows   access_token   Auth  PDP   GE   access-­‐token   OK  +  user  info   roles  +  XACML  <Request>   OK  
FIWARE Proxy Demo 18
Documentation •  FIWARE Account: –  Source Code: https://github.com/ging/fi- ware-idm –  Documentation: https://github.com/ging/fi- ware-idm/wiki •  FIWARE Access Control –  http://catalogue.fi-ware.org/enablers/access- control-tha-implementation/documentation •  FIWARE OAuth2 Demo: –  https://github.com/ging/oauth2-example- client •  FIWARE Proxy: –  https://github.com/ging/fi-ware-pep-proxy 19
Adding Identity Management and Access Control to your Application Joaquin Salvachua -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso

Recommended

FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 

Recommended

FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
IdM and AC
IdM and ACIdM and AC
IdM and ACFernando Lopez Aguilar
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
Adding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationAdding Identity Management and Access Control to your Application, Authorization
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabathWSO2
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSJohn Gasper
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Api security
Api security Api security
Api security teodorcotruta
 
D@W REST security
D@W REST securityD@W REST security
D@W REST securityGaurav Sharma
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthfossmy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Stormpath
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Jonathan LeBlanc
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokensn|u - The Open Security Community
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 
Representación política y democracia 2,0
Representación política y democracia 2,0Representación política y democracia 2,0
Representación política y democracia 2,0Juan Fernando Giraldo
 
Stark
StarkStark
StarkRicardo Mata
 

More Related Content

What's hot

Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabathWSO2
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSJohn Gasper
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthfossmy
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Stormpath
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Jonathan LeBlanc
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 

What's hot (20)

Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabath
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
Secure Code Warrior - Issues with origins
Secure Code Warrior - Issues with originsSecure Code Warrior - Issues with origins
Secure Code Warrior - Issues with origins
 
Secure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file uploadSecure Code Warrior - Unrestricted file upload
Secure Code Warrior - Unrestricted file upload
 
How to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFSHow to CASifying PeopleSoft and Integrating CAS and ADFS
How to CASifying PeopleSoft and Integrating CAS and ADFS
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 
Api security
Api security Api security
Api security
 
D@W REST security
D@W REST securityD@W REST security
D@W REST security
 
Mohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuthMohanraj - Securing Your Web Api With OAuth
Mohanraj - Securing Your Web Api With OAuth
 
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...
 
Secure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessionsSecure Code Warrior - Cookies and sessions
Secure Code Warrior - Cookies and sessions
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storage
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
 
OAuth Tokens
OAuth TokensOAuth Tokens
OAuth Tokens
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 

Viewers also liked

Representación política y democracia 2,0
Representación política y democracia 2,0Representación política y democracia 2,0
Representación política y democracia 2,0Juan Fernando Giraldo
 
Casa rural en las hurdes contacto
Casa rural en las hurdes contactoCasa rural en las hurdes contacto
Casa rural en las hurdes contactoCRlashurdes
 
Fcoce aammss-2051687-3-130429 brochure es
Fcoce aammss-2051687-3-130429 brochure esFcoce aammss-2051687-3-130429 brochure es
Fcoce aammss-2051687-3-130429 brochure esbogotaconventionbureau
 
Comunicado de Prensa - Aniversario Luctuoso de Emiliano Zapata
Comunicado de Prensa - Aniversario Luctuoso de Emiliano ZapataComunicado de Prensa - Aniversario Luctuoso de Emiliano Zapata
Comunicado de Prensa - Aniversario Luctuoso de Emiliano ZapataAlejandro Bocanegra Montes
 
Food & Beverage industry-Magnetrol
Food & Beverage industry-MagnetrolFood & Beverage industry-Magnetrol
Food & Beverage industry-MagnetrolBenjamin Kyalo
 
Dioduet travel fashion tour japan 2014
Dioduet travel fashion tour japan 2014 Dioduet travel fashion tour japan 2014
Dioduet travel fashion tour japan 2014 dioduettravel
 
Press Book Pharmagora Plus - 2015
Press Book Pharmagora Plus - 2015Press Book Pharmagora Plus - 2015
Press Book Pharmagora Plus - 2015pbcom1998
 
1.muhammad azizul hoque -1-7
1.muhammad azizul hoque -1-71.muhammad azizul hoque -1-7
1.muhammad azizul hoque -1-7Alexander Decker
 
Laguna de a frouxeira.
Laguna de a frouxeira.Laguna de a frouxeira.
Laguna de a frouxeira.cerredo
 
Zygote Files - Fraud and Embezzlement at the WDA
Zygote Files - Fraud and Embezzlement at the WDAZygote Files - Fraud and Embezzlement at the WDA
Zygote Files - Fraud and Embezzlement at the WDAZurich Files
 

Viewers also liked (20)

Representación política y democracia 2,0
Representación política y democracia 2,0Representación política y democracia 2,0
Representación política y democracia 2,0
 
Stark
StarkStark
Stark
 
Presentacion Gloria
Presentacion GloriaPresentacion Gloria
Presentacion Gloria
 
Casa rural en las hurdes contacto
Casa rural en las hurdes contactoCasa rural en las hurdes contacto
Casa rural en las hurdes contacto
 
Fcoce aammss-2051687-3-130429 brochure es
Fcoce aammss-2051687-3-130429 brochure esFcoce aammss-2051687-3-130429 brochure es
Fcoce aammss-2051687-3-130429 brochure es
 
201309 dx
201309 dx201309 dx
201309 dx
 
Ponencia Ies Bendinat
Ponencia Ies BendinatPonencia Ies Bendinat
Ponencia Ies Bendinat
 
Comunicado de Prensa - Aniversario Luctuoso de Emiliano Zapata
Comunicado de Prensa - Aniversario Luctuoso de Emiliano ZapataComunicado de Prensa - Aniversario Luctuoso de Emiliano Zapata
Comunicado de Prensa - Aniversario Luctuoso de Emiliano Zapata
 
Food & Beverage industry-Magnetrol
Food & Beverage industry-MagnetrolFood & Beverage industry-Magnetrol
Food & Beverage industry-Magnetrol
 
Cursos telepresence
Cursos telepresenceCursos telepresence
Cursos telepresence
 
Dioduet travel fashion tour japan 2014
Dioduet travel fashion tour japan 2014 Dioduet travel fashion tour japan 2014
Dioduet travel fashion tour japan 2014
 
Press Book Pharmagora Plus - 2015
Press Book Pharmagora Plus - 2015Press Book Pharmagora Plus - 2015
Press Book Pharmagora Plus - 2015
 
1.muhammad azizul hoque -1-7
1.muhammad azizul hoque -1-71.muhammad azizul hoque -1-7
1.muhammad azizul hoque -1-7
 
Redes Sociales
Redes SocialesRedes Sociales
Redes Sociales
 
Laguna de a frouxeira.
Laguna de a frouxeira.Laguna de a frouxeira.
Laguna de a frouxeira.
 
Versos al viento
Versos al vientoVersos al viento
Versos al viento
 
Tierra2010
Tierra2010Tierra2010
Tierra2010
 
Rova profile
Rova profileRova profile
Rova profile
 
Zygote Files - Fraud and Embezzlement at the WDA
Zygote Files - Fraud and Embezzlement at the WDAZygote Files - Fraud and Embezzlement at the WDA
Zygote Files - Fraud and Embezzlement at the WDA
 
Exenciones
Exenciones Exenciones
Exenciones
 

Similar to FIware Identity Manager

FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE
 
Hybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksHybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksRayhan Chowdhury
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
Beyond API Authorization
Beyond API AuthorizationBeyond API Authorization
Beyond API AuthorizationJared Hanson
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppBen Adida
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Rest api titouan benoit
Rest api titouan benoitRest api titouan benoit
Rest api titouan benoitTitouan BENOIT
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security EcosystemPrabath Siriwardena
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemWSO2
 

Similar to FIware Identity Manager (20)

FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
Security Access with OAuth2.0
Security Access with OAuth2.0Security Access with OAuth2.0
Security Access with OAuth2.0
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
Hybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksHybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social Networks
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
Beyond API Authorization
Beyond API AuthorizationBeyond API Authorization
Beyond API Authorization
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health App
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Rest api titouan benoit
Rest api titouan benoitRest api titouan benoit
Rest api titouan benoit
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Some OAuth love
Some OAuth loveSome OAuth love
Some OAuth love
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
 

More from Joaquín Salvachúa

Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.jsJoaquín Salvachúa
 
Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Joaquín Salvachúa
 
Big data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesBig data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesJoaquín Salvachúa
 

More from Joaquín Salvachúa (20)

Eemov data
Eemov dataEemov data
Eemov data
 
Etica big data
Etica big dataEtica big data
Etica big data
 
FIWARE Data usage control
FIWARE Data usage controlFIWARE Data usage control
FIWARE Data usage control
 
Fiware overview3
Fiware overview3Fiware overview3
Fiware overview3
 
Fiware overview
Fiware overviewFiware overview
Fiware overview
 
Kubernetes2
Kubernetes2Kubernetes2
Kubernetes2
 
Introducción al ecosistema de React.js
Introducción al ecosistema de React.jsIntroducción al ecosistema de React.js
Introducción al ecosistema de React.js
 
Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G) Fi ware en Hack for good (#H4G)
Fi ware en Hack for good (#H4G)
 
Vagrant
VagrantVagrant
Vagrant
 
Big data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón ArecesBig data Jornada Fundación Ramón Areces
Big data Jornada Fundación Ramón Areces
 
Intro20 socioeconomia
Intro20 socioeconomiaIntro20 socioeconomia
Intro20 socioeconomia
 
Master w20 01
Master w20 01Master w20 01
Master w20 01
 
Blogs micro
Blogs microBlogs micro
Blogs micro
 
Social networks upm
Social networks upmSocial networks upm
Social networks upm
 
Nube redes
Nube redesNube redes
Nube redes
 
Identidad2
Identidad2Identidad2
Identidad2
 
Blogs Micro
Blogs MicroBlogs Micro
Blogs Micro
 
Blogs Micro
Blogs MicroBlogs Micro
Blogs Micro
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 
Blogs y Microblogging
Blogs y MicrobloggingBlogs y Microblogging
Blogs y Microblogging
 

Recently uploaded

Auto Affiliate AI Earns First Commission in 3 Hours..pdf
Auto Affiliate AI Earns First Commission in 3 Hours..pdfAuto Affiliate AI Earns First Commission in 3 Hours..pdf
Auto Affiliate AI Earns First Commission in 3 Hours..pdfSelfMade bd
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Conceptsthomashtkim
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdftimtebeek1
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringPrakhyath Rai
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfSrushith Repakula
 
^Clinic ^%[+27788225528*Abortion Pills For Sale In harare
^Clinic ^%[+27788225528*Abortion Pills For Sale In harare^Clinic ^%[+27788225528*Abortion Pills For Sale In harare
^Clinic ^%[+27788225528*Abortion Pills For Sale In hararekasambamuno
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Andrea Goulet
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIBusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIAGATSoftware
 
Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Maxim Salnikov
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...drm1699
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckMarc Lester
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Eraconfluent
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jNeo4j
 
^Clinic ^%[+27788225528*Abortion Pills For Sale In witbank
^Clinic ^%[+27788225528*Abortion Pills For Sale In witbank^Clinic ^%[+27788225528*Abortion Pills For Sale In witbank
^Clinic ^%[+27788225528*Abortion Pills For Sale In witbankkasambamuno
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Lisi Hocke
 
Community is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletCommunity is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletAndrea Goulet
 
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfThe Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfkalichargn70th171
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024MulesoftMunichMeetup
 
What is a Recruitment Management Software?
What is a Recruitment Management Software?What is a Recruitment Management Software?
What is a Recruitment Management Software?NYGGS Automation Suite
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMarkus Moeller
 

Recently uploaded (20)

Auto Affiliate AI Earns First Commission in 3 Hours..pdf
Auto Affiliate AI Earns First Commission in 3 Hours..pdfAuto Affiliate AI Earns First Commission in 3 Hours..pdf
Auto Affiliate AI Earns First Commission in 3 Hours..pdf
 
Encryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key ConceptsEncryption Recap: A Refresher on Key Concepts
Encryption Recap: A Refresher on Key Concepts
 
Weeding your micro service landscape.pdf
Weeding your micro service landscape.pdfWeeding your micro service landscape.pdf
Weeding your micro service landscape.pdf
 
Software Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements EngineeringSoftware Engineering - Introduction + Process Models + Requirements Engineering
Software Engineering - Introduction + Process Models + Requirements Engineering
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdf
 
^Clinic ^%[+27788225528*Abortion Pills For Sale In harare
^Clinic ^%[+27788225528*Abortion Pills For Sale In harare^Clinic ^%[+27788225528*Abortion Pills For Sale In harare
^Clinic ^%[+27788225528*Abortion Pills For Sale In harare
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIBusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 
Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?Prompt Engineering - an Art, a Science, or your next Job Title?
Prompt Engineering - an Art, a Science, or your next Job Title?
 
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
Abortion Pills For Sale WhatsApp[[+27737758557]] In Birch Acres, Abortion Pil...
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined Deck
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4jGraphSummit Milan - Visione e roadmap del prodotto Neo4j
GraphSummit Milan - Visione e roadmap del prodotto Neo4j
 
^Clinic ^%[+27788225528*Abortion Pills For Sale In witbank
^Clinic ^%[+27788225528*Abortion Pills For Sale In witbank^Clinic ^%[+27788225528*Abortion Pills For Sale In witbank
^Clinic ^%[+27788225528*Abortion Pills For Sale In witbank
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
 
Community is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea GouletCommunity is Just as Important as Code by Andrea Goulet
Community is Just as Important as Code by Andrea Goulet
 
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfThe Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
 
What is a Recruitment Management Software?
What is a Recruitment Management Software?What is a Recruitment Management Software?
What is a Recruitment Management Software?
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdf
 

FIware Identity Manager

  • 1. Adding Identity Management and Access Control to your Application Joaquin Salvachua -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso  
  • 2.
  • 5. FIWARE Account (Identity Manager) Demo 5
  • 7. OAuth 2.0                                Login  with  
  • 8. Oauth 2.0 Message Flow 8 Web  App   Account   redirect   request  access-­‐token   access-­‐token   access-­‐code   OAuth  Library   Request  user  info  using  access-­‐token  
  • 9. Oauth 2.0 Libraries •  http://oauth.net/2/ –  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. •  Example using Node.js –  https://github.com/ging/oauth2-example- client 9
  • 11. Web Applications and GEs 11     Generic  Enabler   Account   Request  +   access-­‐token   Oauth2  flows   access-­‐token   OK  +  user  info  (roles)   Web  App   OAuth  Library   access_token  
  • 12. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 12
  • 13. Securing your back-end 13 Back-­‐end   Apps   Account   Request  +   access-­‐token   Web  App   Oauth  Library   Proxy   access-­‐token   OK  +  user  info  (roles)   Oauth2  flows   access_token  
  • 14. Securing your back-end •  Level 1: Authentication –  Check if a user has a FIWARE account •  Level 2: Basic Authorization –  Checks if a user has permissions to access a resource –  HTTP verb + resource path •  Level 3: Advanced Authorization –  Custom XACML policies
  • 15. Level 1: Authentication 15 Back-­‐end   Apps   Account   Request  +   access-­‐token   Web  App   Oauth  Library   PEP  Proxy   access-­‐token   OK  +  user  info  (roles)   Oauth2  flows   access_token  
  • 16. Level 2: Basic Authorization 16 Back-­‐end   Apps   Account   Request  +   access-­‐token   Web  App   Oauth  Library   PEP  Proxy   access-­‐token   OK  +  user  info   Oauth2  flows   access_token   Auth  PDP   GE   roles  +  verb  +  path   OK  
  • 17. Level 3: Advanced Authorization 17 Back-­‐end   Apps   Account   Request  +   access-­‐token   Web  App   Oauth  Library   PEP  Proxy  extension   Oauth2  flows   access_token   Auth  PDP   GE   access-­‐token   OK  +  user  info   roles  +  XACML  <Request>   OK  
  • 19. Documentation •  FIWARE Account: –  Source Code: https://github.com/ging/fi- ware-idm –  Documentation: https://github.com/ging/fi- ware-idm/wiki •  FIWARE Access Control –  http://catalogue.fi-ware.org/enablers/access- control-tha-implementation/documentation •  FIWARE OAuth2 Demo: –  https://github.com/ging/oauth2-example- client •  FIWARE Proxy: –  https://github.com/ging/fi-ware-pep-proxy 19
  • 20. Adding Identity Management and Access Control to your Application Joaquin Salvachua -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso