Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Security as a Service - Tian Wang
1. Version 1.0
October 10, 2018
Security as a Service
How Your Spring Apps Can
Benefit From Cloud Foundry
2. Cover w/ Image
Agenda
■ What does the Cloud Foundry platform
provide for my apps?
■ What is OAuth and OIDC?
■ How can I use it?
■ What is Credhub?
■ How can I use it?
3. Cloud Foundry 💚 Spring
How does the platform benefit my apps?
4. A platform for running your apps...
BOSH
AWS Azure GCP On-Prem
VM VM VMVM VM VM VM
IaaS
PaaS
Appscf push
Routing CAPI UAA ...Diego
App
● Buildpacks
● Routing
● Scaling
● Monitoring
● Backup and Restore
● Services Marketplace● Services Marketplace
5. ● Security Services for App
○ UAA (SSO)
Identity as a Service
○ Credhub
Credential
Management
A platform with security services for your apps...
BOSH
AWS Azure GCP On-Prem
VM VM VMVM VM VM VM
IaaS
PaaS
Appscf push
Routing CAPI UAA ...Diego
App
6. Security services to help you build your apps...
cf push
AppsApp
PaaSCredhubUAA
● Identity Proxy
● User AuthN/AuthZ
● Service-to-Service
Authn/AuthZ
● Credential Generation
● Credential Storage
● Credential Rotation
10. What’s a Token Look Like?
JSON Web Token (JWT)Bearer Token
11. What’s a Token Look Like?
Authentication Method (“External”)
External User Attributes
External Groups
12. What’s a Token Look Like?
Scopes for Role Based Access Control
User allowed to have scope (UAA group)
Client allowed to have scope (client config)
User consented client can use scope (to
prevent malicious apps)
22. Official Identity Provider of Cloud
Foundry, BOSH, OpsManager, PAS,
PKS, and more
Production proven at scales of over
2 million tokens per day
UAA
Cloud
Foundry
and PCF
LDAP
Lightweight
Directory Access
Protocol
OpenID Connect
UAA
SAML
Powered by
UAA
BOSH
OpsMan
PKS
23. Identity Service Broker,
Identity Sample Apps,
and Spring SSO Connector
Beyond UAA and into the customer
experience
Starting with Spring Boot for Java &
SteelToe for .NET
SSO
Pivotal SSO
Service
Customer
Applications
Enterprise/
Internal
Applications
Mobile
Applications
LDAP
Lightweight
Directory Access
Protocol
OpenID
Connect
OpenID Connect
UAA
SAML
SSO Operator Dashboard - Identity Providers
SSO Integration Guides
SSO Identity
Service Broker
Spring
SSO
Connector
Frameworks like
Spring Boot /
SteelToe
(Not Owned by Team)
Identity Sample
Apps
Operator App Developer
We become both a bridge and a buffer between the old world and
the new world
SSO Developer Dashboard -
Apps and Resources
Powered by
UAA
31. Credential Usage
Spring CredHub provides client-side support for storing, retrieving, and deleting credentials from a CredHub
server running in a Cloud Foundry platform.
The CredHubTemplate is used to interact with CredHub, typically used through its CredHubOperations
interface.