Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Adding Identity Management and Access Control to your Application

2.334 visualizaciones

Publicado el

Adding Identity Management and Access Control to your Application in the FIWARE ecosystem

Publicado en: Tecnología
  • Sé el primero en comentar

Adding Identity Management and Access Control to your Application

  1. 1. Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
  2. 2. Identity Manager 2
  3. 3. Identity Manager 3 Account
  4. 4. Oauth 2.0 Login with
  5. 5. FIWARE Account (Identity Manager) Demo 5
  6. 6. OAuth 2.0 6
  7. 7. Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
  8. 8. Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
  9. 9. Oauth 2.0 Demo 9
  10. 10. Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
  11. 11. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  12. 12. Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  13. 13. Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  14. 14. Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  15. 15. Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
  16. 16. Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
  17. 17. FIWARE Proxy Demo 17
  18. 18. Documentation • FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
  19. 19. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

×