Optimizing AI for immediate response in Smart CCTV
FIware Identity Manager
1. Adding Identity Management and Access Control to your Application
Joaquin Salvachua -Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
joaquin.salvachua@upm.es, @jsalvachua
aalonsog@dit.upm.es, @larsonalonso
11. Web Applications and GEs
11
Generic
Enabler
Account
Request
+
access-‐token
Oauth2
flows
access-‐token
OK
+
user
info
(roles)
Web
App
OAuth
Library
access_token
12. Web Applications and GEs
GET https://GE_URL HTTP/1.1
Host: GE_hostname
X-Auth-Token: access_token
12
13. Securing your back-end
13
Back-‐end
Apps
Account
Request
+
access-‐token
Web
App
Oauth
Library
Proxy
access-‐token
OK
+
user
info
(roles)
Oauth2
flows
access_token
14. Securing your back-end
• Level 1: Authentication
– Check if a user has a FIWARE account
• Level 2: Basic Authorization
– Checks if a user has permissions to access a
resource
– HTTP verb + resource path
• Level 3: Advanced Authorization
– Custom XACML policies
15. Level 1: Authentication
15
Back-‐end
Apps
Account
Request
+
access-‐token
Web
App
Oauth
Library
PEP
Proxy
access-‐token
OK
+
user
info
(roles)
Oauth2
flows
access_token
16. Level 2: Basic Authorization
16
Back-‐end
Apps
Account
Request
+
access-‐token
Web
App
Oauth
Library
PEP
Proxy
access-‐token
OK
+
user
info
Oauth2
flows
access_token
Auth
PDP
GE
roles
+
verb
+
path
OK
17. Level 3: Advanced Authorization
17
Back-‐end
Apps
Account
Request
+
access-‐token
Web
App
Oauth
Library
PEP
Proxy
extension
Oauth2
flows
access_token
Auth
PDP
GE
access-‐token
OK
+
user
info
roles
+
XACML
<Request>
OK
20. Adding Identity Management and Access Control to your Application
Joaquin Salvachua -Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
joaquin.salvachua@upm.es, @jsalvachua
aalonsog@dit.upm.es, @larsonalonso