FIware Identity Manager

•

0 likes•858 views

Joaquín Salvachúa

Software

Adding Identity Management and Access Control to your Application
Joaquin Salvachua -Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
joaquin.salvachua@upm.es, @jsalvachua
aalonsog@dit.upm.es, @larsonalonso

FIWARE Account (Identity Manager) Demo
5

Oauth 2.0 Message Flow
8
Web
App
Account

redirect

request
access-‐token

access-‐token

access-‐code

OAuth
Library

Request
user
info
using
access-‐token

Oauth 2.0 Libraries
•  http://oauth.net/2/
–  PHP, Cocoa, iOS, Java, Ruby, Javascript,
Python.
•  Example using Node.js
–  https://github.com/ging/oauth2-example-
client
9

Web Applications and GEs
11

Generic
Enabler

Account

Request
+

access-‐token

Oauth2
ﬂows

access-‐token

OK
+
user
info
(roles)

Web
App

OAuth
Library

access_token

Web Applications and GEs
GET https://GE_URL HTTP/1.1
Host: GE_hostname
X-Auth-Token: access_token
12

Securing your back-end
13
Back-‐end

Apps

Account

Request
+

access-‐token

Web
App

Oauth
Library

Proxy

access-‐token

OK
+
user
info
(roles)

Oauth2
ﬂows

access_token

Securing your back-end
•  Level 1: Authentication
–  Check if a user has a FIWARE account
•  Level 2: Basic Authorization
–  Checks if a user has permissions to access a
resource
–  HTTP verb + resource path
•  Level 3: Advanced Authorization
–  Custom XACML policies

Level 1: Authentication
15
Back-‐end

Apps

Account

Request
+

access-‐token

Web
App

Oauth
Library

PEP
Proxy

access-‐token

OK
+
user
info
(roles)

Oauth2
ﬂows

access_token

Level 2: Basic Authorization
16
Back-‐end

Apps

Account

Request
+

access-‐token

Web
App

Oauth
Library

PEP
Proxy

access-‐token

OK
+
user
info

Oauth2
ﬂows

access_token

Auth
PDP

GE

roles
+
verb
+
path

OK

Level 3: Advanced Authorization
17
Back-‐end

Apps

Account

Request
+

access-‐token

Web
App

Oauth
Library

PEP
Proxy
extension

Oauth2
ﬂows

access_token

Auth
PDP

GE

access-‐token

OK
+
user
info

roles
+
XACML
<Request>

OK

Documentation
•  FIWARE Account:
–  Source Code: https://github.com/ging/fi-
ware-idm
–  Documentation: https://github.com/ging/fi-
ware-idm/wiki
•  FIWARE Access Control
–  http://catalogue.fi-ware.org/enablers/access-
control-tha-implementation/documentation
•  FIWARE OAuth2 Demo:
–  https://github.com/ging/oauth2-example-
client
•  FIWARE Proxy:
–  https://github.com/ging/fi-ware-pep-proxy
19

What's hot

Adding identity management and access control to your appÁlvaro Alonso González

Adding Identity Management and Access Control to your AppFIWARE

Integrating Fiware Orion, Keyrock and WilmaDalton Valadares

Spring4 security oauth2axykim00

Api security-eic-prabathWSO2

OAuth2 and Spring SecurityOrest Ivasiv

Secure Code Warrior - Issues with originsSecure Code Warrior

Secure Code Warrior - Unrestricted file uploadSecure Code Warrior

How to CASifying PeopleSoft and Integrating CAS and ADFSJohn Gasper

Authorization and Authentication using IdentityServer4Aaron Ralls

Api security teodorcotruta

D@W REST securityGaurav Sharma

Mohanraj - Securing Your Web Api With OAuthfossmy

API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management

Secure Code Warrior - Cookies and sessionsSecure Code Warrior

Secure Your REST API (The Right Way)Stormpath

Secure Code Warrior - Local storageSecure Code Warrior

Securing RESTful Payment APIs Using OAuth 2Jonathan LeBlanc

OAuth Tokensn|u - The Open Security Community

Single-Page-Application & REST securityIgor Bossenko

What's hot (20)

Adding identity management and access control to your app

Adding Identity Management and Access Control to your App

Integrating Fiware Orion, Keyrock and Wilma

Spring4 security oauth2

Api security-eic-prabath

OAuth2 and Spring Security

Secure Code Warrior - Issues with origins

Secure Code Warrior - Unrestricted file upload

How to CASifying PeopleSoft and Integrating CAS and ADFS

Authorization and Authentication using IdentityServer4

Api security

D@W REST security

Mohanraj - Securing Your Web Api With OAuth

API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...

Secure Code Warrior - Cookies and sessions

Secure Your REST API (The Right Way)

Secure Code Warrior - Local storage

Securing RESTful Payment APIs Using OAuth 2

OAuth Tokens

Single-Page-Application & REST security

Viewers also liked

Representación política y democracia 2,0Juan Fernando Giraldo

StarkRicardo Mata

Presentacion GloriaGloria Esperanza Ortiz Russi

Casa rural en las hurdes contactoCRlashurdes

Fcoce aammss-2051687-3-130429 brochure esbogotaconventionbureau

201309 dxFmoreira4

Ponencia Ies Bendinatbendinatcomenius

Comunicado de Prensa - Aniversario Luctuoso de Emiliano ZapataAlejandro Bocanegra Montes

Food & Beverage industry-MagnetrolBenjamin Kyalo

Cursos telepresenceMira Telecomunicaciones

Dioduet travel fashion tour japan 2014 dioduettravel

Press Book Pharmagora Plus - 2015pbcom1998

1.muhammad azizul hoque -1-7Alexander Decker

Redes SocialesKamila Orellana

Laguna de a frouxeira.cerredo

Versos al vientoJOSE SOCORRO MARTINEZ AGUILAR

Tierra2010miguelrioorbigo

Rova profileROVA Healthcare

Zygote Files - Fraud and Embezzlement at the WDAZurich Files

Exenciones Santiago LLamas

Viewers also liked (20)

Representación política y democracia 2,0

Stark

Presentacion Gloria

Casa rural en las hurdes contacto

Fcoce aammss-2051687-3-130429 brochure es

201309 dx

Ponencia Ies Bendinat

Comunicado de Prensa - Aniversario Luctuoso de Emiliano Zapata

Food & Beverage industry-Magnetrol

Cursos telepresence

Dioduet travel fashion tour japan 2014

Press Book Pharmagora Plus - 2015

1.muhammad azizul hoque -1-7

Redes Sociales

Laguna de a frouxeira.

Versos al viento

Tierra2010

Rova profile

Zygote Files - Fraud and Embezzlement at the WDA

Exenciones

Similar to FIware Identity Manager

FIWARE ID ManagementMiguel García González

FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE

Security Access with OAuth2.0Fernando Lopez Aguilar

Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González

FIWARE Training: Identity Management and Access ControlFIWARE

FIWARE Identity Management and Access ControlFIWARE

Id fiware upm-ditJoaquín Salvachúa

Hybrid authentication - Talking To Major Social NetworksRayhan Chowdhury

Oauth2.0Yasmine Gaber

OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud

Beyond API AuthorizationJared Hanson

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management

How to Build an Indivo X Personal Health AppBen Adida

Stateless Auth using OAuth2 & JWTGaurav Roy

Rest api titouan benoitTitouan BENOIT

2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE

Some OAuth loveNicolas Blanco

Building an API Security EcosystemPrabath Siriwardena

Best Practices in Building an API Security EcosystemWSO2

Similar to FIware Identity Manager (20)

FIWARE ID Management

FIWARE Global Summit - Adding Identity Management, Access Control and API Man...

Security Access with OAuth2.0

Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.

FIWARE Training: Identity Management and Access Control

FIWARE Identity Management and Access Control

Id fiware upm-dit

Hybrid authentication - Talking To Major Social Networks

Oauth2.0

OAuth - Don’t Throw the Baby Out with the Bathwater

Beyond API Authorization

Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...

How to Build an Indivo X Personal Health App

Stateless Auth using OAuth2 & JWT

Rest api titouan benoit

2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...

Some OAuth love

Building an API Security Ecosystem

Best Practices in Building an API Security Ecosystem

Recently uploaded

Software Quality Assurance Interview QuestionsArshad QA

A Secure and Reliable Document Management System is Essential.docxComplianceQuest1

Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave

Right Money Management App For Your Financial GoalsJhone kinadey

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...kalichargn70th171

8257 interfacing 2 in microprocessor for btech studentsHimanshiGarg82

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS

VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale

10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE9953056974 Low Rate Call Girls In Saket, Delhi NCR

5 Signs You Need a Fashion PLM Software.pdfWave PLM

HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai

How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveCall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc

Diamond Application Development Crafting Solutions with PrecisionSolGuruz

Optimizing AI for immediate response in Smart CCTVshikhaohhpro

Recently uploaded (20)

Software Quality Assurance Interview Questions

A Secure and Reliable Document Management System is Essential.docx

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

Right Money Management App For Your Financial Goals

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

8257 interfacing 2 in microprocessor for btech students

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

VTU technical seminar 8Th Sem on Scikit-learn

10 Trends Likely to Shape Enterprise Technology in 2024

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

5 Signs You Need a Fashion PLM Software.pdf

HR Software Buyers Guide in 2024 - HRSoftware.com

How To Troubleshoot Collaboration Apps for the Modern Connected Worker

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

How To Use Server-Side Rendering with Nuxt.js

Diamond Application Development Crafting Solutions with Precision

Optimizing AI for immediate response in Smart CCTV

FIware Identity Manager

1. Adding Identity Management and Access Control to your Application Joaquin Salvachua -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso

3. Identity Manager 3

4. Identity Manager 4 Account

5. FIWARE Account (Identity Manager) Demo 5

6. OAuth 2.0 6

7. OAuth 2.0 Login with

8. Oauth 2.0 Message Flow 8 Web App Account redirect request access-‐token access-‐token access-‐code OAuth Library Request user info using access-‐token

9. Oauth 2.0 Libraries •  http://oauth.net/2/ –  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. •  Example using Node.js –  https://github.com/ging/oauth2-example- client 9

10. Oauth 2.0 Demo 10

11. Web Applications and GEs 11 Generic Enabler Account Request + access-‐token Oauth2 ﬂows access-‐token OK + user info (roles) Web App OAuth Library access_token

12. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 12

13. Securing your back-end 13 Back-‐end Apps Account Request + access-‐token Web App Oauth Library Proxy access-‐token OK + user info (roles) Oauth2 ﬂows access_token

14. Securing your back-end •  Level 1: Authentication –  Check if a user has a FIWARE account •  Level 2: Basic Authorization –  Checks if a user has permissions to access a resource –  HTTP verb + resource path •  Level 3: Advanced Authorization –  Custom XACML policies

15. Level 1: Authentication 15 Back-‐end Apps Account Request + access-‐token Web App Oauth Library PEP Proxy access-‐token OK + user info (roles) Oauth2 ﬂows access_token

16. Level 2: Basic Authorization 16 Back-‐end Apps Account Request + access-‐token Web App Oauth Library PEP Proxy access-‐token OK + user info Oauth2 ﬂows access_token Auth PDP GE roles + verb + path OK

17. Level 3: Advanced Authorization 17 Back-‐end Apps Account Request + access-‐token Web App Oauth Library PEP Proxy extension Oauth2 ﬂows access_token Auth PDP GE access-‐token OK + user info roles + XACML <Request> OK

18. FIWARE Proxy Demo 18

19. Documentation •  FIWARE Account: –  Source Code: https://github.com/ging/fiware-idm –  Documentation: https://github.com/ging/fiware-idm/wiki •  FIWARE Access Control –  http://catalogue.fi-ware.org/enablers/access- control-tha-implementation/documentation •  FIWARE OAuth2 Demo: –  https://github.com/ging/oauth2-example- client •  FIWARE Proxy: –  https://github.com/ging/fi-ware-pep-proxy 19

20. Adding Identity Management and Access Control to your Application Joaquin Salvachua -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso

FIware Identity Manager

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to FIware Identity Manager

Similar to FIware Identity Manager (20)

More from Joaquín Salvachúa

More from Joaquín Salvachúa (20)

Recently uploaded

Recently uploaded (20)

FIware Identity Manager