SlideShare une entreprise Scribd logo

Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott Morrison, Cloud Identity Summit

Télécharger en tant que PPTX, PDF
CA API Management
CA API Management

Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.

Technologie
1  sur  19
Mobile Single Sign-On: Extending SSO Out To The Client July 11, 2013 K. Scott Morrison Senior Vice President and Distinguished Engineer
Copyright © 2013 CA. All rights reserved. Our Problem: Secure Mobile Access to Apps and Data How Do We Make APIs Available?  Firewall mazes  Diversity of clients and back end systems  Clients and servers change at different rates Enterprise Network API/Service Client API/Service Servers Firewall 2 Firewall 1 Internet Directory Of Interest Today  Authentication, Authorization & SSO  Secure Transmission
Copyright © 2013 CA. All rights reserved. We Want Classic SSO In An Active Profile For REST Could leverage WS-Fed here  SAML’s second act? API/Service Servers Apps making RESTful API calls Internet Directory
Copyright © 2013 CA. All rights reserved. But We Also Want Local App SSO Single Sign On App Group (these apps will share sign- on sessions) A B C API/Service Servers So now it’s getting interesting… “Like a VPN… but with an experience that doesn’t suck”
Copyright © 2013 CA. All rights reserved. App layer Persistence layer Mobile OS Isolation is an issue Silos
Layer 7 Technologies Overview Motivations: Many of our customers have architectures like this Gateway Cluster at Edge of Network  DMZ deployment  Hardware appliance, virtual appliance or software Enterprise Network API/Service Servers … Firewall 2 Firewall 1 Partners Mobile Devices Cloud SSG Cluster API/Service Client Directory
Layer 7 Technologies Overview Native Single Sign-On SDK For Mobile Developers Enterprise Network iPhone Android iPad App-sharable Secure Key Store One time PIN SMS, APNS, call API Servers Strong Security for Mobile Apps  Cross-platform and built for a consumer or BYOD world  100% Standards-based using OAuth+OpenID Connect  X-app SSO with multi-factor auth & secure channel  X.509 Certificate provisioning for strong auth and transaction signing
Layer 7 Technologies Overview Client Deployment Strategy  Don’t make me work hard – But give me a strong and extensible security model  Transfer of security responsibility – Let developers do what they do best  Simple SDK – Align with common development time environments  iOS, Android, Javascript, etc  Mirror REST frameworks  Future – Aspects, wrapping, etc. Copyright © 2013 CA. All rights reserved.
Layer 7 Technologies Overview Self Service: User should be able to log out if device is lost or stolen Copyright © 2012 CA. All rights reserved.
Copyright © 2013 CA. All rights reserved. Three Important Entities A A B C Device App User
Layer 7 Technologies Overview Protocol Strategy A B C username/password ID Token Access Token/Refresh Token Per app Authorization Server OAuth + OpenID Connect  Profiled for mobile  Clear distinction between device, user and app
Layer 7 Technologies Overview Overall Architecture Copyright © 2012 CA. All rights reserved.
Copyright © 2013 CA. All rights reserved. Register device, streamlined, first usage
Copyright © 2013 CA. All rights reserved. Register device, streamlined, first usage (cont.)
Copyright © 2013 CA. All rights reserved. Request an access_token using JWT (SSO)
Layer 7 Technologies Overview Mobile SSO APIs – server side Server side API ID Operation URL path request_token Request access_token / id_token (JWT) /l7cadr/auth/oauth/v2/token request_token_sso Request access_token using id_token (JWT) which is the SSO scenario /l7cadr/auth/oauth/v2/token request_token_basic Request access_token/ id_token (JWT) /l7cadr/auth/oauth/v2/token request_token_sso_basic Request access_token using id_token (JWT) which is the SSO scenario /l7cadr/auth/oauth/v2/token revoke_token Revoke an access_token or refresh_token /l7cadr/auth/oauth/v2/token/revoke register_device Registers a device for a user /l7cadr/connect/device/register resource_owner_logout The resource_owner logs out of the device by invalidating his current id_token (JWT) /l7cadr/connect/session/logout resource_owner_session _status The client requests the session status by passing in the id_token /l7cadr/connect/session/status remove_device_x509 Removes a registered device using ssl mutual authentication /l7cadr/connect/device/remove userinfo The endpoints returns claims about the current user. The result depends on the SCOPE that was requested with the access_token /l7cadr/openid/connect/v1/userinfo list_devices Lists registered devices /l7cadr/connect/device/list
Copyright © 2013 CA. All rights reserved. Administration of Tokens
Demo
Questions? K. Scott Morrison smorrison@layer7.com (604) 681-9377

Recommandé

Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOWSO2
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceCA API Management
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CIS13: Mobile Single Sign-On: Extending SSO Out to the ClientCIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CIS13: Mobile Single Sign-On: Extending SSO Out to the ClientCloudIDSummit
 
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jainCIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jainCloudIDSummit
 

Recommandé

Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
 
Patterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOPatterns and Practices in Mobile SSO
Patterns and Practices in Mobile SSOWSO2
 
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsMobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
Single sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceSingle sign-on Across Mobile Applications from RSAConference
Single sign-on Across Mobile Applications from RSAConferenceCA API Management
 
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CIS13: Mobile Single Sign-On: Extending SSO Out to the ClientCIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CIS13: Mobile Single Sign-On: Extending SSO Out to the ClientCloudIDSummit
 
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jainCIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jainCloudIDSummit
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Mobile SSO using NAPPS
Mobile SSO using NAPPSMobile SSO using NAPPS
Mobile SSO using NAPPSAshish Jain
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptxAnkit Giri
 
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...WSO2
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
CIS 2015 Mobile SSO
CIS 2015 Mobile SSOCIS 2015 Mobile SSO
CIS 2015 Mobile SSOAshish Jain
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...owaspindia
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)GregOracle
 
Mobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to knowMobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to knowAshish Jain
 
Kodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPalKodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPalAshish Jain
 
Mobile_app_security
Mobile_app_securityMobile_app_security
Mobile_app_securityHassan El Hadary
 
How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Layer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityLayer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityCA API Management
 

Contenu connexe

Tendances

You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Mobile SSO using NAPPS
Mobile SSO using NAPPSMobile SSO using NAPPS
Mobile SSO using NAPPSAshish Jain
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptxAnkit Giri
 
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...WSO2
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 
CIS 2015 Mobile SSO
CIS 2015 Mobile SSOCIS 2015 Mobile SSO
CIS 2015 Mobile SSOAshish Jain
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...owaspindia
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)GregOracle
 
Mobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to knowMobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to knowAshish Jain
 
Kodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPalKodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPalAshish Jain
 

Tendances (20)

You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual World
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device Universe
 
Mobile SSO using NAPPS
Mobile SSO using NAPPSMobile SSO using NAPPS
Mobile SSO using NAPPS
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
 
The curious case of mobile app security.pptx
The curious case of mobile app security.pptxThe curious case of mobile app security.pptx
The curious case of mobile app security.pptx
 
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 
CIS 2015 Mobile SSO
CIS 2015 Mobile SSOCIS 2015 Mobile SSO
CIS 2015 Mobile SSO
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
 
Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...Mobile application security – effective methodology, efficient testing! hem...
Mobile application security – effective methodology, efficient testing! hem...
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
 
OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)OOW13: Developing secure mobile applications (CON8902)
OOW13: Developing secure mobile applications (CON8902)
 
Mobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to knowMobile Devices in the Enterprise: What IT needs to know
Mobile Devices in the Enterprise: What IT needs to know
 
Kodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPalKodak - OpenID Retail Summit at PayPal
Kodak - OpenID Retail Summit at PayPal
 
Mobile_app_security
Mobile_app_securityMobile_app_security
Mobile_app_security
 

En vedette

How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7CA API Management
 
Layer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityLayer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityCA API Management
 
Layer 7: Enterprise Service Governance with SecureSpan
Layer 7: Enterprise Service Governance with SecureSpanLayer 7: Enterprise Service Governance with SecureSpan
Layer 7: Enterprise Service Governance with SecureSpanCA API Management
 
A How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityA How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityCA API Management
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...CA API Management
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Stormpath
 

En vedette (10)

How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7How to Choose A SOA Gateway from Layer 7
How to Choose A SOA Gateway from Layer 7
 
Layer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and ComplexityLayer 7: Getting Your SOA to Production Without Cost and Complexity
Layer 7: Getting Your SOA to Production Without Cost and Complexity
 
Layer 7: Enterprise Service Governance with SecureSpan
Layer 7: Enterprise Service Governance with SecureSpanLayer 7: Enterprise Service Governance with SecureSpan
Layer 7: Enterprise Service Governance with SecureSpan
 
Layer 7 and Oracle -
Layer 7 and Oracle - Layer 7 and Oracle -
Layer 7 and Oracle -
 
A How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API SecurityA How-to Guide to OAuth & API Security
A How-to Guide to OAuth & API Security
 
Oracle API Gateway
Oracle API GatewayOracle API Gateway
Oracle API Gateway
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
 
Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)Secure Your REST API (The Right Way)
Secure Your REST API (The Right Way)
 

Similaire à Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott Morrison, Cloud Identity Summit

5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...CA API Management
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...CA API Management
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...OracleIDM
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCloudIDSummit
 
Prasant_nayak_NthDimenzion _4Yr_Exp
Prasant_nayak_NthDimenzion _4Yr_ExpPrasant_nayak_NthDimenzion _4Yr_Exp
Prasant_nayak_NthDimenzion _4Yr_ExpPrasant Kumar Nayak
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure APINordic APIs
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
Oracle E-Business Suitre mobile apps ADF
Oracle E-Business Suitre mobile apps ADFOracle E-Business Suitre mobile apps ADF
Oracle E-Business Suitre mobile apps ADFBerry Clemens
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalOracleIDM
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 
Con9437 ad ffor_ebs and mobile
Con9437 ad ffor_ebs and mobileCon9437 ad ffor_ebs and mobile
Con9437 ad ffor_ebs and mobileBerry Clemens
 
OSGi Mobile eclipsecon 09
OSGi Mobile eclipsecon 09OSGi Mobile eclipsecon 09
OSGi Mobile eclipsecon 09yonnyb
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...CA API Management
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsTom Freestone
 

Similaire à Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott Morrison, Cloud Identity Summit (20)

5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
 
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
 
CIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John BradleyCIS 2015 Extreme OpenID Connect - John Bradley
CIS 2015 Extreme OpenID Connect - John Bradley
 
Prasant_nayak_NthDimenzion _4Yr_Exp
Prasant_nayak_NthDimenzion _4Yr_ExpPrasant_nayak_NthDimenzion _4Yr_Exp
Prasant_nayak_NthDimenzion _4Yr_Exp
 
Launching a Successful and Secure API
Launching a Successful and Secure APILaunching a Successful and Secure API
Launching a Successful and Secure API
 
Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)Open APIs - Risks and Rewards (Øredev 2013)
Open APIs - Risks and Rewards (Øredev 2013)
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
 
Oracle E-Business Suitre mobile apps ADF
Oracle E-Business Suitre mobile apps ADFOracle E-Business Suitre mobile apps ADF
Oracle E-Business Suitre mobile apps ADF
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 
Neo-security Stack
Neo-security StackNeo-security Stack
Neo-security Stack
 
Con9437 ad ffor_ebs and mobile
Con9437 ad ffor_ebs and mobileCon9437 ad ffor_ebs and mobile
Con9437 ad ffor_ebs and mobile
 
OSGi Mobile eclipsecon 09
OSGi Mobile eclipsecon 09OSGi Mobile eclipsecon 09
OSGi Mobile eclipsecon 09
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation Apps
 

Plus de CA API Management

Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarCA API Management
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...CA API Management
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...CA API Management
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataCA API Management
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...CA API Management
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...CA API Management
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...CA API Management
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...CA API Management
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer appsCA API Management
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...CA API Management
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceCA API Management
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ... Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...CA API Management
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014CA API Management
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...CA API Management
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?CA API Management
 

Plus de CA API Management (20)

Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
Takeaways from API Security Breaches Webinar
Takeaways from API Security Breaches WebinarTakeaways from API Security Breaches Webinar
Takeaways from API Security Breaches Webinar
 
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
API Design Methodology - Mike Amundsen, Director of API Architecture, API Aca...
 
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
Liberating the API Economy with Scale-Free Networks - Mike Amundsen, Director...
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your DataAPI Monetization: Unlock the Value of Your Data
API Monetization: Unlock the Value of Your Data
 
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
Revisiting Geddes' Outlook Tower - Mike Amundsen, Director of API Architectur...
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
Building APIs That Last for Decades - Irakli Nadareishvili, Director of API S...
 
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
The Art of API Design - Ronnie Mitra, Director of API Design, API Academy at ...
 
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
APIs Fueling the Connected Car Opportunity - Scott Morrison, SVP & Distinguis...
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
5 steps end to end security consumer apps
5 steps end to end security consumer apps5 steps end to end security consumer apps
5 steps end to end security consumer apps
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
Gartner AADI Summit Sydney 2014 Implementing the Layer 7 API Management Pla...
 
Using APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail ExperienceUsing APIs to Create an Omni-Channel Retail Experience
Using APIs to Create an Omni-Channel Retail Experience
 
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ... Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
Panel Session: Security & Privacy for Connected Cars w/ Scott Morrison, SVP ...
 
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
Clients Matter, Services Don't - Mike Amundsen's talk from QCon New York 2014
 
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
The Connected Car UX Through APIs - Francois Lascelles, VP Solutions Architec...
 
Is there an API in that (IoT)?
Is there an API in that (IoT)?Is there an API in that (IoT)?
Is there an API in that (IoT)?
 

Dernier

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 

Dernier (20)

Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 

Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott Morrison, Cloud Identity Summit

  • 1. Mobile Single Sign-On: Extending SSO Out To The Client July 11, 2013 K. Scott Morrison Senior Vice President and Distinguished Engineer
  • 2. Copyright © 2013 CA. All rights reserved. Our Problem: Secure Mobile Access to Apps and Data How Do We Make APIs Available?  Firewall mazes  Diversity of clients and back end systems  Clients and servers change at different rates Enterprise Network API/Service Client API/Service Servers Firewall 2 Firewall 1 Internet Directory Of Interest Today  Authentication, Authorization & SSO  Secure Transmission
  • 3. Copyright © 2013 CA. All rights reserved. We Want Classic SSO In An Active Profile For REST Could leverage WS-Fed here  SAML’s second act? API/Service Servers Apps making RESTful API calls Internet Directory
  • 4. Copyright © 2013 CA. All rights reserved. But We Also Want Local App SSO Single Sign On App Group (these apps will share sign- on sessions) A B C API/Service Servers So now it’s getting interesting… “Like a VPN… but with an experience that doesn’t suck”
  • 5. Copyright © 2013 CA. All rights reserved. App layer Persistence layer Mobile OS Isolation is an issue Silos
  • 6. Layer 7 Technologies Overview Motivations: Many of our customers have architectures like this Gateway Cluster at Edge of Network  DMZ deployment  Hardware appliance, virtual appliance or software Enterprise Network API/Service Servers … Firewall 2 Firewall 1 Partners Mobile Devices Cloud SSG Cluster API/Service Client Directory
  • 7. Layer 7 Technologies Overview Native Single Sign-On SDK For Mobile Developers Enterprise Network iPhone Android iPad App-sharable Secure Key Store One time PIN SMS, APNS, call API Servers Strong Security for Mobile Apps  Cross-platform and built for a consumer or BYOD world  100% Standards-based using OAuth+OpenID Connect  X-app SSO with multi-factor auth & secure channel  X.509 Certificate provisioning for strong auth and transaction signing
  • 8. Layer 7 Technologies Overview Client Deployment Strategy  Don’t make me work hard – But give me a strong and extensible security model  Transfer of security responsibility – Let developers do what they do best  Simple SDK – Align with common development time environments  iOS, Android, Javascript, etc  Mirror REST frameworks  Future – Aspects, wrapping, etc. Copyright © 2013 CA. All rights reserved.
  • 9. Layer 7 Technologies Overview Self Service: User should be able to log out if device is lost or stolen Copyright © 2012 CA. All rights reserved.
  • 10. Copyright © 2013 CA. All rights reserved. Three Important Entities A A B C Device App User
  • 11. Layer 7 Technologies Overview Protocol Strategy A B C username/password ID Token Access Token/Refresh Token Per app Authorization Server OAuth + OpenID Connect  Profiled for mobile  Clear distinction between device, user and app
  • 12. Layer 7 Technologies Overview Overall Architecture Copyright © 2012 CA. All rights reserved.
  • 13. Copyright © 2013 CA. All rights reserved. Register device, streamlined, first usage
  • 14. Copyright © 2013 CA. All rights reserved. Register device, streamlined, first usage (cont.)
  • 15. Copyright © 2013 CA. All rights reserved. Request an access_token using JWT (SSO)
  • 16. Layer 7 Technologies Overview Mobile SSO APIs – server side Server side API ID Operation URL path request_token Request access_token / id_token (JWT) /l7cadr/auth/oauth/v2/token request_token_sso Request access_token using id_token (JWT) which is the SSO scenario /l7cadr/auth/oauth/v2/token request_token_basic Request access_token/ id_token (JWT) /l7cadr/auth/oauth/v2/token request_token_sso_basic Request access_token using id_token (JWT) which is the SSO scenario /l7cadr/auth/oauth/v2/token revoke_token Revoke an access_token or refresh_token /l7cadr/auth/oauth/v2/token/revoke register_device Registers a device for a user /l7cadr/connect/device/register resource_owner_logout The resource_owner logs out of the device by invalidating his current id_token (JWT) /l7cadr/connect/session/logout resource_owner_session _status The client requests the session status by passing in the id_token /l7cadr/connect/session/status remove_device_x509 Removes a registered device using ssl mutual authentication /l7cadr/connect/device/remove userinfo The endpoints returns claims about the current user. The result depends on the SCOPE that was requested with the access_token /l7cadr/openid/connect/v1/userinfo list_devices Lists registered devices /l7cadr/connect/device/list
  • 17. Copyright © 2013 CA. All rights reserved. Administration of Tokens
  • 18. Demo

Notes de l'éditeur

  1. APIs come with their own problems. You never have just one API. So quickly the issue is scaling access and management.
  2. APIs come with their own problems. You never have just one API. So quickly the issue is scaling access and management.