SlideShare une entreprise Scribd logo

Adding Identity Management and Access Control to your Application

Télécharger en tant que PPTX, PDF
Álvaro Alonso González
Álvaro Alonso González

Adding Identity Management and Access Control to your Application

Ingénierie
1  sur  30
Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso
Identity Manager 2
Identity Manager 3 Account
Agenda • FIWARE Lab Accounts – Account types – Creating an account – Upgrading your account • Using FIWARE Lab Cloud Infrastructure • Registering an application – OAuth2 protocol – Application example • Using FIWARE GEs from your application • Securing your backend • Security GEs
FIWARE Lab Accounts • Basic – Manage organizations – Register applications – Use Cloud if other users authorize him • Trial – Cloud 14 days Trial period – Spain2 region • Community – Cloud during 9 months – Assigned region
FIWARE Lab Accounts Basic Trial Community 1 2 4 3 5 6 7
FIWARE Account (Identity Manager) Demo 7
Using FIWARE Lab Cloud Infrastructure • If you are a Trial or a Community user – Your Cloud organization is “purchaser” of the Cloud application – You can authorize other users in your organization • If you are a Basic user – Upgrade to Trial (if available) – Apply for a Community account – Ask a Trial or Community user to authorize you in his Cloud organization • Developers week… – Request a Trial account in fiware-developers-week@lists.fiware.org
Using FIWARE Lab Cloud Infrastructure • To authorize another user in your Cloud organization. 1. Access Account Portal and login 2. Switch to your Cloud organization using the "Switch session" option in the dropdown in the left upper corner 3. Go to "Members" in the left side panel 4. Add the user you want to authorize as a member of the org using the "Manage" button 5. Authorize the user inside Cloud Application giving him the role "Member" using the "Authorize" button
Using FIWARE Lab Cloud Infrastructure Demo
11 Account
OAuth 2.0 13
OAuth 2.0 Login with
Oauth 2.0 Message Flow 15 Web App Account redirect request access-token access-token access-code OAuthLibrary Request user info using access-token
Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example- client 16
Oauth 2.0 Demo 17
Web Applications and GEs 18 Generic Enabler Account Request+ access-token Oauth2 flows access-token OK + user info (roles) Web App OAuthLibrary access_token
Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 19
Securing your back-end 20 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
Level 1: Authentication 22 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
Level 2: Basic Authorization 23 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info Oauth2 flows access_token Auth PDP GE roles + verb + path OK
Level 3: Advanced Authorization 24 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy extension Oauth2 flows access_token Auth PDP GE access-token OK + user info roles + XACML <Request> OK
FIWARE PEP Proxy Demo 25
Security GEs – IdM - KeyRock • Keystone + Horizon +Extensions • APIs – OAuth2 – Keystone v3 – SCIM 2.0 • Source Code – https://github.com/ging/fi-ware-idm • Documentation – http://catalogue.fiware.org/enablers/identity- management-keyrock • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client 26
Security GEs – Authorization PDP - AuthZForce • Policy Decision Point • Polici Administration Point • XACML 3.0 • Documentation – http://catalogue.fi-ware.org/enablers/access-control-tha- implementation/documentation 27
Security GEs – PEP Proxy - Wilma • Policy Enforcement Point • Compatible with OAuth2 and Keystone tokens • Source code: – https://github.com/ging/fi-ware-pep-proxy • Documentation – http://catalogue.fiware.org/enablers/pep-proxy-wilma 28
Security GEs • Privacy GE • Cyber Sec GE • Trustworthy Factory GE 29
Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

Recommandé

Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesÁlvaro Alonso González
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREÁlvaro Alonso González
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 

Recommandé

Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesÁlvaro Alonso González
 
FIware Identity Manager
FIware Identity ManagerFIware Identity Manager
FIware Identity ManagerJoaquín Salvachúa
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesJoaquín Salvachúa
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationAdding Identity Management and Access Control to your Application
Adding Identity Management and Access Control to your ApplicationFernando Lopez Aguilar
 
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREÁlvaro Alonso González
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
APIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementAPIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementIsabelle Mauny
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-ditJoaquín Salvachúa
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & InterfacesFI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfacescdanger
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-OnRavi Yasas
 
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAbusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAjin Abraham
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperAjin Abraham
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Api security
Api security Api security
Api security teodorcotruta
 
Oauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsOauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsKasun Dharmadasa
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil Saldanha
 
NetIQ POC for Kerberos & WSS Integrated System
NetIQ POC for Kerberos & WSS Integrated SystemNetIQ POC for Kerberos & WSS Integrated System
NetIQ POC for Kerberos & WSS Integrated SystemRajesh Kumar
 
Writing Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday TorontoWriting Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday TorontoEli Robillard
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 

Contenu connexe

Tendances

APIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementAPIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementIsabelle Mauny
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.xZeeshan Khan
 
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & InterfacesFI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfacescdanger
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-OnRavi Yasas
 
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAbusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAjin Abraham
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect ProtocolMichael Furman
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperAjin Abraham
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloakGuy Marom
 
Oauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsOauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsKasun Dharmadasa
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013SPC Adriatics
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil Saldanha
 
NetIQ POC for Kerberos & WSS Integrated System
NetIQ POC for Kerberos & WSS Integrated SystemNetIQ POC for Kerberos & WSS Integrated System
NetIQ POC for Kerberos & WSS Integrated SystemRajesh Kumar
 
Writing Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday TorontoWriting Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday TorontoEli Robillard
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples42Crunch
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Ajin Abraham
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
 

Tendances (20)

APIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API ManagementAPIStrat Conference Workshop: WSO2 - Best Practices for API Management
APIStrat Conference Workshop: WSO2 - Best Practices for API Management
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusion
 
Spring security4.x
Spring security4.xSpring security4.x
Spring security4.x
 
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & InterfacesFI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
FI-WARE Access Control GE (Part 3) – IdM OAuth Setup & Interfaces
 
Keycloak Single Sign-On
Keycloak Single Sign-OnKeycloak Single Sign-On
Keycloak Single Sign-On
 
Abusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-onsAbusing, Exploiting and Pwning with Firefox Add-ons
Abusing, Exploiting and Pwning with Firefox Add-ons
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
Hacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - WhitepaperHacking Tizen: The OS of everything - Whitepaper
Hacking Tizen: The OS of everything - Whitepaper
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
Api security
Api security Api security
Api security
 
Oauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client ApplicationsOauth 2.0 Security Considerations for Client Applications
Oauth 2.0 Security Considerations for Client Applications
 
Identity Management in SharePoint 2013
Identity Management in SharePoint 2013Identity Management in SharePoint 2013
Identity Management in SharePoint 2013
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
Anil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpracticesAnil saldhana cloudidentitybestpractices
Anil saldhana cloudidentitybestpractices
 
NetIQ POC for Kerberos & WSS Integrated System
NetIQ POC for Kerberos & WSS Integrated SystemNetIQ POC for Kerberos & WSS Integrated System
NetIQ POC for Kerberos & WSS Integrated System
 
Writing Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday TorontoWriting Secure SharePoint Code - SharePoint Saturday Toronto
Writing Secure SharePoint Code - SharePoint Saturday Toronto
 
OWASP API Security Top 10 Examples
OWASP API Security Top 10 ExamplesOWASP API Security Top 10 Examples
OWASP API Security Top 10 Examples
 
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015Hacking Tizen : The OS of Everything - Nullcon Goa 2015
Hacking Tizen : The OS of Everything - Nullcon Goa 2015
 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
 

Similaire à Adding Identity Management and Access Control to your Application

FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionJavier Cerviño
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
The Powerful and Comprehensive API for Mobile App Development and Testing
The Powerful and Comprehensive API for Mobile App Development and TestingThe Powerful and Comprehensive API for Mobile App Development and Testing
The Powerful and Comprehensive API for Mobile App Development and TestingBitbar
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionJavier Cerviño
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesIntuit Developer
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and MobileForgeRock
 
OpenSocial and Mixi platform
OpenSocial and Mixi platformOpenSocial and Mixi platform
OpenSocial and Mixi platformPham Thinh
 
Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Fernando Lopez Aguilar
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringVMware Tanzu
 
Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012
Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012
Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012TEST Huddle
 

Similaire à Adding Identity Management and Access Control to your Application (20)

FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
SFScon 2020 - Alex Lanz Martin Malfertheiner - OAuth2 OpenID
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
FI-WARE Account and OAuth solution
FI-WARE Account and OAuth solutionFI-WARE Account and OAuth solution
FI-WARE Account and OAuth solution
 
M meijer api management - tech-days 2015
M meijer api management - tech-days 2015M meijer api management - tech-days 2015
M meijer api management - tech-days 2015
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
The Powerful and Comprehensive API for Mobile App Development and Testing
The Powerful and Comprehensive API for Mobile App Development and TestingThe Powerful and Comprehensive API for Mobile App Development and Testing
The Powerful and Comprehensive API for Mobile App Development and Testing
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
 
Access Management for Cloud and Mobile
Access Management for Cloud and MobileAccess Management for Cloud and Mobile
Access Management for Cloud and Mobile
 
Security Access with OAuth2.0
Security Access with OAuth2.0Security Access with OAuth2.0
Security Access with OAuth2.0
 
OpenSocial and Mixi platform
OpenSocial and Mixi platformOpenSocial and Mixi platform
OpenSocial and Mixi platform
 
Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...Adding Identity Management and Access Control to your Application, Account Ma...
Adding Identity Management and Access Control to your Application, Account Ma...
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012
Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012
Marc van 't Veer - Testing The API Behind a Mobile App - EuroSTAR 2012
 

Plus de Álvaro Alonso González

Curso AngularJS - 3. módulos y controladores
Curso AngularJS - 3. módulos y controladoresCurso AngularJS - 3. módulos y controladores
Curso AngularJS - 3. módulos y controladoresÁlvaro Alonso González
 
Lesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalLesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalÁlvaro Alonso González
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Álvaro Alonso González
 
Cloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewCloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewÁlvaro Alonso González
 
Cloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceCloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceÁlvaro Alonso González
 
Setting Up your Cloud Environment using the FIWARE Lab Cloud Portal
Setting Up your Cloud Environment using the FIWARE Lab Cloud PortalSetting Up your Cloud Environment using the FIWARE Lab Cloud Portal
Setting Up your Cloud Environment using the FIWARE Lab Cloud PortalÁlvaro Alonso González
 

Plus de Álvaro Alonso González (18)

Curso AngularJS - 7. temas avanzados
Curso AngularJS - 7. temas avanzadosCurso AngularJS - 7. temas avanzados
Curso AngularJS - 7. temas avanzados
 
Curso AngularJS - 6. formularios
Curso AngularJS - 6. formulariosCurso AngularJS - 6. formularios
Curso AngularJS - 6. formularios
 
Curso AngularJS - 5. rutas
Curso AngularJS - 5. rutasCurso AngularJS - 5. rutas
Curso AngularJS - 5. rutas
 
Curso AngularJS - 4. filtros y servicios
Curso AngularJS - 4. filtros y serviciosCurso AngularJS - 4. filtros y servicios
Curso AngularJS - 4. filtros y servicios
 
Curso AngularJS - 3. módulos y controladores
Curso AngularJS - 3. módulos y controladoresCurso AngularJS - 3. módulos y controladores
Curso AngularJS - 3. módulos y controladores
 
Curso AngularJS - 1. introducción
Curso AngularJS - 1. introducciónCurso AngularJS - 1. introducción
Curso AngularJS - 1. introducción
 
Curso AngularJS - 2. conceptos básicos
Curso AngularJS - 2. conceptos básicosCurso AngularJS - 2. conceptos básicos
Curso AngularJS - 2. conceptos básicos
 
Lesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portalLesson 6 - How to register your sensors in account portal
Lesson 6 - How to register your sensors in account portal
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure
 
Keyrock - Lesson 1. Introduction
Keyrock - Lesson 1. IntroductionKeyrock - Lesson 1. Introduction
Keyrock - Lesson 1. Introduction
 
Cloud Portal - Lesson 5. Advanced tasks
Cloud Portal - Lesson 5. Advanced tasksCloud Portal - Lesson 5. Advanced tasks
Cloud Portal - Lesson 5. Advanced tasks
 
Cloud Portal - Lesson 4. Managing Storage
Cloud Portal - Lesson 4. Managing StorageCloud Portal - Lesson 4. Managing Storage
Cloud Portal - Lesson 4. Managing Storage
 
Cloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal OverviewCloud Portal - Lesson 2. Cloud Portal Overview
Cloud Portal - Lesson 2. Cloud Portal Overview
 
Cloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. IntroductionCloud Portal - Lesson 1. Introduction
Cloud Portal - Lesson 1. Introduction
 
Cloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an InstanceCloud Portal - Lesson 3. Launching an Instance
Cloud Portal - Lesson 3. Launching an Instance
 
Primeros pasos con Docker
Primeros pasos con DockerPrimeros pasos con Docker
Primeros pasos con Docker
 
Introducción al Protocolo OAuth 2.0
Introducción al Protocolo OAuth 2.0Introducción al Protocolo OAuth 2.0
Introducción al Protocolo OAuth 2.0
 
Setting Up your Cloud Environment using the FIWARE Lab Cloud Portal
Setting Up your Cloud Environment using the FIWARE Lab Cloud PortalSetting Up your Cloud Environment using the FIWARE Lab Cloud Portal
Setting Up your Cloud Environment using the FIWARE Lab Cloud Portal
 

Dernier

notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLManishPatel169454
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTbhaskargani46
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...tanu pandey
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01KreezheaRecto
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 

Dernier (20)

notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 

Adding Identity Management and Access Control to your Application

  • 1. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso
  • 4. Agenda • FIWARE Lab Accounts – Account types – Creating an account – Upgrading your account • Using FIWARE Lab Cloud Infrastructure • Registering an application – OAuth2 protocol – Application example • Using FIWARE GEs from your application • Securing your backend • Security GEs
  • 5. FIWARE Lab Accounts • Basic – Manage organizations – Register applications – Use Cloud if other users authorize him • Trial – Cloud 14 days Trial period – Spain2 region • Community – Cloud during 9 months – Assigned region
  • 7. FIWARE Account (Identity Manager) Demo 7
  • 8. Using FIWARE Lab Cloud Infrastructure • If you are a Trial or a Community user – Your Cloud organization is “purchaser” of the Cloud application – You can authorize other users in your organization • If you are a Basic user – Upgrade to Trial (if available) – Apply for a Community account – Ask a Trial or Community user to authorize you in his Cloud organization • Developers week… – Request a Trial account in fiware-developers-week@lists.fiware.org
  • 9. Using FIWARE Lab Cloud Infrastructure • To authorize another user in your Cloud organization. 1. Access Account Portal and login 2. Switch to your Cloud organization using the "Switch session" option in the dropdown in the left upper corner 3. Go to "Members" in the left side panel 4. Add the user you want to authorize as a member of the org using the "Manage" button 5. Authorize the user inside Cloud Application giving him the role "Member" using the "Authorize" button
  • 10. Using FIWARE Lab Cloud Infrastructure Demo
  • 12.
  • 15. Oauth 2.0 Message Flow 15 Web App Account redirect request access-token access-token access-code OAuthLibrary Request user info using access-token
  • 16. Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example- client 16
  • 18. Web Applications and GEs 18 Generic Enabler Account Request+ access-token Oauth2 flows access-token OK + user info (roles) Web App OAuthLibrary access_token
  • 19. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 19
  • 20. Securing your back-end 20 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
  • 21. Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  • 22. Level 1: Authentication 22 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
  • 23. Level 2: Basic Authorization 23 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy access-token OK + user info Oauth2 flows access_token Auth PDP GE roles + verb + path OK
  • 24. Level 3: Advanced Authorization 24 Back-end Apps Account Request+ access-token Web App OauthLibrary PEP Proxy extension Oauth2 flows access_token Auth PDP GE access-token OK + user info roles + XACML <Request> OK
  • 25. FIWARE PEP Proxy Demo 25
  • 26. Security GEs – IdM - KeyRock • Keystone + Horizon +Extensions • APIs – OAuth2 – Keystone v3 – SCIM 2.0 • Source Code – https://github.com/ging/fi-ware-idm • Documentation – http://catalogue.fiware.org/enablers/identity- management-keyrock • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client 26
  • 27. Security GEs – Authorization PDP - AuthZForce • Policy Decision Point • Polici Administration Point • XACML 3.0 • Documentation – http://catalogue.fi-ware.org/enablers/access-control-tha- implementation/documentation 27
  • 28. Security GEs – PEP Proxy - Wilma • Policy Enforcement Point • Compatible with OAuth2 and Keystone tokens • Source code: – https://github.com/ging/fi-ware-pep-proxy • Documentation – http://catalogue.fiware.org/enablers/pep-proxy-wilma 28
  • 29. Security GEs • Privacy GE • Cyber Sec GE • Trustworthy Factory GE 29
  • 30. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso