The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
Adding Identity Management and Access Control to your Application
1. Adding Identity Management and Access Control to your Application
Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
aalonsog@dit.upm.es, @larsonalonso
4. Agenda
• FIWARE Lab Accounts
– Account types
– Creating an account
– Upgrading your account
• Using FIWARE Lab Cloud Infrastructure
• Registering an application
– OAuth2 protocol
– Application example
• Using FIWARE GEs from your application
• Securing your backend
• Security GEs
5. FIWARE Lab Accounts
• Basic
– Manage organizations
– Register applications
– Use Cloud if other users authorize him
• Trial
– Cloud 14 days Trial period
– Spain2 region
• Community
– Cloud during 9 months
– Assigned region
8. Using FIWARE Lab Cloud Infrastructure
• If you are a Trial or a Community user
– Your Cloud organization is “purchaser” of the Cloud application
– You can authorize other users in your organization
• If you are a Basic user
– Upgrade to Trial (if available)
– Apply for a Community account
– Ask a Trial or Community user to authorize you in his Cloud
organization
• Developers week…
– Request a Trial account in
fiware-developers-week@lists.fiware.org
9. Using FIWARE Lab Cloud Infrastructure
• To authorize another user in your Cloud organization.
1. Access Account Portal and login
2. Switch to your Cloud organization using the "Switch session"
option in the dropdown in the left upper corner
3. Go to "Members" in the left side panel
4. Add the user you want to authorize as a member of the org
using the "Manage" button
5. Authorize the user inside Cloud Application giving him the role
"Member" using the "Authorize" button
18. Web Applications and GEs
18
Generic Enabler
Account
Request+
access-token
Oauth2 flows
access-token
OK + user info (roles)
Web App OAuthLibrary
access_token
19. Web Applications and GEs
GET https://GE_URL HTTP/1.1
Host: GE_hostname
X-Auth-Token: access_token
19
21. Securing your back-end
• Level 1: Authentication
– Check if a user has a FIWARE account
• Level 2: Basic Authorization
– Checks if a user has permissions to access a
resource
– HTTP verb + resource path
• Level 3: Advanced Authorization
– Custom XACML policies
23. Level 2: Basic Authorization
23
Back-end
Apps
Account
Request+
access-token
Web App OauthLibrary
PEP Proxy
access-token
OK + user info
Oauth2 flows
access_token
Auth PDP
GE
roles + verb + path
OK
24. Level 3: Advanced Authorization
24
Back-end
Apps
Account
Request+
access-token
Web App OauthLibrary
PEP Proxy extension
Oauth2 flows
access_token
Auth PDP
GE
access-token
OK + user info
roles + XACML <Request>
OK
30. Adding Identity Management and Access Control to your Application
Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
aalonsog@dit.upm.es, @larsonalonso