Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Adding Identity Management and Access Control to your Application 
Joaquin Salvachua // Álvaro Alonso 
UPM – DIT 
Security...
Identity Manager 
2
Identity Manager 
3 
Account
Oauth 2.0 
Login with
FIWARE Account (Identity Manager) Demo 
5
OAuth 2.0 
6
Oauth 2.0 Message Flow 
redirect 
access-code 
Web App Account 
request access-token 
access-token 
7 
OAuth Library 
Requ...
Oauth 2.0 Libraries 
• http://oauth.net/2/ 
– PHP, Cocoa, iOS, Java, Ruby, Javascript, 
Python. 
• Example using Node.js 
...
Oauth 2.0 Demo 
9
Web Applications and GEs 
10 
Generic Enabler 
Account 
Request + 
access-token 
Oauth2 flows 
access-token 
OK + user inf...
Web Applications and GEs 
GET https://GE_URL HTTP/1.1 
Host: GE_hostname 
X-Auth-Token: access_token 
11
Securing your back-end 
Oauth2 flows 
access_token 
12 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
Oauth L...
Securing your back-end 
• Level 1: Authentication 
– Check if a user has a FIWARE account 
• Level 2: Basic Authorization ...
Level 1: Authentication 
Oauth2 flows 
access_token 
14 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
Oauth ...
Level 2: Basic Authorization 
Oauth2 flows 
access_token 
15 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
O...
Level 3: Advanced Authorization 
Oauth2 flows 
access_token 
16 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token...
FIWARE Proxy Demo 
17
Documentation 
• FIWARE Account: 
– Source Code: https://github.com/ging/fi-ware- 
idm 
– Documentation: https://github.co...
Adding Identity Management and Access Control to your Application 
Álvaro Alonso 
UPM – DIT 
Security Chapter. FIWARE 
aal...
Prochain SlideShare
Chargement dans…5
×

Adding Identity Management and Access Control to your Application

2 599 vues

Publié le

Adding Identity Management and Access Control to your Application in the FIWARE ecosystem

Publié dans : Technologie
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download Full EPUB Ebook here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download Full doc Ebook here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download PDF EBOOK here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download EPUB Ebook here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download doc Ebook here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... .........................................................................................................................
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • DOWNLOAD THIS BOOKS INTO AVAILABLE FORMAT (2019 Update) ......................................................................................................................... ......................................................................................................................... Download Full PDF EBOOK here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download Full EPUB Ebook here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download Full doc Ebook here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download PDF EBOOK here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download EPUB Ebook here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... Download doc Ebook here { https://tinyurl.com/wthwjf6 } ......................................................................................................................... .........................................................................................................................
       Répondre 
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Adding Identity Management and Access Control to your Application

  1. 1. Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
  2. 2. Identity Manager 2
  3. 3. Identity Manager 3 Account
  4. 4. Oauth 2.0 Login with
  5. 5. FIWARE Account (Identity Manager) Demo 5
  6. 6. OAuth 2.0 6
  7. 7. Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
  8. 8. Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
  9. 9. Oauth 2.0 Demo 9
  10. 10. Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
  11. 11. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  12. 12. Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  13. 13. Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  14. 14. Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  15. 15. Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
  16. 16. Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
  17. 17. FIWARE Proxy Demo 17
  18. 18. Documentation • FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
  19. 19. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

×