Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
1
One (Key) Ring to Rule Them
All
Unified Identity and Access Management
Shweta Shetty
Teradata
Aug 17th 2019
2
$whoami
• I am a Technical Lead at Teradata
• I am currently focusing on improving the Identity
and Access management fo...
3
Agenda
©2019 Teradata
• Why API Security?
• Level Setting
• Why Single Sign On?
• Standard Protocols
• Identity Provider...
4
Why API Security ?
©2019 Teradata
5
Entity vs. Identity
©2019 Teradata
entity refers to a thing that exists as an individual unit while identity is a
set of...
6
Authentication vs. Authorization
©2019 Teradata
IdentityEntity
7
4 Elements of API Security
©2019 Teradata
AuthN
Confirm the
Identity of
the user
AuthZ
Secure and
control
client and
use...
8
Key Problem to Solve
• We need to provide data
• Securely
• Single Sign On
• all the way to database server
• all the wa...
9
Analytical Ecosystem
Analytics Platform
Co-Processors
Customer Solutions
UIs
TD Applications
Single Sign-On
Platform Ser...
10
Why Single Sign On?
11
Historical Background
©2019 Teradata
12
OAuth 2.0 in action
©2019 Teradata
13
Its not for Authentication and not for Authorization
OAuth is a scalable delegation protocol
It’s a framework for users...
14
OAuth Abstract Flow
©2019 Teradata
15
Base Protocol
Identity layer on top
What OpenId Connect adds
• ID Token
• User Info endpoint
• Standard set of scopes
•...
16
One token to rule them all
©2019 Teradata
17
Signature
Signs
Compressed Header
+
Compressed Claims
JWS
Private key
18
Verify
Verify JWS
Public key
19
Multi-Factor Authentication
LDAP
Single Sign On
Identity BrokeringBrute Force Protection
Password Policies
Federation
E...
20
21
Industry wide Identity Provider
©2019 Teradata
22
Key Takeaways
©2019 Teradata
• API security is not an after thought , left shift and make
security your first and forem...
23
Thank you.Thank you.
©2019 Teradata
Prochain SlideShare
Chargement dans…5
×

Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Management for Vantage by Shweta Shetty

201 vues

Publié le

Security is ubiquitous and integral throughout the entire lifecycle of an application right from the design and implementation to deployment and operations. Whether you build software for enterprises, mobile, or internal microservices, security is important. To that end, Identity and access management is the key to the security and the software infrastructure.Establishing user's identities before they can access resources is a key security requirement when building software applications and the capability of enabling single-sign-on would be a desirable feature. For Identity and Access Management Standards like SAML, OIDC, and SPIFFE help us solve identity and authentication which answers the most important question of "who you are". Security is best delegated as no one wants to re-invent the wheel, so for Identity Management Keycloak which is an open source product helps us achieve our Identity management solutions. Keycloak is an identity provider that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network. This talk will walk through how we are using Keycloak to achieve solve the IAM security in Vantage which is our Data Analytics Platform and how we are achieving single-sign-on which is one of the most desirable side effects of Identity Management which will help users gain access control for multiple related and independent software systems in a seamless manner.

Publié dans : Technologie
  • Login to see the comments

  • Soyez le premier à aimer ceci

Data Con LA 2019 - One (Key) Ring to Rule Them All: Unified Identity Management for Vantage by Shweta Shetty

  1. 1. 1 One (Key) Ring to Rule Them All Unified Identity and Access Management Shweta Shetty Teradata Aug 17th 2019
  2. 2. 2 $whoami • I am a Technical Lead at Teradata • I am currently focusing on improving the Identity and Access management for developers and customers in future versions of Teradata product. • I co-founded inPHYnity which teaches high school physics to high achieving students.
  3. 3. 3 Agenda ©2019 Teradata • Why API Security? • Level Setting • Why Single Sign On? • Standard Protocols • Identity Provider • Key Takeaways
  4. 4. 4 Why API Security ? ©2019 Teradata
  5. 5. 5 Entity vs. Identity ©2019 Teradata entity refers to a thing that exists as an individual unit while identity is a set of attributes that you can use to distinguish this entity within a context.
  6. 6. 6 Authentication vs. Authorization ©2019 Teradata IdentityEntity
  7. 7. 7 4 Elements of API Security ©2019 Teradata AuthN Confirm the Identity of the user AuthZ Secure and control client and user access Throttling Limit information flow Audit Monitor the traffic and Compliance
  8. 8. 8 Key Problem to Solve • We need to provide data • Securely • Single Sign On • all the way to database server • all the way to TensorFlow running on analytic nodes • MFA enabled database • Developer Experience
  9. 9. 9 Analytical Ecosystem Analytics Platform Co-Processors Customer Solutions UIs TD Applications Single Sign-On Platform Services Teradata Landscape
  10. 10. 10 Why Single Sign On?
  11. 11. 11 Historical Background ©2019 Teradata
  12. 12. 12 OAuth 2.0 in action ©2019 Teradata
  13. 13. 13 Its not for Authentication and not for Authorization OAuth is a scalable delegation protocol It’s a framework for users to authorize applications to act on their behalf OAuth 2.0 ©2019 Teradata
  14. 14. 14 OAuth Abstract Flow ©2019 Teradata
  15. 15. 15 Base Protocol Identity layer on top What OpenId Connect adds • ID Token • User Info endpoint • Standard set of scopes • Standardized implementation
  16. 16. 16 One token to rule them all ©2019 Teradata
  17. 17. 17 Signature Signs Compressed Header + Compressed Claims JWS Private key
  18. 18. 18 Verify Verify JWS Public key
  19. 19. 19 Multi-Factor Authentication LDAP Single Sign On Identity BrokeringBrute Force Protection Password Policies Federation Email Verification Captcha Reset Credentials Central User Management Central access management
  20. 20. 20
  21. 21. 21 Industry wide Identity Provider ©2019 Teradata
  22. 22. 22 Key Takeaways ©2019 Teradata • API security is not an after thought , left shift and make security your first and foremost tenant • Stick to standards • Delegate security as much as possible. • Single Sign On isn’t just about user experience but also about security and seamless integration • Think like a bad hacker!
  23. 23. 23 Thank you.Thank you. ©2019 Teradata

×