SlideShare une entreprise Scribd logo

Securing Applications using WSO2 Identity Server and CASQUE

WSO2
WSO2

This deck will explore what is CASQUE SNR, why your business needs to consider CASQUE for authentication, and how to use CASQUE with WSO2 Identity Server. Watch the On-Demand webinar here - https://wso2.com/library/webinars/2019/05/securing-applications-using-wso2-identity-server-and-casque/

Technologie
1  sur  25
Télécharger pour lire hors ligne
Securing Applications using WSO2 Identity Server and CASQUE Basil Philipsz - Managing Director, CASQUE Dinali Dabarera - Senior Software Engineer, WSO2
Presenters Basil Philipsz is the founder and CEO of Distributed Management Systems (DMS), a private company owned by its Directors and based in Lancashire, UK. DMS has invented CASQUE – a radical approach to High Assurance Authentication. Dinali Dabarera is passionate about all aspects of Identity and Access Management She has worked in the testing CASQUE with WSO2 Identity Server and done improvements in fine-grain access control in WSO2 Identity Server
Data breaches continue to proliferate. 1,334,488,724 breached records worldwide in April 2019. Running annual total 5.64 billion Monthly average 1.46 billion! (IT Governance)
Why Data Breaches Continue to Proliferate? 1. Existing Authentication Methods are vulnerable 2. Users can easily deny access so feel able to disclose or be complicit 3. Users are ill-disciplined 4. Weakness in IT infrastructure design, implementation and control CASQUE and WSO2 IS can solve [1] and [2]
The Problem Common Out-of-Band Authentication Methods like SMS, Email are weak with OTP only slightly better* Products** exploiting such vulnerabilities are publicly available * NIST Digital Identity Guidelines NIST.SP.800-63b.pdf ** Stingray, Shylock
Vulnerabilities Current multi-factor authentication (MFA) methods have exploitable weaknesses – rely on fixed secrets • Password, Embedded key in SecurID • Private key in PKI infrastructure, Attestation key in FIDO2 • Algorithm and data point used in zero knowledge methods If discovered by hacking, calculated or disclosed by Insiders, the security is bust!
Software Only Authentication - Flawed Do not be beguiled by “transparent” software only methods such User profiling • Users with the most dynamic profiles need the most permissive usage characteristics so making the most privileged users the easiest target. • Would not be certified at High Assurance because it cannot distinguish illegal access - User can always plead the repudiation defence "Someone must have watched my behaviour and got in"
The Solution Solve the weak authentication problem ○ keep changing the secret! But very difficult to implement ○ Indeterminacy ○ Outage & Recovery ○ Replay Attack
Challenge-Response Protocol • User has handheld Token containing a secure chip • Secure chip has EAL 6, FIPS 140-2 Level 3 Assurance The Solution
Challenge-Response Protocol • Dynamic key change • Nothing for a hacker to target or for an insider to disclose • No token clones The Solution
“Remedy” -- keep changing the Secret -- needed 4 inventions! • Granted US & EU patents • NATO approved, in use 24/7 by UK MOD • Certified by NCSC as suitable for Secret * - the only such *https://www.ncsc.gov.uk/products/dms-casque-snr The Solution
Token has many manifestations Different forms for Client and Clientless applications Optical Token Contactless Smartcard Contact Bluetooth Smartcard Surrogate Camera Token USB Token The Solution
The Business Case Digital Transformation: Cloud and Mobile • Who polices the administrators of your Cloud deployment? • Can an Insider reveal access secrets? • Who is liable if a breach occurs? • How is the mobile User authenticated? • Are they authenticated by vulnerable methods?
The Business Case Digital Transformation: Cloud and Mobile • Who controls the Identity Provision? • Can a User or Token be instantly suspended? • Are third parties part of the risk? • Are Tokens reusable?
Federated High Grade Identity & Access Management • Users - not third parties - should own and manage Identity Access. • Need to determine and segregate data that is vital - “Crown Jewels” • Access to the Crown Jewels must have highest Identity Assurance The Business Case
Digital Transformation: Cloud and Mobile Access required from several devices. Challenge presented as QR code - Use Android mobile as “Token Reader”.
The Business Case Federated, High Grade Identity Assurance to a Cloud of Web Application Services
Most Economic way to reduce overall Risk CASQUE ● co-exist with existing security ● Protects the inner keep ● Reduces overall risk
WSO2 Identity Server • Uniquely extensible, open source IAM product optimized for identity federation and single sign-on (SSO) with comprehensive support for adaptive multi-factor authentication and API security. • Helps identity administrators to setup a federated identity management ecosystem and secure access to web/mobile applications & endpoints across on-premises & cloud environments • Unlike open core vendors, WSO2 Identity Server includes the core and all of its extensions under the commercial friendly Apache 2.0 license.
Identity Server - Capabilities ● Identity Federation and SSO ● Identity Bridging ● Adaptive and Strong Authentication ● Account management and Identity Provisioning ● Access Controls ● APIs and Microservices security ● Privacy ● Identity Analytics
Key Benefits of WSO2 Identity Server ● Avoids Vendor lock-in with open source and open standards ● Extensible architecture helps support complex IAM use cases ● Scalable, for deployments of millions of users - 75mn identities managed ● Ecosystem-Friendly, with an identity ecosystem of 40+ extension points/connectors ● Speed integration out-of-the-box support for cloud and on-premise applications, 3rd party authentication systems and social ID providers ● Unique flexibility bridges identities between heterogeneous ID systems ● Low maintenance cost, with a pricing model that’s instance-based
CASQUE SNR Connector - WSO2 Store The CASQUE SNR authenticator allows you to integrate WSO2 Identity Server with CASQUE SNR so that you can use the CASQUE SNR multi-factor authentication technology to authenticate users. https://store.wso2.com/store/assets/isconnector/ details/03fcefc0-9c8e-4c2d-ae61-d0b04563d5 0f
Grant Types Federated Authenticators Local Authenticators ClaimHandlers CASQUE Connector CASQUE Server
Demo Scenario: Login to the API store using CASQUE SNR as the second step in the Authentication flow API Store User Experience with WSO2 Identity server
THANK YOU wso2.com

Recommandé

WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerYenlo
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case StudyFIDO Alliance
 
Blcok Armour Digital Vault
Blcok Armour Digital VaultBlcok Armour Digital Vault
Blcok Armour Digital VaultBlock Armour
 
WISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationWISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationCreus Moreira Carlos
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
SafeNet overview 2014
SafeNet overview 2014SafeNet overview 2014
SafeNet overview 2014Sectricity
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Signify Overview
Signify OverviewSignify Overview
Signify Overviewpjpallen
 

Recommandé

WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerWSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity Server
WSO2 Guest Webinar: FIDO Universal Second Factor (U2F) for WSO2 Identity ServerYenlo
 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case StudyFIDO Alliance
 
Blcok Armour Digital Vault
Blcok Armour Digital VaultBlcok Armour Digital Vault
Blcok Armour Digital VaultBlock Armour
 
WISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationWISekey IoT Technologies Presentation
WISekey IoT Technologies PresentationCreus Moreira Carlos
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSBWebinars
 
SafeNet overview 2014
SafeNet overview 2014SafeNet overview 2014
SafeNet overview 2014Sectricity
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Signify Overview
Signify OverviewSignify Overview
Signify Overviewpjpallen
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SASrobbuddingh
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Jean-François LOMBARDO
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2Rob Dudley
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection CompanyASBIS SK
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 
FIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Alliance
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlock Armour
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
 
Fido Security Key
Fido Security KeyFido Security Key
Fido Security KeyGoTrust ID
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesFIDO Alliance
 
case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copyLee Millington
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...Block Armour
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyMike Schwartz
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsCodeSigningStore
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdflangkahgontay88
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?michaelbasoah
 

Contenu connexe

Tendances

Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SASrobbuddingh
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Jean-François LOMBARDO
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2Rob Dudley
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection CompanyASBIS SK
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsMaxim Salnikov
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 
FIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Alliance
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlock Armour
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
 
Fido Security Key
Fido Security KeyFido Security Key
Fido Security KeyGoTrust ID
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesFIDO Alliance
 
case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copyLee Millington
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...Block Armour
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyMike Schwartz
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsCodeSigningStore
 

Tendances (19)

Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
 
Go passwordless with fido2
Go passwordless with fido2Go passwordless with fido2
Go passwordless with fido2
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
 
FIDO Privacy Principles and Approach
FIDO Privacy Principles and ApproachFIDO Privacy Principles and Approach
FIDO Privacy Principles and Approach
 
Blockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud SecurityBlockchain Defined Perimeter for Cloud Security
Blockchain Defined Perimeter for Cloud Security
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
 
Fido Security Key
Fido Security KeyFido Security Key
Fido Security Key
 
Strong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital ServicesStrong Authentication and US Federal Digital Services
Strong Authentication and US Federal Digital Services
 
case-study-cisco-ise-project copy
case-study-cisco-ise-project copycase-study-cisco-ise-project copy
case-study-cisco-ise-project copy
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
 
FIDO Alliance Today: Status and News
FIDO Alliance Today: Status and NewsFIDO Alliance Today: Status and News
FIDO Alliance Today: Status and News
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
 
DigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and BenefitsDigiCert EV Code Signing Certificate Feature and Benefits
DigiCert EV Code Signing Certificate Feature and Benefits
 

Similaire à Securing Applications using WSO2 Identity Server and CASQUE

Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdflangkahgontay88
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?michaelbasoah
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Logincat MFA and SSO
Logincat MFA and SSOLogincat MFA and SSO
Logincat MFA and SSORohit Kapoor
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPriyanka Aash
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Symantec Brasil
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruMarketingArrowECS_CZ
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Risk Crew
 

Similaire à Securing Applications using WSO2 Identity Server and CASQUE (20)

CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
Kripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdfKripta Key Product Key Management System.pdf
Kripta Key Product Key Management System.pdf
 
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?
 
Identikey
IdentikeyIdentikey
Identikey
 
Webinar hiware
Webinar hiwareWebinar hiware
Webinar hiware
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
The user s identities
The user s identitiesThe user s identities
The user s identities
 
Logincat MFA and SSO
Logincat MFA and SSOLogincat MFA and SSO
Logincat MFA and SSO
 
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New AuthenticationPasswords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
Představení Oracle SPARC Miniclusteru
Představení Oracle SPARC MiniclusteruPředstavení Oracle SPARC Miniclusteru
Představení Oracle SPARC Miniclusteru
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
 

Plus de WSO2

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 

Plus de WSO2 (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 

Dernier

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Dernier (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Securing Applications using WSO2 Identity Server and CASQUE

  • 1. Securing Applications using WSO2 Identity Server and CASQUE Basil Philipsz - Managing Director, CASQUE Dinali Dabarera - Senior Software Engineer, WSO2
  • 2. Presenters Basil Philipsz is the founder and CEO of Distributed Management Systems (DMS), a private company owned by its Directors and based in Lancashire, UK. DMS has invented CASQUE – a radical approach to High Assurance Authentication. Dinali Dabarera is passionate about all aspects of Identity and Access Management She has worked in the testing CASQUE with WSO2 Identity Server and done improvements in fine-grain access control in WSO2 Identity Server
  • 3. Data breaches continue to proliferate. 1,334,488,724 breached records worldwide in April 2019. Running annual total 5.64 billion Monthly average 1.46 billion! (IT Governance)
  • 4. Why Data Breaches Continue to Proliferate? 1. Existing Authentication Methods are vulnerable 2. Users can easily deny access so feel able to disclose or be complicit 3. Users are ill-disciplined 4. Weakness in IT infrastructure design, implementation and control CASQUE and WSO2 IS can solve [1] and [2]
  • 5. The Problem Common Out-of-Band Authentication Methods like SMS, Email are weak with OTP only slightly better* Products** exploiting such vulnerabilities are publicly available * NIST Digital Identity Guidelines NIST.SP.800-63b.pdf ** Stingray, Shylock
  • 6. Vulnerabilities Current multi-factor authentication (MFA) methods have exploitable weaknesses – rely on fixed secrets • Password, Embedded key in SecurID • Private key in PKI infrastructure, Attestation key in FIDO2 • Algorithm and data point used in zero knowledge methods If discovered by hacking, calculated or disclosed by Insiders, the security is bust!
  • 7. Software Only Authentication - Flawed Do not be beguiled by “transparent” software only methods such User profiling • Users with the most dynamic profiles need the most permissive usage characteristics so making the most privileged users the easiest target. • Would not be certified at High Assurance because it cannot distinguish illegal access - User can always plead the repudiation defence "Someone must have watched my behaviour and got in"
  • 8. The Solution Solve the weak authentication problem ○ keep changing the secret! But very difficult to implement ○ Indeterminacy ○ Outage & Recovery ○ Replay Attack
  • 9. Challenge-Response Protocol • User has handheld Token containing a secure chip • Secure chip has EAL 6, FIPS 140-2 Level 3 Assurance The Solution
  • 10. Challenge-Response Protocol • Dynamic key change • Nothing for a hacker to target or for an insider to disclose • No token clones The Solution
  • 11. “Remedy” -- keep changing the Secret -- needed 4 inventions! • Granted US & EU patents • NATO approved, in use 24/7 by UK MOD • Certified by NCSC as suitable for Secret * - the only such *https://www.ncsc.gov.uk/products/dms-casque-snr The Solution
  • 12. Token has many manifestations Different forms for Client and Clientless applications Optical Token Contactless Smartcard Contact Bluetooth Smartcard Surrogate Camera Token USB Token The Solution
  • 13. The Business Case Digital Transformation: Cloud and Mobile • Who polices the administrators of your Cloud deployment? • Can an Insider reveal access secrets? • Who is liable if a breach occurs? • How is the mobile User authenticated? • Are they authenticated by vulnerable methods?
  • 14. The Business Case Digital Transformation: Cloud and Mobile • Who controls the Identity Provision? • Can a User or Token be instantly suspended? • Are third parties part of the risk? • Are Tokens reusable?
  • 15. Federated High Grade Identity & Access Management • Users - not third parties - should own and manage Identity Access. • Need to determine and segregate data that is vital - “Crown Jewels” • Access to the Crown Jewels must have highest Identity Assurance The Business Case
  • 16. Digital Transformation: Cloud and Mobile Access required from several devices. Challenge presented as QR code - Use Android mobile as “Token Reader”.
  • 17. The Business Case Federated, High Grade Identity Assurance to a Cloud of Web Application Services
  • 18. Most Economic way to reduce overall Risk CASQUE ● co-exist with existing security ● Protects the inner keep ● Reduces overall risk
  • 19. WSO2 Identity Server • Uniquely extensible, open source IAM product optimized for identity federation and single sign-on (SSO) with comprehensive support for adaptive multi-factor authentication and API security. • Helps identity administrators to setup a federated identity management ecosystem and secure access to web/mobile applications & endpoints across on-premises & cloud environments • Unlike open core vendors, WSO2 Identity Server includes the core and all of its extensions under the commercial friendly Apache 2.0 license.
  • 20. Identity Server - Capabilities ● Identity Federation and SSO ● Identity Bridging ● Adaptive and Strong Authentication ● Account management and Identity Provisioning ● Access Controls ● APIs and Microservices security ● Privacy ● Identity Analytics
  • 21. Key Benefits of WSO2 Identity Server ● Avoids Vendor lock-in with open source and open standards ● Extensible architecture helps support complex IAM use cases ● Scalable, for deployments of millions of users - 75mn identities managed ● Ecosystem-Friendly, with an identity ecosystem of 40+ extension points/connectors ● Speed integration out-of-the-box support for cloud and on-premise applications, 3rd party authentication systems and social ID providers ● Unique flexibility bridges identities between heterogeneous ID systems ● Low maintenance cost, with a pricing model that’s instance-based
  • 22. CASQUE SNR Connector - WSO2 Store The CASQUE SNR authenticator allows you to integrate WSO2 Identity Server with CASQUE SNR so that you can use the CASQUE SNR multi-factor authentication technology to authenticate users. https://store.wso2.com/store/assets/isconnector/ details/03fcefc0-9c8e-4c2d-ae61-d0b04563d5 0f
  • 23. Grant Types Federated Authenticators Local Authenticators ClaimHandlers CASQUE Connector CASQUE Server
  • 24. Demo Scenario: Login to the API store using CASQUE SNR as the second step in the Authentication flow API Store User Experience with WSO2 Identity server