SlideShare uma empresa Scribd logo
1 de 19
Baixar para ler offline
Adding Identity Management and Access Control to your Application 
Joaquin Salvachua // Álvaro Alonso 
UPM – DIT 
Security Chapter. FIWARE 
jsalvachua@dit.upm.es, @jsalvachua 
aalonsog@dit.upm.es, @larsonalonso
Identity Manager 
2
Identity Manager 
3 
Account
Oauth 2.0 
Login with
FIWARE Account (Identity Manager) Demo 
5
OAuth 2.0 
6
Oauth 2.0 Message Flow 
redirect 
access-code 
Web App Account 
request access-token 
access-token 
7 
OAuth Library 
Request user info using access-token
Oauth 2.0 Libraries 
• http://oauth.net/2/ 
– PHP, Cocoa, iOS, Java, Ruby, Javascript, 
Python. 
• Example using Node.js 
– https://github.com/ging/oauth2-example-client 
8
Oauth 2.0 Demo 
9
Web Applications and GEs 
10 
Generic Enabler 
Account 
Request + 
access-token 
Oauth2 flows 
access-token 
OK + user info (roles) 
Web App 
OAuth Library 
access_token
Web Applications and GEs 
GET https://GE_URL HTTP/1.1 
Host: GE_hostname 
X-Auth-Token: access_token 
11
Securing your back-end 
Oauth2 flows 
access_token 
12 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
Oauth Library 
Proxy 
access-token 
OK + user info (roles)
Securing your back-end 
• Level 1: Authentication 
– Check if a user has a FIWARE account 
• Level 2: Basic Authorization 
– Checks if a user has permissions to access a 
resource 
– HTTP verb + resource path 
• Level 3: Advanced Authorization 
– Custom XACML policies
Level 1: Authentication 
Oauth2 flows 
access_token 
14 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
Oauth Library 
Proxy 
access-token 
OK + user info (roles)
Level 2: Basic Authorization 
Oauth2 flows 
access_token 
15 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
Oauth Library 
Proxy 
access-token + verb + path 
OK + user info 
AC GE
Level 3: Advanced Authorization 
Oauth2 flows 
access_token 
16 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
Oauth Library 
Proxy extension 
XACML policy 
OK + user info 
AC GE
FIWARE Proxy Demo 
17
Documentation 
• FIWARE Account: 
– Source Code: https://github.com/ging/fi-ware- 
idm 
– Documentation: https://github.com/ging/fi-ware- 
idm/wiki 
• FIWARE Access Control 
– http://catalogue.fi-ware.org/enablers/access-control- 
tha-implementation/documentation 
• FIWARE OAuth2 Demo: 
– https://github.com/ging/oauth2-example-client 
• FIWARE Proxy: 
– https://github.com/ging/fi-ware-pep-proxy 
18
Adding Identity Management and Access Control to your Application 
Álvaro Alonso 
UPM – DIT 
Security Chapter. FIWARE 
aalonsog@dit.upm.es, @larsonalonso

Mais conteúdo relacionado

Mais procurados

Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabathWSO2
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Hybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksHybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksRayhan Chowdhury
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Sumanth Damarla
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An IntroductionSteve Ivy
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Jonathan LeBlanc
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsJon Todd
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJSrobertjd
 
Intro to Deception techniques - Honey-*
Intro to Deception techniques - Honey-*Intro to Deception techniques - Honey-*
Intro to Deception techniques - Honey-*Harish Ramadoss
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Pentest Expectations
Pentest ExpectationsPentest Expectations
Pentest ExpectationsIhor Uzhvenko
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security EcosystemPrabath Siriwardena
 
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeWakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeAlexandre Morgaut
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring SecurityBurt Beckwith
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorMifrazMurthaja
 

Mais procurados (20)

Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
 
Api security-eic-prabath
Api security-eic-prabathApi security-eic-prabath
Api security-eic-prabath
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Hybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social NetworksHybrid authentication - Talking To Major Social Networks
Hybrid authentication - Talking To Major Social Networks
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID ConnectSecuring RESTful APIs using OAuth 2 and OpenID Connect
Securing RESTful APIs using OAuth 2 and OpenID Connect
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2Securing RESTful Payment APIs Using OAuth 2
Securing RESTful Payment APIs Using OAuth 2
 
REST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTsREST Service Authetication with TLS & JWTs
REST Service Authetication with TLS & JWTs
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
 
Intro to Deception techniques - Honey-*
Intro to Deception techniques - Honey-*Intro to Deception techniques - Honey-*
Intro to Deception techniques - Honey-*
 
Security Function
Security FunctionSecurity Function
Security Function
 
Pentest Expectations
Pentest ExpectationsPentest Expectations
Pentest Expectations
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinModern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
 
Building an API Security Ecosystem
Building an API Security EcosystemBuilding an API Security Ecosystem
Building an API Security Ecosystem
 
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeWakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
 
Fun With Spring Security
Fun With Spring SecurityFun With Spring Security
Fun With Spring Security
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
 
JWT SSO Inbound Authenticator
JWT SSO Inbound AuthenticatorJWT SSO Inbound Authenticator
JWT SSO Inbound Authenticator
 

Destaque

Chela stress test
Chela stress testChela stress test
Chela stress testsuperserch
 
Cwin16 - Paris - ux design
Cwin16 - Paris - ux designCwin16 - Paris - ux design
Cwin16 - Paris - ux designCapgemini
 
Ia32 Modo Protegido
Ia32 Modo ProtegidoIa32 Modo Protegido
Ia32 Modo ProtegidoErwin Meza
 
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...Jakob Schneider
 
Netflix Nebula - Gradle Summit 2014
Netflix Nebula - Gradle Summit 2014Netflix Nebula - Gradle Summit 2014
Netflix Nebula - Gradle Summit 2014Justin Ryan
 
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the CloudMMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the CloudXavier Amatriain
 
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
Cwin16 tls-partner-hpe-digital economy & Hybrid ITCwin16 tls-partner-hpe-digital economy & Hybrid IT
Cwin16 tls-partner-hpe-digital economy & Hybrid ITCapgemini
 
Disciplined agile business analysis
Disciplined agile business analysisDisciplined agile business analysis
Disciplined agile business analysisScott W. Ambler
 
How Comcast uses Data Science to Improve the Customer Experience
How Comcast uses Data Science to Improve the Customer ExperienceHow Comcast uses Data Science to Improve the Customer Experience
How Comcast uses Data Science to Improve the Customer ExperienceTuri, Inc.
 
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...500 Startups
 
Cwin16 - lyon - faurecia customer cockpit
Cwin16 - lyon - faurecia customer cockpitCwin16 - lyon - faurecia customer cockpit
Cwin16 - lyon - faurecia customer cockpitCapgemini
 

Destaque (15)

Chela stress test
Chela stress testChela stress test
Chela stress test
 
May: If I Were 22
May: If I Were 22May: If I Were 22
May: If I Were 22
 
Cwin16 - Paris - ux design
Cwin16 - Paris - ux designCwin16 - Paris - ux design
Cwin16 - Paris - ux design
 
Ia32 Modo Protegido
Ia32 Modo ProtegidoIa32 Modo Protegido
Ia32 Modo Protegido
 
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
 
Netflix Nebula - Gradle Summit 2014
Netflix Nebula - Gradle Summit 2014Netflix Nebula - Gradle Summit 2014
Netflix Nebula - Gradle Summit 2014
 
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the CloudMMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
 
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
Cwin16 tls-partner-hpe-digital economy & Hybrid ITCwin16 tls-partner-hpe-digital economy & Hybrid IT
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
 
Disciplined agile business analysis
Disciplined agile business analysisDisciplined agile business analysis
Disciplined agile business analysis
 
How Comcast uses Data Science to Improve the Customer Experience
How Comcast uses Data Science to Improve the Customer ExperienceHow Comcast uses Data Science to Improve the Customer Experience
How Comcast uses Data Science to Improve the Customer Experience
 
How to Start a Startup at NYU
How to Start a Startup at NYUHow to Start a Startup at NYU
How to Start a Startup at NYU
 
Introduction to the Innovation Corps (NSF I-Corps)
Introduction to the Innovation Corps (NSF I-Corps)Introduction to the Innovation Corps (NSF I-Corps)
Introduction to the Innovation Corps (NSF I-Corps)
 
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
 
Cwin16 - lyon - faurecia customer cockpit
Cwin16 - lyon - faurecia customer cockpitCwin16 - lyon - faurecia customer cockpit
Cwin16 - lyon - faurecia customer cockpit
 
April: My Best Mistake
April: My Best MistakeApril: My Best Mistake
April: My Best Mistake
 

Semelhante a Adding Identity Management and Access Control to your Application

FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Álvaro Alonso González
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra,  API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra,  API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
Beyond API Authorization
Beyond API AuthorizationBeyond API Authorization
Beyond API AuthorizationJared Hanson
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemWSO2
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppBen Adida
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptSecure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptJonathan LeBlanc
 

Semelhante a Adding Identity Management and Access Control to your Application (20)

FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
FIWARE ID Management
FIWARE ID ManagementFIWARE ID Management
FIWARE ID Management
 
Security Access with OAuth2.0
Security Access with OAuth2.0Security Access with OAuth2.0
Security Access with OAuth2.0
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
Api security
Api security Api security
Api security
 
Id fiware upm-dit
Id fiware  upm-ditId fiware  upm-dit
Id fiware upm-dit
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra,  API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra,  API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
Beyond API Authorization
Beyond API AuthorizationBeyond API Authorization
Beyond API Authorization
 
Best Practices in Building an API Security Ecosystem
Best Practices in Building an API Security EcosystemBest Practices in Building an API Security Ecosystem
Best Practices in Building an API Security Ecosystem
 
How to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health AppHow to Build an Indivo X Personal Health App
How to Build an Indivo X Personal Health App
 
Some OAuth love
Some OAuth loveSome OAuth love
Some OAuth love
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Secure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScriptSecure RESTful API Automation With JavaScript
Secure RESTful API Automation With JavaScript
 

Mais de Fernando Lopez Aguilar

Building the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE LabBuilding the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE LabFernando Lopez Aguilar
 
Big Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREBig Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREFernando Lopez Aguilar
 
Operational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudOperational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudFernando Lopez Aguilar
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoFernando Lopez Aguilar
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFernando Lopez Aguilar
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Fernando Lopez Aguilar
 
Cloud and Big Data in the agriculture sector
Cloud and Big Data in the agriculture sectorCloud and Big Data in the agriculture sector
Cloud and Big Data in the agriculture sectorFernando Lopez Aguilar
 
Context Information Management in IoT enabled smart systems - the basics
Context Information Management in IoT enabled smart systems - the basicsContext Information Management in IoT enabled smart systems - the basics
Context Information Management in IoT enabled smart systems - the basicsFernando Lopez Aguilar
 

Mais de Fernando Lopez Aguilar (20)

Introduction to FIWARE technology
Introduction to FIWARE  technologyIntroduction to FIWARE  technology
Introduction to FIWARE technology
 
DW2020 Data Models - FIWARE Platform
DW2020 Data Models - FIWARE PlatformDW2020 Data Models - FIWARE Platform
DW2020 Data Models - FIWARE Platform
 
FIWARE and Smart Data Models
FIWARE and Smart Data ModelsFIWARE and Smart Data Models
FIWARE and Smart Data Models
 
How to deploy a smart city platform?
How to deploy a smart city platform?How to deploy a smart city platform?
How to deploy a smart city platform?
 
Building the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE LabBuilding the Smart City Platform on FIWARE Lab
Building the Smart City Platform on FIWARE Lab
 
Data Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LDData Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LD
 
FIWARE and Robotics
FIWARE and RoboticsFIWARE and Robotics
FIWARE and Robotics
 
Big Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREBig Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWARE
 
Operational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloudOperational Dashboards with FIWARE WireCloud
Operational Dashboards with FIWARE WireCloud
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)
 
How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
 
Core Context Management
Core Context ManagementCore Context Management
Core Context Management
 
What is an IoT Agent
What is an IoT AgentWhat is an IoT Agent
What is an IoT Agent
 
FIWARE Overview
FIWARE OverviewFIWARE Overview
FIWARE Overview
 
Overview of the FIWARE Ecosystem
Overview of the FIWARE EcosystemOverview of the FIWARE Ecosystem
Overview of the FIWARE Ecosystem
 
Cloud and Big Data in the agriculture sector
Cloud and Big Data in the agriculture sectorCloud and Big Data in the agriculture sector
Cloud and Big Data in the agriculture sector
 
Berlin OpenStack Summit'18
Berlin OpenStack Summit'18Berlin OpenStack Summit'18
Berlin OpenStack Summit'18
 
Context Information Management in IoT enabled smart systems - the basics
Context Information Management in IoT enabled smart systems - the basicsContext Information Management in IoT enabled smart systems - the basics
Context Information Management in IoT enabled smart systems - the basics
 

Último

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 

Último (20)

Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 

Adding Identity Management and Access Control to your Application

  • 1. Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
  • 5. FIWARE Account (Identity Manager) Demo 5
  • 7. Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
  • 8. Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
  • 10. Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
  • 11. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  • 12. Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  • 13. Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  • 14. Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  • 15. Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
  • 16. Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
  • 18. Documentation • FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
  • 19. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso