Salesforce Miami User Group Event - 1st Quarter 2024
Adding Identity Management and Access Control to your Application
1. Adding Identity Management and Access Control to your Application
Joaquin Salvachua // Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
jsalvachua@dit.upm.es, @jsalvachua
aalonsog@dit.upm.es, @larsonalonso
10. Web Applications and GEs
10
Generic Enabler
Account
Request +
access-token
Oauth2 flows
access-token
OK + user info (roles)
Web App
OAuth Library
access_token
11. Web Applications and GEs
GET https://GE_URL HTTP/1.1
Host: GE_hostname
X-Auth-Token: access_token
11
12. Securing your back-end
Oauth2 flows
access_token
12
Web App
Back-end
Apps
Account
Request +
access-token
Oauth Library
Proxy
access-token
OK + user info (roles)
13. Securing your back-end
• Level 1: Authentication
– Check if a user has a FIWARE account
• Level 2: Basic Authorization
– Checks if a user has permissions to access a
resource
– HTTP verb + resource path
• Level 3: Advanced Authorization
– Custom XACML policies
14. Level 1: Authentication
Oauth2 flows
access_token
14
Web App
Back-end
Apps
Account
Request +
access-token
Oauth Library
Proxy
access-token
OK + user info (roles)
15. Level 2: Basic Authorization
Oauth2 flows
access_token
15
Web App
Back-end
Apps
Account
Request +
access-token
Oauth Library
Proxy
access-token + verb + path
OK + user info
AC GE
16. Level 3: Advanced Authorization
Oauth2 flows
access_token
16
Web App
Back-end
Apps
Account
Request +
access-token
Oauth Library
Proxy extension
XACML policy
OK + user info
AC GE
19. Adding Identity Management and Access Control to your Application
Álvaro Alonso
UPM – DIT
Security Chapter. FIWARE
aalonsog@dit.upm.es, @larsonalonso