SlideShare a Scribd company logo

FIWARE Training: API Umbrella

FIWARE
FIWARE

An online training course run by the FIWARE Foundation in conjunction with the i4Trust project. The core part of this virtual training camp (21-24 June 2021) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using linked data concepts - JSON-LD and NGSI-LD and combines these with common smart data models for the sharing and augmentation of context data. In addition, it covers the supplementary FIWARE technologies used to implement the common functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historical big data. This 12-hour online training course can be used to obtain a good understanding of FIWARE and NGSI Interfaces and form the basis of studying for the FIWARE expert certification. Extending this core part, the virtual training camp adds introductory and deep-dive sessions on how FIWARE and iSHARE technologies, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for the creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the creation of innovative services based on data sharing. In addition, SMEs and Digital Innovation Hubs (DIHs) that go through this complete training and are located in countries eligible under Horizon 2020 will be equipped with the necessary know-how to apply to the recently launched i4Trust Open Call.

Technology
1 of 21
Download to read offline
0 API Umbrella Francisco de la Vega Co-founder and CTO FICODES fdelavega@ficodes.com
API Umbrella ▪ Implements PEP and PDP features ▪ Initially developed by the US National Renewable Energy Laboratory (NREL) ▪ Adopted by FIWARE and enhanced with new features and security protocols ▪ Supports securing backend (API) and frontend (Website) services, and can be used as a reverse proxy 1
API Umbrella ▪ Support for different authentication and authorization protocols ▪ Local users and API Keys (Implemented by NREL) ▪ Integration with Keyrock (Implemented by FIWARE) • Requests made with OAuth2 bearer tokens or JSON Web Tokens • Support for Application roles • Support for i4Trust AR policy ▪ Integration with Keycloak (Implemented by FIWARE) • Requests made with JSON Web Tokens • Support for realm roles and client roles 2
API Umbrella ▪ API Backend • API services protected by API Umbrella • Redirection is configured using a frontend host and path rewritten to a backend host and path. • Settings can be applied to the whole backend service: □ Authentication □ Authorization: required roles to access □ Headers and parameters to be injected in backend request □ Rate limiting • Fine grain policies can be created using sub-url settings: □ Matched with HTTP method + URL regex + required headers (Usefull with FIWARE services) □ Settings can be overriden for the sub-url 3
API Umbrella ▪ Website backend • Uses the built-in NGINX server to create a reverse proxy • Frontend host and protocol are matched with the internal server and port. 4
API Umbrella ▪ All requests made to the different services secured with API Umbrella are logged into an elasticsearch instance. ▪ Analytics about access can be retrieved and filtered by period and content ▪ API Umbrella provides 3 tools for analytics • API Drilldown: Requests per service and path • By User: Requests per user • By Location: Requests per location 5
Thank you! http://fiware.org Follow @FIWARE on Twitter
Keyrock and API Umbrella for Data Spaces Francisco de la Vega Co-founder and CTO FICODES fdelavega@ficodes.com
Architecture 8 Participant 1 Context Broker IDP AR PE P/ PD P Participant 2 Context Broker IDP AR PE P/ PD P Trust provider Portal Portal
Architecture ▪ Each organization has their own infrastructure • Context Broker + Keyrock + API Umbrella ▪ Trust among participants is achived by the trust provider • Each participant has a unique participant ID and a signed certificate ▪ Each participant only deals with its own users, and the permissions of other participant organizations 9
Login with external IDP 10 Participant 1 Context Broker IDP AR PE P/ PD P Participant 2 Context Broker IDP AR PE P/ PD P Trust provider Portal Portal
Login with external IDP (step 1) ▪ Participant 1 portal generates a JWT signed with its certificate • The token will include its identity as sub and the identity of accessed participant (participant 2) as aud 11 > Headers { "alg": "RS256", "typ": "JWT", "x5c": [ // Complete certificate chain of the party "MIIEhjCC….Zy9w==", ... ] } > Payload { "jti": "99ab5bca41bb45b78d242a46f0157b7d", // Unique JWT ID "iss": "EU.EORI.NLMARKETPLA", "sub": "EU.EORI.NLMARKETPLA", "aud": "EU.EORI.NLHAPPYPETS", // ID (EORI) of the IDP to be accessed "iat": "1540827435", "nbf": "1540827435", "exp": "1540827435", // 30 seconds after iat "response_type": "code", "client_id": "EU.EORI.NLMARKETPLA", "scope": "openid iSHARE profile email", "redirect_uri": "https://www.marketplace.com/openid_connect1.0/return", "state": "af0ifjsldkj", "nonce": "c428224ca5a", "acr_values": "urn:http://eidas.europa.eu/LoA/NotNotified/high", "language": "en" }
Login with external IDP (step 2) ▪ Participant 1 sends the JWT to /authorize endpoint of participant 2 IDP including it in request parameter ▪ Participant 2 IDP validates the JWT and its signature, then call the trust provider to check whether participant 1 is a trusted party ▪ If everything goes well, participant 2 IDP answers participant 1 with the URL for user login in Location header. 12 > Content-Type: application/x-www-form-urlencoded POST https://idp-pdc.i4trust.fiware.io/authorize response_type=code& client_id=EU.EORI.NLMARKETPLA& scope=iSHARE openid& request=eyJ0eXA…YkNKOQ
Login with external IDP (step 3) ▪ Participant 1 redirects user browser to the URL provided by participant 2, so the user can sign in using participant 2 IDP ▪ Participant 2 IDP will return an authorization code using the provided redirect URI. 13 < Location: https://marketplace.i4trust.fiware.io/openid_connect1.0/return? code=Dmn-TbSj7OcKl5ym1j5xZsgkabzVP8dMugC81nzmeW4& state=ZqVQm4zHaEDyBhzpm1ZRH7fsxy703lq2
Login with external IDP (step 4) ▪ Participant 1 calls the /token endpoint of participant 2 IDP to get an access token for the user • JWT generated in step 1 is included in client_assertion parameter • Authorization code given in step 3 is included in code parameter. 14 > Content-Type: application/x-www-form-urlencoded POST https://idp-pdc.i4trust.fiware.io/token grant_type=authorization_code& client_id=EU.EORI.NLMARKETPLA& client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer& client_assertion=eyJ0eXA…YkNKOQ& redirect_uri=https://marketplace.i4trust.fiware.io/openid_connect1.0/return& code=Dmn-TbSj7OcKl5ym1j5xZsgkabzVP8dMugC81nzmeW4
Login with external IDP (step 5) ▪ Participant 2 will return an access token that can be used to access services as well as an OIDC ID token with user information. ▪ Token can be used also to access user info endpoint of participant 2 15 < Content-Type: application/json < Cache-Control: no-store < Pragma: no-cache { "id_token": "eyJhb...V2jA", "access_token": "aW2ys...LIOw", "expires_in": 3600, "token_type": "Bearer" } Decoded id_token parameter { "iss": "EU.EORI.NLPACKETDEL", "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de", "aud": "EU.EORI.NLMARKETPLA", "jti": "378a47c4-2822-4ca5-a49a-7e5a1cc7ea59", "iat": 1504683445, "exp": 1504683475, "auth_time": 1504683435, "nonce": "c428224ca5a", "acr": "urn:http://eidas.europa.eu/LoA/NotNotified/low", "azp": "EU.EORI.NLMARKETPLA", }
Accessing data 16 Participant 1 Context Broker IDP AR PE P/ PD P Participant 2 Context Broker IDP AR PE P/ PD P Trust provider Portal Portal
Accessing data (step 1) ▪ User from participant 2 makes a data request to the participant 1 Context Broker throuht the PEP proxy ▪ The request includes a JWT issued by participant 2 IDP and user access permissions granted by participant 2 17 > Authorization: Bearer IIeD...NIQ // Bearer JWT > Content-Type: application/json PATCH https://umbrella.i4trust.fiware.io/ngsi-ld/v1/entities/urn:ngsi-ld:DELIVERYORDER:001/ attrs/pta > Payload { "value": "<new PTA>", "type": "Property" } Decoded Bearer JWT: { "iss": "EU.EORI.NLHAPPYPETS", "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de", "jti": "d8a7fd7465754a4a9117ee28f5b7fb60", "iat": 1591966224, "exp": 1591966254, "aud": "EU.EORI.NLHAPPYPETS", "delegationEvidence": { "notBefore": 1541058939, "notOnOrAfter": 2147483647, "policyIssuer": "EU.EORI.NLHAPPYPETS", "target": { "accessSubject": "419404e1-07ce-4d80-9e8a-eca94vde0003de" // ID of customer }, "policySets": [ …
Accessing data (step 2) ▪ PEP proxy from participant 1 validates the JWT signature and trust of the participant 2. 18 > Authorization: Bearer IIeD...NIQ // Bearer JWT > Content-Type: application/json PATCH https://umbrella.i4trust.fiware.io/ngsi-ld/v1/entities/urn:ngsi-ld:DELIVERYORDER:001/ attrs/pta > Payload { "value": "<new PTA>", "type": "Property" } Decoded Bearer JWT: { "iss": "EU.EORI.NLHAPPYPETS", "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de", "jti": "d8a7fd7465754a4a9117ee28f5b7fb60", "iat": 1591966224, "exp": 1591966254, "aud": "EU.EORI.NLHAPPYPETS", "delegationEvidence": { "notBefore": 1541058939, "notOnOrAfter": 2147483647, "policyIssuer": "EU.EORI.NLHAPPYPETS", "target": { "accessSubject": "419404e1-07ce-4d80-9e8a-eca94vde0003de" // ID of customer }, "policySets": [ …
Accessing data (step 3) ▪ PEP proxy checks whether the user has been authorized by participant 2 to access to the specified data using user permissions embedded in the JWT ▪ PEP proxy checks whether the participant 2 is authorized to grant its users access to the specified data. PEP proxy uses its Authorization Registry for such validation ▪ If everything is correct, data is returned to the user 19 > Authorization: Bearer IIeD...NIQ // Bearer JWT > Content-Type: application/json PATCH https://umbrella.i4trust.fiware.io/ngsi-ld/v1/entities/urn:ngsi-ld:DELIVERYORDER:001/ attrs/pta > Payload { "value": "<new PTA>", "type": "Property" } Decoded Bearer JWT: { "iss": "EU.EORI.NLHAPPYPETS", "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de", "jti": "d8a7fd7465754a4a9117ee28f5b7fb60", "iat": 1591966224, "exp": 1591966254, "aud": "EU.EORI.NLHAPPYPETS", "delegationEvidence": { "notBefore": 1541058939, "notOnOrAfter": 2147483647, "policyIssuer": "EU.EORI.NLHAPPYPETS", "target": { "accessSubject": "419404e1-07ce-4d80-9e8a-eca94vde0003de" // ID of customer }, "policySets": [ …
Thank you! http://fiware.org Follow @FIWARE on Twitter

Recommended

Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
FIWARE
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...
FIWARE
 
FIWARE Training: IoT and Legacy
FIWARE Training: IoT and LegacyFIWARE Training: IoT and Legacy
FIWARE Training: IoT and Legacy
FIWARE
 
i4Trust IAM Components
i4Trust IAM Componentsi4Trust IAM Components
i4Trust IAM Components
FIWARE
 
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramSession 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
FIWARE
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
FIWARE
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Fernando Lopez Aguilar
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
FIWARE
 

Recommended

Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
FIWARE
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...
FIWARE
 
FIWARE Training: IoT and Legacy
FIWARE Training: IoT and LegacyFIWARE Training: IoT and Legacy
FIWARE Training: IoT and Legacy
FIWARE
 
i4Trust IAM Components
i4Trust IAM Componentsi4Trust IAM Components
i4Trust IAM Components
FIWARE
 
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramSession 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
FIWARE
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
FIWARE
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Fernando Lopez Aguilar
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
FIWARE
 
Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production
Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in ProductionKong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production
Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production
FIWARE
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
Torsten Lodderstedt
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE
 
FIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced Operations
FIWARE
 
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LDFIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
FIWARE
 
FIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModelsFIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModels
FIWARE
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
FIWARE
 
NGSI-LD IoT Agents
NGSI-LD IoT AgentsNGSI-LD IoT Agents
NGSI-LD IoT Agents
FIWARE
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
Torsten Lodderstedt
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPower
Shiu-Fun Poon
 
Orion Context Broker 1.15.0
Orion Context Broker 1.15.0Orion Context Broker 1.15.0
Orion Context Broker 1.15.0
Fermin Galan
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
Yuichi Nakamura
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorial
ssuser3993f3
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
Torsten Lodderstedt
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain Node
SSIMeetup
 
Keyrock and API Umbrella for Data Spaces
Keyrock and API Umbrella for Data SpacesKeyrock and API Umbrella for Data Spaces
Keyrock and API Umbrella for Data Spaces
FIWARE
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect Protocol
Clément OUDOT
 

More Related Content

What's hot

FIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced Operations
FIWARE
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
FIWARE
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain Node
SSIMeetup
 

What's hot (20)

Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production
Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in ProductionKong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production
Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production
 
OpenID for SSI
OpenID for SSIOpenID for SSI
OpenID for SSI
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
 
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
 
FIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced Operations
 
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LDFIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LD
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
 
FIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModelsFIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModels
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT Devices
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
NGSI-LD IoT Agents
NGSI-LD IoT AgentsNGSI-LD IoT Agents
NGSI-LD IoT Agents
 
OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)OpenID Connect 4 SSI (DIFCon F2F)
OpenID Connect 4 SSI (DIFCon F2F)
 
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPowerOAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 with IBM WebSphere DataPower
 
Orion Context Broker 1.15.0
Orion Context Broker 1.15.0Orion Context Broker 1.15.0
Orion Context Broker 1.15.0
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...
 
Hyperledger Indy tutorial
Hyperledger Indy tutorialHyperledger Indy tutorial
Hyperledger Indy tutorial
 
OIDC4VP for AB/C WG
OIDC4VP for AB/C WGOIDC4VP for AB/C WG
OIDC4VP for AB/C WG
 
The Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain NodeThe Hyperledger Indy Public Blockchain Node
The Hyperledger Indy Public Blockchain Node
 

Similar to FIWARE Training: API Umbrella

The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect Protocol
Clément OUDOT
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Andreas Falk
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
WSO2
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
FIWARE
 

Similar to FIWARE Training: API Umbrella (20)

Keyrock and API Umbrella for Data Spaces
Keyrock and API Umbrella for Data SpacesKeyrock and API Umbrella for Data Spaces
Keyrock and API Umbrella for Data Spaces
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect Protocol
 
Smartphone Native Application OP
Smartphone Native Application OPSmartphone Native Application OP
Smartphone Native Application OP
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessOAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party Access
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
 
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nal...
 
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...
 
FIWARE Tech Summit - FIWARE IoT Agents
FIWARE Tech Summit - FIWARE IoT AgentsFIWARE Tech Summit - FIWARE IoT Agents
FIWARE Tech Summit - FIWARE IoT Agents
 
OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?OpenID Connect - An Emperor or Just New Cloths?
OpenID Connect - An Emperor or Just New Cloths?
 
W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24
 
How to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptxHow to build Simple yet powerful API.pptx
How to build Simple yet powerful API.pptx
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol
 
Identity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoTIdentity for IoT: An Authentication Framework for the IoT
Identity for IoT: An Authentication Framework for the IoT
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
OAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring BootOAuth2 and OpenID with Spring Boot
OAuth2 and OpenID with Spring Boot
 

More from FIWARE

Behm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxBehm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptx
FIWARE
 
Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf
FIWARE
 
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxChristoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
FIWARE
 
Behm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxBehm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptx
FIWARE
 
Evangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxEvangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptx
FIWARE
 
Lukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxLukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptx
FIWARE
 
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxPierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
FIWARE
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
FIWARE
 
Ulrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxUlrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptx
FIWARE
 
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxAleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
FIWARE
 
Water Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfWater Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdf
FIWARE
 
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxCameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
FIWARE
 
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FIWARE
 
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxBoris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
FIWARE
 
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
FIWARE
 
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfAbdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
FIWARE
 
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FIWARE
 
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxHTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
FIWARE
 
WE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxWE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptx
FIWARE
 
EU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxEU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptx
FIWARE
 

More from FIWARE (20)

Behm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxBehm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptx
 
Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf
 
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxChristoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
 
Behm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxBehm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptx
 
Evangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxEvangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptx
 
Lukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxLukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptx
 
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxPierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
 
Ulrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxUlrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptx
 
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxAleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
 
Water Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfWater Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdf
 
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxCameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
 
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
 
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxBoris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
 
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
 
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfAbdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
 
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
 
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxHTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
 
WE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxWE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptx
 
EU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxEU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptx
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

FIWARE Training: API Umbrella

  • 1. 0 API Umbrella Francisco de la Vega Co-founder and CTO FICODES fdelavega@ficodes.com
  • 2. API Umbrella ▪ Implements PEP and PDP features ▪ Initially developed by the US National Renewable Energy Laboratory (NREL) ▪ Adopted by FIWARE and enhanced with new features and security protocols ▪ Supports securing backend (API) and frontend (Website) services, and can be used as a reverse proxy 1
  • 3. API Umbrella ▪ Support for different authentication and authorization protocols ▪ Local users and API Keys (Implemented by NREL) ▪ Integration with Keyrock (Implemented by FIWARE) • Requests made with OAuth2 bearer tokens or JSON Web Tokens • Support for Application roles • Support for i4Trust AR policy ▪ Integration with Keycloak (Implemented by FIWARE) • Requests made with JSON Web Tokens • Support for realm roles and client roles 2
  • 4. API Umbrella ▪ API Backend • API services protected by API Umbrella • Redirection is configured using a frontend host and path rewritten to a backend host and path. • Settings can be applied to the whole backend service: □ Authentication □ Authorization: required roles to access □ Headers and parameters to be injected in backend request □ Rate limiting • Fine grain policies can be created using sub-url settings: □ Matched with HTTP method + URL regex + required headers (Usefull with FIWARE services) □ Settings can be overriden for the sub-url 3
  • 5. API Umbrella ▪ Website backend • Uses the built-in NGINX server to create a reverse proxy • Frontend host and protocol are matched with the internal server and port. 4
  • 6. API Umbrella ▪ All requests made to the different services secured with API Umbrella are logged into an elasticsearch instance. ▪ Analytics about access can be retrieved and filtered by period and content ▪ API Umbrella provides 3 tools for analytics • API Drilldown: Requests per service and path • By User: Requests per user • By Location: Requests per location 5
  • 8. Keyrock and API Umbrella for Data Spaces Francisco de la Vega Co-founder and CTO FICODES fdelavega@ficodes.com
  • 10. Architecture ▪ Each organization has their own infrastructure • Context Broker + Keyrock + API Umbrella ▪ Trust among participants is achived by the trust provider • Each participant has a unique participant ID and a signed certificate ▪ Each participant only deals with its own users, and the permissions of other participant organizations 9
  • 11. Login with external IDP 10 Participant 1 Context Broker IDP AR PE P/ PD P Participant 2 Context Broker IDP AR PE P/ PD P Trust provider Portal Portal
  • 12. Login with external IDP (step 1) ▪ Participant 1 portal generates a JWT signed with its certificate • The token will include its identity as sub and the identity of accessed participant (participant 2) as aud 11 > Headers { "alg": "RS256", "typ": "JWT", "x5c": [ // Complete certificate chain of the party "MIIEhjCC….Zy9w==", ... ] } > Payload { "jti": "99ab5bca41bb45b78d242a46f0157b7d", // Unique JWT ID "iss": "EU.EORI.NLMARKETPLA", "sub": "EU.EORI.NLMARKETPLA", "aud": "EU.EORI.NLHAPPYPETS", // ID (EORI) of the IDP to be accessed "iat": "1540827435", "nbf": "1540827435", "exp": "1540827435", // 30 seconds after iat "response_type": "code", "client_id": "EU.EORI.NLMARKETPLA", "scope": "openid iSHARE profile email", "redirect_uri": "https://www.marketplace.com/openid_connect1.0/return", "state": "af0ifjsldkj", "nonce": "c428224ca5a", "acr_values": "urn:http://eidas.europa.eu/LoA/NotNotified/high", "language": "en" }
  • 13. Login with external IDP (step 2) ▪ Participant 1 sends the JWT to /authorize endpoint of participant 2 IDP including it in request parameter ▪ Participant 2 IDP validates the JWT and its signature, then call the trust provider to check whether participant 1 is a trusted party ▪ If everything goes well, participant 2 IDP answers participant 1 with the URL for user login in Location header. 12 > Content-Type: application/x-www-form-urlencoded POST https://idp-pdc.i4trust.fiware.io/authorize response_type=code& client_id=EU.EORI.NLMARKETPLA& scope=iSHARE openid& request=eyJ0eXA…YkNKOQ
  • 14. Login with external IDP (step 3) ▪ Participant 1 redirects user browser to the URL provided by participant 2, so the user can sign in using participant 2 IDP ▪ Participant 2 IDP will return an authorization code using the provided redirect URI. 13 < Location: https://marketplace.i4trust.fiware.io/openid_connect1.0/return? code=Dmn-TbSj7OcKl5ym1j5xZsgkabzVP8dMugC81nzmeW4& state=ZqVQm4zHaEDyBhzpm1ZRH7fsxy703lq2
  • 15. Login with external IDP (step 4) ▪ Participant 1 calls the /token endpoint of participant 2 IDP to get an access token for the user • JWT generated in step 1 is included in client_assertion parameter • Authorization code given in step 3 is included in code parameter. 14 > Content-Type: application/x-www-form-urlencoded POST https://idp-pdc.i4trust.fiware.io/token grant_type=authorization_code& client_id=EU.EORI.NLMARKETPLA& client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer& client_assertion=eyJ0eXA…YkNKOQ& redirect_uri=https://marketplace.i4trust.fiware.io/openid_connect1.0/return& code=Dmn-TbSj7OcKl5ym1j5xZsgkabzVP8dMugC81nzmeW4
  • 16. Login with external IDP (step 5) ▪ Participant 2 will return an access token that can be used to access services as well as an OIDC ID token with user information. ▪ Token can be used also to access user info endpoint of participant 2 15 < Content-Type: application/json < Cache-Control: no-store < Pragma: no-cache { "id_token": "eyJhb...V2jA", "access_token": "aW2ys...LIOw", "expires_in": 3600, "token_type": "Bearer" } Decoded id_token parameter { "iss": "EU.EORI.NLPACKETDEL", "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de", "aud": "EU.EORI.NLMARKETPLA", "jti": "378a47c4-2822-4ca5-a49a-7e5a1cc7ea59", "iat": 1504683445, "exp": 1504683475, "auth_time": 1504683435, "nonce": "c428224ca5a", "acr": "urn:http://eidas.europa.eu/LoA/NotNotified/low", "azp": "EU.EORI.NLMARKETPLA", }
  • 18. Accessing data (step 1) ▪ User from participant 2 makes a data request to the participant 1 Context Broker throuht the PEP proxy ▪ The request includes a JWT issued by participant 2 IDP and user access permissions granted by participant 2 17 > Authorization: Bearer IIeD...NIQ // Bearer JWT > Content-Type: application/json PATCH https://umbrella.i4trust.fiware.io/ngsi-ld/v1/entities/urn:ngsi-ld:DELIVERYORDER:001/ attrs/pta > Payload { "value": "<new PTA>", "type": "Property" } Decoded Bearer JWT: { "iss": "EU.EORI.NLHAPPYPETS", "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de", "jti": "d8a7fd7465754a4a9117ee28f5b7fb60", "iat": 1591966224, "exp": 1591966254, "aud": "EU.EORI.NLHAPPYPETS", "delegationEvidence": { "notBefore": 1541058939, "notOnOrAfter": 2147483647, "policyIssuer": "EU.EORI.NLHAPPYPETS", "target": { "accessSubject": "419404e1-07ce-4d80-9e8a-eca94vde0003de" // ID of customer }, "policySets": [ …
  • 19. Accessing data (step 2) ▪ PEP proxy from participant 1 validates the JWT signature and trust of the participant 2. 18 > Authorization: Bearer IIeD...NIQ // Bearer JWT > Content-Type: application/json PATCH https://umbrella.i4trust.fiware.io/ngsi-ld/v1/entities/urn:ngsi-ld:DELIVERYORDER:001/ attrs/pta > Payload { "value": "<new PTA>", "type": "Property" } Decoded Bearer JWT: { "iss": "EU.EORI.NLHAPPYPETS", "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de", "jti": "d8a7fd7465754a4a9117ee28f5b7fb60", "iat": 1591966224, "exp": 1591966254, "aud": "EU.EORI.NLHAPPYPETS", "delegationEvidence": { "notBefore": 1541058939, "notOnOrAfter": 2147483647, "policyIssuer": "EU.EORI.NLHAPPYPETS", "target": { "accessSubject": "419404e1-07ce-4d80-9e8a-eca94vde0003de" // ID of customer }, "policySets": [ …
  • 20. Accessing data (step 3) ▪ PEP proxy checks whether the user has been authorized by participant 2 to access to the specified data using user permissions embedded in the JWT ▪ PEP proxy checks whether the participant 2 is authorized to grant its users access to the specified data. PEP proxy uses its Authorization Registry for such validation ▪ If everything is correct, data is returned to the user 19 > Authorization: Bearer IIeD...NIQ // Bearer JWT > Content-Type: application/json PATCH https://umbrella.i4trust.fiware.io/ngsi-ld/v1/entities/urn:ngsi-ld:DELIVERYORDER:001/ attrs/pta > Payload { "value": "<new PTA>", "type": "Property" } Decoded Bearer JWT: { "iss": "EU.EORI.NLHAPPYPETS", "sub": "419404e1-07ce-4d80-9e8a-eca94vde0003de", "jti": "d8a7fd7465754a4a9117ee28f5b7fb60", "iat": 1591966224, "exp": 1591966254, "aud": "EU.EORI.NLHAPPYPETS", "delegationEvidence": { "notBefore": 1541058939, "notOnOrAfter": 2147483647, "policyIssuer": "EU.EORI.NLHAPPYPETS", "target": { "accessSubject": "419404e1-07ce-4d80-9e8a-eca94vde0003de" // ID of customer }, "policySets": [ …