PEP Proxy Wilma GE. Lesson 3. Securing a REST API
Álvaro Alonso
UPM-DIT. Security Chapter
Video at https://edu.fiware.org/course/view.php?id=131
FIWARE Academy
https://edu.fiware.org
http://fiware.org
3. Main concepts
• Authentication
– Check if a user is a registered user
• Basic Authorization
– Check if a user has permissions to access a resource
– HTTP verb + resource path
• Advanced Authorization
– Check if a user has permissions to access a resource
– Custom XACML policies
4. Main concepts - Authentication
Backend Service
REST API
HTTP request + TOKEN
Wilma
User
Keyrock GE
TOKEN
OK + user info
5. Main concepts – Basic Authorization
Backend Service
REST API
HTTP request + TOKEN
Wilma
User
Keyrock GE
AutZForce GE
6. Main concepts – Advanced Authorization
Backend Service
REST API
HTTP request + TOKEN
Wilma *
User
Keyrock GE
AutZForce GE