Patterns and Practices in Mobile SSO

Tecnologia

About
WSO2

๏  Global
enterprise,
founded
in

2005
by
acknowledged
leaders
in

XML,
web
services

technologies,

standards

and
open
source

๏  Provides
only
open
source

pla:orm-‐as-‐a-‐service
for
private,

public
and
hybrid
cloud

deployments

๏  All
WSO2
products
are
100%
open

source
and
released
under
the

Apache
License
Version
2.0.

๏  Is
an
AcIve
Member
of
OASIS,

Cloud
Security
Alliance,
OSGi

Alliance,
AMQP
Working
Group,

OpenID
FoundaIon
and
W3C.

๏  Driven
by
InnovaIon

๏  Launched
ﬁrst
open
source
API

Management
soluIon
in
2012

๏  Launched
App
Factory
in
2Q
2013

๏  Launched
Enterprise
Store
and

ﬁrst
open
source
Mobile
soluIon

in
4Q
2013

Within the first decade of the 21st century
– internet worldwide increased from 350
million to more than 2 billion.

Mobile phone subscribers increased from
750 million to 5 billion
Today it’s around 6 billion

Only 30% of mobile users, password
protect their mobile devices

Many SaaS providers ignore multifactor
authentication for mobile applications

113 cell phones are lost or stolen every
minute in the U.S and $7 million worth
of smartphones are lost daily

62% of mobile workers
currently use their personal smartphones
for work

http://www.websense.com/assets/reports/websense-2013-threat-report.pdf

Mobile Device Management systems need
to be an integral part of the corporate
Identity Management

Cloud service providers are becoming
mobile friendly with REST/JSON APIs

OAuth 2.0 dominates
Mobile and API security

Avoid using Resource Owner Password
OAuth grant type

Mobile applications secured with OAuth
can be vulnerable to phishing

Your Facebook or Twitter account
credentials can be quite easily phished
through your mobile phone - than from a
laptop computer

The need to bake-in client key and the
secret key into the mobile app itself is an
issue yet to solve

OAuth has given a better failover
capability to mobile applications in case
of an attack

It takes an average of 20 seconds
for a user to log into a resource

Single Sign On increases user
productivity

Browser based Single Sign On
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device

Native Single Sign On
Native App Native IdP App
Mobile Device

OpenID Foundation is working on
standardizing Native Single Sign On based on
OpenID Connect

Federated Single Sign On
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
SAML2 IdP
SAML2 IdP

Federated Single Sign On with
heterogeneous Authorization Servers

Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
Federation Hub
Authorization Server (IdP)

Mais conteúdo relacionado

Mais procurados

CIS13: Mobile Single Sign-On: Extending SSO Out to the Client

CloudIDSummit

WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...

Today’s enterprise mobility solutions emphasize heavy-handed IT governance of devices and applications that impose a burden on developers and/or users. However, managing data and applications using high performance mobile-optimized infrastructure can enable secure, scalable apps while minimizing the effort required by developers and allowing them to focus on their strengths. Come learn how to facilitate the best of both worlds – multi-layer mobile security using modern standards and a fantastic user experience.

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...

To view recording of this webinar please use below URL: http://wso2.com/library/webinars/2015/08/how-apis-can-be-secured-in-mobile-environments/ In this session, Shan, director of mobile architecture at WSO2 will discuss: What makes mobile API authentication different from traditional API authentication Best practices for implementing mobile API security What WSO2 API Manager provides for mobile developers

How APIs Can Be Secured in Mobile Environments

I this presentation enterprises will get a practical overview of what they need to know when approaching APIs and technologies like OAuth. Mobile and Cloud initiatives are driving enterprises to expose data and applications to the outside world. Whether SOAP, REST or JSON, these APIs give enterprises an efficient way to open up information to services running in the Cloud and apps running on mobile devices like the iPad. However, securing and governing the lifecycle and operation of these APIs is not straightforward. It requires new approaches to access, protection and management. This invariably requires adoption of new technologies such as OAuth, which are not yet well understood.

API Security and OAuth for the Enterprise

CIS 2015 Mobile SSO

Mobile Devices in the Enterprise: What IT needs to know

Connecting The Real World With The Virtual World

Ping Identity

MDM/MAM/MIM Workshop - CIS 2013

Moving beyond conventional single sign-on to seamless cross-device access with APIs People are carrying more devices every day – with the average being 2.9 per person. Meanwhile, multitasking has gone into overdrive, as users quickly move from laptop to phone to tablet, expecting a seamless experience when accessing their favorite apps. And this expectation is not just limited to leisure and personal use – it extends to business applications. Security has broken this seamless workflow and inhibited the mobile “stickiness” businesses are striving to achieve. This webinar with Scott Morrison and Leif Bildoy of CA Technologies will demonstrate how the right combination of identity functionality and secure APIs can help your organization to overcome these challenges and enable the multi-device universe. You Will Learn • What challenges must be overcome when supporting multiple mobile app types • How SSO is evolving past mobile app access to device access • Why the right implementation of identity and APIs will create consumer stickiness • How the Internet of Things (IoT) is creating new business opportunities

The curious case of mobile app security.pptx

Ankit Giri

Enabling the Multi-Device Universe

CA Single Sign-On (CA SSO) is constantly evolving, incorporating the latest technologies in secure Web access management. In order to stay secure and competitive, CA SSO makes greater use of the CA Access Gateway (formerly CA SiteMinder Secure Proxy Server). This presentation provides a comprehensive overview of the new features in CA Single Sign On. For more information on CA Security solutions, please visit: http://bit.ly/10WHYDm

Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...

CA Technologies

OAuth - Don’t Throw the Baby Out with the Bathwater

Apigee | Google Cloud

Kodak - OpenID Retail Summit at PayPal

WSO2 Enterprise Mobility Manager - Product Overview

As more organizations develop mobile applications that access ever increasing levels of sensitive data, it is critical that standard security policies can be applied, whether coding native, hybrid or mobile browser-based applications. This session will teach you how to code your mobile applications to gain access to Oracle's Mobile Access Management services including device registration, authentication, authorization, step-up authentication and single sign-on.

Mobile application security – effective methodology, efficient testing! hem...

owaspindia

CIS 2013 Ping Identity Chalktalk

Craig Wu

Nexmo Verify SDK

Srivatsan Srinivasan

MCSDataSheet

Bilal Khan

OOW13: Developing secure mobile applications (CON8902)

GregOracle

Mais procurados (20)

CIS13: Mobile Single Sign-On: Extending SSO Out to the Client

WSO2Con US 2013 - Securing Cloud and Mobile: Pragmatic Enterprise Security Ar...

Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...

How APIs Can Be Secured in Mobile Environments

API Security and OAuth for the Enterprise

CIS 2015 Mobile SSO

Mobile Devices in the Enterprise: What IT needs to know

Connecting The Real World With The Virtual World

MDM/MAM/MIM Workshop - CIS 2013

The curious case of mobile app security.pptx

Enabling the Multi-Device Universe

Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...

OAuth - Don’t Throw the Baby Out with the Bathwater

Kodak - OpenID Retail Summit at PayPal

WSO2 Enterprise Mobility Manager - Product Overview

Mobile application security – effective methodology, efficient testing! hem...

CIS 2013 Ping Identity Chalktalk

Nexmo Verify SDK

MCSDataSheet

OOW13: Developing secure mobile applications (CON8902)

Semelhante a Patterns and Practices in Mobile SSO

Con8896 securely enabling mobile access for business transformation - final

OracleIDM

Sholove cyren web security - technical datasheet2

SHOLOVE INTERNATIONAL LLC

Device Management for Connected Devices

Con8823 access management for the internet of things-final

OracleIDM

Appaloosa & AppDome: deploy & protect mobile applications

Julien Ott

Device management by WSO2 Enterprise Mobility Manager

On today’s smarter planet, providing secure access to sensitive data, applications and infrastructure is more complex than ever. With users accessing corporate data and applications from outside the traditional network perimeter, traditional access and authentication controls are no longer sufficient. To safeguard mobile, cloud and social interactions while preventing insider threat and identity fraud, you need a powerful access management solution thats designed for today’s multi-perimeter world. We will explore how you can address your problems with the latest IBM Security Access Manager – an “All-in-one” access management solution that is designed to provide both web and mobile security in a modular package suitable to your needs. View the full on-demand webcast: https://www.youtube.com/watch?v=-ycUQykZSQA

In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...

IBM Security

MobileIron's Enterprise Solution for Mobile Web Browsing

MobileIron

MobileIron's Enterprise Solution for App Security and Management

MobileIron

No IoT Without Identity

ForgeRock

Con8902 developing secure mobile applications-final

OracleIDM

Marketing Plan For an Android App

RAMAN PREET SINGH KHERA

Mobility is transforming our lives and businesses. We bank, shop, entertain, travel, learn, and interact with our customers and employees through mobile technology and every business wants to adopt mobility because of this trend. There are key questions you need to ask yourself in order to arrive at a good strategy to adopt mobility in your enterprise. These include why you want mobility in your business, what area you want to mobilize and how to do it. By the end of this session you will learn the different ways to come up with a mobile strategy for your enterprise and how different tools like MDM and MAM fit into it.

WSO2Con ASIA 2016: Mobile Strategy for Your Enterprise

Introducing the WSO2 Enterprise Mobility Manager

Enterprise mobility philip_duplessis

itnewsafrica

The Future of Digital IAM

Simplify secure mobile app access to enterprise resources When mobile apps access enterprise data and services, the risk of security being compromised is increased. Layer 7’s solution for mobile Single Sign-On simplifies the process through which apps require users to sign in to the enterprise in order to secure this access. The solution leverages the underlying security in a device’s operating system to effectively create a secure sign-on container for apps. Layer 7 offers a complete end-to-end, standards-based and proven security solution for mobile SSO. This solution uses OAuth 2.0, OpenID Connect and JWT standards. Communication is secured through Layer 7’s SecureSpan Mobile Access Gateway and SSO libraries that abstract out all the complex OAuth and OpenID Connect protocol handshakes between mobile device and Gateway.

IRJET- Android Device Attacks and Threats

IRJET Journal

Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI

Sierraware

Single Sign-On for Mobile

MDM is not Enough - Parmelee

Prolifics

Semelhante a Patterns and Practices in Mobile SSO (20)

Con8896 securely enabling mobile access for business transformation - final

Sholove cyren web security - technical datasheet2

Device Management for Connected Devices

Con8823 access management for the internet of things-final

Appaloosa & AppDome: deploy & protect mobile applications

Device management by WSO2 Enterprise Mobility Manager

In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...

MobileIron's Enterprise Solution for Mobile Web Browsing

MobileIron's Enterprise Solution for App Security and Management

No IoT Without Identity

Con8902 developing secure mobile applications-final

Marketing Plan For an Android App

WSO2Con ASIA 2016: Mobile Strategy for Your Enterprise

Introducing the WSO2 Enterprise Mobility Manager

Enterprise mobility philip_duplessis

The Future of Digital IAM

IRJET- Android Device Attacks and Threats

Cut BYOD Costs Using Virtual Mobile Infrastructure - VMI

Single Sign-On for Mobile

MDM is not Enough - Parmelee

Mais de WSO2

architecting-ai-in-the-enterprise-apis-and-applications.pdf

Driving Innovation: Scania's API Revolution with WSO2

At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover: The overall software architecture for VHR’s Cloud Data Platform Critical decision points leading to adoption of Ballerina for the CDP Ballerina’s role in multiple evolutionary steps to the current architecture Roadmap for the CDP architecture and plans for Ballerina WSO2’s partnership in bringing continual success for the CD

Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform

The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.

Modernizing Legacy Systems Using Ballerina

WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...

WSO2CON 2024 Slides - Unlocking Value with AI

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

Quantum Leap in Next-Generation Computing

WSO2CON 2024 - Elevating the Integration Game to the Cloud

WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation

WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source

WSO2CON 2024 Slides - Open Source to SaaS

WSO2CON 2024 - Does Open Source Still Matter?

WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2CON 2024 - Software Engineering for Digital Businesses

WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...

WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation

WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!

WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...