SlideShare uma empresa Scribd logo
1 de 55
Baixar para ler offline
Building a Secure Enterprise
Johann Dilantha Nallathamby
Technical Lead
WSO2
Rushmin Fernando
Technical Lead
WSO2
Agenda
• WSO2 Identity Server Architecture
• SAML2 Single Sign-On/Single Logout
• XACML 3.0
• OAuth 2.0
• OpenID Connect
• User Management
• SCIM 2.0
• Plugging an external Identity Store
• Identity Cloud
Identity Server Architecture
SAML SSO
Identity provider
(e.g. WSO2 IS)
Service provider
(e.g. inventory)
User
data
SAML SSO - User Experience
SAML SSO - Login to Another Service Provider
Identity provider
(e.g. WSO2 IS)
Service provider 2
(e.g. Accounts dept.)
User
data
Service provider 1
(e.g. inventory)
4. Bypass login page
SAML SSO
Identity provider
(e.g. WSO2 IS)
Service provider 1
(SP1)
Service provider 2
(SP2)
Session
ID
SP
IS1 SP1
IS1 SP2
IS2 SP2
SAML Single Logout
Identity provider
(e.g. WSO2 IS)
Service provider 1
(SP1)
Service provider 2
(SP2)
Session
ID
SP
IS1 SP1
IS1 SP2
IS2 SP2
Logout
(session: S1)
What the User Can Do...
Service provider 1
(SP1)
/data/files
/data/archives
/data/visualize
/data/details
User = Jane
User =
David
User = Tao
What the User Can Do (Ctd...)
Service provider 1
(SP1)
User = Jane
User =
David
User = Tao
Access control policy
If user = Tao and
resource = /data/archives
Permit.
If role = Clark and
action = write
Deny.
If role = Manager and
resource = /data/files
Permit.
XACML - Architecture
/data/files
/data/archives
/data/visualize
/data/details
Policy decision Point
If user = jane
Permit.
If role = clark and
Action = write
Deny.
Policy Store
Policy Administration
Point
Policy Enforcement
Point(PEP)
User = Tao
User = David
User = Jane
XACML - Policy Decision Flow
Policy Enforcement
Point(PEP)
User = Jane
User = David
User = Tao
Service provider 1
(SP1)
/data/files
/data/archives
/data/visualize
/data/details
Policy decision point
If user = jane
Permit.
If role = clark and
Action = write
Deny.
Access policy 1
XACML - Policy
Policy
Target
Rule (effect = permit)
Target
Condition
Rule
…......
Rule
…......
Activation conditions for the rule set
Activation conditions for the rule
Conditions for the rule
Decision if target and condition are true
XACML - Policy (Ctd...)
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="BankOne_account_access_policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">/bankone/accounts/*</AttributeValue>
<AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id"
Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"
DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Rule Effect="Permit" RuleId="update_accounts_rule">
….
</Rule>
…....
</Policy>
If resource matches /bankone/accounts/*
Activation conditions for the rule set
XACML - Policy (Rules)
<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="BankOne_account_access_policy"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0">
<Target> ..... </Target>
<Rule Effect="Permit" RuleId="update_accounts_rule">
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="...#string">/bankone/accounts/update/*</AttributeValue>
<AttributeDesignator AttributeId="...:resource:resource-id" Category="...:attribute-category:resource"
DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of">
<Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">manager</AttributeValue>
<AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/>
</Apply>
</Condition>
</Rule>
<Rule Effect="Permit" RuleId="read_accounts_rule"> … </Rule>
</Policy>
Permit if conditions satisfy
If resource matches /bankone/accounts/update/*
If role is manager
XACML Request
<Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false"
ReturnPolicyIdList="false">
<Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">bob</AttributeValue>
</Attribute>
</Attributes>
<Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
<Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false">
<AttributeValue
DataType="http://www.w3.org/2001/XMLSchema#string">/bankone/accounts/read/a1</AttributeValue>
</Attribute>
</Attributes>
</Request>
Subject = bob
Resource = /bankone/accounts/read/a1
XACML - Policy Enforcement
Policy Enforcement
Point(PEP)
User = Jane
User = David
User = Tao
Service provider 1
(SP1)
/data/files
/data/archives
/data/visualize
/data/details
Policy decision
If user = jane
Permit.
If role = clark and
Action = write
Deny.
Access policy 1
XACML - Policy Enforcement
WSO2 ESB
Proxy
service
Entitlement
Service provider 1
(SP1)
On
accept
On
reject
SendDrop
Property [Set user]
Property [Set resource]
Policy decision
(WSO2 IS)
Render menu items in a web app based on the logged-
in user’s fine-grained permissions
XACML Demo
Bring a Token...
Service provider
Access resource
R1
Does the user has
permission to access R1?
Service provider
Access resource
R1
Check if R1 is authorized
for the given token
Token
But..
How does a user get a token?
How do we know if a given token has permission to access a resource?
OAuth 2.0
•Access is granted to authorized tokens
•Users obtain tokens from an authorization server
•Resource servers validate the authorization of a token with authorization server
Tokens are authorized for scopes
Each protected resource + action has to be mapped to a scope
OAuth 2.0 (Ctd...)
Service
provider
Read resource R1
Authorization server
Token (T1)
Resource Action Scope
R1 read R1_read
R1 write R1_write
R2 read R2_read
Token Scope
T1 R1_read
T2 R1_read
T3 R2_read
T3 R2_write
Is T1 authorized for R1_read?
Now …
How to get a token?
Access On Behalf of a User
Eg: A web app wants to access photos stored in PhotoServer
Web app
Access photos in collection A
I need a Oauth2 token
with scope “photos_A”
PhotoServer
Access On Behalf of a User (Ctd...)
Eg: A web app wants to access photos stored in PhotoServer
Web app
PhotoServer
Client ID
Client secret
1. Register webapp
2. Generate client ID / client secret
3. Configure callback URL
4. Configure OAuth2 URLs
5. Set client ID / client secret
Application Developer
Access On Behalf of a User (Ctd...)
Eg: A web app wants to access photos stored in PhotoServer
Web app
PhotoServer
Client ID
Client secret
Auth code
Access On Behalf of a User (Ctd...)
Eg: A web app wants to access photos stored in PhotoServer
PhotoServer
Web app
Client ID
Client secret
5. Send Token
Client – One who wants to
access the resource
E.g. Web app
Observations
E.g. A web app want to access photos stored in PhotoServer
Web app
User – One who has permissions
to the resource
E.g. Jane – Jane's web browser
Resource server – One who
contains the resource
Authorization server – One who
grants access to the resource
E.g. Facebook
PhotoServer
Delegating the authorization
Web app PhotoServer
Authorization
server
1. Access web app
Delegating the authorization (Ctd...)
Web app PhotoServer
Authorization server
7. Request photos
6.Tokengiven
Delegating the authorization (Ctd...)
Web app PhotoServer
Authorization server
8. Validate token for
scope “photos_A”
9. Validation response
Token Scope
T1 photos_A
T2 photos_B
T3 photos_A
T3 photos_B
Federated Access to APIs
Federated Access to APIs
Self Contained Access Tokens
Multiple OAuth2 Apps with No Shared Credentials
Multiple OAuth2 Apps with No Shared Credentials
(Self-issued JWT)
Accessing APIs via desktop clients (kerberos)
Token Exchange
Fine-grained access control for APIs
OAuth 2.0 is for delegated access control.
Can we extend this for authentication?
A Simple Approach...
Similar to clients are authorized to access resources,
clients can be authorized to access user data
Web app
Log in
Identity
server
Read Jane's profile
OpenID Connect SSO
Web app
1. Log in
3. Authenticate
4. Auth code
Client ID
Secret
Auth code
Identity
server
6.
OpenID Connect SSO (Ctd...)
Web app
Client ID
Secret
Auth code
Identity
server
Access token:
Authorizes user info access
ID token:
Authenticates the user
OpenID Connect SSO (Ctd...)
Web app
Identity
server
8.
First name: Jane
Address: 65, Ed..
Tel: +61 93...
Adding Users
WSO2 IS Management Console
Adding Users? (Ctd..)
Hot deploy multiple user stores
Adding Users? (Ctd..)
SCIM – System for Cross-domain Identity Management
SCIM endpoints
Adding Users? (Ctd..)
curl -v -k --user admin:admin
--data "{"schemas":[],"name":{"familyName":"Ekanayake","givenName":"Chathura"},
"userName":"chathura","password":"pass123", …........}"
--header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
Adding Users to Many Other Parties...
Identity server
Identity server
Logistics
Head office
Accounting
Add user to all Identity Servers!
Username: saman
Password: saman123
Email: saman@wso2.com
Username: saman
Password: saman123
Email: saman@wso2.com
Username: saman
Password: saman123
Email: saman@wso2.com
Federated Provisioning
Identity server
Identity server
Identity server
Logistics
Head office
Accounting
Username: saman
Password: saman123
Email: saman@wso2.com
Username: saman
Password: saman123
Email: saman@wso2.com
Username: saman
Password: saman123
Email: saman@wso2.com
Provisioning Bridge
IS1 - Logistics
SCIM
endpoint IDP - IS2
SCIM SPML
IS2 – Head office
SCIM
endpoint
WS
SCIM
SCIM
SOAP
Integrating External User Stores
Identity
server
Logistics
Identity server
Head office
Username: jane
Password: jane123
Email:
saman@wso2.com
1. Access request
2 .Auth request
3. Auth
request
4. Auth
response
IS1
User store
5. Add user
Thank You!

Mais conteúdo relacionado

Mais procurados

Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Chris Gillum
 
Building a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsBuilding a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsJoonas Westlin
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOPeter Selch Dahl
 
Deploying your static web app to the Cloud
Deploying your static web app to the CloudDeploying your static web app to the Cloud
Deploying your static web app to the CloudChristoffer Noring
 
[WSO2Con EU 2017] Microservice Architecture (MSA) and Integration Microservices
[WSO2Con EU 2017] Microservice Architecture (MSA) and Integration Microservices[WSO2Con EU 2017] Microservice Architecture (MSA) and Integration Microservices
[WSO2Con EU 2017] Microservice Architecture (MSA) and Integration MicroservicesWSO2
 
[WSO2Con EU 2017] Ballerina Connectors for Seamless Integration
[WSO2Con EU 2017] Ballerina Connectors for Seamless Integration[WSO2Con EU 2017] Ballerina Connectors for Seamless Integration
[WSO2Con EU 2017] Ballerina Connectors for Seamless IntegrationWSO2
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthKashif Imran
 
SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...Liam Cleary [MVP]
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active DirectoryPavel Revenkov
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...SPC Adriatics
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2
 
DevSum: Azure AD B2C Application security made easy
DevSum: Azure AD B2C Application security made easyDevSum: Azure AD B2C Application security made easy
DevSum: Azure AD B2C Application security made easySjoukje Zaal
 
Azure Saturday: External Collaboration With Azure AD B2B
Azure Saturday:  External Collaboration With Azure AD B2BAzure Saturday:  External Collaboration With Azure AD B2B
Azure Saturday: External Collaboration With Azure AD B2BSjoukje Zaal
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustKanio Dimitrov
 
Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Stormpath
 
Dear Azure: External collaboration with Azure AD B2B
Dear Azure: External collaboration with Azure AD B2BDear Azure: External collaboration with Azure AD B2B
Dear Azure: External collaboration with Azure AD B2BSjoukje Zaal
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Kris Wagner
 
Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authenticationjeremysbrown
 

Mais procurados (20)

Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
Easy Auth Overview - Tokyo Azure Meetup - Feb 2018
 
Building a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable FunctionsBuilding a document e-signing workflow with Azure Durable Functions
Building a document e-signing workflow with Azure Durable Functions
 
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...
 
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
WSO2Con USA 2017: Multi-tenanted, Role-based Identity & Access Management sol...
 
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSOColabora.dk - Azure PTA vs ADFS vs Desktop SSO
Colabora.dk - Azure PTA vs ADFS vs Desktop SSO
 
Deploying your static web app to the Cloud
Deploying your static web app to the CloudDeploying your static web app to the Cloud
Deploying your static web app to the Cloud
 
[WSO2Con EU 2017] Microservice Architecture (MSA) and Integration Microservices
[WSO2Con EU 2017] Microservice Architecture (MSA) and Integration Microservices[WSO2Con EU 2017] Microservice Architecture (MSA) and Integration Microservices
[WSO2Con EU 2017] Microservice Architecture (MSA) and Integration Microservices
 
[WSO2Con EU 2017] Ballerina Connectors for Seamless Integration
[WSO2Con EU 2017] Ballerina Connectors for Seamless Integration[WSO2Con EU 2017] Ballerina Connectors for Seamless Integration
[WSO2Con EU 2017] Ballerina Connectors for Seamless Integration
 
SharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims AuthSharePoint, ADFS and Claims Auth
SharePoint, ADFS and Claims Auth
 
SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...SharePoint Saturday The Conference DC - How the client object model saved the...
SharePoint Saturday The Conference DC - How the client object model saved the...
 
Windows Azure Active Directory
Windows Azure Active DirectoryWindows Azure Active Directory
Windows Azure Active Directory
 
Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...Understanding SharePoint Apps, authentication and authorization infrastructur...
Understanding SharePoint Apps, authentication and authorization infrastructur...
 
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
WSO2Con USA 2017: Managing Verifone’s New Payment Device “Carbon” with WSO2’s...
 
DevSum: Azure AD B2C Application security made easy
DevSum: Azure AD B2C Application security made easyDevSum: Azure AD B2C Application security made easy
DevSum: Azure AD B2C Application security made easy
 
Azure Saturday: External Collaboration With Azure AD B2B
Azure Saturday:  External Collaboration With Azure AD B2BAzure Saturday:  External Collaboration With Azure AD B2B
Azure Saturday: External Collaboration With Azure AD B2B
 
Tokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, AugustTokyo azure meetup #8 - Azure Update, August
Tokyo azure meetup #8 - Azure Update, August
 
Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101Mobile Authentication for iOS Applications - Stormpath 101
Mobile Authentication for iOS Applications - Stormpath 101
 
Dear Azure: External collaboration with Azure AD B2B
Dear Azure: External collaboration with Azure AD B2BDear Azure: External collaboration with Azure AD B2B
Dear Azure: External collaboration with Azure AD B2B
 
Microsoft Azure Identity and O365
Microsoft Azure Identity and O365Microsoft Azure Identity and O365
Microsoft Azure Identity and O365
 
Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authentication
 

Destaque

WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...
WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...
WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...WSO2
 
WSO2Con USA 2017: Positioning WSO2 for Quicker Uptake
WSO2Con USA 2017: Positioning WSO2 for Quicker UptakeWSO2Con USA 2017: Positioning WSO2 for Quicker Uptake
WSO2Con USA 2017: Positioning WSO2 for Quicker UptakeWSO2
 
WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...
WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...
WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...WSO2
 
WSO2Con USA 2017: Providing a Pathway from Stovepipe Systems to a Secure SOA ...
WSO2Con USA 2017: Providing a Pathway from Stovepipe Systems to a Secure SOA ...WSO2Con USA 2017: Providing a Pathway from Stovepipe Systems to a Secure SOA ...
WSO2Con USA 2017: Providing a Pathway from Stovepipe Systems to a Secure SOA ...WSO2
 
WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2
WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2
WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2WSO2
 
WSO2Con USA 2017: Building a Successful Delivery Team for Customer Success
WSO2Con USA 2017: Building a Successful Delivery Team for Customer SuccessWSO2Con USA 2017: Building a Successful Delivery Team for Customer Success
WSO2Con USA 2017: Building a Successful Delivery Team for Customer SuccessWSO2
 
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2
 
WSO2Con USA 2017: IoT in Airline Operations
WSO2Con USA 2017: IoT in Airline OperationsWSO2Con USA 2017: IoT in Airline Operations
WSO2Con USA 2017: IoT in Airline OperationsWSO2
 
WSO2Con USA 2017: Keynote - The Blockchain’s Digital Disruption
WSO2Con USA 2017: Keynote - The Blockchain’s Digital DisruptionWSO2Con USA 2017: Keynote - The Blockchain’s Digital Disruption
WSO2Con USA 2017: Keynote - The Blockchain’s Digital DisruptionWSO2
 
Role of integration in Digital Transformation
Role of integration in Digital TransformationRole of integration in Digital Transformation
Role of integration in Digital TransformationWSO2
 
WSO2Con USA 2017: DevOps Best Practices in 7 Steps
WSO2Con USA 2017: DevOps Best Practices in 7 StepsWSO2Con USA 2017: DevOps Best Practices in 7 Steps
WSO2Con USA 2017: DevOps Best Practices in 7 StepsWSO2
 
WSO2Con USA 2017: Integrating Systems for University of Exeter using Zero and...
WSO2Con USA 2017: Integrating Systems for University of Exeter using Zero and...WSO2Con USA 2017: Integrating Systems for University of Exeter using Zero and...
WSO2Con USA 2017: Integrating Systems for University of Exeter using Zero and...WSO2
 
WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...
WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...
WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...WSO2
 
WSO2Con USA 2017: Identity Solution Patterns
WSO2Con USA 2017: Identity Solution PatternsWSO2Con USA 2017: Identity Solution Patterns
WSO2Con USA 2017: Identity Solution PatternsWSO2
 
WSO2Con USA 2017: Building an Effective API Architecture
WSO2Con USA 2017: Building an Effective API ArchitectureWSO2Con USA 2017: Building an Effective API Architecture
WSO2Con USA 2017: Building an Effective API ArchitectureWSO2
 
Java Performance and Profiling
Java Performance and ProfilingJava Performance and Profiling
Java Performance and ProfilingWSO2
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application DevelopersWSO2
 
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...WSO2
 
Identity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationIdentity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationWSO2
 
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2WSO2
 

Destaque (20)

WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...
WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...
WSO2Con USA 2017: Rise to the Challenge with WSO2 Identity Server and WSO2 AP...
 
WSO2Con USA 2017: Positioning WSO2 for Quicker Uptake
WSO2Con USA 2017: Positioning WSO2 for Quicker UptakeWSO2Con USA 2017: Positioning WSO2 for Quicker Uptake
WSO2Con USA 2017: Positioning WSO2 for Quicker Uptake
 
WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...
WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...
WSO2Con USA 2017: Iterative Architecture: A Pragmatic Approach to Digital Tra...
 
WSO2Con USA 2017: Providing a Pathway from Stovepipe Systems to a Secure SOA ...
WSO2Con USA 2017: Providing a Pathway from Stovepipe Systems to a Secure SOA ...WSO2Con USA 2017: Providing a Pathway from Stovepipe Systems to a Secure SOA ...
WSO2Con USA 2017: Providing a Pathway from Stovepipe Systems to a Secure SOA ...
 
WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2
WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2
WSO2Con USA 2017: WSO2 Partner Program – Engaging with WSO2
 
WSO2Con USA 2017: Building a Successful Delivery Team for Customer Success
WSO2Con USA 2017: Building a Successful Delivery Team for Customer SuccessWSO2Con USA 2017: Building a Successful Delivery Team for Customer Success
WSO2Con USA 2017: Building a Successful Delivery Team for Customer Success
 
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
WSO2Con USA 2017: Journey of Migration from Legacy ESB to Modern WSO2 ESB Pla...
 
WSO2Con USA 2017: IoT in Airline Operations
WSO2Con USA 2017: IoT in Airline OperationsWSO2Con USA 2017: IoT in Airline Operations
WSO2Con USA 2017: IoT in Airline Operations
 
WSO2Con USA 2017: Keynote - The Blockchain’s Digital Disruption
WSO2Con USA 2017: Keynote - The Blockchain’s Digital DisruptionWSO2Con USA 2017: Keynote - The Blockchain’s Digital Disruption
WSO2Con USA 2017: Keynote - The Blockchain’s Digital Disruption
 
Role of integration in Digital Transformation
Role of integration in Digital TransformationRole of integration in Digital Transformation
Role of integration in Digital Transformation
 
WSO2Con USA 2017: DevOps Best Practices in 7 Steps
WSO2Con USA 2017: DevOps Best Practices in 7 StepsWSO2Con USA 2017: DevOps Best Practices in 7 Steps
WSO2Con USA 2017: DevOps Best Practices in 7 Steps
 
WSO2Con USA 2017: Integrating Systems for University of Exeter using Zero and...
WSO2Con USA 2017: Integrating Systems for University of Exeter using Zero and...WSO2Con USA 2017: Integrating Systems for University of Exeter using Zero and...
WSO2Con USA 2017: Integrating Systems for University of Exeter using Zero and...
 
WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...
WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...
WSO2Con USA 2017: Implementing a Modern API Management Solution that Benefits...
 
WSO2Con USA 2017: Identity Solution Patterns
WSO2Con USA 2017: Identity Solution PatternsWSO2Con USA 2017: Identity Solution Patterns
WSO2Con USA 2017: Identity Solution Patterns
 
WSO2Con USA 2017: Building an Effective API Architecture
WSO2Con USA 2017: Building an Effective API ArchitectureWSO2Con USA 2017: Building an Effective API Architecture
WSO2Con USA 2017: Building an Effective API Architecture
 
Java Performance and Profiling
Java Performance and ProfilingJava Performance and Profiling
Java Performance and Profiling
 
Identity Management for Web Application Developers
Identity Management for Web Application DevelopersIdentity Management for Web Application Developers
Identity Management for Web Application Developers
 
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
WSO2Con USA 2017: Building Enterprise Grade IoT Architectures for Digital Tra...
 
Identity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital TransformationIdentity and Access Management in the Era of Digital Transformation
Identity and Access Management in the Era of Digital Transformation
 
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
Detecção de Fraudes em Licitações Usando Batch Analytics com WSO2
 

Semelhante a WSO2Con USA 2017: Building a Secure Enterprise

CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)Sam Bowne
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdfTomasz Kopacz
 
SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)Kashif Imran
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaRyan Cuprak
 
Developing an intranet on office 365
Developing an intranet on office 365Developing an intranet on office 365
Developing an intranet on office 365Eric Shupps
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
Back to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOABack to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOASage Computing Services
 
HTML5 Server Sent Events/JSF JAX 2011 Conference
HTML5 Server Sent Events/JSF  JAX 2011 ConferenceHTML5 Server Sent Events/JSF  JAX 2011 Conference
HTML5 Server Sent Events/JSF JAX 2011 ConferenceRoger Kitain
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development WorkshopEric Shupps
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RSFrank Kim
 
Paul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & syncPaul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & syncmdevtalk
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
Hacking 101 (Session 2)
Hacking 101  (Session 2)Hacking 101  (Session 2)
Hacking 101 (Session 2)Nitroxis Sprl
 
SoftLayer API 12032015
SoftLayer API  12032015SoftLayer API  12032015
SoftLayer API 12032015Nacho Daza
 
Site activity & performance analysis
Site activity & performance analysisSite activity & performance analysis
Site activity & performance analysisEyal Vardi
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra,  API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra,  API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...CA API Management
 
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...Amazon Web Services
 
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...Amazon Web Services
 

Semelhante a WSO2Con USA 2017: Building a Secure Enterprise (20)

CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
CNIT 128: 6: Mobile services and mobile Web (part 1: Beginning Through OAuth)
 
24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf24032022 Zero Trust for Developers Pub.pdf
24032022 Zero Trust for Developers Pub.pdf
 
SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)SharePoint Client Object Model (CSOM)
SharePoint Client Object Model (CSOM)
 
Containerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS LambdaContainerless in the Cloud with AWS Lambda
Containerless in the Cloud with AWS Lambda
 
Developing an intranet on office 365
Developing an intranet on office 365Developing an intranet on office 365
Developing an intranet on office 365
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
Back to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOABack to basics: Simple database web services without the need for SOA
Back to basics: Simple database web services without the need for SOA
 
Sharepoint Online
Sharepoint OnlineSharepoint Online
Sharepoint Online
 
HTML5 Server Sent Events/JSF JAX 2011 Conference
HTML5 Server Sent Events/JSF  JAX 2011 ConferenceHTML5 Server Sent Events/JSF  JAX 2011 Conference
HTML5 Server Sent Events/JSF JAX 2011 Conference
 
SharePoint and Office Development Workshop
SharePoint and Office Development WorkshopSharePoint and Office Development Workshop
SharePoint and Office Development Workshop
 
Rest Security with JAX-RS
Rest Security with JAX-RSRest Security with JAX-RS
Rest Security with JAX-RS
 
AWS IoT Deep Dive
AWS IoT Deep DiveAWS IoT Deep Dive
AWS IoT Deep Dive
 
Paul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & syncPaul Lammertsma: Account manager & sync
Paul Lammertsma: Account manager & sync
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
Hacking 101 (Session 2)
Hacking 101  (Session 2)Hacking 101  (Session 2)
Hacking 101 (Session 2)
 
SoftLayer API 12032015
SoftLayer API  12032015SoftLayer API  12032015
SoftLayer API 12032015
 
Site activity & performance analysis
Site activity & performance analysisSite activity & performance analysis
Site activity & performance analysis
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra,  API Architec...Understanding Identity in the World of Web APIs – Ronnie Mitra,  API Architec...
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
 
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
AWS CloudTrail to Track AWS Resources in Your Account (SEC207) | AWS re:Inven...
 
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
(SEC309) Amazon VPC Configuration: When Least Privilege Meets the Penetration...
 

Mais de WSO2

How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
 A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
 Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 
API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)WSO2
 

Mais de WSO2 (20)

How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
 A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
 Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 
API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)API Revisions - WSO2 API Manager Community Call (10/27/2021)
API Revisions - WSO2 API Manager Community Call (10/27/2021)
 

Último

UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceMartin Humpolec
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdfJamie (Taka) Wang
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?SANGHEE SHIN
 

Último (20)

UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
Things you didn't know you can use in your Salesforce
Things you didn't know you can use in your SalesforceThings you didn't know you can use in your Salesforce
Things you didn't know you can use in your Salesforce
 
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
20200723_insight_release_plan_v6.pdf20200723_insight_release_plan_v6.pdf
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?Do we need a new standard for visualizing the invisible?
Do we need a new standard for visualizing the invisible?
 

WSO2Con USA 2017: Building a Secure Enterprise

  • 1. Building a Secure Enterprise Johann Dilantha Nallathamby Technical Lead WSO2 Rushmin Fernando Technical Lead WSO2
  • 2. Agenda • WSO2 Identity Server Architecture • SAML2 Single Sign-On/Single Logout • XACML 3.0 • OAuth 2.0 • OpenID Connect • User Management • SCIM 2.0 • Plugging an external Identity Store • Identity Cloud
  • 4. SAML SSO Identity provider (e.g. WSO2 IS) Service provider (e.g. inventory) User data
  • 5. SAML SSO - User Experience
  • 6. SAML SSO - Login to Another Service Provider Identity provider (e.g. WSO2 IS) Service provider 2 (e.g. Accounts dept.) User data Service provider 1 (e.g. inventory) 4. Bypass login page
  • 7. SAML SSO Identity provider (e.g. WSO2 IS) Service provider 1 (SP1) Service provider 2 (SP2) Session ID SP IS1 SP1 IS1 SP2 IS2 SP2
  • 8. SAML Single Logout Identity provider (e.g. WSO2 IS) Service provider 1 (SP1) Service provider 2 (SP2) Session ID SP IS1 SP1 IS1 SP2 IS2 SP2 Logout (session: S1)
  • 9. What the User Can Do... Service provider 1 (SP1) /data/files /data/archives /data/visualize /data/details User = Jane User = David User = Tao
  • 10. What the User Can Do (Ctd...) Service provider 1 (SP1) User = Jane User = David User = Tao Access control policy If user = Tao and resource = /data/archives Permit. If role = Clark and action = write Deny. If role = Manager and resource = /data/files Permit.
  • 11. XACML - Architecture /data/files /data/archives /data/visualize /data/details Policy decision Point If user = jane Permit. If role = clark and Action = write Deny. Policy Store Policy Administration Point Policy Enforcement Point(PEP) User = Tao User = David User = Jane
  • 12. XACML - Policy Decision Flow Policy Enforcement Point(PEP) User = Jane User = David User = Tao Service provider 1 (SP1) /data/files /data/archives /data/visualize /data/details Policy decision point If user = jane Permit. If role = clark and Action = write Deny. Access policy 1
  • 13. XACML - Policy Policy Target Rule (effect = permit) Target Condition Rule …...... Rule …...... Activation conditions for the rule set Activation conditions for the rule Conditions for the rule Decision if target and condition are true
  • 14. XACML - Policy (Ctd...) <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="BankOne_account_access_policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0"> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/bankone/accounts/*</AttributeValue> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Rule Effect="Permit" RuleId="update_accounts_rule"> …. </Rule> ….... </Policy> If resource matches /bankone/accounts/* Activation conditions for the rule set
  • 15. XACML - Policy (Rules) <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="BankOne_account_access_policy" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides" Version="1.0"> <Target> ..... </Target> <Rule Effect="Permit" RuleId="update_accounts_rule"> <Target> <AnyOf> <AllOf> <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <AttributeValue DataType="...#string">/bankone/accounts/update/*</AttributeValue> <AttributeDesignator AttributeId="...:resource:resource-id" Category="...:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Match> </AllOf> </AnyOf> </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:any-of"> <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">manager</AttributeValue> <AttributeDesignator AttributeId="http://wso2.org/claims/role" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/> </Apply> </Condition> </Rule> <Rule Effect="Permit" RuleId="read_accounts_rule"> … </Rule> </Policy> Permit if conditions satisfy If resource matches /bankone/accounts/update/* If role is manager
  • 16. XACML Request <Request xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" CombinedDecision="false" ReturnPolicyIdList="false"> <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" IncludeInResult="false"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">bob</AttributeValue> </Attribute> </Attributes> <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> <Attribute AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" IncludeInResult="false"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/bankone/accounts/read/a1</AttributeValue> </Attribute> </Attributes> </Request> Subject = bob Resource = /bankone/accounts/read/a1
  • 17. XACML - Policy Enforcement Policy Enforcement Point(PEP) User = Jane User = David User = Tao Service provider 1 (SP1) /data/files /data/archives /data/visualize /data/details Policy decision If user = jane Permit. If role = clark and Action = write Deny. Access policy 1
  • 18. XACML - Policy Enforcement WSO2 ESB Proxy service Entitlement Service provider 1 (SP1) On accept On reject SendDrop Property [Set user] Property [Set resource] Policy decision (WSO2 IS)
  • 19. Render menu items in a web app based on the logged- in user’s fine-grained permissions
  • 21. Bring a Token... Service provider Access resource R1 Does the user has permission to access R1? Service provider Access resource R1 Check if R1 is authorized for the given token Token
  • 22. But.. How does a user get a token? How do we know if a given token has permission to access a resource?
  • 23. OAuth 2.0 •Access is granted to authorized tokens •Users obtain tokens from an authorization server •Resource servers validate the authorization of a token with authorization server Tokens are authorized for scopes Each protected resource + action has to be mapped to a scope
  • 24. OAuth 2.0 (Ctd...) Service provider Read resource R1 Authorization server Token (T1) Resource Action Scope R1 read R1_read R1 write R1_write R2 read R2_read Token Scope T1 R1_read T2 R1_read T3 R2_read T3 R2_write Is T1 authorized for R1_read?
  • 25. Now … How to get a token?
  • 26. Access On Behalf of a User Eg: A web app wants to access photos stored in PhotoServer Web app Access photos in collection A I need a Oauth2 token with scope “photos_A” PhotoServer
  • 27. Access On Behalf of a User (Ctd...) Eg: A web app wants to access photos stored in PhotoServer Web app PhotoServer Client ID Client secret 1. Register webapp 2. Generate client ID / client secret 3. Configure callback URL 4. Configure OAuth2 URLs 5. Set client ID / client secret Application Developer
  • 28. Access On Behalf of a User (Ctd...) Eg: A web app wants to access photos stored in PhotoServer Web app PhotoServer Client ID Client secret Auth code
  • 29. Access On Behalf of a User (Ctd...) Eg: A web app wants to access photos stored in PhotoServer PhotoServer Web app Client ID Client secret 5. Send Token
  • 30. Client – One who wants to access the resource E.g. Web app Observations E.g. A web app want to access photos stored in PhotoServer Web app User – One who has permissions to the resource E.g. Jane – Jane's web browser Resource server – One who contains the resource Authorization server – One who grants access to the resource E.g. Facebook PhotoServer
  • 31. Delegating the authorization Web app PhotoServer Authorization server 1. Access web app
  • 32. Delegating the authorization (Ctd...) Web app PhotoServer Authorization server 7. Request photos 6.Tokengiven
  • 33. Delegating the authorization (Ctd...) Web app PhotoServer Authorization server 8. Validate token for scope “photos_A” 9. Validation response Token Scope T1 photos_A T2 photos_B T3 photos_A T3 photos_B
  • 37. Multiple OAuth2 Apps with No Shared Credentials
  • 38. Multiple OAuth2 Apps with No Shared Credentials (Self-issued JWT)
  • 39. Accessing APIs via desktop clients (kerberos)
  • 42. OAuth 2.0 is for delegated access control. Can we extend this for authentication?
  • 43. A Simple Approach... Similar to clients are authorized to access resources, clients can be authorized to access user data Web app Log in Identity server Read Jane's profile
  • 44. OpenID Connect SSO Web app 1. Log in 3. Authenticate 4. Auth code Client ID Secret Auth code Identity server
  • 45. 6. OpenID Connect SSO (Ctd...) Web app Client ID Secret Auth code Identity server Access token: Authorizes user info access ID token: Authenticates the user
  • 46. OpenID Connect SSO (Ctd...) Web app Identity server 8. First name: Jane Address: 65, Ed.. Tel: +61 93...
  • 47. Adding Users WSO2 IS Management Console
  • 48. Adding Users? (Ctd..) Hot deploy multiple user stores
  • 49. Adding Users? (Ctd..) SCIM – System for Cross-domain Identity Management SCIM endpoints
  • 50. Adding Users? (Ctd..) curl -v -k --user admin:admin --data "{"schemas":[],"name":{"familyName":"Ekanayake","givenName":"Chathura"}, "userName":"chathura","password":"pass123", …........}" --header "Content-Type:application/json" https://localhost:9443/wso2/scim/Users
  • 51. Adding Users to Many Other Parties... Identity server Identity server Logistics Head office Accounting Add user to all Identity Servers! Username: saman Password: saman123 Email: saman@wso2.com Username: saman Password: saman123 Email: saman@wso2.com Username: saman Password: saman123 Email: saman@wso2.com
  • 52. Federated Provisioning Identity server Identity server Identity server Logistics Head office Accounting Username: saman Password: saman123 Email: saman@wso2.com Username: saman Password: saman123 Email: saman@wso2.com Username: saman Password: saman123 Email: saman@wso2.com
  • 53. Provisioning Bridge IS1 - Logistics SCIM endpoint IDP - IS2 SCIM SPML IS2 – Head office SCIM endpoint WS SCIM SCIM SOAP
  • 54. Integrating External User Stores Identity server Logistics Identity server Head office Username: jane Password: jane123 Email: saman@wso2.com 1. Access request 2 .Auth request 3. Auth request 4. Auth response IS1 User store 5. Add user