SlideShare ist ein Scribd-Unternehmen logo

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API Management

FIWARE
FIWARE

Presentation by Álvaro Alonso Research Professor, UPM FIWARE Tech Summit 28-29 November, 2017 Malaga, Spain

Technologie
1 von 36
Downloaden Sie, um offline zu lesen
Adding Identity Management, Access Control and API Management in your system A complete framework for Identity, Access Control and API Management Álvaro Alonso FIWARE Security Chapter
Identity Manager 2
Identity Manager 3 Account
OAuth 2.0 4
OAuth 2.0 Login with
OAuth 2.0 ▪  Mechanism to provide applications access to restricted resources without sharing credentials. •  Applications use access tokens, issued by OAuth providers (e.g. FIWARE), to access resources. •  OAuth 2.0 specification is designed for use with HTTP. ▪  Roles: •  Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) •  Resource Server: Server hosting protected resources. •  Client: Application making protected resource requests on behalf of the resource owner. •  Authorization Server: The server issuing access tokens to the client.
OAuth 2.0 ▪  Authorization Code Grant ▪  Implicit Grant ▪  Resource Owner Password Credentials Grant ▪  Client Credentials Grant
OAuth 2.0 Architecture Authorization Code Grant OAuth Provider account.lab.fiware.org
OAuth 2.0 Architecture Implicit Grant OAuth Provider account.lab.fiware.org
OAuth 2.0 Architecture Resource Owner Password Credentials Grant OAuth Provider account.lab.fiware.org
OAuth 2.0 Architecture Client Credentials Grant OAuth Provider account.lab.fiware.org
OAuth 2.0 Libraries ▪  http://oauth.net/2/ •  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. ▪  Example using Node.js •  https://github.com/ging/oauth2-example-client 12
OAuth2 credentials in FIWARE Account
Getting protected user info 14 Web App Account OAuth2 requests flow access-token OAuthLibrary Request user info using access-token GET /user?access_token={token}
Web Applications and GEs 15 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token
Securing your back-end 16 Back-end Apps Account Request + access-token Web App Oauth Library PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token GET https://PEP_PROXY HTTP/1.1 Host: PEP_PROXY_hostname X-Auth-Token: access_token
PEP Proxy in FIWARE Lab Account
Securing your back-end ▪  Level 1: Authentication •  Check if a user has a FIWARE account ▪  Level 2: Basic Authorization •  Checks if a user has permissions to access a resource •  HTTP verb + resource path ▪  Level 3: Advanced Authorization •  Custom XACML policies
Level 1: Authentication 19 Back-end Apps Account Request + access-token Web App Oauth Library PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token
Level 2: Basic Authorization 20 Back-end Apps Account Request + access-token Web App Oauth Library PEP Proxy access-token OK + user info Oauth2 flows access_token Authz PDP GE XACML <Request>: roles + verb + path OK Basic RBAC policies in XACML (simple role permissions)
Level 2: Basic Authorization
Level 3: Advanced Authorization 22 Back-end Apps Account Request + access-token Web App Oauth Library PEP Proxy extension Oauth2 flows access_token Auth PDP GE access-token OK + user info XACML <Request>: roles + verb + path OK More generic ABAC policies in XACML (custom XACML Rules)
Level 3: Advanced Authorization
APInf & PEP Proxy Back-end Request + API Key Web App Back-end Back-end Back-end
APInf & PEP Proxy Back end App Account Request + access-token Web App Oauth Library PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token Back end App Back end App Back end App
IoT Authentication ▪ Context Broker •  IoT Management •  Publish / subscribe model □ Context producers □ Context consumers ▪ Sensors Authentication •  Sensor registration in IdM applications •  Each sensor has its own account □ Token creation and validation
IoT Authentication 27 Context Broker Account OK + user info (roles) Context Producer / Consumer access-token update / query Token creaon
IoT Sensors in FIWARE Account
Security GEs ▪  Identity Management – Keyrock ▪  Authorization PDP – AuthZForce ▪  PEP Proxy – Wilma ▪ Get your own infrastructure!!! •  Follow Security GEs Installation and Configuration Guides
Security GEs ▪  Identity Management – Keyrock ▪  Authorization PDP – AuthZForce ▪  PEP Proxy - Wilma
Security GEs – IdM - KeyRock ▪  Keystone + Horizon +Extensions ▪  APIs •  OAuth2 •  Keystone v3 •  SCIM 2.0 ▪  Source Code •  https://github.com/ging/fi-ware-idm ▪  Documentation •  http://catalogue.fiware.org/enablers/identity-management-keyrock ▪  FIWARE OAuth2 Demo: •  https://github.com/ging/oauth2-example-client 31
Security GEs – PEP Proxy - Wilma ▪  Policy Enforcement Point ▪  Compatible with OAuth2 and Keystone tokens ▪  Source code: •  https://github.com/ging/fi-ware-pep-proxy ▪  Documentation •  http://catalogue.fiware.org/enablers/pep-proxy-wilma ▪  Global instance 32
Security GEs – Authorization PDP – AuthZForce (1/2) ▪  Single Open Spec (Authorization PDP GE) & Open Source implementation (GEri Authzforce) of 100% XACML-3.0 standard- compliant and cloud-ready RESTful ABAC framework with XML optimization ▪  Multi-tenant REST API for PDP(s)/PAP(s) ▪  Standards: •  OASIS: XACML 3.0 + Profiles (REST, RBAC, Multiple Decision) •  ISO: Fast Infoset ▪  Extensible: attribute providers (PIP), functions, etc. ▪  PDP clustering 33 By 2020, the majority of enterprises will use ABAC as the dominant mechanism to protect critical assets, up from less than five percent today. (Gartner, 2013) IBAC ABAC RBAC
Security GEs – Authorization PDP – AuthZForce (2/2) ▪  FIWARE catalogue: https://catalogue.fiware.org/enablers/authorization-pdp-authzforce ▪  FIWARE Lab image: authzforce-5.4.1 ▪  Authorization PDP GE’s APIary: http://docs.authorizationpdp.apiary.io/# ▪  AuthzForce (GEri) source code: •  API spec in WADL: https://github.com/authzforce/rest-api-model •  Implementation: https://github.com/authzforce/server/ ▪  AuthzForce distribution •  Ubuntu/Debian-like: .deb / others: .tar.gz on Maven Central: http://central.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/ •  Docker: https://hub.docker.com/r/fiware/authzforce-ce-server/ ▪  Global instance for testing: https://az.lab.fiware.org/authzforce-ce/ ▪  Documentation: http://catalogue.fi-ware.org/enablers/access-control-tha-implementation/documentation 34
One more thing… Account National eID
Thank you! http://fiware.org Follow @FIWARE on Twitter

Empfohlen

KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
Álvaro Alonso González
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Álvaro Alonso González
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
Maxim Salnikov
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service
Nya
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACE
Hannes Tschofenig
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
arpit06055
 
Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
Zeev Shetach
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure
Álvaro Alonso González
 

Empfohlen

KeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWAREKeyRock and Wilma - Openstack-based Identity Management in FIWARE
KeyRock and Wilma - Openstack-based Identity Management in FIWARE
Álvaro Alonso González
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Álvaro Alonso González
 
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted SubjectsHow to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
How to Make Your IoT Devices Secure, Act Autonomously & Trusted Subjects
Maxim Salnikov
 
Verviam Identity Management as a Service
Verviam Identity Management as a Service Verviam Identity Management as a Service
Verviam Identity Management as a Service
Nya
 
UMA for ACE
UMA for ACEUMA for ACE
UMA for ACE
Hannes Tschofenig
 
RSA Secur id for windows
RSA Secur id for windowsRSA Secur id for windows
RSA Secur id for windows
arpit06055
 
Rsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentationRsa authentication manager 8.2 presentation
Rsa authentication manager 8.2 presentation
Zeev Shetach
 
Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure Lesson 5 - Installing Keyrock in your own infrastructure
Lesson 5 - Installing Keyrock in your own infrastructure
Álvaro Alonso González
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
Shiu-Fun Poon
 
Keyrock - Lesson 1. Introduction
Keyrock - Lesson 1. IntroductionKeyrock - Lesson 1. Introduction
Keyrock - Lesson 1. Introduction
Álvaro Alonso González
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
Mike Schwartz
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
Joaquín Salvachúa
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 Provider
ForgeRock
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
Information Security Services SA
 
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of ThingsWSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
WSO2
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
ForgeRock
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
mycroftinc
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Securing Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUESecuring Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUE
WSO2
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overview
Windows Developer
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
inovia
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
Tatyana Kobets
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
EducationTamil
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
Information Security Services SA
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
Álvaro Alonso González
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
FIWARE
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
Pieter Ennes
 

Weitere ähnliche Inhalte

Was ist angesagt?

Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
ForgeRock
 
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of ThingsWSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
WSO2
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
mycroftinc
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
Information Security Services SA
 

Was ist angesagt? (19)

Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 
Keyrock - Lesson 1. Introduction
Keyrock - Lesson 1. IntroductionKeyrock - Lesson 1. Introduction
Keyrock - Lesson 1. Introduction
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
 
Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?Identity Management with the ForgeRock Identity Platform - So What’s New?
Identity Management with the ForgeRock Identity Platform - So What’s New?
 
Shoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 ProviderShoot Me a Token: OpenAM as an OAuth2 Provider
Shoot Me a Token: OpenAM as an OAuth2 Provider
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of ThingsWSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
WSO2Con ASIA 2016: WSO2 IoT Server: Your Foundation for the Internet of Things
 
OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study OpenAM Best Practices - Corelio Media Case Study
OpenAM Best Practices - Corelio Media Case Study
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
Securing Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUESecuring Applications using WSO2 Identity Server and CASQUE
Securing Applications using WSO2 Identity Server and CASQUE
 
Build 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overviewBuild 2017 - B8101 - Windows 10 identity overview
Build 2017 - B8101 - Windows 10 identity overview
 
Safenet Authentication Service, SAS
Safenet Authentication Service, SASSafenet Authentication Service, SAS
Safenet Authentication Service, SAS
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
Flak+technologies
Flak+technologiesFlak+technologies
Flak+technologies
 
Azure active directory
Azure active directoryAzure active directory
Azure active directory
 
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de EntrustISS SA le presenta los Escenarios para IdentityGuard de Entrust
ISS SA le presenta los Escenarios para IdentityGuard de Entrust
 

Ähnlich wie FIWARE Tech Summit - Complete Framework for Identity, Access Control and API Management

FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
FIWARE
 
GSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleGSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 Module
Mayank Sharma
 

Ähnlich wie FIWARE Tech Summit - Complete Framework for Identity, Access Control and API Management (20)

Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
 
Web API 2 Token Based Authentication
Web API 2 Token Based AuthenticationWeb API 2 Token Based Authentication
Web API 2 Token Based Authentication
 
ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2
 
Adding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - ExersicesAdding Identity Management and Access Control to your Application - Exersices
Adding Identity Management and Access Control to your Application - Exersices
 
How to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - IntroductionHow to authenticate users in your apps using FI-WARE Account - Introduction
How to authenticate users in your apps using FI-WARE Account - Introduction
 
FIWARE Identity Management and Access Control
FIWARE Identity Management and Access ControlFIWARE Identity Management and Access Control
FIWARE Identity Management and Access Control
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
FIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access ControlFIWARE Training: Identity Management and Access Control
FIWARE Training: Identity Management and Access Control
 
Social Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID ConnectSocial Single Sign-On with OpenID Connect
Social Single Sign-On with OpenID Connect
 
Secure your app with keycloak
Secure your app with keycloakSecure your app with keycloak
Secure your app with keycloak
 
Application Security in ASP.NET Core
Application Security in ASP.NET CoreApplication Security in ASP.NET Core
Application Security in ASP.NET Core
 
GSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleGSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 Module
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
 
Introduction to sitecore identity
Introduction to sitecore identityIntroduction to sitecore identity
Introduction to sitecore identity
 
FIWARE Identity Manager Exercises
FIWARE Identity Manager ExercisesFIWARE Identity Manager Exercises
FIWARE Identity Manager Exercises
 
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 

Mehr von FIWARE

Behm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxBehm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptx
FIWARE
 
Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf
FIWARE
 
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxChristoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
FIWARE
 
Behm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxBehm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptx
FIWARE
 
Evangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxEvangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptx
FIWARE
 
Lukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxLukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptx
FIWARE
 
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxPierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
FIWARE
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
FIWARE
 
Ulrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxUlrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptx
FIWARE
 
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxAleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
FIWARE
 
Water Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfWater Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdf
FIWARE
 
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxCameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
FIWARE
 
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FIWARE
 
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxBoris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
FIWARE
 
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
FIWARE
 
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfAbdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
FIWARE
 
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FIWARE
 
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxHTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
FIWARE
 
WE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxWE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptx
FIWARE
 
EU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxEU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptx
FIWARE
 

Mehr von FIWARE (20)

Behm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxBehm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptx
 
Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf
 
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxChristoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
 
Behm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxBehm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptx
 
Evangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxEvangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptx
 
Lukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxLukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptx
 
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxPierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
 
Ulrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxUlrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptx
 
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxAleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
 
Water Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfWater Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdf
 
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxCameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
 
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
 
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxBoris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
 
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
 
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfAbdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
 
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
 
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxHTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
 
WE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxWE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptx
 
EU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxEU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptx
 

Kürzlich hochgeladen

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Kürzlich hochgeladen (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

FIWARE Tech Summit - Complete Framework for Identity, Access Control and API Management

  • 1. Adding Identity Management, Access Control and API Management in your system A complete framework for Identity, Access Control and API Management Álvaro Alonso FIWARE Security Chapter
  • 6. OAuth 2.0 ▪  Mechanism to provide applications access to restricted resources without sharing credentials. •  Applications use access tokens, issued by OAuth providers (e.g. FIWARE), to access resources. •  OAuth 2.0 specification is designed for use with HTTP. ▪  Roles: •  Resource Owner: Entity capable of granting access to a protected resource (e.g. end-user) •  Resource Server: Server hosting protected resources. •  Client: Application making protected resource requests on behalf of the resource owner. •  Authorization Server: The server issuing access tokens to the client.
  • 7. OAuth 2.0 ▪  Authorization Code Grant ▪  Implicit Grant ▪  Resource Owner Password Credentials Grant ▪  Client Credentials Grant
  • 8. OAuth 2.0 Architecture Authorization Code Grant OAuth Provider account.lab.fiware.org
  • 9. OAuth 2.0 Architecture Implicit Grant OAuth Provider account.lab.fiware.org
  • 10. OAuth 2.0 Architecture Resource Owner Password Credentials Grant OAuth Provider account.lab.fiware.org
  • 11. OAuth 2.0 Architecture Client Credentials Grant OAuth Provider account.lab.fiware.org
  • 12. OAuth 2.0 Libraries ▪  http://oauth.net/2/ •  PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. ▪  Example using Node.js •  https://github.com/ging/oauth2-example-client 12
  • 13. OAuth2 credentials in FIWARE Account
  • 14. Getting protected user info 14 Web App Account OAuth2 requests flow access-token OAuthLibrary Request user info using access-token GET /user?access_token={token}
  • 15. Web Applications and GEs 15 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token
  • 17. PEP Proxy in FIWARE Lab Account
  • 18. Securing your back-end ▪  Level 1: Authentication •  Check if a user has a FIWARE account ▪  Level 2: Basic Authorization •  Checks if a user has permissions to access a resource •  HTTP verb + resource path ▪  Level 3: Advanced Authorization •  Custom XACML policies
  • 20. Level 2: Basic Authorization 20 Back-end Apps Account Request + access-token Web App Oauth Library PEP Proxy access-token OK + user info Oauth2 flows access_token Authz PDP GE XACML <Request>: roles + verb + path OK Basic RBAC policies in XACML (simple role permissions)
  • 21. Level 2: Basic Authorization
  • 22. Level 3: Advanced Authorization 22 Back-end Apps Account Request + access-token Web App Oauth Library PEP Proxy extension Oauth2 flows access_token Auth PDP GE access-token OK + user info XACML <Request>: roles + verb + path OK More generic ABAC policies in XACML (custom XACML Rules)
  • 23. Level 3: Advanced Authorization
  • 24. APInf & PEP Proxy Back-end Request + API Key Web App Back-end Back-end Back-end
  • 25. APInf & PEP Proxy Back end App Account Request + access-token Web App Oauth Library PEP Proxy access-token OK + user info (roles) Oauth2 flows access_token Back end App Back end App Back end App
  • 26. IoT Authentication ▪ Context Broker •  IoT Management •  Publish / subscribe model □ Context producers □ Context consumers ▪ Sensors Authentication •  Sensor registration in IdM applications •  Each sensor has its own account □ Token creation and validation
  • 28. IoT Sensors in FIWARE Account
  • 29. Security GEs ▪  Identity Management – Keyrock ▪  Authorization PDP – AuthZForce ▪  PEP Proxy – Wilma ▪ Get your own infrastructure!!! •  Follow Security GEs Installation and Configuration Guides
  • 30. Security GEs ▪  Identity Management – Keyrock ▪  Authorization PDP – AuthZForce ▪  PEP Proxy - Wilma
  • 31. Security GEs – IdM - KeyRock ▪  Keystone + Horizon +Extensions ▪  APIs •  OAuth2 •  Keystone v3 •  SCIM 2.0 ▪  Source Code •  https://github.com/ging/fi-ware-idm ▪  Documentation •  http://catalogue.fiware.org/enablers/identity-management-keyrock ▪  FIWARE OAuth2 Demo: •  https://github.com/ging/oauth2-example-client 31
  • 32. Security GEs – PEP Proxy - Wilma ▪  Policy Enforcement Point ▪  Compatible with OAuth2 and Keystone tokens ▪  Source code: •  https://github.com/ging/fi-ware-pep-proxy ▪  Documentation •  http://catalogue.fiware.org/enablers/pep-proxy-wilma ▪  Global instance 32
  • 33. Security GEs – Authorization PDP – AuthZForce (1/2) ▪  Single Open Spec (Authorization PDP GE) & Open Source implementation (GEri Authzforce) of 100% XACML-3.0 standard- compliant and cloud-ready RESTful ABAC framework with XML optimization ▪  Multi-tenant REST API for PDP(s)/PAP(s) ▪  Standards: •  OASIS: XACML 3.0 + Profiles (REST, RBAC, Multiple Decision) •  ISO: Fast Infoset ▪  Extensible: attribute providers (PIP), functions, etc. ▪  PDP clustering 33 By 2020, the majority of enterprises will use ABAC as the dominant mechanism to protect critical assets, up from less than five percent today. (Gartner, 2013) IBAC ABAC RBAC
  • 34. Security GEs – Authorization PDP – AuthZForce (2/2) ▪  FIWARE catalogue: https://catalogue.fiware.org/enablers/authorization-pdp-authzforce ▪  FIWARE Lab image: authzforce-5.4.1 ▪  Authorization PDP GE’s APIary: http://docs.authorizationpdp.apiary.io/# ▪  AuthzForce (GEri) source code: •  API spec in WADL: https://github.com/authzforce/rest-api-model •  Implementation: https://github.com/authzforce/server/ ▪  AuthzForce distribution •  Ubuntu/Debian-like: .deb / others: .tar.gz on Maven Central: http://central.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/ •  Docker: https://hub.docker.com/r/fiware/authzforce-ce-server/ ▪  Global instance for testing: https://az.lab.fiware.org/authzforce-ce/ ▪  Documentation: http://catalogue.fi-ware.org/enablers/access-control-tha-implementation/documentation 34