Diese Präsentation wurde erfolgreich gemeldet.
Die SlideShare-Präsentation wird heruntergeladen. ×

Trusted by Default: The Forge Security & Privacy Model

Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Anzeige
Nächste SlideShare
04 Ego Network Analysis
04 Ego Network Analysis
Wird geladen in …3
×

Hier ansehen

1 von 192 Anzeige

Trusted by Default: The Forge Security & Privacy Model

Herunterladen, um offline zu lesen

Security and trust have become increasingly important requirements for our customers in Cloud. We’re working to make it easier for you to build and maintain secure apps for Atlassian products.

In this session, Engineering Team Lead Dugald Morrow and Principal Product Manager Joël Kalmanowicz will explain how security and trust have been baked into the Forge framework and the benefits the platform can offer you and your users. Learn how much less work it can be to build trusted apps customers will love on Forge by going deep on the safeguards we’re putting in place.

Developers or attendees with some software security experience will get the most out of this session.

Security and trust have become increasingly important requirements for our customers in Cloud. We’re working to make it easier for you to build and maintain secure apps for Atlassian products.

In this session, Engineering Team Lead Dugald Morrow and Principal Product Manager Joël Kalmanowicz will explain how security and trust have been baked into the Forge framework and the benefits the platform can offer you and your users. Learn how much less work it can be to build trusted apps customers will love on Forge by going deep on the safeguards we’re putting in place.

Developers or attendees with some software security experience will get the most out of this session.

Anzeige
Anzeige

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Trusted by Default: The Forge Security & Privacy Model (20)

Anzeige

Weitere von Atlassian (20)

Aktuellste (20)

Anzeige

Trusted by Default: The Forge Security & Privacy Model

  1. 1. Trusted by Default The Forge Security & Privacy Model JOËL KALMANOWICZ | PRINCIPAL PRODUCT MANAGER DUGALD MORROW | SENIOR ENGINEERING TEAM LEAD
  2. 2. Agenda Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  3. 3. Agenda Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  4. 4. 
 Matters Trust
  5. 5. It would be amazing if Atlassian provided a platform for deploying your apps, so that us developers could worry less about security and customers could have more trust in apps’ performance, security, and handling their data. VITALII ZURIAN | CO-FOUNDER | LIZARD BRAIN
  6. 6. Certifications PlatformDevelopers Sources of Trust
  7. 7. Certifications PlatformDevelopers The people writing code, hosting, and running it Sources of Trust
  8. 8. Certifications PlatformDevelopers Third-party review: SOC2, ISO, etc. People writing code, hosting, and running it Sources of Trust
  9. 9. 
 hosting, and running it People writing code, Certifications PlatformDevelopers Third-party review: SOC2, ISO, etc. Distributing code, Sources of Trust
  10. 10. 
 hosting, and running it Certifications PlatformDevelopers Third-party review: SOC2, ISO, etc. People writing code, Distributing code, Sources of Trust
  11. 11. Agenda Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  12. 12. Challenges in Building Trust Simple, secure auth Performance & reliability Control & transparency Data management
  13. 13. Challenges in Building Trust Simple, secure auth
  14. 14. Challenges in Building Trust Secure storage Simple, secure auth
  15. 15. Challenges in Building Trust Secure storage JWT Simple, secure auth
  16. 16. Challenges in Building Trust Secure storage JWT Token exchanges Simple, secure auth
  17. 17. Challenges in Building Trust Performance & reliability Secure storage JWT Token exchanges Simple, secure auth
  18. 18. Challenges in Building Trust Performance & reliability Varies Simple, secure auth
  19. 19. Challenges in Building Trust Simple, secure auth Performance & reliability Varies Customer trust
  20. 20. Challenges in Building Trust Simple, secure auth Performance & reliability Data management Varies Customer trust
  21. 21. Challenges in Building Trust Simple, secure auth Performance & reliability Data isolation Data management
  22. 22. Challenges in Building Trust Simple, secure auth Performance & reliability Data storage Data isolation Data management
  23. 23. Challenges in Building Trust Simple, secure auth Performance & reliability Data storage Data isolation Data egress Data management
  24. 24. Challenges in Building Trust Simple, secure auth Performance & reliability Control & transparency Data management Data storage Data isolation Data egress
  25. 25. Challenges in Building Trust Simple, secure auth Performance & reliability Control & transparency API restrictions Data management
  26. 26. Challenges in Building Trust Simple, secure auth Performance & reliability Control & transparency API restrictions User consent Data management
  27. 27. Agenda Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  28. 28. Forge Security Model
  29. 29. Forge Security Model Hosted Apps
  30. 30. Forge Security Model PermissionsHosted Apps
  31. 31. Forge Security Model Managed auth PermissionsHosted Apps
  32. 32. Forge Security Model EnvironmentsManaged auth PermissionsHosted Apps
  33. 33. Forge Security Model Permits EnvironmentsManaged auth PermissionsHosted Apps
  34. 34. Hosted Apps Forge Security Model Secure & trusted Environments Permissions Managed auth Permits
  35. 35. Agenda Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  36. 36. Node Runtime App IsolateLifecycle Service Invocation ServiceTrigger Service Permissions GraphQL Gateway API Gateway App Bundle Product Server (e.g. Jira) Product Session (Browser) Micros AWS Account Forge AWS Account n VPC CLI (developer’s machine) Forge Architecture
  37. 37. Forge Architecture Runtime <<Node>> Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Events (via Forge Services) UI responses Node Runtime App IsolateLifecycle Service Invocation ServiceTrigger Service Permissions GraphQL Gateway API Gateway App Bundle Product Server (e.g. Jira) Product Session (Browser) Micros AWS Account Forge AWS Account n VPC CLI (developer’s machine)
  38. 38. Forge Architecture Forge Services Atlassian Products and Services
  39. 39. Forge Architecture Forge Services Atlassian Products and Services App Developer CLI
  40. 40. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations
  41. 41. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations Hosted
  42. 42. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations Hosted Reliable
  43. 43. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations Hosted Managed APIs Reliable
  44. 44. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations UI responses
  45. 45. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls UI responses
  46. 46. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls UI responses
  47. 47. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Events (via Forge Services) UI responses
  48. 48. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Webhooks (via Forge Services) UI responses
  49. 49. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Webhooks (via Forge Services) UI responses
  50. 50. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Webhooks (via Forge Services) UI responses
  51. 51. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Webhooks (via Forge Services) UI responses
  52. 52. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Webhooks (via Forge Services) UI responses
  53. 53. Forge AWS Account App Sandbox Node Runtime App Isolate App Bundle Runtime <<Node>>
  54. 54. Node Runtime App Isolate App Bundle App Sandbox Forge AWS Account
  55. 55. Node Runtime App Isolate App Bundle App Sandbox Forge AWS Account
  56. 56. Node Runtime App Isolate App Bundle App Sandbox Forge AWS Account
  57. 57. Node Runtime App Isolate App Bundle App Sandbox Forge AWS Account
  58. 58. Node Runtime App Isolate App Bundle Snapshot App Sandbox Forge AWS Account
  59. 59. Snapshot Creation Polyfills Webpack App code + Forge API + Snapshot
  60. 60. Snapshot Creation Polyfills Webpack Snapshot App code + Forge API +
  61. 61. Snapshot Creation Polyfills Webpack Snapshot App code + Forge API + .asRequestUser()
  62. 62. Snapshot Creation Polyfills Webpack Snapshot App code + Forge API + console.log()
  63. 63. Isolate Polyfills App code Polyfill API
  64. 64. Isolate Runtime Polyfills App code Polyfill API Implementation
  65. 65. Isolate Runtime Polyfills App code Atlassian Logging Service console.log Polyfill API Implementation
  66. 66. Isolate Runtime Polyfills App code hasDataEgressPermit(url) fetch(url) Polyfill API Implementation
  67. 67. Data Isolation
  68. 68. Data Isolation Customer A Customer B App
  69. 69. Data Isolation Customer A Customer B App data = global.cache[issueKey]; data.status = foo; data = global.cache[issueKey]; data.status = bar;
  70. 70. Invocation Service Node Runtime App Bundle App Isolate CALL WITH CONTEXT1 CREATE FROM SNAPSHOT2 INVOKE FUNCTION3 Data Isolation
  71. 71. Invocation Service Node Runtime App Bundle App Isolate CALL WITH CONTEXT1 CREATE FROM SNAPSHOT2 INVOKE FUNCTION3 Data Isolation 1 2 3
  72. 72. Data Isolation Invocation Service Node Runtime App Bundle App Isolate CALL WITH CONTEXT INVOKE FUNCTION 1 3 CREATE FROM SNAPSHOT2 CREATE FROM SNAPSHOT2 1 2 3
  73. 73. Data Isolation Customer A Customer B App Snapshot App
  74. 74. Data Isolation Customer A Customer B App Snapshot App data = global.cache[issueKey]; data.status = foo; data = global.cache[issueKey]; data.status = bar;
  75. 75. Managed Requests Isolate Runtime App code Forge API
  76. 76. Managed Requests Isolate Runtime App code Forge API Implementation
  77. 77. Managed Requests
  78. 78. Managed Requests Secure Simple
  79. 79. Managed Requests Secure SimpleTrust
  80. 80. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests
  81. 81. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests
  82. 82. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests
  83. 83. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests
  84. 84. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests .withJiraPermit()
  85. 85. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests
  86. 86. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests
  87. 87. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests .request(‘/rest/api/3/issue/FOO-123'); .withJiraPermit()
  88. 88. api .asRequestUser() .withJiraPermit() .request(‘/rest/api/3/issue/FOO-123'); Managed Requests .request(‘/rest/api/3/issue/FOO-123');
  89. 89. Agenda Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  90. 90. Runtime <<Node>> Trusted User Interface Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Events (via Forge Services) UI responses
  91. 91. Forge Services Atlassian Products and Services Events Invocations UI responses <json> <user> Trusted User Interface Runtime <<Node>>
  92. 92. App <in runtime> User eventsUI responses <json> Trusted User Interface App UI <Forge UI>
  93. 93. App <in runtime> Sandboxed Trusted User Interface App UI <Forge UI> User eventsUI responses <json>
  94. 94. Declarative UI Sandboxed Trusted User Interface App <in runtime> App UI <Forge UI> User eventsUI responses <json>
  95. 95. No iframes Declarative UI Sandboxed Trusted User Interface App <in runtime> App UI <Forge UI> User eventsUI responses <json>
  96. 96. No iframes Trusted Declarative UI Sandboxed Trusted User Interface App <in runtime> App UI <Forge UI> User eventsUI responses <json>
  97. 97. Agenda Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  98. 98. Permits transparency of risk
  99. 99. Permits transparency of risk
  100. 100. Permits “democratized app installations”
  101. 101. Permits Permissions for apps
  102. 102. Permits Require consent Permissions for apps
  103. 103. Permits Scopes++ Permissions for apps Require consent
  104. 104. Permits Scopes++ Permissions for apps Require consent “consent to risk”
  105. 105. App Permit 0..* “consent to risk” PermitsModel
  106. 106. App Permit 0..* Options 0..* Permits Model
  107. 107. Data egressAPI enrollment Permit Categories
  108. 108. Permits: API Enrollments Product APIs Jira, Confluence, etc
  109. 109. Permits: API Enrollments Product APIs Jira, Confluence, etc OAuth scopes app & user
  110. 110. Permits: API Enrollments
  111. 111. Permits: API Enrollments Permit Jira Confluence
  112. 112. Permits: API Enrollments Scopes app app Permit Jira Confluence
  113. 113. Permits: API Enrollments Permit Scopes Jira Confluence app user app user
  114. 114. Permits: API Enrollments GrantedPermit Scopes Jira Confluence app user app user
  115. 115. Permits: API Enrollments GrantedPermit Scopes Jira Confluence app app user user
  116. 116. Permits: API Enrollments Granted Installation in Jira Installation in Confluence Permit Scopes Jira Confluence app user app user
  117. 117. Permits: API Enrollments GrantedPermit Scopes Jira Confluence Installation in Jiraapp First user request to Jirauser Installation in Confluenceapp user First user request to Confluence
  118. 118. Permits: Data Egress
  119. 119. Permits: Data Egress
  120. 120. Permits: Data Egress Network Egress Web Trigger Response User Agent Egress Entity Egress
  121. 121. Permits: Data Egress Network Egress Web Trigger Response User Agent Egress Entity Egress
  122. 122. Permits: Data Egress Network Egress Origin(s)
  123. 123. Permits: Data Egress Network Egress Web Trigger Response
  124. 124. Permits: Data Egress Network Egress Web Trigger Response Context selection
  125. 125. Permits: Data Egress Network Egress Web Trigger Response Context selection API enrollment
  126. 126. Permits: Data Egress Network Egress Web Trigger Response Origin(s) Context selection API enrollment
  127. 127. Permits: Data Egress Network Egress Web Trigger Response User Agent Egress
  128. 128. Permits: Data Egress Network Egress Web Trigger Response User Agent Egress Origin(s)
  129. 129. Permits: Data Egress Network Egress Web Trigger Response User Agent Egress Entity Egress
  130. 130. Permits: Data Egress Network Egress Web Trigger Response Entity EgressUser Agent Egress Issues Spaces Boards etc
  131. 131. Permits: Data Egress Network Egress Web Trigger Response Entity EgressUser Agent Egress PRIV-123 PUB-456
  132. 132. Permits: Data Egress Network Egress Web Trigger Response Entity EgressUser Agent Egress Entitity type(s)
  133. 133. Permits: Declaration App manifest
  134. 134. Permits: Declaration permits: - jira-api: app-scopes: - read write confluence-api: user-scopes: - write network-egress: origins: - https://api.nasa.gov/ App manifest
  135. 135. permits: - jira-api: app-scopes: - read write confluence-api: user-scopes: - write network-egress: origins: - https://api.nasa.gov/ Permits: Declaration 4 permits
  136. 136. Permits: Declaration permits: - jira-api: app-scopes: - read write confluence-api: user-scopes: - write network-egress: origins: - https://api.nasa.gov/ Read & write as app user
  137. 137. Permits: Declaration permits: - jira-api: app-scopes: - read write confluence-api: user-scopes: - write network-egress: origins: - https://api.nasa.gov/ Write to Confluence with impersonation
  138. 138. Permits: Declaration permits: - jira-api: app-scopes: - read write confluence-api: user-scopes: - write network-egress: origins: - https://api.nasa.gov/ NASA integration
  139. 139. Permit Examples
  140. 140. App Permit 0..* Options 0..* Permit Examples
  141. 141. Permits Example: Update issue app App Permit 0..* Options 0..* Update issue app
  142. 142. Permits Example: Update issue app App Permit 0..* Options 0..* Update issue app jira-api
  143. 143. Permits Example: Update issue app App Permit 0..* Options 0..* Update issue app Scopes: read, writejira-api
  144. 144. Permits Example: Update issue app App Permit 0..* Options 0..* Update issue app Scopes: read, writejira-api
  145. 145. Permits Example: Ping issue app App Permit 0..* Options 0..* Ping issue app
  146. 146. Permits Example: Ping issue app App Permit 0..* Options 0..* Scopes: readjira-api Ping issue app
  147. 147. Permits Example: Ping issue app App Permit 0..* Options 0..* Ping issue app URLs: slack.com Scopes: readjira-api network-egress
  148. 148. Permits Example: Row totals App Permit 0..* Options 0..* Row totals app
  149. 149. App Permit 0..* Options 0..* Scopes: readconfluence-api Permits Example: Row totals Row totals app
  150. 150. Permits Example: Row totals App Permit 0..* Options 0..* Scopes: readconfluence-apiRow totals app
  151. 151. Apps with no Permits
  152. 152. Apps with no Permits “consent to risk”
  153. 153. Apps with no Permits “consent to risk”
  154. 154. No API access Apps with no Permits
  155. 155. No API access No data egress Apps with no Permits
  156. 156. No API access No data egress User Interfaces Apps with no Permits
  157. 157. No API access No data egress User Interfaces109876543210 Apps with no Permits
  158. 158. Apps with no Permits
  159. 159. Completely trusted app capabilitiesApps with no Permits
  160. 160. Completely trusted app capabilities API read access No data egress User Interfaces
  161. 161. Completely trusted app capabilities API read access No data egress User Interfaces
  162. 162. Completely trusted app capabilities API read access No data egress User Interfaces
  163. 163. Completely trusted app capabilities API read access User InterfacesNo data egress Isolated data store
  164. 164. Completely trusted app capabilities API read access User Interfaces No data egress Isolated data store
  165. 165. Summary Hosted apps Trusted UX “trusted baseline”
  166. 166. Summary Hosted apps Trusted UX “trusted baseline” Data egress API access “consent to risk”
  167. 167. Summary “trusted baseline” Trusted UX Hosted apps Local data store Data egress API access “consent to risk” Read API access
  168. 168. Summary Trusted UX Hosted apps Local data store Data egress API access “consent to risk” “trusted baseline” Read API access
  169. 169. Data egress API access “consent to risk” Trusted UX Hosted apps Local data store “trusted baseline” Read API access Summary “democratized app installation”
  170. 170. Agenda Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  171. 171. Forge and Connect Connect Forge
  172. 172. Connect Forge Sandboxing: Forge and Connect
  173. 173. Comparison with Connect iframe + app servers Connect Forge Sandboxing:
  174. 174. Connect Forge iframe + app servers Hosted functionsSandboxing: Comparison with Connect
  175. 175. Connect Forge iframe + app servers Hosted functions Opaque Sandboxing: Data egress: Comparison with Connect
  176. 176. Connect Forge iframe + app servers Hosted functions TransparentOpaque Sandboxing: Data egress: Comparison with Connect
  177. 177. iframe + app servers Hosted functions Transparent Connect Forge Opaque Sandboxing: Data egress: DiverseFlexibility:Functionality: Comparison with Connect
  178. 178. iframe + app servers Hosted functions Transparent Connect Forge Opaque Sandboxing: Data egress: Diverse SpecificFunctionality: Comparison with Connect
  179. 179. Recap Why Trust Matters Development Challenges Security Model Architecture User Interface Permits Forge and Connect
  180. 180. 
 hosting, and running it Sources of Trust Certifications PlatformDevelopers Third-party review: SOC2, ISO, etc. People writing code, Distributing code,
  181. 181. Challenges in Building Trust Simple, secure auth Performance & reliability Control & transparency Data management
  182. 182. Hosted Apps Forge Security Model Secure & trusted Environments Permissions Managed auth Permits
  183. 183. Runtime <<Node>> Forge Architecture Forge Services Atlassian Products and Services App Developer CLI Events Invocations API Calls API Calls Webhooks (via Forge Services) UI responses
  184. 184. Node Runtime App Isolate App Bundle Architecture: App Sandbox Forge AWS Account
  185. 185. Trusted User Interface No iframes Sandboxed Trusted Declarative UI App <in runtime> User eventsUI responses <json> App UI <Forge UI>
  186. 186. Data egress API access “consent to risk” Permits: Summary Hosted apps Trusted UX “trusted baseline”
  187. 187. iframe + app servers Hosted functions Transparent Connect Forge Opaque Sandboxing: Data egress: Diverse SpecificFunctionality: Comparison with Connect
  188. 188. Thank you! JOËL KALMANOWICZ | PRINCIPAL PRODUCT MANAGER DUGALD MORROW | SENIOR ENGINEERING TEAM LEAD
  189. 189. Discussion
  190. 190. Snapshot Creation Polyfills Webpack App code + Forge API + Snapshot
  191. 191. Permits: Data Egress Network Egress Web Trigger Response Entity EgressUser Agent Egress Entitity type(s)

×