Weitere ähnliche Inhalte
Ähnlich wie IBM Mobile Foundation POT - Part 3 securing and managing mobile appilcations using Worklight (20)
IBM Mobile Foundation POT - Part 3 securing and managing mobile appilcations using Worklight
- 1. An IBM Proof of Technology
Securing and managing mobile
applications using Worklight
© 2012 IBM Corporation
- 2. IBM Software
Agenda
Securing mobile applications using Worklight
Managing mobile applications using Worklight
Distributing mobile applications using IBM Application Center
2 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 3. IBM Software
Worklight Server
Performs Data Transformation to streamline back-
end data for mobile consumption
Built-in Adapters with support for SOAP, REST,
SQL, Cast Iron, as well as a custom Adapter
development interface
Server and device Security control
Supports Physical Clustering for high availability
Controls Application Deployment and Versioning
Push Notification administration
Analytics including user adoption and usage data
3 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 4. IBM Software
Worklight Console
• Application Version Management
• Push management
• Usage reports
• Configurable audit log
• Administrative dashboards for:
• Deployed applications
• Installed adapters
• Push notifications
• Data export to BI enterprise systems
4 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 5. IBM Software
Securing mobile applications requires a multi-pronged approach
Validate installed applications
• Must ensure the validity of applications
connecting to enterprise systems
Validate user devices
• Must ensure that only specific applications
on specific devices can connect to
enterprise systems
Validate user identity
• Must be able to authenticate mobile
application users
5 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 6. IBM Software
Ensuring application authenticity with Worklight
Application authenticity checks protect against corruption of installed applications
When enabled the Worklight Server checks properties of a connecting application
against a previously known value of these properties
Various options available for authenticity checking:
– Disabled – the IBM Worklight Server does not test the authenticity of the app
(despite the developer settings).
– Enabled, servicing – the IBM Worklight Server tests the authenticity of the app. If
the app fails the test, the IBM Worklight Server outputs an information message to
the log but services the app.
– Enabled, blocking – the IBM Worklight Server tests the authenticity of the app. If
the app fails the test, the IBM Worklight Server outputs an information message to
the log and blocks the app.
Authenticity checking is enabled in the application-descriptor.xml
6 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 7. IBM Software
Device provisioning and authentication
A form of mobile device authentication
– Prior to application authenticity and user authentication.
– Asserts that the device and application have confirmed identity prior to allowing access
to the Worklight server.
– Can use a 3rd party system to confirm and provide a client certificate
Three modes of provisioning are supported:
– No provisioning: In this mode the provisioning process does not happen. This mode is
suitable during the development cycle to temporarily disable the provisioning for the
application.
– Auto-provisioning: In this mode the Worklight Server automatically issues a certificate
for the device and application data provided by the client application. This option should
only be used in conjunction with Worklight’s application authenticity features are
enabled.
– Custom provisioning: In this mode the Worklight Server is augmented with custom
logic that controls the device and application provisioning process. This logic can involve
integration with an external system, such as a mobile device manager (MDM), that can
issue the client certificate based on out-of-band data obtained from the app, or can
instruct the Worklight Server to do so.
7 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 8. IBM Software
User authentication in Worklight
Worklight provides an extensible framework for authentication of mobile application users
The framework consists of Realms, Authenticators, and Login Modules
– Realms encapsulate the description of how users are authenticated for a particular
application
– Authenticators are responsible for the collection of user credentials
– Login modules are responsible for the validation of user credentials
IBM Worklight provides a number of Authenticators and Login Modules that only require
configuration from the user
The user authentication framework is also extensible by the application developer
– Allows for the implementation of custom credential gathering (e.g. via biometrics) as well
as for integration with existing security systems
8 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 9. IBM Software
Integrating with WebSphere Application Server security
An Authenticator and login module are provided for authentication via LTPA tokens
– No custom coding required by the user
Authenticator understands where to look for the LTPA token in the HTTP header
Login module can validate those credentials with a user registry defined in WebSphere
Application Server
LTPA token can also be propagated to back end data sources required by the mobile
application thus supporting a Single Sign On approach
1. Call Protected
Procedure IBM Worklight Server
Session authentication
2. Request
Authentication
9 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 10. IBM Software
Agenda
Securing mobile applications using Worklight
Managing mobile applications using Worklight
Distributing mobile applications using IBM Application Center
10 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 11. IBM Software
Managing mobile applications with IBM Worklight
The Worklight Server provides many application management features that are exposed to
users via the Worklight Console
IBM Worklight allows users to deploy multiple versions of a single application concurrently
IBM Worklight provides the capability to manage the status of a deployed application
– Active
– Active, Notifying
– Disabled
IBM Worklight provides the capability to directly update a deployed application
11 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 12. IBM Software
Application versioning
Device specific
versions are
uncoupled
Supports
multiple
versions on the
same platform
12 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 13. IBM Software
Direct application update
Native Shell 1. Web resources packaged with
app to ensure initial offline
1 Download
Pre-packaged availability
resources
2. Web resources transferred to
App Store
app's cache storage
2 Transfer
3. App checks for updates on
Check for startup and foreground events
3 updates
4. Updated web resources
Cached downloaded when necessary
Worklight Web resources
Server resources
Update web
4 resource
13 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 14. IBM Software
Analyze application usage with out-of-the-box reports
Worklight utilizes audited information to
provide several usage reports for your
consumption
– Daily visits per application
– Daily hits per application
– Total visits per application
– Newly detected devices per
application
– Total unique devices – per server or
cluster
Access reports via Eclipse using the
BIRT plugin
The BIRT reports are fully customizable
and extensible
– Fully documented data model to allow
other reporting or BI tools to create
additional custom reports
14 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 16. IBM Software
Agenda
Securing mobile applications using Worklight
Managing mobile applications using Worklight
Distributing mobile applications using IBM Application Center
16 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 17. IBM Software
IBM Worklight Application Center
The Application Center provides a
means for developers and testers to
publish and share applications with key
stakeholders during the delivery cycle
Application owners upload applications
to the Application Center and provide
various information about the
application
Stakeholders install the Application
Center mobile application to view,
install, rate, and provide feedback on
applications in the Application Center
The Application Center is included with
IBM Worklight and comes pre-installed
on the Worklight Server
– Users must install the mobile
application to their device
17 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 18. IBM Software
Using the Application Center mobile application
18 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 19. IBM Software
Rating and feedback displays in the Application Center
19 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 20. IBM Software
20 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 21. IBM Software
ITALIAN HINDI FRENCH JAPANESE BRAZILIAN PORTUGUESE SIMPLIFIED CHINESE
TRADITIONAL CHINESE SPANISH RUSSIAN TAMIL THAI GERMAN ARABIC
We appreciate your feedback.
Please fill out the survey form in order to improve this educational event.
21 Securing and managing mobile applications using Worklight © 2012 IBM Corporation
- 22. IBM Software
Reference materials
For more information:
IBM Worklight Training Modules
– http://www-01.ibm.com/software/mobile-solutions/worklight/library/
IBM Worklight User Documentation
– http://www-01.ibm.com/software/mobile-solutions/worklight/library/v50/documentation/
22 Securing and managing mobile applications using Worklight © 2012 IBM Corporation