Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Adding Identity Management and Access Control to your Application 
Joaquin Salvachua // Álvaro Alonso 
UPM – DIT 
Security...
Identity Manager 
2
Identity Manager 
3 
Account
Oauth 2.0 
Login with
FIWARE Account (Identity Manager) Demo 
5
OAuth 2.0 
6
Oauth 2.0 Message Flow 
redirect 
access-code 
Web App Account 
request access-token 
access-token 
7 
OAuth Library 
Requ...
Oauth 2.0 Libraries 
• http://oauth.net/2/ 
– PHP, Cocoa, iOS, Java, Ruby, Javascript, 
Python. 
• Example using Node.js 
...
Oauth 2.0 Demo 
9
Web Applications and GEs 
10 
Generic Enabler 
Account 
Request + 
access-token 
Oauth2 flows 
access-token 
OK + user inf...
Web Applications and GEs 
GET https://GE_URL HTTP/1.1 
Host: GE_hostname 
X-Auth-Token: access_token 
11
Securing your back-end 
Oauth2 flows 
access_token 
12 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
Oauth L...
Securing your back-end 
• Level 1: Authentication 
– Check if a user has a FIWARE account 
• Level 2: Basic Authorization ...
Level 1: Authentication 
Oauth2 flows 
access_token 
14 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
Oauth ...
Level 2: Basic Authorization 
Oauth2 flows 
access_token 
15 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token 
O...
Level 3: Advanced Authorization 
Oauth2 flows 
access_token 
16 
Web App 
Back-end 
Apps 
Account 
Request + 
access-token...
FIWARE Proxy Demo 
17
Documentation 
• FIWARE Account: 
– Source Code: https://github.com/ging/fi-ware- 
idm 
– Documentation: https://github.co...
Adding Identity Management and Access Control to your Application 
Álvaro Alonso 
UPM – DIT 
Security Chapter. FIWARE 
aal...
Nächste SlideShare
Wird geladen in …5
×

Adding Identity Management and Access Control to your Application

2.460 Aufrufe

Veröffentlicht am

Adding Identity Management and Access Control to your Application in the FIWARE ecosystem

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Adding Identity Management and Access Control to your Application

  1. 1. Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
  2. 2. Identity Manager 2
  3. 3. Identity Manager 3 Account
  4. 4. Oauth 2.0 Login with
  5. 5. FIWARE Account (Identity Manager) Demo 5
  6. 6. OAuth 2.0 6
  7. 7. Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
  8. 8. Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
  9. 9. Oauth 2.0 Demo 9
  10. 10. Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
  11. 11. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  12. 12. Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  13. 13. Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  14. 14. Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  15. 15. Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
  16. 16. Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
  17. 17. FIWARE Proxy Demo 17
  18. 18. Documentation • FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
  19. 19. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

×