Presentation build and connect apps, devices and data ibm worklight overview

© 2012 IBM Corporation
Mobile
Build and Connect Apps, Devices and Data:
IBM Worklight Overview
Jeremy Siewert
IBM ISV & Developer Relations: Technical Lead for Mobile
February 19, 2013

© 2013 IBM Corporation2
Mobile
Building and connecting mobile apps has become
essential to the mobile enterprise

Mobile
Key mobile development and delivery challenges
• Highly fragmented set of …
• Platforms and devices
• Languages, APIs, and tools
• Native programming models not
portable across platforms
Delivering for multiple platforms
• Higher frequency of releases
and updates
• Added pressure on teams to
deliver on time and with quality
Accelerated time to market
requirements
• Existing services typically need to
be adapted and extended for
mobile
• Enterprise wireless networks are
running out of bandwidth to
accommodate employee devices
Connecting apps and mobile users
with existing enterprise systems
• High quality user experience is a
requirement
• Quality influenced as much by
design as it is by function
Consumerization of IT and need to
deliver high quality apps

Mobile
IBM’s strategy addresses client mobile initiatives
Extend & TransformManage & SecureBuild & Connect
Key Capabilities
• Strategy, planning and
implementation
• Mobile-enabled solutions
including analytics,
commerce, and social
business
• Mobile as a service
Key Capabilities
• Mobile web, hybrid and native
app development
• Enterprise data, service, and
application integration
• Enterprise wireless
networking
Key Capabilities
• Mobile lifecycle
management
• Device analytics and control
• Secure network
communications &
management
Manage mobile
devices and apps
Secure my
mobile business
Extend capabilities
to mobile
Transform
your business
Build mobile
apps
Connect & run
mobile systems

Mobile
When do you need a Mobile Application Platform?
• Get up and running in minutes– extending the development and Web skills you already have
• Maximize code reuse by sharing code across multiple devices and OS variants
• Leverage existing mobile applications without rebuilding– including those built in Web, native and HTML5
• Code without limits with the flexibility to mix HTML5 with native code when needed
• Maximize productivity by leveraging any standards-based open source and third-party library
• Deepen and personalize customer engagement with access to back-end systems and server-based data mashups
• Manage the complete mobile application lifecycle (build, connect, run)
• Govern and manage mobile apps from initial provisioning to ongoing upgrades, authentication, single-sign-on,
enforced app upgrades, and a mobile app feedback loop
• Communicate effectively with centralized push notification service management
• Protect data with on-device encryption of user data, SSL encryption, and secure offline access
• Control access through single sign-on and multi-factor authentication
• Secure applications with protection against reverse-engineering vulnerabilities, remote disable of applications, and
enforcement of client upgrades
• Enforce compliance with regulatory mandates through secure shells that can be deployed throughout your motile
portfolio.
Development: Can I scale app delivery – using existing skills and assets?
Security: Can I reduce security risk across my mobile enterprise?
Operations: Can I easily connect to data, applications and cloud services?

Mobile
Scale your ability to build, manage and secure mobile apps
IBM Worklight: A Mobile Application Platform
Speed and scale time-to-value
• Maximize code reuse across platforms
• Leverage standards-based technologies
• Deliver higher quality by mixing HTML with native
code in the same app
Connect to back-end services
• Get standardized access to data, applications
and cloud services
• Leverage runtime services for caching, push
notifications, authentication and service
interruption
• Enterprise app store for app management
• Data collection for analytics
Reduce security risk
• Strong authentication framework
• Encrypted offline availability
• Sign apps to detect unauthorized modifications
• Direct update and remote disablement
IBM Worklight leverages and extends
your investments in data, applications,
security and skills to mobile devices.
Client Challenge
Quickly build, manage and secure mobile
apps
Key Capabilities

Mobile
Mobile application development models

Mobile
Compatible with prominent
HTML5 libraries and tools:
App development using
native and/or familiar web
technologies:
• HTML5
• CSS3
• JavaScript
App delivery in variety
of forms:
• Mobile Web app
• Hybrid app
• Native
Open, cost-effective, cross-platform app development
IBM Worklight
http://youtu.be/uPFoT_MqLY4

Mobile
Enterprise
Applications
Web Services
Databases
Today Application Mobilization is Complex when Unstructured
 Higher infrastructure costs
 Longer mobile development time
 Inability to support all required device
types
 Higher administrative and maintenance
costs
 Overall increase in risk
 Security issues due multiple points of
entry into the network
 Limited or no ability to respond to
changes in devices and backend
systems
 No consistency across an enterprise
portfolio
Potential Issues:

Mobile
Web Services
Mobile Application Platforms help build, manage and integrate more easily
- to maximize the opportunity value of enterprise applications
Enterprise
Applications
Databases
Worklight Mobile Application Platform

Mobile
Worklight Server
Unified notifications, runtime skins, version
management, security, integration and delivery
Worklight Console
A web-based console for real-time analytics and control
of your mobile apps and infrastructure
Worklight Studio
The most complete, extensible environment with
maximum code reuse and per-device optimization
Worklight Component Overview
Worklight Runtime Components
Extensive libraries and client APIs that expose and
interface with native device functionality←

Mobile
Worklight Conceptual Architecture

Mobile
Worklight Studio
• Eclipse-based IDE
• Combining native and standard web
technologies in one multiplatform app
• Environment-specific optimization
• 3rd-party libraries integration
• Device SDK integration
• Back-end connectivity utilities

Mobile
Create a New Mobile Application

Mobile
Add Environments
Supports a variety of application types
Mobile
• iPhone
• iPad
• Android phones & tablets
• BlackBerry
• Windows Phone
Desktop
• Windows 8 desktop & tablets
• Adobe AIR
Web Applications
• Mobile web app
• Desktop Browser web page

Mobile
 Combine HTML5 and
native-based pages
in the same
application
 Call native code from
HTML-based pages
 Display HTML and
native components
together on the same
page
Single Shared Codebase

Mobile
Skins
Different
Screen
Densities
Different
Screen
Sizes
Different
Input
Methods
Support
for
HTML5
• Provide support for multiple form factors in a single executable file for
devices of the same OS family
• A sub-variant of an environment
• Packaged together in one App
• Decision on which skin to use is done automatically at runtime

Mobile
WYSIWYG with drag-n-drop UI construction

Mobile
Incorporated Device SDKs

Mobile
Preview in browser
Perform device specific tests in the Mobile Browser Simulator: supports
Cordova and Worklight client API

Mobile
• Secure back-end integration
• XML-based declarative
specification
• Multi-source data mashups
• Eclipse plug-in supporting
auto-complete and
validation
• Simplified adapter testing
• Server-side debugging
• JMS, Cast Iron, Web
services and JDBC
integration
• Access to session data and
user properties
Create Adapters for Back-end Integration

Mobile
Worklight Runtime Architecture
Worklight Server
Authentication
JSON Translation
Server-side
Application Code
Adapter Library
Client-side
App Resources
Direct Update
Mobile
Web Apps
Unified Push
Notifications
StatsAggregation
Device Runtime
ApplicationCode
• Cross Platform Technology
• Security and Authentication
• Back-end Data Integration
• Post-deployment control and
Diagnostics

Mobile
Worklight Server
• Distribution of mobile web apps
• Enterprise connectivity:
• Secure client/server connectivity
• Direct access to enterprise back-end data and transaction
capabilities
• Authentication enforcement
• Client control:
• Application version management and remote disabling
• Direct update of application code
• Unified Push Notifications
• Aggregation of usage statistics

Mobile
Device Runtime Components
• Framework for server integration:
• Secure server connectivity
• Authentication
• Remote disable & notification
• Push registration
• Dynamic page loading & caching (soon)
• Event reporting for analytics & audit
• Check-in with Server on Startup
• Check for updates
• Sending Statistics
• Cross-platform compatibility layer
• Runtime Skinning
• Secure encrypted storage

Mobile
• Secure back-end integration
• XML-based declarative
specification
• Multi-source data mashups
• Eclipse plug-in supporting auto-
complete and validation
Back-end Integration with Adapters
Worklight Server
Adapters
• Simplified adapter testing
• Server-side debugging
• JMS, Cast Iron, HTTP and JDBC
integration
• Access to session data and user
properties
Internal Systems
Cloud
JMS
Cast Iron
JDBC
HTTP/Web Services (REST & SOAP)
Worklight
Runtime
JSON /
HTTPs
Existing Integration
Layer

Mobile
Direct Update – On-device Logic
1. Web resources packaged
with app to ensure initial
offline availability
2. Web resources transferred
to app's cache storage
3. App checks for updates
• On startup
• On foreground
4. Updated web resources
downloaded when
necessary
http://youtu.be/NvNzJtfub4Y
Worklight
Server
Native Shell
Pre-packaged
resources
1 Download
4
Update
web
resource
App Store
Web
resources
Cached
resources
2 Transfer
3 Check for
updates

Mobile
Unified Push Notifications Architecture
Back-end
System
Back-end
System
Back-end
System
Back-end
System
Polling
Adapters
Message-
based
Adapters
Unified
Push API
Notificatio
n State
Database
User-
Device
Database
iOS
Dispatcher
Android
Dispatcher
BlackBerry
Dispatcher
Windows
Phone
Dispatcher
SMS
Dispatcher
Apple
Push
Servers
(APN)
Google
Push
Servers
(C2DM)
RIM Push
Servers
Microsoft
Push
Servers
SMS/MMS
Brokers
Administrative Console
Worklight
Client-side
Push
Services
Worklight
Client-side
Push
Services
Worklight
Client-side
Push
Services
Worklight
Client-side
Push
Services
iOS
Push API
Android
Push API
BlackBerry
Push API
Windows
Push API
Broker
API

Mobile
Worklight Console
• Application Version Management
• Push management
• Usage reports and analytics
• Reports of custom application events
• Configurable audit log
• Administrative dashboards for:
• Deployed applications
• Installed adapters
• Push notifications
• Data export to BI enterprise systems

Mobile
Dynamic Control of Deployed Apps
• Centralized control of all installed applications and adapters
• Remotely disable apps by device and version
• Customize user messages

Mobile
Mobile Application Center
 A cross platform private mobile application
store similar to public app stores but focused
on the needs of an organization or a team
 Ease highly iterative development process
and distribution of mobile applications
 Key capabilities:
 Delivers distribution and management of mobile
applications within a company / teams
 Easy distribution of iOS and Android apps within
an enterprise
 Supports any mobile applications
 Provides versioning and updates
 Centralizes rating and feedback information
 Controls who can modify or install an
application
 Easy to install and simple to run

Mobile
Advanced
Mobile
capabilities
• on-device, offline
available, reliable,
scalable, encrypt-able,
and sync-able JSON
database
• Server triggered security
challenges
Application
Governanc
e
• Enterprise App Store
• Native Application
Governance
• Integration with IBM
MDM (IBM Endpoint
Manager)
Apps and
Tooling
• Native libraries for iOS
and Android
• jQuery tooling support
Platform
• SMS notifications
• New target devices:
Windows 8, Java ME
• New integration points:
JMS adapter
• Updates: iOS6,Android
4.1, Cordova 2.2
IBM Worklight
V5.0.5
New features and enhancements in IBM Worklight
v5.0.5 (released Fall 2012)

Mobile
What are the other options?
Evaluation
Criteria
No Platform -
Native
Development
“Do it Yourself”
HTML5 with Open
Source Frameworks
Pre-packaged
Mobile Apps
Worklight Mobile
Application
Platform
Initial
Development Cost
Poor  Excellent  Excellent  Excellent
Time to Market Poor  Excellent  Excellent  Excellent
App Quality / Features  Excellent Poor Poor  Excellent
Ongoing Maintenance
Cost
Poor Poor  Excellent  Excellent
Integrations with Back
Office Services
 Excellent Poor Poor  Excellent
Ability to Customize  Excellent Poor Poor  Excellent
Runtime Caching,
Notification Services
Poor Medium Medium  Excellent
Security and Identity
Services
Poor Poor Medium  Excellent
App Governance and
Management
Poor Poor Medium  Excellent
Usage Analytics Poor Poor Medium  Excellent

Mobile
Build, connect, manage and secure your mobile enterprise
IBM Mobile Foundation
Quickly Build, Deliver, Manage and Secure Mobile Applications
in Enterprise Traditional & Cloud Environments
IBM Endpoint
Manager for
Mobile Devices
IBM WebSphere
Cast Iron
Hypervisor
Edition
IBM
Worklight
Mobile App
Development Platform
Mobile
Security
Connectivity
Taking Your Enterprise Mobile
App and device
management

Mobile
IBM provides a complete framework for mobile
Security Gateway
(WebSphere DataPower,
IBM Security Access Manager)SDLC Tools
(Rational Collaborative
Lifecycle
Management)
WebSphere Application Server
Enterprise Apps
SOA & Connectivity
(WebSphere Message Broker, WebSphere MQ (MQTT), WebSphere Services Registry and Repository)
MDM
(IBM Endpoint
Manager for Mobile)
WebSphere Operational
Decision Management
IBM Business Process
Management
MEAP
(IBM Worklight)
Elastic Caching
(WebSphere eXtreme
Scale, WebSphere
DataPower XC10)
Social
(Lotus Connections)
Mobile Threats &
Security
(IBM Qradar,
IBM AppScan for Mobile)
Analytics
(Cognos, Coremetrics)
WebSphere Cast Iron

Mobile
As an ISV, you care about
• Cost-effective development
• Leveraging your existing skills
• Short time to market
• Easy mobilization of your existing offering
• A rich user experience that drives adoption
• Collaboration of Dev, QA and test teams
• Simple integration with existing tools
• Quick update cycles and version control
• Adhering to the strictest security requirements
• Managing a growing portfolio of apps
• White-labeling and app customization
IBM Worklight delivers
• Open architecture and standard tools = short
learning curve, use of in-house skills and no
technology lock-ins
• Comprehensive integration capabilities with
back-end and cloud-based services
• Support multiple development approaches
(HTML, hybrid and native), access all device
features, transactions and high data volumes
• Collaboration tools, central build engine, and
internal distribution mechanisms
• Integration capabilities with the growing eco-
system of 3rd-party tools and frameworks
• Central management capabilities including
direct update, remote disable and reporting
• Customizable native shell for policy
enforcement and white-labeling of mobile apps
IBM Worklight – Value for ISVs/Partners

Mobile
IBM Worklight and Open Source
IBM Worklight is built on open standard and extends open source software:
Apache Cordova (aka Phone Gap), JQuery, Dojo, Derby, Jetty, SQLite, MySQL,…
Main value add:
1. Advanced development environment with WYSIWYG tooling and simulators
2. Mixing native, web and local HTML in the same app
3. Improved code sharing amongst platform (optimization framework)
4. Single binary for multiple form factors (runtime skins for smartphones and tablets)
5. Mobile application management (remote app disablement, direct update)
6. Security (device & user authorization, encrypted cache, offline authentication, app
authenticity testing…)
7. Analytics (who uses what & when)
8. Structured architecture with WL server as control point (data access and security)
9. Cross platform, production ready app store
10.Uniform push notification with user/device mapping management
11.Centralized management console (apps & versioning, adapters, push)
12.JSON local data store with sync (new v5.0.5)
13.IBM tested & supported SW combinations

Mobile
Business Partner Programs for Mobile
Mobile App Showcase
 IBM web site dedicated to showcasing Business Partners mobile apps developed on the
Worklight platform, both cross-industry and cross-function
 Register your mobile apps and gain greater visibility to a wide cross section of interested
clients
IBM Business Partner Authorizations
 New Mobile Sales Mastery & Technical Sales Mastery tests available to certify as a
Worklight V5.0 Authorized Reseller and participate in IBM partner incentive programs
 Invest and grow your Sales and Delivery Teams Mobile skills through comprehensive
training and certification provided by IBM
Mobile Ready to Execute campaign program
 A new model of campaign delivery designed and developed as a complete package for
Mobile capabilities
 Use this customizable marketing collateral to generate pipeline with current clients and
potential prospects
 Available now! Leverage IBM co-marketing dollars to fund Mobile campaign execution

Mobile
Mobile App Showcase Overview
Your solutions become an integral part of IBM marketing programs, generating exposure with
clients, other IBM Business Partners and the IBM sales network
Leverage the pull of IBM in the mobile market
Market your solutions and capabilities to a worldwide audience
Qualify for the monthly rotating “Solution Spotlight” – your mobile app on the landing page.
Criteria:
1. Built on Worklight or Mobile Foundation
2. IBM Business Partner agreement in place
3. Member of PartnerWorld
4. Selected in the order the solutions arrive for first 6 months
Easy to use registration via the existing Global Solutions Directory on PartnerWorld
A common experience to feature and access IBM Business Partner mobile
applications and solutions built on IBM Worklight and/or IBM Mobile
Foundation offerings

Mobile
Global Solutions Directory – Mobile App Registration
GSD entry tips to maximize exposure in the mobile showcase:
• Ensure your solution is marked for Worklight or Mobile Foundation
• Create a thorough entry, completing all fields on the submission
form
• Keep your contact information current
• Include your company logo in your entries
• Refresh your solutions
What is the Global Solutions Directory (GSD)?
In the context of the Global Solutions Directory, IBM uses the term solution to refer
to all types of products and services provided by our Business Partners. This
generalized term represents the value add of Business Partners teaming with IBM to
bring solutions to our customer's business problems
Key Links:
 Create an entry in the Global Solutions Directory
 Video demonstrations: Learn how to use the Global Solutions Directory
 Mobile app showcase landing page

Mobile
IBM Business Partner Authorizations
Sales Mastery & Technical Sales Mastery tests available to certify as Worklight V5.0
Authorized Reseller. Educate your Sales and Delivery Teams & become *SVP Authorized
to resell Mobile offerings through comprehensive training and certification provided by IBM
Why team with IBM?
• IBM Software Business Partners have a wide range of profit opportunities including cross sell, influence,
resell and bundled solution resell to leverage the high growth market of mobile:
• *Software Value Plus - Global program for SW resellers / influencers provides incentives for Business
Partner opportunity identification and progression with earnings opportunities from 5% to 50%+
• Industry and Capability Authorization provides recognition for expertise in providing client solutions,
based on key IBM Software products, such as Mobile and other high growth solution areas Earnings
opportunity from 20% to 30%
• Application Specific License (ASL) agreements - Resell model for lightly embedded and bundled
mobile solution offerings where Partners earn via discount on product sales for both initial sales and
annual renewals
Building Worklight Technical skills:
 VW501 Introduction to IBM Worklight V5 for Mobile Application Development & Deployment (self-paced)
 WU-VU503 Mobile Application Development and Deployment with IBM Worklight V5 (Instructor-led)
 ZU503 Mobile Application Development and Deployment with IBM Worklight V5 (5-days self-paced)
 ZU370 Introduction to HTML5 and JavaScript Programming
 ZU371 Developing Mobile Web Applications with Dojo
 Advanced Worklight 5.0 Worklight Hands-On Enablement Workshop for Business Partners
Become an Authorized Reseller via Certification:
 Sales : IBM Mobile Worklight Sales Mastery v1 M660 - or - WebSphere Sales Mastery v5
 Technical: IBM Mobile Worklight Technical Mastery v1 N31 - or – Any of these Software/WebSphere Core technical test
Tips & Techniques to pass Mastery test: WebSphere Sales Mastery v5 - tips and techniques for success
(PartnerWorld Id Required)

Mobile
IBM Business Partner Co-Marketing Program
Leverage co-marketing funds and Mobile campaign tools to grow your business
Mobile Ready to Execute Campaign Core Messaging for Business Partner Clients:
• Gain faster time-to-value with unified development across deployment models
• Universal connectivity to streamline multiplatform development, deployment, and information delivery for
mobile, web, and cloud
• Securely integrate information and applications between mobile computing and traditional IT
• Automate service delivery to improve economics, reduce risk, and accelerate innovation
• Enhance business process with mobility and uncover new business models across the mobile lifecycle
The IBM Co-marketing Center is the one-stop to maximize co-marketing
investment with IBM:
 Apply for IBM co-marketing funds, if eligible, to help fund your campaign execution
 Use Mobile “Ready to Execute" campaign materials that can be customized easily for
your unique requirements:
A new model of campaign delivery in which IBM has designed and developed a campaign as a
complete package for Mobile capabilities
Available to IBM Business Partners to use to generate pipeline with your current clients and
potential prospects
The campaign includes multi-touch emails, telemarketing scripts, web marketing guidance and
compelling customer offers (e.g. white papers, videos, etc.)

Mobile
Upcoming IBM Mobile Event Presence
• Mobile World Congress, February 25-28 in Barcelona, Spain.
• IBM will be announcing exciting new mobile capabilities for the enterprise
• On Monday, February 25th there will be a 1/2 day Conference "Business. In Motion: Speeding Innovation
and Extending Reach Securely with IBM Mobile." For more information click here
• If you can't join us in Barcelona, please register and plan to attend to our "Live from Mobile World Congress"
broadcast on Thursday February 28, 2013.
• IBM PartnerWorld Leadership Conference, February 25-28 in Las Vegas, NV
• Robert LeBlanc, Senior Vice President, Middleware Software, will be speaking at the General Session
Keynote on the topic: Middleware & Cloud Strategy: IBM Middleware and cloud strategy and strategic
capabilities (cloud, mobile, big data, security).
• IBM will host an IBM Mini Solution EXPO Showcase for Mobile Enterprise. Click here for more information
• Pulse 2013 in Las Vegas, NV from March 3-6
• Marie Wieck will be presenting the Mobile Enterprise Stream kick-off on Monday March 4th from 10 - 11 AM
around Speeding Innovation and Extending the Reach with Mobile Enterprise.
• Mobile will be the focus of many tracks, birds of the feather sessions, and meet the experts sessions.
• Don't forget to visit the IBM Mobile Booth to view our key assets around the IBM Mobile Story and demo
some of our exciting capabilities. Click here for more information
• South by Southwest Interactive Festival in Austin, TX from March 8-17
• IBM will be showcasing IBM Mobile & Social Business capabilities as well as introduce resources to the
start-up community . Click here for more information

Mobile
Next Steps for Partners
 Get specific, prescriptive guidance and resources
IBM PartnerWorld Roadmap for Mobile:
http://ibm.biz/BdxrgB
 Download the free Worklight Developer Edition
IBM Worklight Developer Edition download:
http://www.ibm.com/developerworks/mobile/worklight.html
 Expand your knowledge and interact with IBM SMEs
IBM tech talk series for Mobile:
http://www.ibm.com/developerworks/mobile/mobile-techtalks/
 Learn about upcoming IBM Mobile announcements
Register for our "Live from Mobile World Congress" broadcast on Thursday February 28,
2013.

Mobile
Thank You

Mobile
IBM Worklight Advanced Features

Mobile
Skin Creation
• Skins are created using the Worklight Skin Wizard
• Directories adjacent to the environment directory
• Containing HTML/CSS/JS

Mobile
Example Mobile Skin on Android

Mobile
Example Mobile Skin on iPad

Mobile
Data Collection and Analytics

Mobile
Flexible Push Notification Framework
Multiple users logging into the same app
Multiple apps using the same event source
Multiple event sources used in the same
app
One application multiple devices

Mobile
Mobile Security Objectives
Protect data on
the device
• Malware, Jail breaking
• Offline access
• Device theft
• Phishing, repackaging
Streamline
Corporate
security approval
processes
• Complex
• Time-consuming
Enforce security
updates
• Be proactive: can’t rely
on users getting the
latest software update
on their own
Provide robust
authentication
and authorization
• Existing authentication
infrastructure
• Passwords are more
vulnerable
Protect from the
“classic” threats
to the application
security
• Hacking
• Eavesdropping
• Man-in-the-middle

Mobile
Worklight: Security by Design
Enforcing security
updates
Remote
disable
Direct update
Providing robust
authentication and
authorization
Authentication
integration
framework
Data
protection
realms
Coupling
device id with
user id
Streamlining
Corporate security
processes
Mobile
platform as a
trust factor
Application
Security
Code
obfuscation
SSL with
server
identity
verification
Proven
platform
security
Jailbreak and
malware
detection
App
authenticity
testing
Protecting data on the
device and in transit
Encrypted
offline cache
Offline
authentication
Secure
connectivity
Integration point with VPN solutions (i.e. IBM Mobile Connect)
Integration point with MDM solutions (i.e. IBM Endpoint Manager for Mobile)
Integration point with User Security solutions
(i.e. IBM Access Manager for Mobile)

Mobile
Authentication Concepts and Entities
• Worklight entities, such as applications and adapter procedures, can
be protected from unauthorized access
• Entities are protected by authentication realms
• An authentication realm defines the process to be used to
authenticate users
• Each authentication realm consists of:
• Authenticator – client + server components which are used to
collect credentials (e.g. login form).
• Login Module – server component that receives credentials from
the authenticator, validates them and builds the user identity
object
• The same authentication realm can be used to protect several
resources

Mobile
Authentication Concepts and Entities
When a request is made to the protected entity, Worklight checks whether
the session is already authenticated. If not, Worklight automatically
triggers a process of verifying the user’s identity
Unauthenticated request tries to access the
protected application, or invokes a protected
adapter procedure
Authenticator is invoked automatically. User
credentials (e.g., username and password) are
collected on the client-end and sent to a server
Login module receives collected credentials,
validates them and builds user identity in case
validation passes
The original request is handled

Mobile
What is the Encrypted Cache?
The encrypted cache is a mechanism for
storing sensitive data on the client side
The encrypted cache is implemented using
HTML5 local storage technology which
allows data to be saved locally and
retrieved on subsequent application
use / re-launch
Data is encrypted with a combination of user-
provided key and server-retrieved randomly
generated token which makes it more secure
Data is stored using key-value pairs

Mobile
Enforcing security updates
Enforcing
security
updates
Remote
disable
Direct
update
Remote Disable: shut down
specific versions of a
downloadable app, providing
users with link to update
Direct Update: automatically
send new versions of the locally-
cached HTML/JS resources to
installed apps
Can’t rely on users
getting the latest
software update on
their own

Mobile
Mobile security measures
Mechanism Benefits Details
Encrypted offline
cache
• Protect against stealing
sensitive information via
malware, stolen devices
• Uses AES256 and PCKS #5 for on-device encrypted storage of app-
generated data, with random server-generated numbers for high security
• Allows user authentication when server is offline
• Implemented in JS (highly obfuscated) with optional native performance
enhancements
SSL identity
verification for AJAX
• Protect against man-in-the-
middle attacks
• Client-side AJAX framework automatically verifies IBM Worklight-server
credentials
Client code
attestation
• Prevent impersonation by
phishing apps
• Protect apps from manipulation
by malware
• Challenge-response based mechanism for proving client-application
identity
• Uses tamper-resistant self-inspecting code
Remote code
updates
• Ensure timely propagation of
critical security updates to
entire install base
• New versions of the code can be distributed without requiring update of
the app (currently JS/HTML)
Remote disable of
specific versions
• Ensure timely propagation of
critical security updates to
entire install base
• Server-side console allows configuration of allowed app versions.
Administrator can force users to install security updates to the native
code
Authentication
process framework
• Lower the cost and complexity
of robust integration with the
authentication infrastructure
• Server-side architecture for integration with back-end authentication
infrastructure based on JAAS, with Authentication realms
• Client-side framework for asynchronous login requests on session
expiration
Server-side
safeguards
• Prevention of SQL injection
• XSRF protection
• Prepared-statement enforcement
• Validation of submitted data against session cookie
Device identification • Prevent account-hijacking • Safely report device ID to the server
• Identifying a user with specific devices

Mobile
Mobile security measures - Continued
Mechanism Benefits Details
Enterprise SSO
integration
• Leverage existing enterprise
authentication facilities and user
credentials
• Enable employee-owned
devices
• Client side mechanism obtains and encrypts user credentials, sends to
the server with requests
• Encryption incorporates user-supplied PIN, Server-side secret and DID
• Credentials cannot be retrieved from lost or stolen device
VPN alternative
• Enable the secure delivery and
operation of mobile applications
for employee owned devices or
device types not allowed on the
corporate network
• Enable the secure delivery in
cases where the installation of
VPN client on mobile devices is
not possible or complicated to
manage
• Client side and server side framework act as SSL based VPN
• Network access control and policies pre-configured in the client side
framework layer
• Network access and security measures updated using server side
framework
• On device encrypted storage to prevent compromise of sensitive data

Mobile
Mobile Application Center
 A cross platform private mobile application
store similar to public app stores but focused
on the needs of an organization or a team
 Ease highly iterative development process
and distribution of mobile applications
 Key capabilities:
 Delivers distribution and management of mobile
applications within a company / teams
 Easy distribution of iOS and Android apps within
a team
 Supports any mobile applications
 Provides versioning and updates
 Centralizes rating and feedback information
 Controls who can modify or install an
application
 Easy to install and simple to run

Mobile
Log into the Worklight Application Center

Mobile
Add an application

Mobile
Download the application on the device

Mobile
Provide feedback and/or switch back

Mobile
Display the feedback from the App Center

Mobile
Architecture of the Shell-based Application
Architecture
• The Shell consists of native and web code
• Inner app consists of web code only
Native access
• The Shell provides JavaScript access to native
device capabilities
Sandbox
• The Shell can restrict inner apps from accessing
unsanctioned native and JavaScript functions
Customization
• The Shell can include custom native and web
libraries and APIs, branding resources,
authentication, and integration components
• API restrictions are also customizable
Diversity
• Company may distribute multiple shells for different
trust levels, authentication types, corporate
departments, etc.
Customizable Native Shell Code
Device APIs
Mobile Browser
Customizable
Web Shell Code
Inner
Application
Web Code

Mobile
The Shell-based Application
Shell Team
• Security configurations
and audits
• Authentication
• Mobile expertise
Inner App Team
• Business logic
• Develop the UI
• Data integration
Reducing the barriers of mobile development, making it ubiquitous
across the organization, by compartmentalizing skill-sets and
responsibilities
Distributed App
• Shell fed by repository
• Shell fused with app
• Shell packaged with
directory
App
Stores
Server
App
Stores

Presentation build and connect apps, devices and data ibm worklight overview

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (19)

Ähnlich wie Presentation build and connect apps, devices and data ibm worklight overview

Ähnlich wie Presentation build and connect apps, devices and data ibm worklight overview (20)

Mehr von xKinAnx

Mehr von xKinAnx (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Presentation build and connect apps, devices and data ibm worklight overview