fiware identity manager
Post on 16-Jul-2015
170 Views
Preview:
TRANSCRIPT
Adding Identity Management and Access Control to your Application Joaquin Salvachua -Álvaro Alonso UPM – DIT Security Chapter. FIWARE joaquin.salvachua@upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
Oauth 2.0 Message Flow
8
Web App Account
redirect
request access-‐token
access-‐token
access-‐code OAu
th Library
Request user info using access-‐token
Oauth 2.0 Libraries
• http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript,
Python.
• Example using Node.js – https://github.com/ging/oauth2-example-
client
9
Web Applications and GEs
11
Generic Enabler
Account
Requ
est +
access-‐token
Oauth2 flows
access-‐token
OK + user info (roles)
Web App
OAu
th Library
access_token
Web Applications and GEs
GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token
12
Securing your back-end
13
Back-‐end Apps
Account Requ
est +
access-‐token
Web App
Oauth Library
Proxy
access-‐token
OK + user info (roles)
Oauth2 flows
access_token
Securing your back-end
• Level 1: Authentication – Check if a user has a FIWARE account
• Level 2: Basic Authorization – Checks if a user has permissions to access a
resource – HTTP verb + resource path
• Level 3: Advanced Authorization – Custom XACML policies
Level 1: Authentication
15
Back-‐end Apps
Account Requ
est +
access-‐token
Web App
Oauth Library
PEP Proxy
access-‐token
OK + user info (roles)
Oauth2 flows
access_token
Level 2: Basic Authorization
16
Back-‐end Apps
Account
Requ
est +
access-‐token
Web App
Oauth Library
PEP Proxy
access-‐token
OK + user info
Oauth2 flows
access_token
Auth PDP GE
roles + verb + path
OK
Level 3: Advanced Authorization
17
Back-‐end Apps
Account
Requ
est +
access-‐token
Web App
Oauth Library
PEP Proxy extension
Oauth2 flows
access_token
Auth PDP GE
access-‐token
OK + user info
roles + XACML <Request>
OK
Documentation
• FIWARE Account: – Source Code: https://github.com/ging/fi-
ware-idm – Documentation: https://github.com/ging/fi-
ware-idm/wiki
• FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-
control-tha-implementation/documentation
• FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-
client
• FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy
19
top related