mule security
If you can't read please download the document
TRANSCRIPT
Emerging Tech Series E: Knowledge Management automation of impacts
MULE security
-RajeshKumar
MULESOFT Anypoint platform security components
Anypoint Enterprise Security
API Security Manager
Virtual Private Cloud (VPC)
MULESOFT Enterprise Security Modules
Mule Secure Token Service (STS) OAuth 2.0a Provider (Its part of Enterprise edition)
Security for REST service provider/consumer (for API which we developing using MULE API led connectivity)
Ensure that the API is properly protectedby right authentication / authorizationschemesAutherization & AuthenticationSAML
OAuth 2
WS-Security
Ping federate
MULESOFT Enterprise Security Modules
Each layer has specific security requirements in API approach
Experience: This layer needs to be protected by inbound security
Process: In this layer, fine grain security is applied as to who has access to which process API
System Connectivity: This layer need to be protected by outbound security
MULESOFT Enterprise Security Modules
Process APIsProcess Level Fine Grained SecurityExperience APIsInbound Security(Authentication, Authorization and Data Security)API Manager Security policiesSystem APIsOutbound Security(Authentication, Authorization and Data Security)WEB/Mobile/DesktopOn premise /Cloud applications
Securing API in Anypoint platform
Combination of HTTPS andOAuth 2.0 are best practice for Web API security
Basic Authentication (HTTPS)
Http-security-filter knows how to decipher the incoming Base64 encoded username and password before passing them to the security manager.. Failure to authenticate will result in a 403 sent back to the client.
Securing API in Anypoint platform
OAuth 2.0
Theoauth-provider config exposes a url over which it receives requests for a token in exchange for credentials (client id, secret, username and password). It also passes the username and password to the security-manager before proceeding to issue a token.
Every invocation of theAPIshould be protected with anoauth-provider validate message processor. This will check for an incoming token and verify that it is valid, still within its expiration window and allows the client to actually invoke this flow. Tokens are issued based on requested scopes. The validation takes scope into account when making its decision. If validation fails, a 403 is returned to the client. If it succeeds, the flow continues to execute normally.
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
12/20/2016
Click to edit Master title style
Click to edit Master subtitle style
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
12/20/2016
Click to edit Master title style
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
12/20/2016
Click to edit Master title style
12/20/2016
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click icon to add picture
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click icon to add picture
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Click to edit Master text styles
Click to edit Master text styles
Click to edit Master text styles
Click to edit Master text styles
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Click icon to add picture
Click to edit Master text styles
Click to edit Master text styles
Click icon to add picture
Click to edit Master text styles
Click to edit Master text styles
Click icon to add picture
Click to edit Master text styles
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
12/20/2016
Click to edit Master title style
Click to edit Master text styles
Second level
Third level
Fourth level
Fifth level
12/20/2016