Stateless Microservice Security via JWT, TomEE and MicroProfile
|
|
- Sheila Allen
- 5 years ago
- Views:
Transcription
1 Stateless Microservice Security via JWT, TomEE and MicroProfile Jean-Louis Monteiro Tomitribe
2 Why am I here today? Microservices architecture case Security opeons OAuth2 with JWT HTTP Signatures Demo with MP-JWT and TomEE
3 Microservices (SOA with a sexy name)
4 TradiEonal system Component A Component B System (Monolithic) Component D Component C
5 with tradieonal scalability
6 with tradieonal scalability
7 with tradieonal scalability
8 with tradieonal scalability
9 and its tradieonal security
10 What to expect from microservices? The technical perspec/ve The organiza/onal perspec/ve
11 Microservices - the technical perspeceve Cloud Containers Virtualiza/on Large scale
12 The organizaeonal perspeceve Agile methodology Small teams HR / organiza/onal changes free
13 But there are new challenges Scalability Cost reduc/on Resilience Monitoring Security
14 Baseline Architecture 1000 users 4 hops x 3 TPS 3000 TPS frontend TPS backend
15 Microservices security opeons
16 OpEons Basic Auth OAuth2 OpenID Connect JWT - Facebook / Google way HTTP Signatures - Amazon way «In-house» solu/ons And many more
17 The nice thing about standards is you have so many to choose from. - Andrew S. Tanenbaum
18 Basic Auth (and its problems)
19 Basic Auth Message POST /painter/color/object HTTP/1.1 Host: localhost:8443 Authorization: Basic c25vb3b5onbhc3m= User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 45 {"color":{"b":255,"g":0,"name":"blue","r":0}}
20 Basic Auth username+password Base64 (no auth) Password Sent 3000 TPS (HTTP+SSL) TPS (HTTP) 3000 TPS (LDAP)
21 Basic Auth username+password Base64 username+password Base64 Password Sent 3000 TPS (HTTP+SSL) Password Sent TPS (HTTP) TPS (LDAP)
22 Basic Auth - ATacks Valid Password Sent 3000 TPS (HTTP+SSL) No auth Invalid Password Sent 6000 TPS (HTTP+SSL) TPS (HTTP) 9000 TPS (LDAP)
23 OAuth 2.0 (and its problems)
24 The theory behind it
25 Based on tokens
26 Based on tokens
27 Based on tokens
28 OAuth 2 - Password Grant POST /oauth2/token Host: api.superbiz.io User-Agent: curl/ Accept: */* Content-Type: application/x-www-form-urlencoded Content-Length: 54 grant_type=password&username=snoopy&password=woodstock (LDAP) Verify Password HTTP/ OK Content-Type: application/json;charset=utf-8 Cache-Control: no-store Pragma: no-cache { "access_token":"2yotnfzfejr1zcsicmwpaa", "expires_in":3600, "refresh_token":"tgzv3jokf0xg5qx2tlkwia", } (Token Store) Generate Token
29 OAuth 2.0 Message POST /painter/color/object HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 45 {"color":{"r":0,"g":0,"b":255,"name":"blue"}}
30 OAuth 2.0 Message POST /painter/color/palette HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 45 {"color":{"r":0,"g":255,"b":0,"name":"green"}}
31 OAuth 2.0 Message POST /painter/color/select HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 44 {"color":{"r":255,"g":0,"b":0,"name":"red"}}
32 OAuth 2.0 Message POST /painter/color/fill HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 49 {"color":{"r":0,"g":255,"b":255,"name":"yellow"}}
33 OAuth 2.0 Message POST /painter/color/stroke HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 2YotnFZFEjr1zCsicMWpAA User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 49 {"color":{"r":255,"g":200,"b":255,"name":"orange"}}
34 401
35 OAuth 2 - Refresh Grant POST /oauth2/token Host: api.superbiz.io User-Agent: curl/ Accept: */* Content-Type: application/x-www-form-urlencoded Content-Length: 54 grant_type=refresh_token&refresh_token=tgzv3jokf0xg5qx2tlkwia (LDAP) HTTP/ OK Content-Type: application/json;charset=utf-8 Cache-Control: no-store Pragma: no-cache { "access_token":"6fe4jd7tmde5yw2q0y6w2w", "expires_in":3600, "refresh_token":"hyt5rw1qnh5ttg2hdtr54e", } (Token Store) Verify and Generate Token
36 Old pair Access Token 2YotnFZFEjr1zCsicMWpAA Refresh Token tgzv3jokf0xg5qx2tlkwia New pair Access Token 6Fe4jd7TmdE5yW2q0y6W2w Refresh Token hyt5rw1qnh5ttg2hdtr54e
37 OAuth 2.0 Message POST /painter/color/palette HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 6Fe4jd7TmdE5yW2q0y6W2w User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 46 {"color":{"r":0,"g":255,"b":0,"name":"green"}}
38 OAuth 2.0 Message POST /painter/color/select HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 6Fe4jd7TmdE5yW2q0y6W2w User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 44 {"color":{"r":255,"g":0,"b":0,"name":"red"}}
39 OAuth 2.0 Message POST /painter/color/fill HTTP/1.1 Host: api.superbiz.io Authorization: Bearer 6Fe4jd7TmdE5yW2q0y6W2w User-Agent: curl/ Accept: */* Content-Type: application/json Content-Length: 49 {"color":{"r":0,"g":255,"b":255,"name":"yellow"}}
40 What have we achieved? Avoid high rate username + password transit on wire Replaced by a blind «token» referencing a state on the server side Generate many «short live» passwords stored on devices Create a new. HTTP Session architecture
41 New terms, really? Password Grant? Logging in Token? Slightly less crappy password Equally crappy HTTP Session ID
42 OAuth 2 Password Sent 1000/daily (HTTP+SSL) (LDAP) 4 hops TPS backend OAuth 2 No auth Tokens Sent 3000 TPS (HTTP+SSL) 3000 TPS (token checks)
43 OAuth 2 Password Sent 1000/daily (HTTP+SSL) (LDAP) backend OAuth 2 Tokens Sent 3000 TPS (HTTP+SSL) 3000 TPS (token checks) TPS (token checks)
44 OAuth 2 Password Sent 1000/daily (HTTP+SSL) (LDAP) backend OAuth 2 Tokens Sent 3000 TPS (HTTP+SSL) 3000 TPS (token checks) TPS (token checks)
45 OAuth 2 Password Sent 1000/daily (HTTP+SSL) (LDAP) 0 hops 0 TPS backend OAuth 2 Tokens Sent 3000 TPS (HTTP+SSL) 0 TPS (token checks) 0 TPS (token checks)
46 OAuth JSON Web Tokens (JWT)
47 JSON Web Token Pronounced JOT SAML like but less verbose Fancy JSON map Base64 URL Encoded Digitally Signed (RSA-SHA256, HMAC-SHA512, etc) Possibly encrypted Built-in expira/on
48 Access Token Previously 6Fe4jd7TmdE5yW2q0y6W2w
49 Access Token Now eyjhbgcioijsuzi1niisinr5cci6ikpxvcj9.eyj0b2tlbi 10eXBlIjoiYWNjZXNzLXRva2VuIiwidXNlcm5hbWUiOiJzb m9vchkilcjhbmltywwioijizwfnbguilcjpc3mioijodhrw czovl2rlbw8uc3vwzxjiaxouy29tl29hdxromi90b2tlbii sinnjb3blcyi6wyj0d2l0dgvyiiwibwfucy1izxn0lwzyaw VuZCJdLCJleHAiOjE0NzQyODA5NjMsImlhdCI6MTQ3NDI3O TE2MywianRpIjoiNjY4ODFiMDY4YjI0OWFkOSJ9.DTfSdMz IIsC0j8z3icRdYO1GaMGl6j1I_2DBjiiHW9vmDz8OAw8Jh8 DpO32fv0vICc0hb4F0QCD3KQnv8GVM73kSYaOEUwlW0k1Ta Elxc43_Ocxm1F5IUNZvzlLJ_ksFXGDL_cuadhVDaiqmhct0 98ocefuv08TdzRxqYoEqYNo
50 Access Token Now { "alg": RS256", "typ": JWT" } { "token-type": "access-token", "username": "snoopy", "animal": "beagle", "iss": " "scopes": [ twitter, "mans-best-friend" ], "exp": , "iat": , "jti": "66881b068b249ad9" } DTfSdMzIIsC0j8z3icRdYO1GaMGl6j1I_2DBjiiHW9vmDz8OAw8Jh8DpO32fv0vICc0hb4F0QCD3 KQnv8GVM73kSYaOEUwlW0k1TaElxc43_Ocxm1F5IUNZvzlLJ_ksFXGDL_cuadhVDaiqmhct098oc efuv08tdzrxqyoeqyno
51 Access Token Now Header (JSON > Base64 URL Encoded) Describes how the token signature can be checked Payload (JSON > Base64 URL Encoded) Basically a map of whatever you want to put in it Some standard entries (called claims) such as expira/on Signature (Binary > Base64 URL Encoded The actual digital signature Made exclusively by the /oauth2/token endpoint If RSA, can be checked by anyone
52 Subtle But High Impact Architectural Change
53 What we had (quick recap)
54 (LDAP) Pull User Info From IDP
55 (LDAP) Generate an Access Token (pointer)
56 (LDAP) Insert both into DB
57 (LDAP) Send Access Token (pointer) to client
58 Results Client Holds Pointer Server Holds State
59 What we can do now (Hello JWT!)
60 (LDAP) Pull User Info From IDP
61 (LDAP) Format the data as JSON
62 (LDAP) RSA-SHA 256 sign JSON private
63 (LDAP) Insert only pointer into DB (for revoca9on)
64 (LDAP) Send Access Token (state) to client
65 Desired Results Client Holds State Server Holds Pointer
66
67 OAuth 2 - Password Grant POST /oauth2/token Host: api.superbiz.io User-Agent: curl/ Accept: */* Content-Type: application/x-www-form-urlencoded Content-Length: 54 grant_type=password&username=snoopy&password=woodstock (LDAP) Verify Password HTTP/ OK Content-Type: application/json;charset=utf-8 Cache-Control: no-store Pragma: no-cache { "access_token":"eyjhbgcioijsuzi1niisinr5cci6ikpxvcj9. eyj0b2tlbi10exblijoiywnjzxnzlxrva2vuiiwidxnlcm5hb WUiOiJzbm9vcHkiLCJhbmltYWwiOiJiZWFnbGUiLCJpc3M ioijodhrwczovl2rlbw8uc3vwzxjiaxouy29tl29hdxrom i90b2tlbiisinnjb3blcyi6wyj0d2l0dgvyiiwibwfucy1izxn0 LWZyaWVuZCJdLCJleHAiOjE0NzQyODA5NjMsImlhdCI6M TQ3NDI3OTE2MywianRpIjoiNjY4ODFiMDY4YjI0OWFkOSJ 9.DTfSdMzIIsC0j8z3icRdYO1GaMGl6j1I_2DBjiiHW9vmDz8 OAw8Jh8DpO32fv0vICc0hb4F0QCD3KQnv8GVM73kSYaO EUwlW0k1TaElxc43_Ocxm1F5IUNZvzlLJ_ksFXGDL_cuadh VDaiqmhct098ocefuv08TdzRxqYoEqYNo", "expires_in":3600, "refresh_token":"eyjhbgctgzv3jokf0xg5qx2tlkwiakf0x. eyj0b2tlbi10exblijoiywnjzxnzlxrva2vuiiwidxnlcm5hb WUiOiJzbm9vcHkiLCJhbmltYWwiOiJiZWFnbGUiLCJpc3M ioijodhrwczovl", } (Token ID Store) Generate Signed Token
68 OAuth 2.0 Message with JWT POST /painter/color/palene HTTP/1.1 Host: api.superbiz.io AuthorizaEon: Bearer eyjhbgcioijsuzi1niisinr5cci6ikpxvcj9.eyj0b2tlbi10exblijoiywnjzxnzlxr va2vuiiwidxnlcm5hbwuioijzbm9vchkilcjhbmltywwioijizwfnbguilcjpc3mioijodhrwczovl2rlbw8uc3vwzxj iaxouy29tl29hdxromi90b2tlbiisinnjb3blcyi6wyj0d2l0dgvyiiwibwfucy1izxn0lwzyawvuzcjdlcjlehaioje0nzqy ODA5NjMsImlhdCI6MTQ3NDI3OTE2MywianRpIjoiNjY4ODFiMDY4YjI0OWFkOSJ9.DTfSdMzIIsC0j8z3icRdYO1GaMGl 6j1I_2DBjiiHW9vmDz8OAw8Jh8DpO32fv0vICc0hb4F0QCD3KQnv8GVM73kSYaOEUwlW0k1TaElxc43_Ocxm1F5IUNZ vzllj_ksfxgdl_cuadhvdaiqmhct098ocefuv08tdzrxqyoeqyno User-Agent: curl/ Accept: */* Content-Type: applica/on/json Content-Length: 46 {"color":{"b":0,"g":255,"r":0,"name":"green"}}
69 OAuth 2 + JWT 4 hops Password Sent 1000/daily (HTTP+SSL) (LDAP) TPS backend OAuth 2 Tokens Sent 3000 TPS (HTTP+SSL) 3000 TPS (signature verifica/on) (public key) 0.27 TPS (refresh token checks) (private key) TPS (signature verifica/on)
70 OAuth 2 + JWT 4 hops Password Sent 1000/daily (HTTP+SSL) Valid Tokens Sent 3000 TPS (HTTP+SSL) Invalid Tokens Sent (LDAP) 9000 TPS (signature verifica/on) TPS backend 6000 TPS (HTTP+SSL) (public key) 0.27 TPS (refresh token checks) (private key) TPS (signature verifica/on)
71 Microprofile #RESTSecurity
72 What is it? hnps://microprofile.io/ Enterprise Java for Microservices Open Source Hosted at Eclipse Founda/on Ini/al version 1.0 focused on CDI, JAX-RS and JSON-P
73 Where are we at? Currently at version 1.3 Configura/on, Fault Tolerance, JWT, Health Checks, Metrics, Open Tracing, Open API and REST Client A version 2.0 is planed soon
74 Who is involved?
75 Why? Increasing number of specifica/ons in Java EE Need for a smaller subset to build micro services Need for quick changes (/me to market)
76 What implementaeons?
77 Microprofile JWT Most current version 1.0 Role Based Access Control Very lightweight and interoperable way to propagate iden//es 1.1 in progress Keys (JWKS) Standard configura/on (Microprofile Config)
78 Goals Extract and verify the token Iden/fy the caller Enforce authoriza/on policies
79 Demo #RESTSecurity
80 Thank You!
Connect. explained. Vladimir Dzhuvinov. :
Connect explained Vladimir Dzhuvinov Email: vladimir@dzhuvinov.com : Twitter: @dzhivinov Married for 15 years to Java C Python JavaScript JavaScript on a bad day So what is OpenID Connect? OpenID Connect
More informationUsing OAuth 2.0 to Access ionbiz APIs
Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and
More informationOAuth and OpenID Connect (IN PLAIN ENGLISH)
OAuth and OpenID Connect (IN PLAIN ENGLISH) NATE BARBETTINI @NBARBETTINI @OKTADEV A lot of confusion around OAuth. Terminology and jargon Incorrect advice Identity use cases (circa 2007) Simple login forms
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationProtect Your API with OAuth 2. Rob Allen
Protect Your API with OAuth 2 Authentication Know who is logging into your API Rate limiting Revoke application access if its a problem Allow users to revoke 3rd party applications How? Authorization header:
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationEclipse Incubator. https://projects.eclipse.org/projects/technology.microprofile - ASLv2 License.
Current Status 1 Eclipse Incubator https://projects.eclipse.org/projects/technology.microprofile - ASLv2 License http://microprofile.io/ - Home Page https://github.com/eclipse - Eclipse Foundation GitHub
More informationfredag 7 september 12 OpenID Connect
OpenID Connect OpenID Connect Necessity for communication - information about the other part Trust management not solved! (1) OP discovery The user provides an identifier (for instance an email address)
More informationCS144: Sessions. Cookie : CS144: Web Applications
CS144: Sessions HTTP is a stateless protocol. The server s response is purely based on the single request, not anything else Q: How does a web site like Amazon can remember a user and customize its results?
More informationOpenID Connect Opens the Door to SAS Viya APIs
Paper SAS1737-2018 OpenID Connect Opens the Door to SAS Viya APIs Mike Roda, SAS Institute Inc. ABSTRACT As part of the strategy to be open and cloud-ready, SAS Viya services leverage OAuth and OpenID
More informationPAS for OpenEdge Support for JWT and OAuth Samples -
PAS for OpenEdge Support for JWT and OAuth 2.0 - Samples - Version 1.0 November 21, 2017 Copyright 2017 and/or its subsidiaries or affiliates. All Rights Reserved. 2 TABLE OF CONTENTS INTRODUCTION... 3
More informationNordea e-identification Service description
Nordea e-identification Service description October 2018 1 Change log Version Description/ Changes 1.0 Initial version 1.1 Minor updates to examples & service hours October 2018 2 Contents Change log...
More informationAuthentication and Authorization of End User in Microservice Architecture
Journal of Physics: Conference Series PAPER OPEN ACCESS Authentication and Authorization of End User in Microservice Architecture To cite this article: Xiuyu He and Xudong Yang 2017 J. Phys.: Conf. Ser.
More informationNetIQ Access Manager 4.4. REST API Guide
NetIQ Access Manager 4.4 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationWeb Based Single Sign-On and Access Control
0-- Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding 1 Table of Content FAS as an authorization server 3 1 OpenID Connect Authorization Code Request and Response 4 1.1 OPENID CONNECT AUTHORIZATION CODE
More informationOpen Java EE and Eclipse MicroProfile - A New Java Landscape for Cloud Native Apps
EclipseCon Europe 2017 Open Java EE and Eclipse MicroProfile - A New Java Landscape for Cloud Native Apps Kevin Sutter MicroProfile and Java EE Architect @kwsutter Emily Jiang MicroProfile Development
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationEasily Secure your Microservices with Keycloak. Sébastien Blanc Red
Easily Secure your Microservices with Keycloak Sébastien Blanc Red Hat @sebi2706 Keycloak? Keycloak is an open source Identity and Access Management solution aimed at modern applications and services.
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More informationThe SciTokens Authorization Model: JSON Web Tokens & OAuth
The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney Brian Bockelman This material is based upon work supported by the National Science
More informationEclipse MicroProfile with Thorntail (formerly WildFly Swarm)
Eclipse MicroProfile with Thorntail (formerly WildFly Swarm) John Clingan Senior Principal Product Manager Ken Finnigan Senior Principal Software Engineer EVOLUTION OF MICROSERVICES (2014 -?) Application
More informationNetIQ Access Manager 4.3. REST API Guide
NetIQ Access Manager 4.3 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationEclipse MicroProfile: Accelerating the adoption of Java Microservices
Eclipse MicroProfile: Accelerating the adoption of Java Microservices Emily Jiang twitter @emilyfhjiang 10 th October 2017 What is Eclipse MicroProfile? Eclipse MicroProfile is an open-source community
More informationSAS Event Stream Processing 4.2: Security
SAS Event Stream Processing 4.2: Security Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically, you
More informationTELIA OPERATOR SERVICE PLATFORM
TELIA OPERATOR SERVICE PLATFORM OMA Authorization REST API Guide Copyright 2017 Aepona Limited, and copyright 2017 Telia All rights reserved by respective owners. Revision: 6.0 Legal Information Legal
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationMicroProfile: Optimizing Java EE For a Microservices Architecture
MicroProfile: Optimizing Java EE For a Microservices Architecture John Clingan Senior Principal Product Manager Ken Finnigan Principal Software Engineer Enterprise Java Standards History MicroProfile Background
More informationOAuth 2.0 Guide. ForgeRock Access Management 5.5. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US)
OAuth 2.0 Guide ForgeRock Access Management 5.5 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2017 ForgeRock AS. Abstract Guide
More informationIntegrating with ClearPass HTTP APIs
Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,
More informationAdvanced API Security
Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation
More informationOAuth 2.0 Guide. ForgeRock Access Management 5.1. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US)
OAuth 2.0 Guide ForgeRock Access Management 5.1 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2017 ForgeRock AS. Abstract Guide
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationCombination of the PEAP Protocol with EAP-OpenID Connect
University of Piraeus Department of Digital Systems Postgraduate Program «Digital Systems Security» Academic Year 2017-2018 (ΨΣ-ΑΦ-888) MSc Dissertation Combination of the PEAP Protocol with EAP-OpenID
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More informationSAS Event Stream Processing 4.3: Security
SAS Event Stream Processing 4.3: Security Enabling Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically,
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationRelease 3.0. Delegated Admin Application Guide
Release 3.0 Delegated Admin Application Guide Notice PingDirectory Product Documentation Copyright 2004-2018 Ping Identity Corporation. All rights reserved. Trademarks Ping Identity, the Ping Identity
More informationIntroduction to SciTokens
Introduction to SciTokens Brian Bockelman, On Behalf of the SciTokens Team https://scitokens.org This material is based upon work supported by the National Science Foundation under Grant No. 1738962. Any
More informationThe PureEngage Cloud API. Jim Crespino Director, Developer Enablement
The PureEngage Cloud API Jim Crespino Director, Developer Enablement The PureEngage Cloud API Analogous to the Platform SDK for PureEngage Premise Monolithic (v8.5) -> Microservices (v9.0) Architecture
More informationpython-jose Documentation
python-jose Documentation Release 0.2.0 Michael Davis May 21, 2018 Contents 1 Contents 3 1.1 JSON Web Signature........................................... 3 1.2 JSON Web Token............................................
More informationBlack Box DCX3000 / DCX1000 Using the API
Black Box DCX3000 / DCX1000 Using the API updated 2/22/2017 This document will give you a brief overview of how to access the DCX3000 / DCX1000 API and how you can interact with it using an online tool.
More informationClickToCall SkypeTest Documentation
ClickToCall SkypeTest Documentation Release 0.0.1 Andrea Mucci August 04, 2015 Contents 1 Requirements 3 2 Installation 5 3 Database Installation 7 4 Usage 9 5 Contents 11 5.1 REST API................................................
More informationIdentity and Data Access: OpenID & OAuth
Feedback: http://goo.gl/dpubh #io2011 #TechTalk Identity and Data Access: OpenID & OAuth Ryan Boyd @ryguyrg https://profiles.google.com/ryanboyd May 11th 2011 Agenda Feedback: http://goo.gl/dpubh #io2011
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationWEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F
WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization
More informationDemystifying Microservices for Java EE Developers
Demystifying Microservices for Java EE Developers David R. Heffelfinger @ensode Follow me on Twitter! @ensode 1 About me David R. Heffelfinger Independent consultant based in Fairfax, VA Author of several
More informationAuthentication with OAuth 2.0
Authentication with OAuth 2.0 The OAuth 2.0 specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth
More informationovirt SSO Specification
ovirt SSO Specification Behavior Changes End user visible changes The password delegation checkbox at user portal login is now a profile setting. Sysadmin visible changes Apache negotiation URL change
More informationContainer-Native Applications
Container-Native Applications Security, Logging, Tracing Matthias Fuchs, @hias222 DOAG 2018 Exa & Middleware Days, 2018/06/19 Microservice Example Flow Oracle Cloud Details Logging Security, OAuth, TLS
More informationScaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization
Scaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization 1 About Me Drupal Security Team Database Maintainer Service Mgmt for RHEL/Ubuntu Committer Scalable CGroups Management
More informationTECHNICAL GUIDE SSO JWT. At 360Learning, we don t make promises about technical solutions, we make commitments.
1 TECHNICAL GUIDE SSO JWT At 360Learning, we don t make promises about technical solutions, we make commitments. This technical guide is part of our Technical Documentation. Version 1.4 2 360Learning is
More informationflask-jwt Documentation
flask-jwt Documentation Release 0.3.2 Dan Jacob Nov 16, 2017 Contents 1 Links 3 2 Installation 5 3 Quickstart 7 4 Configuration Options 9 5 API 11 6 Changelog 13 6.1 Flask-JWT Changelog..........................................
More informationOptimizing Enterprise Java for a Microservices Architecture Otávio
Optimizing Enterprise Java for a Microservices Architecture Otávio Santana @otaviojava otaviojava@apache.org Enterprise Java Standards History J2EE 1.2 2000 Release Cadence J2EE 1.3 J2EE 1.4 2005 Java
More informationOracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware API Gateway OAuth User Guide 11g Release 2 (11.1.2.2.0) August 2013 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.2.0) Copyright 1999, 2013, Oracle and/or its affiliates.
More informationJakartaEE and the road ahead An ASF View. Mark Struberg, RISE GmbH, Apache Software Foundation, INSO TU Wien
JakartaEE and the road ahead An ASF View Mark Struberg, RISE GmbH, Apache Software Foundation, INSO TU Wien About me Mark Struberg 25 years in the industry Apache Software Foundation member struberg [at]
More informationBuilding the Modern Research Data Portal. Developer Tutorial
Building the Modern Research Data Portal Developer Tutorial Thank you to our sponsors! U. S. DEPARTMENT OF ENERGY 2 Presentation material available at www.globusworld.org/workshop2016 bit.ly/globus-2016
More informationOAuth at Interactive Brokers
OAuth at Interactive Brokers November 9, 2017 1 Consumer Registration Consumers will need to provide the following in order to register as an authorized oauth consumer with Interactive Brokers. 1. A 2048-bit
More informationDistributing Secrets. Securely? Simo Sorce. Presented by. Red Hat, Inc.
Distributing Secrets Securely? Presented by Simo Sorce Red Hat, Inc. Flock 2015 Historically Monolithic applications on single servers potentially hooked to a central authentication system. Idm Distributing
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationHKWirelessHD API Specification
HKWirelessHD API Specification Release 1.0 Harman International June 22, 2016 Contents 1 Overview 3 2 Contents 5 2.1 Introduction............................................... 5 2.2 HKWirelessHD Architecture
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationE POSTBUSINESS API Login-API Reference. Version 1.1
E POSTBUSINESS API Login-API Reference Imprint Software and documentation are protected by copyright and may not be copied, reproduced, stored, translated, or otherwise reproduced without the written approval
More informationHow to use or not use the AWS API Gateway for Microservices
How to use or not use the AWS API Gateway for Microservices Presented by Dr. Martin Merck Wednesday 26 September 2018 What is an API Gateway Traits AWS API Gateway Features of API gateway OAuth2.0 Agenda
More informationSecuring Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward
Securing Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward Security / 2018-11-22 About Me Farshad Abasi Based in:
More informationApplication Interface Services Server Reference Guide Tools Release 9.2
[1]JD Edwards EnterpriseOne Application Interface Services Server Reference Guide Tools Release 9.2 E61545-09 April 2018 Describes the configuration of the Application Interface Services (AIS) Server which
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationFrom Java EE to Jakarta EE. A user experience
From Java EE to Jakarta EE A user experience A few words about me blog.worldline.tech @jefrajames Speaker me = SpeakerOf.setLastName( James ).setfirstname( Jean-François ).setbackgroundinyears(32).setmindset(
More informationSAS Viya 3.3 Administration: Authentication
SAS Viya 3.3 Administration: Authentication Authentication: Overview...................................................................... 1 Authentication: How To........................................................................
More informationOracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.3.0) April 2014 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.3.0) Copyright 1999, 2014, Oracle and/or its
More informationWeb Service OCLC
7 January 2014 Responsible Authentication for APIs Web Service Keys @ OCLC Steve Meyer Technical Product Manager, WorldShare Platform Shelley Hostetler Community Manager, WorldShare Platform OCLC @oclcdevnet
More informationBaasBox. Open Source Backend as a Service. Otto Hylli
BaasBox Open Source Backend as a Service Otto Hylli Overview (1/2) Developed by BaasBox an Italian startup company Project was declared started on 1st of July 2012 on the BaasBox blog Open source under
More informationEMS Platform Services Installation & Configuration Guides
EMS Platform Services Installation & Configuration Guides V44.1 Last Updated: August 7, 2018 EMS Software emssoftware.com/help 800.440.3994 2018 EMS Software, LLC. All Rights Reserved. Table of Contents
More informationAVOIDING SPEED BUMPS ON THE ROAD TO MICROSERVICES. Scott Shaw Head of Technology, ThoughtWorks Australia
AVOIDING SPEED BUMPS ON THE ROAD TO MICROSERVICES Scott Shaw Head of Technology, ThoughtWorks Australia 1 MICROSERVICE ENVY GOOGLE TRENDS DATA service oriented architecture microservices 2 THE SPEED X
More informationGetting and Using a MapKit JS Key
#WWDC18 Getting and Using a MapKit JS Key Session 508 Eric Gelinas, MapKit JS 2018 Apple Inc. All rights reserved. Redistribution or public display not permitted without written permission from Apple.
More informationForgeRock Access Management Core Concepts AM-400 Course Description. Revision B
ForgeRock Access Management Core Concepts AM-400 Course Description Revision B ForgeRock Access Management Core Concepts AM-400 Description This structured course comprises a mix of instructor-led lessons
More informationThe OAuth 2.0 Authorization Protocol
The OAuth 2.0 Authorization Protocol Abstract The OAuth 2.0 authorization protocol enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by
More informationRESTful API Design APIs your consumers will love
RESTful API Design APIs your consumers will love Matthias Biehl RESTful API Design Copyright 2016 by Matthias Biehl All rights reserved, including the right to reproduce this book or portions thereof in
More informationMicroservices mit Java, Spring Boot & Spring Cloud. Eberhard Wolff
Microservices mit Java, Spring Boot & Spring Cloud Eberhard Wolff Fellow @ewolff What are Microservices? Micro Service: Definition > Small > Independent deployment units > i.e. processes or VMs > Any technology
More informationStorageGRID Webscale 11.0 Tenant Administrator Guide
StorageGRID Webscale 11.0 Tenant Administrator Guide January 2018 215-12403_B0 doccomments@netapp.com Table of Contents 3 Contents Administering a StorageGRID Webscale tenant account... 5 Understanding
More informationEnabling SAS Event Stream Processing Authentication
Enabling SAS Event Stream Processing Authentication One of the new features of SAS Event Stream Processing 3.2 was the introduction of optional authentication between clients and servers. Authentication
More informationChatWork API Documentation
ChatWork API Documentation 1. What s ChatWork API? 2. ChatWork API Endpoints 3. OAuth 4. Webhook What s ChatWork API? ChatWork API is an API provided for developers to programmatically interact with ChatWork's
More informationBeyond Virtual Machines: Tapping into the AWS Universe from FileMaker
Beyond Virtual Machines: Tapping into the AWS Universe from FileMaker ITG06 Jesse Barnum President, 360Works FILEMAKER DEVCON 2018 AUGUST 6-9 GRAPEVINE, TX Jesse founded 360Works in 1996 Primary or original
More informationAccount Activity Migration guide & set up
Account Activity Migration guide & set up Agenda 1 2 3 4 5 What is the Account Activity (AAAPI)? User Streams & Site Streams overview What s different & what s changing? How to migrate to AAAPI? Questions?
More informationOn the (in-)security of JavaScript Object Signing and Encryption. Dennis Detering
On the (in-)security of JavaScript Object Signing and Encryption Dennis Detering 2 Introduction Dennis Detering IT Security Consultant dennis.detering@cspi.com dennis.detering@rub.de @Merenon Christian
More informationOneLogin SCIM. Table of Contents. Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6
OneLogin SCIM Table of Contents Summary... 2 System Requirements... 2 Installation & Setup... 2 Contact Us... 6 1 This guide provides set-up instructions for using LastPass with OneLogin as your Identity
More informationThe Current State of OAuth 2. Aaron Open Source Bridge Portland, June 2011
The Current State of OAuth 2 Aaron Parecki Open Source Bridge Portland, June 2011 A Brief History Before OAuth aka the Dark Ages If a third party wanted access to an account, you d give them your password.
More informationIBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion.
Please note Copyright 2018 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM IBM s statements
More informationInland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE
Inland Revenue Build Pack Identity and Access Services Date: 04/09/2017 Version: 1.5 IN CONFIDENCE About this Document This document is intended to provide Service Providers with the technical detail required
More informationModern Identity Management Patterns for Microservices and Mobile
SESSION ID: SDS-F04 Modern Identity Management Patterns for Microservices and Mobile Mark Perry APAC CTO Ping Identity @markperryau IT S A NEW WORLD Everything s Mobile 2 IT S A NEW WORLD Agile Backend
More informationMicroProfile - New and Noteworthy
MicroProfile - New and Noteworthy Ivar Grimstad Principal Consultant, Cybercom Sweden https://github.com/ivargrimstad https://www.linkedin.com/in/ivargrimstad Background MicroProfile Demo and Samples Monolithic
More informationCreate and Secure Your REST APIs with Apache CXF
Create and Secure Your REST APIs with Apache CXF Andrei Shakirin, Talend ashakirin@talend.com ashakirin.blogspot.com Agenda REST Principles in API Design Using CXF JAX-RS Features Secure REST API AboutMe
More informationOracle Communications WebRTC Session Controller
Oracle Communications WebRTC Session Controller Security Guide Release 7.0 E40975-01 November 2013 Oracle Communications WebRTC Session Controller Security Guide, Release 7.0 E40975-01 Copyright 2013,
More informationCoding Intro to APIs and REST
DEVNET-3607 Coding 1001 - Intro to APIs and REST Matthew DeNapoli DevNet Developer Evangelist Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationOpenIAM Identity and Access Manager Technical Architecture Overview
OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...
More informationManaging Protected and Controlled Data with Globus. Vas Vasiliadis
Managing Protected and Controlled Data with Globus Vas Vasiliadis vas@uchicago.edu Globus SaaS: Research data lifecycle Instrument 1 Researcher initiates transfer request; or requested automatically by
More information