Blockchain Data Integrity User Guide. Implementation of Service in Predix
|
|
- Ada Marshall
- 6 years ago
- Views:
Transcription
1 Blockchain Data Integrity User Guide Implementation of Service in Predix Rev C Ericsson AB 2016
2 Blockchain Data Integrity 2 (29) Contents 1 Overview of Blockchain Data Integrity Three main functions of the service Generating a keyless signature for data Extending a keyless signature Verifying the integrity of signed data Interface API Signature request Signature extension request Signature verification request Success response Error response Using Blockchain Data Integrity with Predix Deleting a Blockchain Data Integrity instance Code examples Common code Using the Blockchain Data Integrity Client Software Development Kit Example without using the SDK Support FAQ Abbreviations... 29
3 Blockchain Data Integrity 3 (29) 1 Overview of Blockchain Data Integrity Ericsson s data integrity service, known as Blockchain Data Integrity, provides the ability for an application developer to provide data integrity for an application s users using a Keyless Signature Infrastructure (KSI ) via a RESTful API. Current data integrity functions allow users to: generate a non-reversible signature for user data extend the signature or publicize it verify that the current version of the user data has not been altered and that it matches the non-reversible signature Blockchain Data Integrity allows a developer to ensure that a collection of data has not been tampered with since a digital signature has been assigned. Verifying the signature guarantees that the data has not been modified since the signature was applied. The integrity of the data or digital asset is one of three core tenets of security, along with availability and confidentiality. This integrity aspect can be applied within Predix in two general ways, each having a specific application based on the industry vertical. The first role for the service is in providing evidence and proof of regulatory or process compliance. One core aspect of Predix is to support analytics of information flowing from industrial devices through Predix to generate insights and produce business impacts. Given the importance of these business impacts, it can be critical to be certain that the analysis has not been ruined by modified data inputs (inadvertent or deliberate). Verifying the integrity of the data inputs before using the results can be a key trust anchor for using the analytic results. For industry verticals that are under regulatory scrutiny, such as NERC/FERC, the integrity of the data from a particular industrial system may be a compliance requirement or audit point. The Blockchain Data Integrity service is used to verify that no data has been tampered with during an analytic process or during a process that is under regulatory control. The second role for the service is in providing for the security of an industrial device attached to Predix. In this case, the various configuration elements of the industrial device are verified as being in a proper state at a given time. Some aspects of the machine s configuration whether the underlying software or the machine s settings will often be updated by Predix analytics. Again, for regulatory reasons or security considerations, being able to verify the integrity of the configuration before a machine is placed into service is a critical aspect of security. This integrity element of security again comes into play in many industrial regulatory environments as cybersecurity for Internet of Things (IoT) devices becomes a concern.
4 Blockchain Data Integrity 4 (29) 2 Three main functions of the service Blockchain Data Integrity provides three main functions: generating a keyless signature for data, extending a keyless signature, and verifying the integrity of the signed data Generating a keyless signature for data When generating a signature for a piece of user data, typically a file, an SHA-256 hash value of the user data must be supplied (note: these hash algorithms are supported: SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD160). An SHA-256 hash is an almost-unique fixed-size cryptographic value generated from a piece of data, and it cannot be reversed to obtain the original data. This hash value is delivered to the Blockchain Data Integrity service and combined with many other variables outside of the user s control to generate a unique signature that cannot be decrypted to obtain the user data. This signature must be stored by the application consuming this service and used as proof of data integrity Extending a keyless signature On a monthly basis, Ericsson publishes the top root hash of a calendar blockchain to extend the keyless signature. When extending a signature, the signature stored by the application must be provided to the Blockchain Data Integrity service to have it extended to the published value. Extending a signature involves inserting the hash value for the publication code, or published hash value. This allows the validation of the data offline with a code published monthly in both Twitter and the Financial Times Verifying the integrity of signed data When verifying the integrity of a previously signed piece of user data, the signature stored by the client application must be provided to Blockchain Data Integrity to validate the signature. If the service successfully validates the signature, the service responds back with the expected SHA-256 hash value of the data referenced by the signature. The final step of the verification is performed by the application: generating its own SHA- 256 hash value of the user data, and comparing this current file hash value against the service s expected hash value to determine whether they match. If the hashes match, the user can be confident that the data has not been changed or tampered with since it was previously signed. If a subsequent change to the signed data was made by an attacker, the fraudulent change will be detectable; the signature will not be validated because re-hashing is performed. When verification fails, the user can take the appropriate action to correct the data and restore it to original values. 2.2 Interface API All service requests must include the request headers noted in Table 1: Request Headers.
5 Blockchain Data Integrity 5 (29) Table 1: Request Headers Header Predix-Zone-Id Authentication Value <Service Instance Id> bearer <token>
6 Blockchain Data Integrity 6 (29) Signature request When generating a signature for a piece of user data (typically a file), an SHA-256 hash value of the user data must be supplied to Blockchain Data Integrity. Request and response messages are encoded in JSON format.
7 Blockchain Data Integrity 7 (29) Signature extension request The signature extension request message requires the signature token as a parameter. This signature token was saved by the application after user data was successfully signed by the Blockchain Data Integrity service. Note that a signature must be at least 30 days old or have a suitable publication before it can be extended.
8 Blockchain Data Integrity 8 (29) Signature verification request The signature verification request message requires the signature token as a parameter. This signature token was saved by the application after the user data was successfully signed by the Blockchain Data Integrity service.
9 Blockchain Data Integrity 9 (29) Success response All success responses have the same format and are encoded in JSON. Some fields may be optional and are not always included in the response messages. For example, the publicationrecord field and its sub-fields are not present in the response message until the signature has been extended. Table 2: Success Response (HttpStatus = 200 OK) Parameter details {aggregationtime, datahash {algorithm, value, identity, publicationrecord {datahash {algorthim, value, publicationcode, Description Nested JSON containing aggregationtime, datahash, identity, and publicationrecord Timestamp Nested JSON containing algorithm and value SHA-256 Base 64 encoded SHA-256 hash string value String Nested JSON containing datahash, publicationcode, publicationreferences[ ], publicationrepositoryuris[ ], and publicationtime Nested JSON containing algorithm and value SHA-256 Base 64 encoded SHA-256 hash string value String publicationreferences[ ], [ String ] publicationrepositoryuirs[ ], [ String ] publicationtime, signature, verificationresult {policyresults[ ] {policy, Timestamp String Nested JSON containing policyresults[ ] and status Array of nested JSON containing policy, policyresultcode, and verificationerror String
10 Blockchain Data Integrity 10 (29) policyresultcode, verificationerror, status String String String { "details": { "aggregationtime": 0, "datahash": { "algorithm": "SHA-256", "value": "GHgonhozPdhQkdMPABufb57U1CjVfgSb0OvU28ib0hA=", "identity": "string", "publicationrecord": { "datahash": { "algorithm": "SHA-256", "value": "GHgonhozPdhQkdMPABufb57U1CjVfgSb0OvU28ib0hA=", "publicationcode": "string", "publicationreferences": ["string"], "publicationrepositoryuris": ["string"], "publicationtime": 0, "signature": "string", "verificationresult": { "policyresults": [{ "policy": "string", "policyresultcode": "OK", "verificationerror": "GEN_1" ], "status": "OK"
11 Blockchain Data Integrity 11 (29) Error response All error responses have the same format. Like success responses, error responses are also encoded in JSON. Table 3: Error Response (HttpStatus!= 200 OK) Parameter errorcode errormessage requestid timestamp Description Machine readable error code that classifies the fault. (INVALID_REQUEST, NOT_FOUND, INTERNAL_SERVER_ERROR) Human-readable error message Message requestid Date and time of the error, expressed as milliseconds since January 1, 1970 (UTC)
12 Blockchain Data Integrity 12 (29) 2.3 Using Blockchain Data Integrity with Predix 1. Create and package your application. For guidelines about how to develop an application that is compatible with the cloud environment, see 2. Log in to your Cloud Foundry account. cf login 3. Change to the project folder where your application is located. cd <file_path>/<application_name> 4. Push the application to Cloud Foundry: cf push <application_name> Note: If you provide the application name in a manifest file, you do not have to provide the application name in the command. You can instead enter the following: cf push 5. List the available applications: cf apps You see the application you pushed with a STOPPED status. It cannot start until you create an instance of the Blockchain Data Integrity service and bind it to the application. 6. List the services in the Cloud Foundry marketplace:
13 Blockchain Data Integrity 13 (29) cf marketplace You can see the Blockchain Data Integrity service and associated plans. 7. Create a Blockchain Data Integrity service instance: cf create-service blockchain-data-integrity <plan> <myblockchain-data-integrity_service_instance> -c { trustedissuerids : [ ] where: <plan> is the plan associated with a service. <my-blockchain-data-integrity_service_instance> is the service instance you are creating. <UAA_instance> is the UAA service instance which will provide the OAuth token when interacting with the Blockchain Data Integrity service 8. Bind your application to your service instance: cf bind-service <application_name> <my- blockchain-dataintegrity_service_instance> 9. Restage your application to ensure the environment variable changes take effect: cf restage <application_name> 10. To view the environment variables for your application, enter the following command: cf env <application_name>
14 Blockchain Data Integrity 14 (29) A subset of the environment variables consists of the following information: credentials: { zone: { http-header-name: Predix-Zone-Id http-header-value: <serviceinstanceid> oauth-scope: <servicedefinitionid>.zones.<serviceinstanceid>.user uri: The application must also be bound to a UAA instance. The application should have a client ID defined in the UAA with permissions granted to the scope defined in by the oauth-scope value. All service requests must include the following two headers: Predix-Zone-Id, with the value defined in http-header-value Authorization, with the value of bearer <token> where <token> is the OAuth token value for the client ID created in the UAA for the application. 11. To view a list of available service instances, run the following command: cf services You can see your newly created service instance, as well as any other service instances used for the application.
15 Blockchain Data Integrity 15 (29) 2.4 Deleting a Blockchain Data Integrity instance You can remove the application and the service instance. 1. Log in to your Cloud Foundry account. cf login 2. Stop the application by entering the following command: cf stop <application_name> 3. Unbind your Blockchain Data Integrity service instance from the application. cf us <application_name> <my- blockchain-dataintegrity_service_instance> 4. Destroy the application. cf d <application_name> 5. Destroy the instance of the Blockchain Data Integrity service. cf ds <my- blockchain-data-integrity_service_instance> The application and service instance are decommissioned.
16 Blockchain Data Integrity 16 (29) 2.5 Code examples Common code Generating the SHA-256 hash for a file The following code shows an example of generating the SHA-256 hash for a user data file. public String getfilehash(string fname) { // Generate a file hash using SHA-256. // 1 Mb buffer int buff = ; FileInputStream fis = new FileInputStream(fName); MessageDigest hashsum = MessageDigest.getInstance("SHA-256"); byte[] buffer = new byte[buff]; int nread = 0; while ((nread = fis.read(buffer))!= -1) { hashsum.update(buffer, 0, nread); ; byte[] partialhash = hashsum.digest(); fis.close(); byte[] encodedpartialhash = Base64.encodeBase64(partialHash); String encodedhashstr = (new String(encodedPartialHash)). replaceall("\n", ""); return encodedhashstr;
17 Blockchain Data Integrity 17 (29) Using the Blockchain Data Integrity Client Software Development Kit Blockchain Data Integrity provides a client software development kit (SDK) that makes it easier and faster for software developers to write applications that communicate with Blockchain Data Integrity within GE Predix. The SDK contains a set of APIs that allow application developers to perform Blockchain Data Integrity functions, including signing data as well as verifying and extending signatures from client-side applications. The SDK can be downloaded from the following web page: The following lists the possible classes that can be included and used. // Main client class import com.ericsson.diaapi.client.diaclient; // Model classes import com.ericsson.diaapi.model.datahash; import com.ericsson.diaapi.model.details; import com.ericsson.diaapi.model.detailsrequest; import com.ericsson.diaapi.model.errorresponse; import com.ericsson.diaapi.model.extensionrequest; import com.ericsson.diaapi.model.policyresults; import com.ericsson.diaapi.model.publicationrecord; import com.ericsson.diaapi.model.signature; import com.ericsson.diaapi.model.signaturerequest; import com.ericsson.diaapi.model.verificationrequest; // Exception classes import com.ericsson.diaapi.exception.diaconnectionexception; import com.ericsson.diaapi.exception.diainternalexception;
18 Blockchain Data Integrity 18 (29) Client provisioning The client defines a client interface API to communicate with Blockchain Data Integrity. The following code shows an example of provisioning the client. The uri parameter provides the route to the Blockchain Data Integrity service. The instanceid parameter provides the service instance ID being used.... // Retrieve uri and instanceid from the VCAP SERVICES // environment variable. // Instantiate DIA client. try { diaclient = new DiaClient(uri, instanceid); catch (MalformedURLException e) { e.printstacktrace(); catch (URISyntaxException e) { e.printstacktrace();...
19 Blockchain Data Integrity 19 (29) APIs Usage of the Blockchain Data Integrity service is facilitated by calling the following APIs provided by the client SDK. These APIs send a POST message to Blockchain Data Integrity based on the client provisioning performed earlier. Sign Verify Extend Sign (create signature) The code shown below for invoking the sign method sends a signature request to the Blockchain Data Integrity service and provides the result. Internally, an HTTP POST request containing the appropriate message headers and body is sent to the service, which then sends the response back to the client application.... // - filehash contains the generated SHA-256 file hash // of the user data to be signed. // - token contains the bearer token from the UAA Client Id // to be used in the Authorization header in the POST message // to the data integrity assurance service. // - Note: other hash algorithms are accepted: // SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD160 SignatureRequest requestdata = new SignatureRequest(); requestdata.setdatahash("sha-256", filehash); try { // Sign file Signature signresp = diaclient.sign(requestdata, token); catch (DiaConnectionException e) { e.printstacktrace(); catch (DiaInternalException e) { e.printstacktrace();...
20 Blockchain Data Integrity 20 (29) Verify (verify signature) The code shown below for invoking the verify method sends a verification request to the Blockchain Data Integrity service and provides the result. Internally, an HTTP POST request containing the appropriate message headers and body is sent to the service, which then sends the response back to the client application. Signature signatureobj;... // Get signature string for signed data. String signaturestr = signatureobj.getsignature(); try { // Verify signature. Signature verifyresp = diaclient.verify(signaturestr, token); // Get verification result. VerificationResult verifresult = verifyresp.getverificationresult();... catch (DiaConnectionException e) { e.printstacktrace(); catch (DiaInternalException e) { e.printstacktrace();...
21 Blockchain Data Integrity 21 (29) Extend (extend signature) The code shown below for invoking the extend method sends an extension request to the Blockchain Data Integrity service and provides the result. Internally, an HTTP POST request containing the appropriate message headers and body is sent to the service, which then sends the response back to the client application. Signature signatureobj;... // Get signature string for signed data. String signaturestr = signatureobj.getsignature(); try { // Extend signature. Signature extendresp = diaclient.extend(signaturestr, token);... catch (DiaConnectionException e) { e.printstacktrace(); catch (DiaInternalException e) { e.printstacktrace();...
22 Blockchain Data Integrity 22 (29) Model The following classes and public methods are defined within the Blockchain Data Integrity client SDK. These classes are used to facilitate data exchange in the request and response messaging between the application and the Blockchain Data Integrity service. public class SignatureRequest { public SignatureRequest() public DataHash getdatahash() public void setdatahash(string algorithm, String value) public class Signature { public Signature() public Signature(final String signature) public Details getdetails() public PublicationRecord getpublicationrecord() public String getsignature() public VerificationResult getverificationresult() public class Details { public Details() public long getaggregationtime() public DataHash getdatahash() public String getidentity()
23 Blockchain Data Integrity 23 (29) public class DataHash { public DataHash() public String getalgorithm() public String getvalue() public void setalgorithm(string algorithm) public void setvalue(string value) public class PublicationRecord { public PublicationRecord() public DataHash getdatahash() public String getpublicationcode() public List<String> getpublicationreferences() public List<String> getpublicationrepositoryuris() public long getpublicationtime() public class VerificationResult { public VerificationResult() public List<PolicyResults> getpolicyresults() public String getstatus() public class ErrorResponse { public ErrorResponse() public ErrorResponse(String errorcode, String errormessage) public String geterrorcode public String geterrormessage public Date gettimestamp() public String getrequestid() public int getstatus() public String geterror() public String getexception() public String getmessage() public String getpath public String geterrordescription()
24 Blockchain Data Integrity 24 (29) Exceptions The following exception classes are defined within the Blockchain Data Integrity client SDK and are used during exception/error scenarios. DiaInternalException occurs if there is an exception within the client SDK. DiaConnectionException occurs if there is issue with connecting to the Blockchain Data Integrity service. public class DiaInternalException extends Exception { public DiaInternalException (final String message) public class DiaConnectionException extends Exception { public DiaConnectionException(final String message, final ErrorResponse errorresponse) public ErrorResponse geterrorresponse()
25 Blockchain Data Integrity 25 (29) Example without using the SDK SignatureRequest and DataHash class definitions The following code shows an example of the SignatureRequest class and the DataHash class used by the SignatureRequest class. A SignatureRequest object is used to populate the request to create a signature. // SignatureRequest class = public class private DataHash datahash; public SignatureRequest() { public DataHash getdatahash() { return datahash; public void setdatahash(string algorithm, String value) { this.datahash = new DataHash(); this.datahash.setalgorithm(algorithm); this.datahash.setvalue(value);
26 Blockchain Data Integrity 26 (29) // DataHash class = public class @JsonProperty("algorithm") private @JsonProperty("value") private String value; public DataHash() { public String getalgorithm() { return algorithm; public String getvalue() { return value; public void setalgorithm(string algorithm) { this.algorithm = algorithm; public void setvalue(string value) { this.value = value; Post a message to a Blockchain Data Integrity API The following code shows how to send a POST request to one of the Blockchain Data Integrity APIs. Note that the <service-proxy-route> and the <serviceinstanceid> must be obtained from the application s environment variables after the application has been bound to an instance of the Blockchain Data Integrity service. The api parameter must be one of the following APIs: /v1/proxy/signature /v1/proxy/signature/details /v1/proxy/signature/extension
27 Blockchain Data Integrity 27 (29) private static Signature dopost(string api, String jsonstr) { // Send POST request message. String inputline = ""; Signature signresultobj = null; // Open a new connection for this URL. URL url = new URL(" + api); HttpURLConnection conn = (HttpURLConnection) url.openconnection(); // Set header parameters. conn.setrequestmethod("post"); // send using method="post". conn.setdooutput(true); // set connection output to true conn.setrequestproperty( "Content-type", "application/x-www-form-urlencoded"); conn.setrequestproperty( "Accept", "*/*" ); conn.setrequestproperty( "Predix-Zone-Id", <serviceinstanceid>); if (jsonstr!= null) { conn.setrequestproperty("content-type", "application/json"); // Get output stream that writes to this connection. OutputStream os = conn.getoutputstream(); if (jsonstr!= null) { // Write data to the connection. os.write(jsonstr.getbytes()); os.flush(); // Receive response as input stream from server Create a signature POST: /v1/proxy/signature The following code shows populating the datahash parameter in a message object and converting the message content to a JSON string (to be included in a POST request message).
28 Blockchain Data Integrity 28 (29) // Populate datahash parameter in message object // with file hash value. SignatureRequest sigrequestobj = new SignatureRequest(); sigrequestobj.setdatahash("sha-256", sha256filehash); // Convert message object to JSON string. String jsonstr = null; ObjectMapper mapper = new ObjectMapper(); jsonstr = mapper.writevalueasstring(sigrequestobj); // Invoke dopost method to send POST request message. Signature signresultobj = dopost("/v1/proxy/signature", jsonstr); Verify a signature POST: /v1/proxy/signature/details The following code shows sending a POST request message to the Blockchain Data Integrity service with a JSON string containing the signature token. This message is sent to the details endpoint requesting signature verification. String jsonstr = "{\"signature\":\"" + siguuid + "\""; Signature verifyresultobj = dopost("/v1/proxy/signature/details", jsonstr); Extend a signature POST: /v1/proxy/signature/extension The following code shows sending a POST request message to the Blockchain Data Integrity service with a JSON string containing the signature token. This message is sent to the extension endpoint requesting that the signature be extended to the publication record. String jsonstr = "{\"signature\":\"" + siguuid + "\""; Signature extendresultobj = dopost("/v1/proxy/signature/extension", jsonstr);
29 Blockchain Data Integrity 29 (29) 2.6 Support FAQ Question: How do I populate the required headers in a service request message to the Blockchain Data Integrity service? Answer: Predix-Zone-Id This header is used for multi-tenancy purposes and it specifies the service instance being used. The value should be retrieved from the VCAP_SERVICES Cloud Foundry environment variable. Authorization This header provides information about the user and their role. The value must be bearer <token> where <token> is the client s OAuth bearer token obtained from the UAA. 3 Abbreviations JSON KSI JavaScript Object Notation Keyless Signature Infrastructure SDK SHA UAA Software Development Kit Secure Hash Algorithm User Account and Authentication
Using OAuth 2.0 to Access ionbiz APIs
Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More information1. How do you deploy an application to Cloud Foundry with multiple instances, on a non-default domain?
CFCD Study Guide This guide will help you prepare for the Cloud Foundry Certified Developer examination. The guide is not meant to be inclusive of all topics, but rather encourage you to further study
More informationForeScout Extended Module for VMware AirWatch MDM
ForeScout Extended Module for VMware AirWatch MDM Version 1.7.2 Table of Contents About the AirWatch MDM Integration... 4 Additional AirWatch Documentation... 4 About this Module... 4 How it Works... 5
More informationOAuth2lib. implementation
OAuth2lib http://tools.ietf.org/html/ietf-oauth-v2-08 implementation 24 Junio 2010 Índice de contenido Oauth2lib v05...1 Introduction...3 Documentation...4 OAuth2 Assertion Flow...4 Authorization Flow...4
More informationComposer Help. Web Request Common Block
Composer Help Web Request Common Block 7/4/2018 Web Request Common Block Contents 1 Web Request Common Block 1.1 Name Property 1.2 Block Notes Property 1.3 Exceptions Property 1.4 Request Method Property
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationIntegrating with ClearPass HTTP APIs
Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,
More informationOAuth and OpenID Connect (IN PLAIN ENGLISH)
OAuth and OpenID Connect (IN PLAIN ENGLISH) NATE BARBETTINI @NBARBETTINI @OKTADEV A lot of confusion around OAuth. Terminology and jargon Incorrect advice Identity use cases (circa 2007) Simple login forms
More informationAdvanced API Security
Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation
More informationCitrix Analytics Data Governance Collection, storage, and retention of logs generated in connection with Citrix Analytics service.
Citrix Analytics Data Governance Collection, storage, and retention of logs generated in connection with Citrix Analytics service. Citrix.com Data Governance For up-to-date information visit: This section
More informationWeb Based Single Sign-On and Access Control
0-- Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationManagement Tools. Management Tools. About the Management GUI. About the CLI. This chapter contains the following sections:
This chapter contains the following sections:, page 1 About the Management GUI, page 1 About the CLI, page 1 User Login Menu Options, page 2 Customizing the GUI and CLI Banners, page 3 REST API, page 3
More informationData Ingestion Service. SDK Development Guide. Issue 03 Date HUAWEI TECHNOLOGIES CO., LTD.
Issue 03 Date 2018-06-12 HUAWEI TECHNOLOGIES CO., LTD. 2018. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of
More informationInland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE
Inland Revenue Build Pack Identity and Access Services Date: 04/09/2017 Version: 1.5 IN CONFIDENCE About this Document This document is intended to provide Service Providers with the technical detail required
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationE POSTBUSINESS API Login-API Reference. Version 1.1
E POSTBUSINESS API Login-API Reference Imprint Software and documentation are protected by copyright and may not be copied, reproduced, stored, translated, or otherwise reproduced without the written approval
More informationSAS Event Stream Processing 4.2: Security
SAS Event Stream Processing 4.2: Security Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically, you
More informationSOLUTION ARCHITECTURE AND TECHNICAL OVERVIEW. Decentralized platform for coordination and administration of healthcare and benefits
SOLUTION ARCHITECTURE AND TECHNICAL OVERVIEW Decentralized platform for coordination and administration of healthcare and benefits ENABLING TECHNOLOGIES Blockchain Distributed ledgers Smart Contracts Relationship
More informationAuthorization and Authentication
CHAPTER 2 Cisco WebEx Social API requests must come through an authorized API consumer and be issued by an authenticated Cisco WebEx Social user. The Cisco WebEx Social API uses the Open Authorization
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationHappyFox API Technical Reference
HappyFox API Technical Reference API Version 1.0 Document Version 0.1 2011, Tenmiles Corporation Copyright Information Under the copyright laws, this manual may not be copied, in whole or in part. Your
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationContents Introduction... 5 Using Gateway API... 9 Using SampleRestAPI Security Troubleshooting Gateway API Legal Notices...
Gateway API Programming Guide Version 17 July 2017 Contents Introduction... 5 Prerequisites for On-Premises... 5 REST Style Architecture... 5 Using Gateway API... 9 Sample Java Code that Invokes the API
More informationAuthentication CS 4720 Mobile Application Development
Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war
More informationAmazon S3 Glacier. Developer Guide API Version
Amazon S3 Glacier Developer Guide Amazon S3 Glacier: Developer Guide Table of Contents What Is Amazon S3 Glacier?... 1 Are You a First-Time Glacier User?... 1 Data Model... 2 Vault... 2 Archive... 3 Job...
More informationBlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide
BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,
More informationLibelium Cloud Hive. Technical Guide
Libelium Cloud Hive Technical Guide Index Document version: v7.0-12/2018 Libelium Comunicaciones Distribuidas S.L. INDEX 1. General and information... 4 1.1. Introduction...4 1.1.1. Overview...4 1.2. Data
More informationForeScout Extended Module for MobileIron
Version 1.8 Table of Contents About MobileIron Integration... 4 Additional MobileIron Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...
More informationOAuth at Interactive Brokers
OAuth at Interactive Brokers November 9, 2017 1 Consumer Registration Consumers will need to provide the following in order to register as an authorized oauth consumer with Interactive Brokers. 1. A 2048-bit
More informationAttestation Service for Intel Software Guard Extensions (Intel SGX): API Documentation. Revision: 3.0
Attestation Service for Intel Software Guard Extensions (Intel SGX): API Documentation Revision: 3.0 1 1 Abbreviations... 4 2 Attestation Service for Intel SGX... 5 Supported environments... 5 Authentication...
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationLeveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki
Leveraging the Globus Platform in your Web Applications GlobusWorld April 26, 2018 Greg Nawrocki greg@globus.org Topics and Goals Platform Overview Why expose the APIs A quick touch of the Globus Auth
More informationNordea e-identification Service description
Nordea e-identification Service description October 2018 1 Change log Version Description/ Changes 1.0 Initial version 1.1 Minor updates to examples & service hours October 2018 2 Contents Change log...
More informationSAP IoT Application Enablement Best Practices Authorization Guide
SAP IoT Application Enablement Best Practices Authorization Guide TABLE OF CONTENTS 1 INITIAL TENANT SETUP... 3 1.1 Configure Trust... 3 1.1.1 Technical Background... 6 1.2 Establish Trust... 6 1.3 Set
More informationClickToCall SkypeTest Documentation
ClickToCall SkypeTest Documentation Release 0.0.1 Andrea Mucci August 04, 2015 Contents 1 Requirements 3 2 Installation 5 3 Database Installation 7 4 Usage 9 5 Contents 11 5.1 REST API................................................
More informationAvanan for G Suite. Technical Overview. Copyright 2017 Avanan. All rights reserved.
Avanan for G Suite Technical Overview Contents Intro 1 How Avanan Works 2 Email Security for Gmail 3 Data Security for Google Drive 4 Policy Automation 5 Workflows and Notifications 6 Authentication 7
More informationUsing the Bluemix CLI IBM Corporation
Using the Bluemix CLI After you complete this section, you should understand: How to use the bx Bluemix command-line interface (CLI) to manage applications bx commands help you do tasks such as: Log in
More informationCloud Access Manager Configuration Guide
Cloud Access Manager 8.1.3 Configuration Guide Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide
More informationAUTACK. Secure authentication and acknowledgement message. Edition 2012
Secure authentication and acknowledgement message Edition 2012 1. Introduction... 2 2. Message Structure Chart... 3 3. Branching Diagram... 4 4. Segments Description... 5 5. Segments Layout... 6 6. Example(s)...
More informationBlack Box DCX3000 / DCX1000 Using the API
Black Box DCX3000 / DCX1000 Using the API updated 2/22/2017 This document will give you a brief overview of how to access the DCX3000 / DCX1000 API and how you can interact with it using an online tool.
More informationOpenID Connect Opens the Door to SAS Viya APIs
Paper SAS1737-2018 OpenID Connect Opens the Door to SAS Viya APIs Mike Roda, SAS Institute Inc. ABSTRACT As part of the strategy to be open and cloud-ready, SAS Viya services leverage OAuth and OpenID
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationFUJITSU Cloud Service S5. Introduction Guide. Ver. 1.3 FUJITSU AMERICA, INC.
FUJITSU Cloud Service S5 Introduction Guide Ver. 1.3 FUJITSU AMERICA, INC. 1 FUJITSU Cloud Service S5 Introduction Guide Ver. 1.3 Date of publish: September, 2011 All Rights Reserved, Copyright FUJITSU
More informationInformatica Cloud Spring REST API Connector Guide
Informatica Cloud Spring 2017 REST API Connector Guide Informatica Cloud REST API Connector Guide Spring 2017 December 2017 Copyright Informatica LLC 2016, 2018 This software and documentation are provided
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More information[MS-OAUTH2EX]: OAuth 2.0 Authentication Protocol Extensions. Intellectual Property Rights Notice for Open Specifications Documentation
[MS-OAUTH2EX]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationSophos Mobile Control Network Access Control interface guide. Product version: 7
Sophos Mobile Control Network Access Control interface guide Product version: 7 Document date: January 2017 Contents 1 About this guide...3 2 About Sophos Mobile Control...4 3 Sophos Mobile Control NAC
More informationConnect. explained. Vladimir Dzhuvinov. :
Connect explained Vladimir Dzhuvinov Email: vladimir@dzhuvinov.com : Twitter: @dzhivinov Married for 15 years to Java C Python JavaScript JavaScript on a bad day So what is OpenID Connect? OpenID Connect
More informationDeltaV Mobile Cybersecurity Overview
DeltaV Mobile Cybersecurity Overview This document provides an in-depth overview of cybersecurity considerations for your DeltaV Mobile installation. DeltaV Mobile App DeltaV DeltaV Mobile Server Web View
More informationAUTACK. Secure authentication and acknowledgement message. Edition 2016
EANCOM 2002 S4 Secure authentication and acknowledgement message Edition 2016 1. Introduction... 2 2. Message Structure Chart... 3 3. Branching Diagram... 4 4. Segments Description... 5 5. Segments Layout...
More informationTenable for Google Cloud Platform
How-To Guide Tenable for Google Cloud Platform Introduction This document describes how to deploy Tenable SecurityCenter Continuous View (Security Center CV ) for integration with Google Cloud Platform.
More informationREST Style Architecture... 5 Using the Primavera Gateway API... 7 Sample Java Code that Invokes the API... 7 Reference Documentation...
Gateway API Programmer's Guide Release 14.2 September 2014 Contents Introduction... 5 REST Style Architecture... 5 Using the Primavera Gateway API... 7 Sample Java Code that Invokes the API... 7 Reference
More informationStorageGRID Webscale 11.0 Tenant Administrator Guide
StorageGRID Webscale 11.0 Tenant Administrator Guide January 2018 215-12403_B0 doccomments@netapp.com Table of Contents 3 Contents Administering a StorageGRID Webscale tenant account... 5 Understanding
More informationHighwinds CDN Content Protection Products. August 2009
Highwinds CDN Content Protection Products August 2009 1 Highwinds CDN Content Protection Products August 2009 Table of Contents CDN SECURITY INTRO... 3 CONTENT PROTECTION BY CDN DELIVERY PRODUCT... 3 HTTP
More informationSAS Event Stream Processing 4.3: Security
SAS Event Stream Processing 4.3: Security Enabling Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically,
More informationStateless Microservice Security via JWT, TomEE and MicroProfile
Stateless Microservice Security via JWT, TomEE and MicroProfile Jean-Louis Monteiro Tomitribe Why am I here today? Microservices architecture case Security opeons OAuth2 with JWT HTTP Signatures Demo with
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationLeveraging the Globus Platform in your Web Applications
Leveraging the Globus Platform in your Web Applications Steve Tuecke tuecke@uchicago.edu NCAR September 5, 2018 Globus serves as A platform for building science gateways, web portals and other applications
More informationAmazon WorkDocs. Developer Guide
Amazon WorkDocs Developer Guide Amazon WorkDocs: Developer Guide Copyright 2017 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used
More informationPAS for OpenEdge Support for JWT and OAuth Samples -
PAS for OpenEdge Support for JWT and OAuth 2.0 - Samples - Version 1.0 November 21, 2017 Copyright 2017 and/or its subsidiaries or affiliates. All Rights Reserved. 2 TABLE OF CONTENTS INTRODUCTION... 3
More informationForeScout Extended Module for MaaS360
Version 1.8 Table of Contents About MaaS360 Integration... 4 Additional ForeScout MDM Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...
More informationmsis Security Policy and Protocol
msis Security Policy and Protocol Introduction This Policy details the secure use of msis as a tool for the capture and reporting of internet intelligence and investigations (i3). msis is a powerful i3
More informationSalesforce IoT REST API Getting Started Guide
Salesforce IoT REST API Getting Started Guide Version 42.0, Spring 18 @salesforcedocs Last updated: March 9, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationC exam. Number: C Passing Score: 800 Time Limit: 120 min IBM C IBM Cloud Platform Application Development
C5050-285.exam Number: C5050-285 Passing Score: 800 Time Limit: 120 min IBM C5050-285 IBM Cloud Platform Application Development Exam A QUESTION 1 What are the two key benefits of Cloudant Sync? (Select
More informationWEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F
WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization
More informationUser Guide. ForgeRock Service Broker 1. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US)
User Guide ForgeRock Service Broker 1 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2016 ForgeRock AS. Abstract Guide for using the
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationManaging Remote Medical Devices Through The Cloud. Joel K Young SVP of Research and Development & CTO Digi International Friday, September 9 11:30AM
Managing Remote Medical Devices Through The Cloud Joel K Young SVP of Research and Development & CTO Digi International Friday, September 9 11:30AM Overview The Connectivity and Access Problem What information
More informationAEM Mobile: Setting up Google as an Identity Provider
AEM Mobile: Setting up Google as an Identity Provider Requirement: Prerequisite knowledge Understanding of AEM Mobile Required Products AEM Mobile Google Account Generating the client ID and secret To
More information1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague
1000 Ways to Die in Mobile OAuth Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague What is this work about? In 2014, Studied OAuth usage in 200 Android/iOS OAuth applications.
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationETSI TS V ( )
TS 124 482 V14.3.0 (2018-04) TECHNICAL SPECIFICATION LTE; Mission Critical Services (MCS) identity management; Protocol specification (3GPP TS 24.482 version 14.3.0 Release 14) 1 TS 124 482 V14.3.0 (2018-04)
More informationSecuring ArcGIS Server Services An Introduction
2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Securing ArcGIS Server Services An Introduction David Cordes & Derek Law Esri - Redlands, CA Agenda Security
More informationUsage of "OAuth2" policy action in CentraSite and Mediator
Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationDigital signatures: How it s done in PDF
Digital signatures: How it s done in PDF Agenda Why do we need digital signatures? Basic concepts applied to PDF Digital signatures and document workflow Long term validation Why do we need digital signatures?
More informationHow Formal Analysis and Verification Add Security to Blockchain-based Systems
Verification Add Security to Blockchain-based Systems January 26, 2017 (MIT Media Lab) Pindar Wong (VeriFi Ltd.) 2 Outline of this talk Security Definition of Blockchain-based system Technology and Security
More informationThe production version of your service API must be served over HTTPS.
This document specifies how to implement an API for your service according to the IFTTT Service Protocol. It is recommended that you treat this document as a reference and follow the workflow outlined
More informationBBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -
BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air - Kenji Saito and Takeshi Kubo {ks91 t-kubo}@beyond-blockchain.org Revision 0.1 October 31, 2017 1 Introduction Blockchain
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationForescout. eyeextend for MobileIron. Configuration Guide. Version 1.9
Forescout Version 1.9 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationForescout. eyeextend for VMware AirWatch. Configuration Guide. Version 1.9
Forescout Version 1.9 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationuick Start Guide 1. Install Oracle Java SE Development Kit (JDK) version or later or 1.7.* and set the JAVA_HOME environment variable.
API Manager uick Start Guide WSO2 API Manager is a complete solution for publishing APIs, creating and managing a developer community, and for routing API traffic in a scalable manner. It leverages the
More informationMIGRATING MOBILE APPS. How to migrate Rollbase and OpenEdge Mobile Apps to the Telerik Platform
W HITE PAPER www. p rogres s.com MIGRATING MOBILE APPS How to migrate Rollbase and OpenEdge Mobile Apps to the Telerik Platform TABLE OF CONTENTS OVERVIEW... 2 PROCEDURES REQUIRED FOR ALL PROJECTS... 3
More informationAbout & Beyond PKI. Blockchain and PKI. André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich. February 9, 2017
About & Beyond PKI Blockchain and PKI André Clerc Dipl. Inf.-Ing. FH, CISSP, CAS PM TEMET AG, Zürich February 9, 2017 1 Agenda Does blockchain secure PKIs in the longterm? Disadvantages of classic PKIs
More informationTIBCO Cloud Integration Security Overview
TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized
More informationNetIQ Access Manager 4.3. REST API Guide
NetIQ Access Manager 4.3 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationWHITE PAPER. ENSURING SECURITY WITH OPEN APIs. Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs
ENSURING SECURITY WITH OPEN APIs Scott Biesterveld, Lead Solution Architect Senthil Senthil, Development Manager IBS Open APIs The security features that banks must build into their financial solutions
More informationSAS Viya 3.3 Administration: Authentication
SAS Viya 3.3 Administration: Authentication Authentication: Overview...................................................................... 1 Authentication: How To........................................................................
More informationDeveloper Resources: PIN2
Administrative Technology Services Technology and Data Services Developer Resources: PIN2 Contents Introduction... 2 Registering an Application... 2 Information Required for Registration... 3 Information
More informationCoveo Platform 7.0. Yammer Connector Guide
Coveo Platform 7.0 Yammer Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing market conditions,
More informationDatto Disaster Tracking
Datto Disaster Tracking Design/Architecture Document Masters of Disaster Nsama Chipalo, Brandon Cole, Aaron Damrau, Jhossue Jimenez, Jacob Peterson Last Updated May 11th, 2015 Table of Contents Table of
More informationSophos Mobile. Network Access Control interface guide. Product Version: 8.1
Network Access Control interface guide Product Version: 8.1 Contents About this guide... 1 Sophos Mobile NAC support... 2 Prerequisites...3 Configure NAC support...4 NAC web service interface... 5 API
More informationInteraction Designer REST API Tools
Interaction Designer REST API Tools Developer's Guide 2018 R1 Last updated August 8, 2017 (See Change Log for summary of changes.) Abstract This document gives examples of using CIC s REST Tools to build
More informationTIBCO ActiveMatrix Policy Director Administration
TIBCO ActiveMatrix Policy Director Administration Software Release 2.0.0 November 2014 Document Updated: January 2015 Two-Second Advantage 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More information