[GSoC Proposal] Securing Airavata API
|
|
- Austin Flynn
- 5 years ago
- Views:
Transcription
1 [GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating and authorizing end users in to AIRAVATA API. One of the challenges in this project is to design a unified solution which can be easily adapted to set of identified use cases that are based on different identity management scenarios. The proposed solution addresses all such use cases and involves open identity management standards. PROPOSAL CONTENT: Problem Definition: AIRAVATA is used by science gateways as a platform to create, submit, execute and monitor different types of scientific jobs and work flows in scientific grids. In the current architecture (see Figure 1 for a high level overview), the end user who interacts with AIRAVATA APIs through such gateways, is not authenticated or authorized, hence there is no notion of the identity of the end user maintained in AIRAVATA. However, it is a critical requirement in production deployment that only the legitimate users are allowed in and access to different functionalities exposed by AIRAVATA API is controlled based on the privileges of such users and the organizational policies. Attaching user identity with different jobs, work flows and other artifacts created by different individuals is also useful in the perspective of AIRAVATA in order to isolate them based on the user who created them.
2 security. Figure 1: Overview of AIRAVATA deployment without When designing the solution to address the aforementioned requirements, there are three main use cases that we need to support based on how the end user's identity is managed at the gateways: Gateway does not have identity management capability and would like to depend on the identity management features provided by AIRAVATA. Gateway has a user-store and in-house identity management mechanisms. Different gateways might have different preferences on the level at which they share user identity information with AIRAVATA. Gateway authenticates users via some federated identity management protocol such as SAML SSO, OpenID, OAuth, InCommon, etc. The solution should also support multi-tenancy and be applicable to mobile /desktop clients. Solution Overview: Figure 2 illustrates the high level architecture of the proposed solution. Figure 2: High Level Overview of the Solution
3 This solution makes use of the identity management features offered by WSO2 Identity Server (WSO2 IS) which acts as the identity manager of AIRAVATA. Details of the interactions illustrated in Figure 2 are as follows: (numbers correspond to the labels of interactions) User is authenticated to AIRAVATA (how the authentication is performed with regard to aforementioned three different use cases is described in the next section) and OAuth access token is obtained from the WSO2 IS to access the AIRAVATA API on behalf of the authenticated user. Request to AIRAVATA (depending on what action user wants to perform) is sent along with the obtained OAuth access token. Each request sent to AIRAVATA API is authorized before executing any of the API functionality. The first step in authorization is: validating the OAuth access token attached to the request. Second step is: authorizing the request based on the authorization policy which is pre-defined by the gateway administrator (details to follow). Only the authorized requests are served by AIRAVATA API. Authorization of subsequent requests from the same user will be handled using session management and caching of authorization decisions in order to avoid the requirement of contacting the WSO2 IS for authorizing multiple requests by the same user for the same resource. Above solution supports multi-tenancy as when ever the user identity is exchanged, it includes the tenant domain that the user belongs too so that the authentication authorization is performed with respect to that tenant domain. The same client side logic can be implemented in desktop and mobile clients as well so that the above solution is applicable to desktop and mobile clients. Solution in detail: This section elaborates the high level solution presented in the previous section.
4 Authentication: Authentication is the only step in the high level solution that differs among the three different use cases that we identified at the beginning. In what follows I explain how the aforementioned high level solution is adapted to address those three use cases. Use Case 1: Gateway does not have a user-store and would like to depend on the user management features provided by AIRAVATA. In this scenario, the gateway users are stored in the user-store provided by the identity manager of AIRAVATA (i.e: WSO2 IS) as shown in Figure 3. Figure 3: Solution for use case 1. The gateway makes use of the AIRAVATA Client API to create users, which in turn invokes the User Admin API of WSO2 IS. (This is already being implemented in AIRAVATA.) When the users are authenticated to the gateway, their credentials are validated against those stored in the user-store of WSO2 IS. The gateway makes use of the AIRAVATA Client API to authenticate users and obtain OAuth access token. This corresponds to the "resource owner credential" grant type in OAuth.
5 Use Case 2: Gateway has a user-store and in-house identity management mechanisms. Different gateways might have different preferences on the level at which they share user identity information with AIRAVATA. Three solutions are proposed to address this use case and they are ordered based on the order of priority as discussed with the AIRAVATA team. (1). The gateway wants to share only the minimum required information about the end user's identity with AIRAVATA. In this case, the gateway obtains an OAuth access token by authenticating to the identity manager of AIRAVATA (i.e: WSO2 IS). This corresponds to the "client credential" grant type in OAuth. End user requests are sent to AIRAVATA attaching this OAuth access token and the minimum required user identity information required by AIRAVATA API (see Figure 4). Figure 4: Solution for use case 2 - option 1. (2). In the second level at which the gateway is willing to share user identity information; the gateway does not want to connect AIRAVATA to its organizational user store, however, it prefers to provision user accounts to AIRAVATA with the identity information required by AIRAVATA.
6 In this case, the gateway makes use of the identity provisioning client in AIRAVATA client API to provision user accounts to the identity manager of AIRAVATA (i.e: WSO2 IS), at the time of user account creation in the gateway. This enables the execution flow of accessing the AIRAVATA API be the same as in the use case 1 (see Figure 5). 2. Figure 5: Solution for use case 2 - option (3). In the third level at which the gateway is willing to share user identity information; the gateway allows AIRAVATA to connect to its organizational user store in read-only mode. In this case, the identity manager of AIRAVATA (i.e: WSO2 IS), is connected to the gateway's organizational user store through the user store manager extension provided by WSO2 IS. This enables the execution flow of accessing the AIRAVATA API be the same as in the use case 1 (see Figure 6).
7 Figure 6: Solution for use case 2 - option 3. Use Case 3: Gateway authenticates users via some federated identity management protocol such as SAML SSO, OpenID, OAuth, InCommon, etc. In this case, the gateway becomes the relying party and it needs to authenticate users to AIRAVATA through the same authentication mechanism that is being used to authenticate users to the gateway. This can be achieved with the support of federated authenticators in the authentication framework of WSO2 IS 5.0 [1] (see Figure 7). If the gateway needs to support a federated authentication protocol that is not supported out of the box by WSO2 IS 5.0, we write a custom authenticator. If the federated authentication protocol supports retrieval of user's identity attributes from the identity provider, a user account is created in WSO2 IS (i.e: the identity manager of AIRAVATA) with such identity information. Once the user is authenticated to WSO2 IS via the federated identity management protocol, OAuth access token is obtained (for e.g: if the federated authentication protocol is SAML2 SSO; this corresponds to SAML 2.0 Bearer Assertion Profile grant type in OAuth) to access the AIRAVATA API and the rest of the flow of execution continues in the same way as in use case 1. case 3 Figure 7 : Solution for use
8 Authorization: OAuth for authorization delegation and validation of user-authentication: The gateway obtains an OAuth access token from WSO2 IS via in order to send requests to AIRAVATA API on behalf of the authenticated user (different OAuth grant types are used based on the use case as described previously). The gateway makes use of the AIRAVATA Client API to obtain OAuth tokens, which in turn invokes the OAuth token issuer API of WSO2 IS. The gateway can use this token until it expires, avoiding the user having to authenticate each time the user accesses AIRAVATA through the gateway. Enforcing Authorization: All the requests to AIRAVATA go through Security Manager before they hit the actual business logic of AIRAVATA API. As per step 4,5 of the high level solution overview (see Figure 2), authorization is performed in two steps: Validation of the OAuth token attached to the request: This guarantees that the request comes from an authenticated user who has obtained a valid OAuth access token. Authorizing the API request based on the authorization policy which is predefined by the gateway administrator: This guarantees that the authenticated user is only allowed to invoke AIRAVATA API functions and access resources which he/she has permission to. Note: Although above is how the authorization is enforced in the default Security Manager, we make the implementation extensible such that any other Security Manager could also be plugged in easily. XACML for Authorization: XACML is the de-facto standard for fine grained, policy based access control. Policy based access control is more flexible than baking the authorization logic into the code of Security Manager. Administrators of different gateways might have different authorization rules based on their organizational policies. They can be facilitated to define, update and enforce such authorization rules to control access to their instance of AIRAVATA API. The implementation will
9 be based on the fully fledged implementation of XACML reference architecture in WSO2 IS. Three main components of XACML reference architecture that will be used in this solution are: PAP (Policy Administration Point), PDP (Policy Decision Point) and PEP (Policy Enforcement Point). PAP facilitates defining, updating and publishing the authorization policies. Figure 8 illustrates the involvement of PAP for defining the authorization policies by the gateway administrator. The gateway makes use of AIRAVATA client for this which in turn invokes XACML PAP API of WSO2 IS. Gateway Admin Figure 8: Creation of Authorization Policy by PEP (this will be a part of the Security Manager that fronts the AIRAVATA API) is where the authorization is actually enforced on the API requests. Upon intercepting a request sent to AIRAVATA API, the PEP forms a XACML authorization request including the information related to the current API request (such as user identity, name of the API function or resource that was requested) and then it sends that XACML authorization request to the PDP.
10 PDP - which is the XACML policy engine of WSO2 IS, evaluates the authorization request sent by the PEP, against the policy defined by the gateway administrator and returns the authorization decision back to the PEP. Based on this decision, the PEP (in the Security Manager) allows or denies the API request that it intercepted. Securing Communication: It is critical to secure the communication between: (1)gateway and WSO2 IS (2) gateway and AIRAVATA and (3)AIRAVATA and WSO2 IS (see Figure 2). Communication between the AIRAVATA client at the gateway and the WSO2 IS mainly involves the requests (SOAP over HTTP) which invoke the admin services of WSO2 IS (such as User Admin API, Authentication API, OAuth Token Issuer API, XACML PAP API, etc). These requests should be authenticated with the gateway admin-credentials and should be sent over SSL, as per the default settings of WSO2 IS. The same is true for communication between the Security Manager at the AIRAVATA server and the WSO2 IS. This solution proposes that the Thrift calls from the AIRAVATA client at the gateway to the AIRAVATA API should also be made over TLS. Main Components of the Solution: Main components of this solution are identified as: AIRAVATA Client: (which consists of the following sub components) Authentication Client OAuth Client XACML Policy Admin Client Security improvements for the Thrift client which invokes AIRAVATA API Provisioning client Security Manager Manager: OAuth access token validator XACML Policy Enforcement Point (PEP) Custom extension points to WSO2 IS (If out of the box features do not cater the requirements): Custom federated authenticator(s)
11 DELIVERABLES: Implementation of the solution for use case 1, use case 2 - option 1,2 and use case 3. Test cases (both unit and integration tests) and samples as appropriate. Documentation of the security solution for AIRAVATA. TIMELINE AND MILESTONE PLAN (Divided into 2 week sprints): At the end of each two weeks sprint, I will do a demo of the features developed during that sprint. Sprint time line 13th May - 27th May 28th May - 10th June Sprint plan - Completing AIRAVATA API changes. - OAuth access token retrieval and validation (for use case 1). - Defining default XACML policy - XACML PEP client in Security Manager with caching. - Securing communication between client and AIRAVATA API with SSL. 11th June - 24th June - Extend the implementation to support use case 2- option 1. - Session management. - PAP client. 25th June - 8th July - Use case 3 with SAML 2 SSO as the federated authentication mechanism
12 - Use case 3 with Face book login as the federated authentication mechanism 9th July - 22nd July 23rd July - 5th August - Custom authenticator for a federated authentication mechanism that is not supported in WSO2 IS out of the box. - Provisioning client to support use case 2 - option 2 - Provisioning handler for JIT provisioning in use case 3 6th August - 12th August - (1 week) wrap up work and documentation REFERENCES: [1] Prabath Siriwardena. WSO2 Identity Server Authentication Framework. July 2014.
Advanced API Security
Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation
More informationINDIGO AAI An overview and status update!
RIA-653549 INDIGO DataCloud INDIGO AAI An overview and status update! Andrea Ceccanti (INFN) on behalf of the INDIGO AAI Task Force! indigo-aai-tf@lists.indigo-datacloud.org INDIGO Datacloud An H2020 project
More informationArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration
More informationWSO2 Identity Management
WSO2 Identity Management Panagiotis Kranidiotis panagiotiskranidiotis@gmailcom 4 Νοεμβρίου 2017 Few things about me First engagement with open source technologies in 1995 Open source consultant and systems
More informationSAP Security in a Hybrid World. Kiran Kola
SAP Security in a Hybrid World Kiran Kola Agenda Cybersecurity SAP Cloud Platform Identity Provisioning service SAP Cloud Platform Identity Authentication service SAP Cloud Connector & how to achieve Principal
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationTHE ESSENTIAL OAUTH PRIMER: UNDERSTANDING OAUTH FOR SECURING CLOUD APIS
THE ESSENTIAL OAUTH PRIMER: UNDERSTANDING OAUTH FOR SECURING CLOUD APIS TABLE OF CONTENTS 03 03 05 06 07 07 09 11 EXECUTIVE OVERVIEW MOTIVATING USE CASE: TRIPIT TERMINOLOGY INTRODUCTION THE OAUTH 2.0 MODEL
More informationFederated Authentication with Web Services Clients
Federated Authentication with Web Services Clients in the context of SAML based AAI federations Thomas Lenggenhager thomas.lenggenhager@switch.ch Mannheim, 8. March 2011 Overview SAML n-tier Delegation
More informationAdministering Jive Mobile Apps for ios and Android
Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile
More informationBest Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,
Best Practices: Authentication & Authorization Infrastructure Massimo Benini HPCAC - April, 03 2019 Agenda - Common Vocabulary - Keycloak Overview - OAUTH2 and OIDC - Microservices Auth/Authz techniques
More informationMicrosoft Architecting Microsoft Azure Solutions.
Microsoft 70-535 Architecting Microsoft Azure Solutions https://killexams.com/pass4sure/exam-detail/70-535 QUESTION: 106 Your organization has developed and deployed several Azure App Service Web and API
More informationAPI Security Management SENTINET
API Security Management SENTINET Overview 1 Contents Introduction... 2 Security Models... 2 Authentication... 2 Authorization... 3 Security Mediation and Translation... 5 Bidirectional Security Management...
More informationAuthorization Survey Results & Use Cases Presentation to Concordia Working Group
Authorization Survey Results & Use Cases Presentation to Concordia Working Group Identity and Authorization Services Working Group (IAS-WG) John Tolbert (Boeing) Gavin Illingworth (BMO Financial Group)
More informationIntroduction to application management
Introduction to application management To deploy web and mobile applications, add the application from the Centrify App Catalog, modify the application settings, and assign roles to the application to
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationThe SciTokens Authorization Model: JSON Web Tokens & OAuth
The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney Brian Bockelman This material is based upon work supported by the National Science
More informationConsuming Office 365 REST API. Paolo Pialorsi PiaSys.com
Consuming Office 365 REST API Paolo Pialorsi paolo@pialorsi.com PiaSys.com About me Project Manager, Consultant, Trainer About 50 Microsoft certification exams passed, including MC(S)M MVP Office 365 Focused
More informationArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith
Enterprise Security: Advanced Gregory Ponto & Jeff Smith Agenda Focus: Security best practices for Enterprise Server Portal for 10.5.x Features Strongly Recommend: Knowledge of Server and Portal for Security
More informationSecurity and Privacy Overview
Security and Privacy Overview Cloud Application Security, Data Security and Privacy, and Password Management 1 Overview Security is a growing concern and should not be taken lightly across an organization.
More informationArcGIS Enterprise Security: An Introduction. Randall Williams Esri PSIRT
ArcGIS Enterprise Security: An Introduction Randall Williams Esri PSIRT Agenda ArcGIS Enterprise Security for *BEGINNING to INTERMIDIATE* users ArcGIS Enterprise Security Model Portal for ArcGIS Authentication
More informationDocuSign Single Sign On Implementation Guide Published: June 8, 2016
DocuSign Single Sign On Implementation Guide Published: June 8, 2016 Copyright Copyright 2003-2016 DocuSign, Inc. All rights reserved. For information about DocuSign trademarks, copyrights and patents
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More informationConfiguration Guide - Single-Sign On for OneDesk
Configuration Guide - Single-Sign On for OneDesk Introduction Single Sign On (SSO) is a user authentication process that allows a user to access different services and applications across IT systems and
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationUsing Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway
Using Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway Marcus Christie Science Gateways Research Center Indiana University EDS Consultant Award Number
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationIntroduction to SciTokens
Introduction to SciTokens Brian Bockelman, On Behalf of the SciTokens Team https://scitokens.org This material is based upon work supported by the National Science Foundation under Grant No. 1738962. Any
More informationA solution for Access Delegation based on SAML. Ciro Formisano Ermanno Travaglino Isabel Matranga
A solution for Access Delegation based on SAML Ciro Formisano Ermanno Travaglino Isabel Matranga Access Delegation in distributed environments SAML 2.0 Condition to Delegate Implementation Future plans
More informationHow to use or not use the AWS API Gateway for Microservices
How to use or not use the AWS API Gateway for Microservices Presented by Dr. Martin Merck Wednesday 26 September 2018 What is an API Gateway Traits AWS API Gateway Features of API gateway OAuth2.0 Agenda
More informationFive9 Plus Adapter for Agent Desktop Toolkit
Cloud Contact Center Software Five9 Plus Adapter for Agent Desktop Toolkit Administrator s Guide September 2017 The Five9 Plus Adapter for Agent Desktop Toolkit integrates the Five9 Cloud Contact Center
More informationServiceNow Deployment Guide
ServiceNow Deployment Guide (For Eureka release and forward) Okta Inc. 301 Brannan Street, 3 rd Floor San Francisco, CA, 94107 info@okta.com 1-888-722-7871 Contents Overview... 3 Active Directory Integration...
More informationAdministering Jive Mobile Apps
Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Custom App Wrapping for ios... 4 Native App Caching: Android...4 Native App
More informationCentrify for Dropbox Deployment Guide
CENTRIFY DEPLOYMENT GUIDE Centrify for Dropbox Deployment Guide Abstract Centrify provides mobile device management and single sign-on services that you can trust and count on as a critical component of
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationSAP IoT Application Enablement Best Practices Authorization Guide
SAP IoT Application Enablement Best Practices Authorization Guide TABLE OF CONTENTS 1 INITIAL TENANT SETUP... 3 1.1 Configure Trust... 3 1.1.1 Technical Background... 6 1.2 Establish Trust... 6 1.3 Set
More information2. HDF AAI Meeting -- Demo Slides
2. HDF AAI Meeting -- Demo Slides Steinbuch Centre for Computing Marcus Hardt KIT University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association www.kit.edu Introduction
More informationAuthentication. Katarina
Authentication Katarina Valalikova @KValalikova k.valalikova@evolveum.com 1 Agenda History Multi-factor, adaptive authentication SSO, SAML, OAuth, OpenID Connect Federation 2 Who am I? Ing. Katarina Valaliková
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 2 SAML SSO Web Browsers, page 3 Cisco Unified Communications Applications that Support SAML SSO,
More informationIntroduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...
Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationCloud-based Identity and Access Control for Diagnostic Imaging Systems
320 Int'l Conf. Security and Management SAM'15 Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering
More informationQualys SAML 2.0 Single Sign-On (SSO) Technical Brief
Qualys SAML 2.0 Single Sign-On (SSO) Technical Brief Qualys provides its customers the option to use SAML 2.0 Single SignOn (SSO) authentication with their Qualys subscription. When implemented, Qualys
More informationSecuring Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward
Securing Modern API and Microservice Based Applications by Design A closer look at security concerns for modern applications Farshad Abasi / Forward Security / 2018-11-22 About Me Farshad Abasi Based in:
More informationAPI Security Management with Sentinet SENTINET
API Security Management with Sentinet SENTINET Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security
More informationAuthorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin
Master s Thesis Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin Tomas Nilsson Department of Electrical and Information Technology, Faculty of Engineering, LTH, Lund University,
More informationForgeRock Access Management Core Concepts AM-400 Course Description. Revision B
ForgeRock Access Management Core Concepts AM-400 Course Description Revision B ForgeRock Access Management Core Concepts AM-400 Description This structured course comprises a mix of instructor-led lessons
More informationCloud Access Manager Overview
Cloud Access Manager 8.1.3 Overview Copyright 2017 One Identity LLC. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationGLOBUS TOOLKIT SECURITY
GLOBUS TOOLKIT SECURITY Plamen Alexandrov, ISI Masters Student Softwarepark Hagenberg, January 24, 2009 TABLE OF CONTENTS Introduction (3-5) Grid Security Infrastructure (6-15) Transport & Message-level
More informationIBM Exam C IBM Tivoli Federated Identity Manager V6.2.2 Implementation Version: 6.0 [ Total Questions: 134 ]
s@lm@n IBM Exam C2150-575 IBM Tivoli Federated Identity Manager V6.2.2 Implementation Version: 6.0 [ Total Questions: 134 ] IBM C2150-575 : Practice Test Question No : 1 What is the default file name of
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationSAML-Based SSO Solution
About SAML SSO Solution, page 1 Single Sign on Single Service Provider Agreement, page 2 SAML-Based SSO Features, page 2 Basic Elements of a SAML SSO Solution, page 3 Cisco Unified Communications Applications
More informationAdmin Panel for MEETS. User Guide
Admin Panel for MEETS User Guide The MEETS Admin Panel Thank you for choosing CirQlive's Media Enhanced Education & Training Suite (MEETS), the Online Live Education Platform. This platform will enhance,
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationAccess Management and Identity Federation for the Connected World
V8.7 Trusted Collaboration Access Management and Identity Federation for the Connected World Everything and everyone is always online, and securing access to applications or devices provided either as
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationNetwork Security Essentials
Network Security Essentials Fifth Edition by William Stallings Chapter 4 Key Distribution and User Authentication No Singhalese, whether man or woman, would venture out of the house without a bunch of
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationBMS Managing Users in Modelpedia V1.1
BMS 3.2.0 Managing Users in Modelpedia V1.1 Version Control Version Number Purpose/Change Author Date 1.0 Initial published version Gillian Dass 26/10/2017 1.1 Changes to User roles Gillian Dass 14/11/2017
More informationBeyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service
Beyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service Andrea Ceccanti andrea.ceccanti@cnaf.infn.it Workshop CCR Rimini, June 12th 2018 INDIGO
More informationThe Modern Web Access Management Platform from on-premises to the Cloud
The Modern Web Access Management Platform from on-premises to the Cloud Single Sign On, Access Controls, Session Management and how to use Access Management to protect applications both on premises and
More informationRed Hat Single Sign-On 7.1 Authorization Services Guide
Red Hat Single Sign-On 7.1 Authorization Services Guide For Use with Red Hat Single Sign-On 7.1 Red Hat Customer Content Services Red Hat Single Sign-On 7.1 Authorization Services Guide For Use with Red
More informationIdentity and Access Management Level 100
Identity and Access Management Level 100 Rohit Rahi November 2018 1 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More information13241 Woodland Park Road, Suite 400 Herndon, VA USA A U T H O R : E X O S T A R D ATE: M A R C H V E R S I O N : 3.
SECURE ACCESS MAN AG E R FIRST TIME LOGIN GUIDE A U T H O R : E X O S T A R D ATE: M A R C H 2 0 1 5 V E R S I O N : 3.0 1 S E C U R E A CCESS M A N A G E R SECURE ACCESS MANAGER OVERVIEW... 3 SUMMARY...
More informationISACA Silicon Valley. APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems
ISACA Silicon Valley APIs The Next Hacker Target or a Business and Security Opportunity? Tim Mather, CISO Cadence Design Systems Why Should You Care About APIs? Because cloud and mobile computing are built
More informationOracle Communications Services Gatekeeper
Oracle Communications Services Gatekeeper Security Guide Release 5.1 E36134-01 June 2013 Oracle Communications Services Gatekeeper Security Guide, Release 5.1 E36134-01 Copyright 2011, 2013, Oracle and/or
More informationUsage of "OAuth2" policy action in CentraSite and Mediator
Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and
More informationBIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1
BIG-IP Access Policy Manager : Authentication and Single Sign-On Version 13.1 Table of Contents Table of Contents Authentication Concepts... 15 About AAA server support... 15 About AAA high availability
More informationA RESTful Approach to Identity-based Web Services
A RESTful Approach to Identity-based Web Services Marc J. Hadley Hubert A. Le Van Gong Sun Microsystems, Inc. 1 Outline > Identity-based web services intro > RESTful ID-WSF > OAuth Extensions > Permissioned
More informationAll about SAML End-to-end Tableau and OKTA integration
Welcome # T C 1 8 All about SAML End-to-end Tableau and OKTA integration Abhishek Singh Senior Manager, Regional Delivery Tableau Abhishek Singh Senior Manager Regional Delivery asingh@tableau.com Agenda
More informationSecuring your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)
Securing your Standards Based Services Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri) Agenda What are your security goals? Access control Standards and interoperability User management and authentication
More informationInside Symantec O 3. Sergi Isasi. Senior Manager, Product Management. SR B30 - Inside Symantec O3 1
Inside Symantec O 3 Sergi Isasi Senior Manager, Product Management SR B30 - Inside Symantec O3 1 Agenda 2 Cloud: Opportunity And Challenge Cloud Private Cloud We should embrace the Cloud to respond to
More informationPASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year
PASS4TEST IT Certification Guaranteed, The Easy Way! \ http://www.pass4test.com We offer free update service for one year Exam : 000-575 Title : IBM Tivoli Federated Identity Manager V6.2.2 Implementation
More informationBSE-SINGLE SIGN ON. For Brokers/ Banks/ Mutual Funds
BSE-SINGLE SIGN ON For Brokers/ Banks/ Mutual Funds Contents Introduction:... 2 Features:... 2 Advantages:... 2 On-boarding process.... 3 SSO application Login Process... 7 Authentication via OTP... 7
More informationArcGIS Enterprise Security. Gregory Ponto & Jeff Smith
ArcGIS Enterprise Security Gregory Ponto & Jeff Smith Agenda Focus: Security best practices for ArcGIS Enterprise ArcGIS Server Portal for ArcGIS 10.5 Features Strongly Recommend: Knowledge of ArcGIS Server
More informationCONNECTED IDENTITY: BENEFITS, RISKS, AND CHALLENGES DIRECTOR - SECURITY ARCHITECTURE, WSO2
CONNECTED IDENTITY: BENEFITS, RISKS, AND CHALLENGES BY FRANK PRABATH LEYMANN SIRIWARDENA DIRECTOR - SECURITY ARCHITECTURE, WSO2 TABLE OF CONTENTS 1. Introduction... 03 2. Breaking Silos in a Connected
More informationuick Start Guide 1. Install Oracle Java SE Development Kit (JDK) version or later or 1.7.* and set the JAVA_HOME environment variable.
API Manager uick Start Guide WSO2 API Manager is a complete solution for publishing APIs, creating and managing a developer community, and for routing API traffic in a scalable manner. It leverages the
More informationContents About This Guide... 5 About Notifications... 5 Managing User Accounts... 6 Managing Companies Managing Password Policies...
Cloud Services Identity Management Administration Guide Version 17 July 2017 Contents About This Guide... 5 About Notifications... 5 Managing User Accounts... 6 About the User Administration Table...
More informationSalesforce Mobile App Security Guide
Salesforce Mobile App Security Guide Version 3, 0 @salesforcedocs Last updated: October 11, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationIntegrating with Prime Service Catalog
This chapter consist of the following topics: Overview, page 1 Integrating with Third Party Applications, page 4 Creating Custom Integrations, page 7 Providing Infrastructure as a Service (IaaS) using
More informationSecuring Office 365 with Okta
Securing Office 365 with Okta Index Background Terms & Definitions Introduction Office 365 Authentication Methods Securing Federated Office 365 Using Okta Known Email Clients that Support Modern Authentication
More informationSOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES
SOCIAL IDENTITIES IN HIGHER ED: WHY AND HOW WITH REAL-WORLD EXAMPLES Todd Haddaway, University of Maryland, Baltimore County Jacob Farmer, Indiana University Dedra Chamberlin, Cirrus Identity 2015 Internet2
More informationCLI users are not listed on the Cisco Prime Collaboration User Management page.
Cisco Prime Collaboration supports creation of user roles. A user can be assigned the Super Administrator role. A Super Administrator can perform tasks that both system administrator and network administrator
More informationAuthentication in the Cloud. Stefan Seelmann
Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources
More informationLiferay Security Features Overview. How Liferay Approaches Security
Liferay Security Features Overview How Liferay Approaches Security Table of Contents Executive Summary.......................................... 1 Transport Security............................................
More informationArgus Vulnerability Assessment *1
Argus Vulnerability Assessment *1 Manuel Brugnoli and Elisa Heymann Universitat Autònoma de Barcelona June, 2011 Introduction Argus is the glite Authorization Service. It is intended to provide consistent
More informationCanadian Access Federation: Trust Assertion Document (TAD)
Purpose A fundamental requirement of Participants in the Canadian Access Federation is that they assert authoritative and accurate identity attributes to resources being accessed, and that Participants
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationBuilding the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017
Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?
More informationIntegrating Apache Mesos with Science Gateways via Apache Airavata
Integrating Apache Mesos with Science Gateways via Apache Airavata Organization: Apache Software Foundation Abstract: Science Gateways federate resources from multiple organizations. Most gateways solve
More informationMozy. Administrator Guide
Mozy Administrator Guide Preface 2017 Mozy, Inc. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished under a license
More informationArcGIS for Server: Security
DevSummit DC February 11, 2015 Washington, DC Michael Sarhan Esri msarhan@esri.com Agenda Review Basic Security Workflow - ArcGIS Server Roles and Identity Stores - Authentication - Authorization: Securing
More informationSingle Sign-On Best Practices
AUGUST 2018 WHITE PAPER Single Sign-On Best Practices Protecting Access in the Cloud Table of Contents Executive Summary... 3 Objectives... 3 Security Challenges... 4 Standards... 5 Conclusion... 6 Additional
More informationOracle Communications WebRTC Session Controller
Oracle Communications WebRTC Session Controller Security Guide Release 7.0 E40975-01 November 2013 Oracle Communications WebRTC Session Controller Security Guide, Release 7.0 E40975-01 Copyright 2013,
More informationDCCKI Interface Design Specification. and. DCCKI Repository Interface Design Specification
DCCKI Interface Design Specification and DCCKI Repository Interface Design Specification 1 INTRODUCTION Document Purpose 1.1 Pursuant to Section L13.13 of the Code (DCCKI Interface Design Specification),
More informationLeveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki
Leveraging the Globus Platform in your Web Applications GlobusWorld April 26, 2018 Greg Nawrocki greg@globus.org Topics and Goals Platform Overview Why expose the APIs A quick touch of the Globus Auth
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More information