API Security Management with Sentinet SENTINET

Similar documents
API Security Management SENTINET

Sentinet for Microsoft Azure SENTINET

Sentinet for BizTalk Server SENTINET

Overview SENTINET 3.1

Sentinet for Windows Azure VERSION 2.2

Enterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape

SAP Security in a Hybrid World. Kiran Kola

API Management Solutions

Sentinet for BizTalk Server VERSION 2.2

Introduction. The Safe-T Solution

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Developing Microsoft Azure Solutions (70-532) Syllabus

Dell One Identity Cloud Access Manager 8.0. Overview

Cloud Access Manager Configuration Guide

Microsoft Architecting Microsoft Azure Solutions.

Healthcare Database Connector

Healthcare Database Connector

Best Practices: Authentication & Authorization Infrastructure. Massimo Benini HPCAC - April,

Datapower is both a security appliance & can provide a firewall mechanism to get into Systems of Record

EMS Platform Services Installation & Configuration Guides

Cloud Access Manager Overview

Inland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE

Module 1: Introduction to Informatica Cloud B2B Gateway

BEST PRACTICES GUIDE MFA INTEGRATION WITH OKTA

WSO2 Identity Management

Unified Secure Access Beyond VPN

Healthcare Database Connector

5 OAuth EssEntiAls for APi AccEss control layer7.com

Which compute option is designed for the above scenario? A. OpenWhisk B. Containers C. Virtual Servers D. Cloud Foundry

Developing Microsoft Azure Solutions (70-532) Syllabus

Security Assertions Markup Language (SAML)

Developing Microsoft Azure Solutions (70-532) Syllabus

Single Sign-On for PCF. User's Guide

5 OAuth Essentials for API Access Control

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Administering Jive Mobile Apps for ios and Android

User Directories. Overview, Pros and Cons

INDIGO-Datacloud Identity and Access Management Service

Real4Test. Real IT Certification Exam Study materials/braindumps

Exam Questions

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

DreamFactory Security Guide

IBM Exam C IBM Tivoli Federated Identity Manager V6.2.2 Implementation Version: 6.0 [ Total Questions: 134 ]

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

TIBCO API Exchange Concepts

Oracle Cloud Using the Eventbrite Adapter. Release 17.3

OPENID CONNECT 101 WHITE PAPER

Integration Patterns for Legacy Applications

API MANAGEMENT WITH WEBMETHODS

NIELSEN API PORTAL USER REGISTRATION GUIDE

Partner Center: Secure application model

How to use or not use the AWS API Gateway for Microservices

Spotfire Security. Peter McKinnis July 2017

Siebel REST API Guide. Siebel Innovation Pack 2017, Rev. A November 2017

Azure Active Directory from Zero to Hero

BIG-IP Access Policy Manager : Authentication and Single Sign-On. Version 13.1

Copyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 5.

TIBCO Cloud Integration Security Overview

John Heimann Director, Security Product Management Oracle Corporation

Usage of "OAuth2" policy action in CentraSite and Mediator

INDIGO AAI An overview and status update!

[MS20487]: Developing Windows Azure and Web Services

Securing APIs and Microservices with OAuth and OpenID Connect

Five9 Plus Adapter for Agent Desktop Toolkit

API Manager Version May User Guide

Przejmij kontrolę nad użytkownikiem, czyli unifikacja dostępu do aplikacji w zróżnicowanym środowisku

Beyond X.509: Token-based Authentication and Authorization with the INDIGO Identity and Access Management Service

[GSoC Proposal] Securing Airavata API

Copyright. Copyright Ping Identity Corporation. All rights reserved. PingAccess Server documentation Version 4.

Introduction to Windows Azure. Managing Windows Azure. Module Manual. Authors: Joey Snow

SAP API Management Cloud Connector PUBLIC

SOLUTION BRIEF CA API MANAGEMENT. Enable and Protect Your Web Applications From OWASP Top Ten With CA API Management

RESTful API Design APIs your consumers will love

A Signing Proxy for Web Services Security

Office 365 and Azure Active Directory Identities In-depth

Integrating Salesforce and SharePoint Netwoven Inc.

API Gateway. Version 7.5.1

Building the Modern Research Data Portal. Developer Tutorial

Access Manager Applications Configuration Guide. October 2016

SAML-Based SSO Solution

Oracle Cloud Using the Google Calendar Adapter. Release 17.3

Consuming Office 365 REST API. Paolo Pialorsi PiaSys.com

COURSE 20487B: DEVELOPING WINDOWS AZURE AND WEB SERVICES

Oracle Cloud Using the Trello Adapter. Release 17.3

Oracle Cloud. Using the Google Calendar Adapter Release 16.3 E

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Oracle Communications Services Gatekeeper

Liferay Security Features Overview. How Liferay Approaches Security

Identity Implementation Guide

DEVELOPER GUIDE PIPELINE PILOT INTEGRATION COLLECTION 2016

User Management. Juan J. Doval DEIMOS SPACE S.L.U. NextGEOSS, September 25 th 2017

Chapter 17 Web Services Additional Topics

Oracle Cloud Using the DocuSign Adapter. Release 17.3

Identity-Enabled Web Services

Developing Windows Azure and Web Services

openid connect all the things

Oracle Cloud Using the Eventbrite Adapter with Oracle Integration

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Testpassport.

Installation Guide - Mac

Transcription:

API Security Management with Sentinet SENTINET

Overview 1 Contents Introduction... 2 Security Mediation and Translation... 3 Security Models... 3 Authentication... 4 Authorization... 5 Bidirectional Security Management... 6 Security Identities Management... 7

Overview 2 Introduction Nevatech Sentinet API Management helps developers build, provide and consume APIs using industry standard and custom security models. Developers can delegate some, or all of the responsibilities to handle security on behalf of the API Provider or API Consumer applications to Sentinet. These API Security Management capabilities provided by Sentinet tremendously reduce time and efforts on developing, testing and operating APIs in secure on-premises, cloud or hybrid environments. Sentinet Node (API Gateway) is a high-performance, scalable software intermediary that hosts remotely configurable and dynamic virtual APIs (façade APIs). The Sentinet Node mediates communication between API consumers and physical (backend) APIs, microservices and services, and through that brokerage empowers API solutions with remotely managed security. Sentinet manages security independently at both the Inbound (virtual API) and the Outbound (backend API) message flows of a Sentinet Node, therefore creating the opportunity mediate (translate) security and/or pass it through between API Consumers and backend APIs. Inbound flow defines security for the virtual service, which is accessed directly by an API Consumer via Sentinet Node endpoint(s). Outbound flow defines security required by the backend API. Sentinet Node implements that security to sucesfully forward request and responses to and from the backend API s endpoint(s).

Overview 3 Security Mediation and Translation Sentinet can mediate and translate the security of Inbound and Outbound sides. Inbound and Outbound security models can be the same (pass-through security models), or they can be very different. For example, an on-premises backend API may require Windows Integrated security authentication with local Active Directory, while it is exposed externally as a virtual API requiring Username/Password, X.509 certificate or OAuth JWT token. Sentinet does not limit supported Inbound and Outbound security models. Any supported security model can be applied at either Inbound or Outbound side. Security Models Inbound or Outbound message flows can implement and enforce many different security authentication models with different user credentials and security token types. These can be industry standard authentication schemes and security tokens, as well as custom security models. Sentinet enforces both authentication and authorization to ensure complete end-to-end security.

Overview 4 Authentication Sentinet supports standard and custom authentication schemes for both RESTful APIs and SOAP services. Tables below provide high-level overview of available options. For RESTful APIs Security Token Type Authentication Model Security Level Username/Password Basic Authentication Transport Username/Password Windows Integrated Transport Username/Password Custom Transport, Message X.509 Certificate Single-sided SSL Transport X.509 Certificate Mutual SSL Transport JWT OAuth/OpenID Connect Transport Kerberos, NTLM Windows Integrated Transport API Keys Custom Transport, Message Custom Tokens Custom Transport, Message For SOAP Services Security Token Type Authentication Model Security Level Username/Password Basic Authentication Transport Username/Password WS-Security Message (XML SOAP Security Header) Username/Password Windows Integrated Transport Username/Password Custom Transport, Message X.509 Certificate Single-sided SSL Transport X.509 Certificate Mutual SSL Transport X.509 Certificate WS-Security Message (XML SOAP Security Header) Kerberos, NTLM Windows Integrated Transport Kerberos, NTLM SAML Windows Integrated WS-Security Message (XML SOAP Security Header) Message (XML SOAP Security Header) JWT OAuth/OpenID Connect Transport

Overview 5 Authorization Sentinet provides unique capabilities to create simple to complex Authorization/Access Rules. These can be configured graphically using the Sentinet Console (API Portal) and its Access Rules Designer with a drag-and-drop user interface. Figure. Example of a complex Access Rule configured in the graphical Access Rules Designer Sentinet remotely and securely delivers designed Access Rules to the Sentinet Nodes (API Gateway), where they are executed at runtime to enforce Authorization logic. Sentinet implements Attribute-based Access Control (ABAC), where a single Access Rule is a combination of Access Rule conditions, that ultimately grant or deny access to a virtual API or some of its parts such as specific operation or an endpoint. Sentinet Users are not limited to the set of Access Rule conditions provided by the product. Custom Access Rules components can be developed using entire.net framework and any of its languages (such as C#) to implement custom authorization

Overview 6 logic. The custom components can be added to the Access Rules Designer with no coding required. Some of the available Access Rule Designer conditions are listed below: 1. Logical Any (or), And All (and) and Not (not). 2. Username/Password identity 3. Windows Active Directory user identity 4. Windows Active Directory Group membership 5. Claims validation (ex: validation of claims in JWT tokens issued by OAuth servers, such as Azure Active Directory, Google, Twitter, Facebook, Salesforce, or any other OAuth server conforming to the OAuth specifications). 6. Request URL validation that can validate any part(s) of the request URL including paths and query parameters (ex. API keys as query parameters) 7. HTTP Headers validation 8. HTTP Method validation 9. Message body validation using Regular expression 10. Message body validation using XPath 11. Date/Time schedule validation 12. Allowed or restricted client IP addresses validation 13. Access validation by Operation(s ) name(s). 14. Custom Access Rule conditions implemented in.net code to extend Access Rules with custom authorization logic. Bidirectional Security Management Sentinet s security management benefits are bidirectional. Sentinet Nodes will protect your API applications with required security, and they will help your API consumer

Overview 7 applications to implement security required by somebody else s (for example partner) APIs. Security Identities Management Sentinet can either passthrough API consumer identities or convert them from one identity type into another. For example, Username/Password, Windows identities, JWT token, API Keys can all be passed through Sentinet Nodes from the API Consumer to the backend API. At the same time, with Security Mediation and Translation, Sentinet can use an inbound Username/Password to generate the outbound Kerberos token, or replace inbound claims in a JWT token with a specific X.509 certificate required by the outbound security. Many security token types, listed in the Authentication section above, can interchangeably replace one another, while the messages are being processed by the Sentinet Nodes.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback