Abstract image of a woman sitting on books and studying on a laptop

Adding Identity Management and Access Control to your Application

Download as PPTX, PDF
Fernando Lopez Aguilar, profile picture
Fernando Lopez Aguilar

This document discusses adding identity management and access control to applications using FIWARE. It introduces the FIWARE Identity Manager for user authentication and the OAuth 2.0 protocol. It also discusses three levels of authorization: 1) authenticating users with FIWARE accounts, 2) basic authorization of HTTP requests, and 3) advanced authorization using XACML policies. Code examples and documentation links are provided to help integrate these security features.

Technology
Related topics:
Access Control Overview
1 of 19
Downloaded 76 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
Identity Manager 2
Identity Manager 3 Account
Oauth 2.0 Login with
FIWARE Account (Identity Manager) Demo 5
OAuth 2.0 6
Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
Oauth 2.0 Demo 9
Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
FIWARE Proxy Demo 17
Documentation • FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

More Related Content

PPTX
FI-WARE Account and OAuth solution
Javier Cerviño
 
PDF
How to authenticate users in your apps using FI-WARE Account - Introduction
Javier Cerviño
 
PPTX
IdM and AC
Fernando Lopez Aguilar
 
PPTX
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
 
PDF
FIware Identity Manager
Joaquín Salvachúa
 
PDF
FIWARE Identity Manager Exercises
Joaquín Salvachúa
 
PPTX
Adding Identity Management and Access Control to your Application
Álvaro Alonso González
 
PPTX
Adding Identity Management and Access Control to your Application - Exersices
Álvaro Alonso González
 
FI-WARE Account and OAuth solution
Javier Cerviño
 
How to authenticate users in your apps using FI-WARE Account - Introduction
Javier Cerviño
 
IdM and AC
Fernando Lopez Aguilar
 
Adding Identity Management and Access Control to your Application, Authorization
Fernando Lopez Aguilar
 
FIware Identity Manager
Joaquín Salvachúa
 
FIWARE Identity Manager Exercises
Joaquín Salvachúa
 
Adding Identity Management and Access Control to your Application
Álvaro Alonso González
 
Adding Identity Management and Access Control to your Application - Exersices
Álvaro Alonso González
 

What's hot (20)

PDF
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
PPTX
Api security-eic-prabath
WSO2
 
PPTX
Adding Identity Management and Access Control to your App
FIWARE
 
PPTX
Hybrid authentication - Talking To Major Social Networks
Rayhan Chowdhury
 
PPTX
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
PPTX
Securing the Web @DevDay Da Nang 2018
Sumanth Damarla
 
PPT
Openid & Oauth: An Introduction
Steve Ivy
 
PDF
OAuth2 and Spring Security
Orest Ivasiv
 
PPTX
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
PPTX
REST Service Authetication with TLS & JWTs
Jon Todd
 
PPTX
JWT Authentication with AngularJS
robertjd
 
PPTX
Intro to Deception techniques - Honey-*
Harish Ramadoss
 
PPTX
Security Function
Samuel Soon
 
PPTX
Pentest Expectations
Ihor Uzhvenko
 
PDF
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia
 
PDF
Building an API Security Ecosystem
Prabath Siriwardena
 
PDF
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Alexandre Morgaut
 
PDF
Fun With Spring Security
Burt Beckwith
 
PPTX
Demystifying REST
Kirsten Hunter
 
PPTX
JWT SSO Inbound Authenticator
MifrazMurthaja
 
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
Api security-eic-prabath
WSO2
 
Adding Identity Management and Access Control to your App
FIWARE
 
Hybrid authentication - Talking To Major Social Networks
Rayhan Chowdhury
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
Securing the Web @DevDay Da Nang 2018
Sumanth Damarla
 
Openid & Oauth: An Introduction
Steve Ivy
 
OAuth2 and Spring Security
Orest Ivasiv
 
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
REST Service Authetication with TLS & JWTs
Jon Todd
 
JWT Authentication with AngularJS
robertjd
 
Intro to Deception techniques - Honey-*
Harish Ramadoss
 
Security Function
Samuel Soon
 
Pentest Expectations
Ihor Uzhvenko
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia
 
Building an API Security Ecosystem
Prabath Siriwardena
 
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Alexandre Morgaut
 
Fun With Spring Security
Burt Beckwith
 
Demystifying REST
Kirsten Hunter
 
JWT SSO Inbound Authenticator
MifrazMurthaja
 
Ad

Viewers also liked (15)

PDF
Chela stress test
superserch
 
PDF
May: If I Were 22
LinkedIn Editors' Picks
 
PDF
Cwin16 - Paris - ux design
Capgemini
 
PDF
Ia32 Modo Protegido
Erwin Meza
 
PDF
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
Jakob Schneider
 
PDF
Netflix Nebula - Gradle Summit 2014
Justin Ryan
 
PDF
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
Xavier Amatriain
 
PDF
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
Capgemini
 
PDF
Disciplined agile business analysis
Scott W. Ambler
 
PDF
How Comcast uses Data Science to Improve the Customer Experience
Turi, Inc.
 
PDF
How to Start a Startup at NYU
NYU Entrepreneurial Institute
 
PDF
Introduction to the Innovation Corps (NSF I-Corps)
NYU Entrepreneurial Institute
 
PPTX
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
500 Startups
 
PDF
Cwin16 - lyon - faurecia customer cockpit
Capgemini
 
PDF
April: My Best Mistake
LinkedIn Editors' Picks
 
Chela stress test
superserch
 
May: If I Were 22
LinkedIn Editors' Picks
 
Cwin16 - Paris - ux design
Capgemini
 
Ia32 Modo Protegido
Erwin Meza
 
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
Jakob Schneider
 
Netflix Nebula - Gradle Summit 2014
Justin Ryan
 
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
Xavier Amatriain
 
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
Capgemini
 
Disciplined agile business analysis
Scott W. Ambler
 
How Comcast uses Data Science to Improve the Customer Experience
Turi, Inc.
 
How to Start a Startup at NYU
NYU Entrepreneurial Institute
 
Introduction to the Innovation Corps (NSF I-Corps)
NYU Entrepreneurial Institute
 
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
500 Startups
 
Cwin16 - lyon - faurecia customer cockpit
Capgemini
 
April: My Best Mistake
LinkedIn Editors' Picks
 
Ad

Similar to Adding Identity Management and Access Control to your Application (20)

PDF
FIWARE ID Management
Miguel García González
 
PDF
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE
 
PPTX
Adding identity management and access control to your app
Álvaro Alonso González
 
PPTX
Id fiware upm-dit
Joaquín Salvachúa
 
PPTX
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
cdanger
 
PDF
Securing FIWARE Architectures
FIWARE
 
PDF
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE
 
PPTX
Secure your app with keycloak
Guy Marom
 
PPTX
Security Access with OAuth2.0
Fernando Lopez Aguilar
 
PPTX
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE
 
PDF
FIWARE Identity Management and Access Control
Fernando Lopez Aguilar
 
PDF
Navigating Identity and Access Management in the Modern Enterprise
WSO2
 
PDF
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
PPTX
Esquema de pasos de ejecución IdM
Fernando Lopez Aguilar
 
PDF
API Security - OWASP top 10 for APIs + tips for pentesters
Inon Shkedy
 
PDF
Full stack security
DPC Consulting Ltd
 
PDF
FIWARE Global Summit - Identity Management and Access Control
FIWARE
 
PPTX
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
PDF
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Adar Weidman
 
PDF
FIWARE Identity Management and Access Control
FIWARE
 
FIWARE ID Management
Miguel García González
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE
 
Adding identity management and access control to your app
Álvaro Alonso González
 
Id fiware upm-dit
Joaquín Salvachúa
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
cdanger
 
Securing FIWARE Architectures
FIWARE
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE
 
Secure your app with keycloak
Guy Marom
 
Security Access with OAuth2.0
Fernando Lopez Aguilar
 
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE
 
FIWARE Identity Management and Access Control
Fernando Lopez Aguilar
 
Navigating Identity and Access Management in the Modern Enterprise
WSO2
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
Esquema de pasos de ejecución IdM
Fernando Lopez Aguilar
 
API Security - OWASP top 10 for APIs + tips for pentesters
Inon Shkedy
 
Full stack security
DPC Consulting Ltd
 
FIWARE Global Summit - Identity Management and Access Control
FIWARE
 
Mit 2014 introduction to open id connect and o-auth 2
Justin Richer
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
Adar Weidman
 
FIWARE Identity Management and Access Control
FIWARE
 

More from Fernando Lopez Aguilar (20)

PDF
Introduction to FIWARE technology
Fernando Lopez Aguilar
 
PDF
DW2020 Data Models - FIWARE Platform
Fernando Lopez Aguilar
 
PPTX
FIWARE and Smart Data Models
Fernando Lopez Aguilar
 
PPTX
How to deploy a smart city platform?
Fernando Lopez Aguilar
 
PPTX
Building the Smart City Platform on FIWARE Lab
Fernando Lopez Aguilar
 
PDF
Data Modeling with NGSI, NGSI-LD
Fernando Lopez Aguilar
 
PDF
FIWARE and Robotics
Fernando Lopez Aguilar
 
PDF
Big Data and Machine Learning with FIWARE
Fernando Lopez Aguilar
 
PDF
Operational Dashboards with FIWARE WireCloud
Fernando Lopez Aguilar
 
PDF
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Fernando Lopez Aguilar
 
PDF
Data persistency (draco, cygnus, sth comet, quantum leap)
Fernando Lopez Aguilar
 
PDF
How to debug IoT Agents
Fernando Lopez Aguilar
 
PDF
Core Context Management
Fernando Lopez Aguilar
 
PDF
What is an IoT Agent
Fernando Lopez Aguilar
 
PDF
FIWARE Overview
Fernando Lopez Aguilar
 
PDF
Overview of the FIWARE Ecosystem
Fernando Lopez Aguilar
 
PPTX
Cloud and Big Data in the agriculture sector
Fernando Lopez Aguilar
 
PDF
Berlin OpenStack Summit'18
Fernando Lopez Aguilar
 
PPTX
Context Information Management in IoT enabled smart systems - the basics
Fernando Lopez Aguilar
 
PPTX
FIWARE IoT Introduction 1
Fernando Lopez Aguilar
 
Introduction to FIWARE technology
Fernando Lopez Aguilar
 
DW2020 Data Models - FIWARE Platform
Fernando Lopez Aguilar
 
FIWARE and Smart Data Models
Fernando Lopez Aguilar
 
How to deploy a smart city platform?
Fernando Lopez Aguilar
 
Building the Smart City Platform on FIWARE Lab
Fernando Lopez Aguilar
 
Data Modeling with NGSI, NGSI-LD
Fernando Lopez Aguilar
 
FIWARE and Robotics
Fernando Lopez Aguilar
 
Big Data and Machine Learning with FIWARE
Fernando Lopez Aguilar
 
Operational Dashboards with FIWARE WireCloud
Fernando Lopez Aguilar
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Fernando Lopez Aguilar
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Fernando Lopez Aguilar
 
How to debug IoT Agents
Fernando Lopez Aguilar
 
Core Context Management
Fernando Lopez Aguilar
 
What is an IoT Agent
Fernando Lopez Aguilar
 
FIWARE Overview
Fernando Lopez Aguilar
 
Overview of the FIWARE Ecosystem
Fernando Lopez Aguilar
 
Cloud and Big Data in the agriculture sector
Fernando Lopez Aguilar
 
Berlin OpenStack Summit'18
Fernando Lopez Aguilar
 
Context Information Management in IoT enabled smart systems - the basics
Fernando Lopez Aguilar
 
FIWARE IoT Introduction 1
Fernando Lopez Aguilar
 

Recently uploaded (20)

PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
PPTX
Build automations faster and more reliably with UiPath ScreenPlay
AndreeaTom
 
PDF
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
PDF
CCUS-as-the-Missing-Link-to-Net-Zero_AksCurious.pdf
AkarshaSrivastava1
 
PPTX
Presentation - Principles of Instructional Design.pptx
Ntokozo Mhlongo
 
PPTX
How to use fields_get method in Odoo 18
Celine George
 
PDF
ment.tech-Siri Delay Opens AI Startup Opportunity in 2025.pdf
thomasnova26
 
PPTX
AQUEEL MUSHTAQUE FAKIH COMPUTER CENTER .
nachanmasarrat13
 
PDF
Decision Optimization - From Theory to Practice
Eray Cakici
 
PDF
A hybrid framework for wild animal classification using fine-tuned DenseNet12...
IAESIJAI
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PDF
The AI Revolution in Customer Service - 2025
Body of Knowledge
 
PDF
Launch a Bumble-Style App with AI Features in 2025.pdf
techugoapp2025
 
PDF
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
PDF
Connector Corner: Transform Unstructured Documents with Agentic Automation
DianaGray10
 
PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
PDF
Streamline Vulnerability Management From Minimal Images to SBOMs
Anchore
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
Data Virtualization in Action: Scaling APIs and Apps with FME
Safe Software
 
Build automations faster and more reliably with UiPath ScreenPlay
AndreeaTom
 
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
CCUS-as-the-Missing-Link-to-Net-Zero_AksCurious.pdf
AkarshaSrivastava1
 
Presentation - Principles of Instructional Design.pptx
Ntokozo Mhlongo
 
How to use fields_get method in Odoo 18
Celine George
 
ment.tech-Siri Delay Opens AI Startup Opportunity in 2025.pdf
thomasnova26
 
AQUEEL MUSHTAQUE FAKIH COMPUTER CENTER .
nachanmasarrat13
 
Decision Optimization - From Theory to Practice
Eray Cakici
 
A hybrid framework for wild animal classification using fine-tuned DenseNet12...
IAESIJAI
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
The AI Revolution in Customer Service - 2025
Body of Knowledge
 
Launch a Bumble-Style App with AI Features in 2025.pdf
techugoapp2025
 
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
Connector Corner: Transform Unstructured Documents with Agentic Automation
DianaGray10
 
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Co-training pseudo-labeling for text classification with support vector machi...
IAESIJAI
 
Streamline Vulnerability Management From Minimal Images to SBOMs
Anchore
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 

Adding Identity Management and Access Control to your Application

  • 1. Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE [email protected], @jsalvachua [email protected], @larsonalonso
  • 5. FIWARE Account (Identity Manager) Demo 5
  • 7. Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
  • 8. Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
  • 10. Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
  • 11. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  • 12. Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  • 13. Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  • 14. Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  • 15. Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
  • 16. Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
  • 18. Documentation • FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
  • 19. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE [email protected], @larsonalonso