SlideShare a Scribd company logo

Adding Identity Management and Access Control to your Application

Download as PPTX, PDF
Fernando Lopez Aguilar
Fernando Lopez Aguilar

This document discusses adding identity management and access control to applications using FIWARE. It introduces the FIWARE Identity Manager for user authentication and the OAuth 2.0 protocol. It also discusses three levels of authorization: 1) authenticating users with FIWARE accounts, 2) basic authorization of HTTP requests, and 3) advanced authorization using XACML policies. Code examples and documentation links are provided to help integrate these security features.

Technology
1 of 19
Downloaded 76 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
Identity Manager 2
Identity Manager 3 Account
Oauth 2.0 Login with
FIWARE Account (Identity Manager) Demo 5
OAuth 2.0 6
Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
Oauth 2.0 Libraries ‱ http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. ‱ Example using Node.js – https://github.com/ging/oauth2-example-client 8
Oauth 2.0 Demo 9
Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
Securing your back-end ‱ Level 1: Authentication – Check if a user has a FIWARE account ‱ Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path ‱ Level 3: Advanced Authorization – Custom XACML policies
Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
FIWARE Proxy Demo 17
Documentation ‱ FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki ‱ FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation ‱ FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client ‱ FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

More Related Content

What's hot (20)

PDF
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
PPTX
Api security-eic-prabath
WSO2
 
PPTX
Adding Identity Management and Access Control to your App
FIWARE
 
PPTX
Hybrid authentication - Talking To Major Social Networks
Rayhan Chowdhury
 
PPTX
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
PPTX
Securing the Web @DevDay Da Nang 2018
Sumanth Damarla
 
PPT
Openid & Oauth: An Introduction
Steve Ivy
 
PDF
OAuth2 and Spring Security
Orest Ivasiv
 
PPTX
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
PPTX
REST Service Authetication with TLS & JWTs
Jon Todd
 
PPTX
JWT Authentication with AngularJS
robertjd
 
PPTX
Intro to Deception techniques - Honey-*
Harish Ramadoss
 
PPTX
Security Function
Samuel Soon
 
PPTX
Pentest Expectations
Ihor Uzhvenko
 
PDF
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia
 
PDF
Building an API Security Ecosystem
Prabath Siriwardena
 
PDF
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Alexandre Morgaut
 
PDF
Fun With Spring Security
Burt Beckwith
 
PPTX
Demystifying REST
Kirsten Hunter
 
PPTX
JWT SSO Inbound Authenticator
MifrazMurthaja
 
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
Api security-eic-prabath
WSO2
 
Adding Identity Management and Access Control to your App
FIWARE
 
Hybrid authentication - Talking To Major Social Networks
Rayhan Chowdhury
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
Jonathan LeBlanc
 
Securing the Web @DevDay Da Nang 2018
Sumanth Damarla
 
Openid & Oauth: An Introduction
Steve Ivy
 
OAuth2 and Spring Security
Orest Ivasiv
 
Securing RESTful Payment APIs Using OAuth 2
Jonathan LeBlanc
 
REST Service Authetication with TLS & JWTs
Jon Todd
 
JWT Authentication with AngularJS
robertjd
 
Intro to Deception techniques - Honey-*
Harish Ramadoss
 
Security Function
Samuel Soon
 
Pentest Expectations
Ihor Uzhvenko
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
Java User Group Latvia
 
Building an API Security Ecosystem
Prabath Siriwardena
 
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Alexandre Morgaut
 
Fun With Spring Security
Burt Beckwith
 
Demystifying REST
Kirsten Hunter
 
JWT SSO Inbound Authenticator
MifrazMurthaja
 

Viewers also liked (15)

PDF
Chela stress test
superserch
 
PDF
May: If I Were 22
LinkedIn Editors' Picks
 
PDF
Cwin16 - Paris - ux design
Capgemini
 
PDF
Ia32 Modo Protegido
Erwin Meza
 
PDF
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
Jakob Schneider
 
PDF
Netflix Nebula - Gradle Summit 2014
Justin Ryan
 
PDF
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
Xavier Amatriain
 
PDF
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
Capgemini
 
PDF
Disciplined agile business analysis
Scott W. Ambler
 
PDF
How Comcast uses Data Science to Improve the Customer Experience
Turi, Inc.
 
PDF
How to Start a Startup at NYU
NYU Entrepreneurial Institute
 
PDF
Introduction to the Innovation Corps (NSF I-Corps)
NYU Entrepreneurial Institute
 
PPTX
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
500 Startups
 
PDF
Cwin16 - lyon - faurecia customer cockpit
Capgemini
 
PDF
April: My Best Mistake
LinkedIn Editors' Picks
 
Chela stress test
superserch
 
May: If I Were 22
LinkedIn Editors' Picks
 
Cwin16 - Paris - ux design
Capgemini
 
Ia32 Modo Protegido
Erwin Meza
 
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
Jakob Schneider
 
Netflix Nebula - Gradle Summit 2014
Justin Ryan
 
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
Xavier Amatriain
 
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
Capgemini
 
Disciplined agile business analysis
Scott W. Ambler
 
How Comcast uses Data Science to Improve the Customer Experience
Turi, Inc.
 
How to Start a Startup at NYU
NYU Entrepreneurial Institute
 
Introduction to the Innovation Corps (NSF I-Corps)
NYU Entrepreneurial Institute
 
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
500 Startups
 
Cwin16 - lyon - faurecia customer cockpit
Capgemini
 
April: My Best Mistake
LinkedIn Editors' Picks
 
Ad

Similar to Adding Identity Management and Access Control to your Application (20)

PDF
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE
 
PDF
FIWARE ID Management
Miguel GarcĂ­a GonzĂĄlez
 
PPTX
Security Access with OAuth2.0
Fernando Lopez Aguilar
 
PPTX
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Álvaro Alonso Gonzålez
 
PPTX
Adding identity management and access control to your app
Álvaro Alonso Gonzålez
 
PPT
Oauth2.0
Yasmine Gaber
 
PDF
FIWARE Training: Identity Management and Access Control
FIWARE
 
PPTX
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
PPTX
Api security
teodorcotruta
 
PPTX
Id fiware upm-dit
JoaquĂ­n SalvachĂșa
 
PDF
FIWARE Identity Management and Access Control
FIWARE
 
PDF
Keeping Pace with OAuth’s Evolving Security Practices.pdf
Sirris
 
PDF
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
PDF
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE
 
PDF
Beyond API Authorization
Jared Hanson
 
PDF
Best Practices in Building an API Security Ecosystem
WSO2
 
PDF
How to Build an Indivo X Personal Health App
Ben Adida
 
PDF
Some OAuth love
Nicolas Blanco
 
PDF
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
Vladimir Bychkov
 
PDF
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
FIWARE
 
FIWARE ID Management
Miguel GarcĂ­a GonzĂĄlez
 
Security Access with OAuth2.0
Fernando Lopez Aguilar
 
Keyrock - Lesson 3. Applications. How to create OAuth2 tokens.
Álvaro Alonso Gonzålez
 
Adding identity management and access control to your app
Álvaro Alonso Gonzålez
 
Oauth2.0
Yasmine Gaber
 
FIWARE Training: Identity Management and Access Control
FIWARE
 
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
Api security
teodorcotruta
 
Id fiware upm-dit
JoaquĂ­n SalvachĂșa
 
FIWARE Identity Management and Access Control
FIWARE
 
Keeping Pace with OAuth’s Evolving Security Practices.pdf
Sirris
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
CA API Management
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE
 
Beyond API Authorization
Jared Hanson
 
Best Practices in Building an API Security Ecosystem
WSO2
 
How to Build an Indivo X Personal Health App
Ben Adida
 
Some OAuth love
Nicolas Blanco
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
Vladimir Bychkov
 
Stateless Auth using OAuth2 & JWT
Gaurav Roy
 
Ad

More from Fernando Lopez Aguilar (20)

PDF
Introduction to FIWARE technology
Fernando Lopez Aguilar
 
PDF
DW2020 Data Models - FIWARE Platform
Fernando Lopez Aguilar
 
PPTX
FIWARE and Smart Data Models
Fernando Lopez Aguilar
 
PPTX
How to deploy a smart city platform?
Fernando Lopez Aguilar
 
PPTX
Building the Smart City Platform on FIWARE Lab
Fernando Lopez Aguilar
 
PDF
Data Modeling with NGSI, NGSI-LD
Fernando Lopez Aguilar
 
PDF
FIWARE and Robotics
Fernando Lopez Aguilar
 
PDF
Big Data and Machine Learning with FIWARE
Fernando Lopez Aguilar
 
PDF
Operational Dashboards with FIWARE WireCloud
Fernando Lopez Aguilar
 
PDF
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Fernando Lopez Aguilar
 
PDF
FIWARE Identity Management and Access Control
Fernando Lopez Aguilar
 
PDF
Data persistency (draco, cygnus, sth comet, quantum leap)
Fernando Lopez Aguilar
 
PDF
How to debug IoT Agents
Fernando Lopez Aguilar
 
PDF
Core Context Management
Fernando Lopez Aguilar
 
PDF
What is an IoT Agent
Fernando Lopez Aguilar
 
PDF
FIWARE Overview
Fernando Lopez Aguilar
 
PDF
Overview of the FIWARE Ecosystem
Fernando Lopez Aguilar
 
PPTX
Cloud and Big Data in the agriculture sector
Fernando Lopez Aguilar
 
PDF
Berlin OpenStack Summit'18
Fernando Lopez Aguilar
 
PPTX
Context Information Management in IoT enabled smart systems - the basics
Fernando Lopez Aguilar
 
Introduction to FIWARE technology
Fernando Lopez Aguilar
 
DW2020 Data Models - FIWARE Platform
Fernando Lopez Aguilar
 
FIWARE and Smart Data Models
Fernando Lopez Aguilar
 
How to deploy a smart city platform?
Fernando Lopez Aguilar
 
Building the Smart City Platform on FIWARE Lab
Fernando Lopez Aguilar
 
Data Modeling with NGSI, NGSI-LD
Fernando Lopez Aguilar
 
FIWARE and Robotics
Fernando Lopez Aguilar
 
Big Data and Machine Learning with FIWARE
Fernando Lopez Aguilar
 
Operational Dashboards with FIWARE WireCloud
Fernando Lopez Aguilar
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Fernando Lopez Aguilar
 
FIWARE Identity Management and Access Control
Fernando Lopez Aguilar
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Fernando Lopez Aguilar
 
How to debug IoT Agents
Fernando Lopez Aguilar
 
Core Context Management
Fernando Lopez Aguilar
 
What is an IoT Agent
Fernando Lopez Aguilar
 
FIWARE Overview
Fernando Lopez Aguilar
 
Overview of the FIWARE Ecosystem
Fernando Lopez Aguilar
 
Cloud and Big Data in the agriculture sector
Fernando Lopez Aguilar
 
Berlin OpenStack Summit'18
Fernando Lopez Aguilar
 
Context Information Management in IoT enabled smart systems - the basics
Fernando Lopez Aguilar
 

Recently uploaded (20)

PDF
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
PDF
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
PPTX
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
PDF
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
PDF
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
PDF
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
PDF
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
PDF
Rethinking Security Operations - SOC Evolution Journey.pdf
Haris Chughtai
 
PDF
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
PDF
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
PDF
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
PPTX
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
PDF
Français Patch Tuesday - Juillet
Ivanti
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PDF
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
PPTX
Top Managed Service Providers in Los Angeles
Captain IT
 
PDF
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
PDF
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 
Fl Studio 24.2.2 Build 4597 Crack for Windows Free Download 2025
faizk77g
 
Windsurf Meetup Ottawa 2025-07-12 - Planning Mode at Reliza.pdf
Pavel Shukhman
 
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
TrustArc Webinar - Data Privacy Trends 2025: Mid-Year Insights & Program Stra...
TrustArc
 
Human-centred design in online workplace learning and relationship to engagem...
Tracy Tang
 
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
Empower Inclusion Through Accessible Java Applications
Ana-Maria Mihalceanu
 
SFWelly Summer 25 Release Highlights July 2025
Anna Loughnan Colquhoun
 
Rethinking Security Operations - SOC Evolution Journey.pdf
Haris Chughtai
 
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
Building Search Using OpenSearch: Limitations and Workarounds
Sease
 
Français Patch Tuesday - Juillet
Ivanti
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
DevBcn - Building 10x Organizations Using Modern Productivity Metrics
Justin Reock
 
Top Managed Service Providers in Los Angeles
Captain IT
 
Empowering Cloud Providers with Apache CloudStack and Stackbill
ShapeBlue
 
Chris Elwell Woburn, MA - Passionate About IT Innovation
Chris Elwell Woburn, MA
 

Adding Identity Management and Access Control to your Application

  • 1. Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE [email protected], @jsalvachua [email protected], @larsonalonso
  • 5. FIWARE Account (Identity Manager) Demo 5
  • 7. Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
  • 8. Oauth 2.0 Libraries ‱ http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. ‱ Example using Node.js – https://github.com/ging/oauth2-example-client 8
  • 10. Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
  • 11. Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  • 12. Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  • 13. Securing your back-end ‱ Level 1: Authentication – Check if a user has a FIWARE account ‱ Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path ‱ Level 3: Advanced Authorization – Custom XACML policies
  • 14. Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  • 15. Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
  • 16. Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
  • 18. Documentation ‱ FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki ‱ FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation ‱ FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client ‱ FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
  • 19. Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE [email protected], @larsonalonso