security as a service leveraged by apache projects
play

Security As A Service Leveraged by Apache Projects Oliver Wulff, - PowerPoint PPT Presentation

Mar 30, 2024 •223 likes •515 views

Security As A Service Leveraged by Apache Projects Oliver Wulff, Talend Application Security Landscape 11/19/14 2 Solution Building blocks Apache CXF Fediz Apache CXF Fediz Single Sign On (WS-Federation) Attribute Based Access

  1. Security As A Service Leveraged by Apache Projects Oliver Wulff, Talend

  2. Application Security Landscape 11/19/14 2

  3. Solution Building blocks ● Apache CXF Fediz Apache CXF Fediz ● Single Sign On (WS-Federation) ● Attribute Based Access Control (SAML AttributeStatement) ● Identity Provider and Application Server Plugin ● Apache Syncope Apache Syncope ● IAM (User management, Attribute Management, Provisioning) ● Connector LDAP ● Apache DS Apache DS ● LDAP Server ● PostgreSQL PostgreSQL ● Database for Syncope and Fediz IDP 11/19/14 3

  4. Solution Building blocks Demo Federation/SSO with Apache Tomcat Application 11/19/14 4

  5. Solution Building blocks Apache CXF Fediz 11/19/14 5

  6. Apache CXF Fediz ● Sub-project of Apache CXF project ● Work started mid of 2011 ● Community growing ● First release in June 2012 ● Current release 1.1.2 ● Finishing work for 1.2 11/19/14 6

  7. OASIS WS-Federation 1.2 ● OASIS Standard 2009 ● Security Token agnostic (SAML 1.1/2.0, …) ● Extends OASIS WS-Trust ● Browser and Web Services SSO ● PRP adapts Browsers to WS-Trust ● No connectivity between Application and IDP required (Cloud) ● Claims/Attribute Based Access Control ● Supports several Authentication domains 11/19/14 7

  8. WS-Federation Identity Provider (IDP) Security Token Service (STS) WS-Federation Fediz IDP Authentication Security Tokens Token WS-Trust issued by STS Fediz STS  User Machine Browser Relying Party (RP) A c c e s  s W R e Web Application e b d A i r e p c p t l i c t o a I t i D o P n Fediz Plugin HTTPS Servlet Container 11/19/14 8

  9. Fediz Plugin ● WS-Federation 1.0/1.1/1.2 ● SAML 1.1 / 2.0 Tokens ● SAML-P support ● IDP trust types Chain Trust, Direct Trust ● Core Logic Container independent ● Supports Tomcat, Jetty, Karaf, Websphere and Spring Security ● WS-Federation Metadata ● Claims provided in FederationPrincipal 11/19/14 9

  10. Fediz IDP/STS ● Authentication: Username/password, Kerberos, X509 ● Spring Security (REST, Login) ● Spring Web Flow ● User Store: ● File store (Mock testing) ● LDAPLoginModule ● Custom JAAS Login Module or custom WSS4J Validator ● Claims/Role store: ● LdapClaimsHandler ● FileClaimsHandler (Mock testing) ● SAML Token creation customizable 11/19/14 10

  11. New Features in Fediz 1.1 ● Fediz IDP refactored and leverages Spring Webflow ● WS-Federation support for RP-IDP ● HomeRealm Discovery ● Kerberos support ● Support encrypted SAML tokens ● SAML Holder-Of-Key ● New Containers supported: Karaf, Jetty, Spring Security and IBM Websphere ● Claim Mapping support with Apache Commons JEXL 11/19/14 11

  12. Fediz IDP Relying Party Home Realm Discovery Browser Relying Party IDP adatam.com IDP RPIDP Redirect: wtrealm='MyApplication' wtrealm='MyApplication', optional whr HomeRealm Redirect: wtrealm='RPIDP' Discovery wtrealm='RPIDP' Username/Password Challenge SignInResponse, 'RP-IDP Token' SignInResponse Claim Mapping SignInResponse, 'MyApplication Token' SignInResponse 11/19/14 12

  13. Fediz Roadmap ● Security Protocol pluggable in IDP (1.2) WS-Federation, SAML-P, Oauth2, ... ● IDP REST Interface (1.2) ● Configure Claims, IDPs, Applications, Trusted IDPs ● Fine grained security control ● SAML-P support in Fediz plugin (1.2) ● Fediz CXF Plugin (Security Protocols supported for JAX-RS) ● OAuth 2 ● Launch Fediz IDP from Maven build (1.2) ● Single Logout (1.2) 11/19/14 13

  14. REST Interface (1/3) Resources ● Idp ● /idps ● Claim ● /claims ● Ma ny-to-many (requestedClaims, offeredClaims) ● Attribute on Relation ● Application ● /applications ● many-to-many ● TrustedIdp ● /trustedIdps ● many-to-many 11/19/14 14

  15. REST Interface (2/3) ● Many-To-May Relationship /applications POST|GET /applications/{realm} GET|PUT|DELETE /applications/{realm}/claims POST /applications/{realm}/claims/{claimType} DELETE ● HTTP Error Codes (besides 200) ● NoContent (204) ● Error (500) ● Created (201) ● NotFound (404) ● Content Type ● XML ● JSON 11/19/14 15

  16. REST Interface (3/3) ● HTTP Headers ● Location (newly created resources) ● X-Application-Error-Code, X-Application-Error-Info ● Query parameters (start, size, expand) ● Hypermedia support? (href Attribute, link Element) ● Security ● Roles ● Entitlements (CLAIM_LIST, CLAIM_CREATE, …, ROLE_CREATE, ...) 11/19/14 16

  17. Solution Building blocks Demo Configure application using Fediz Configure application in Fediz IDP (REST) Federation/SSO with Apache Tomcat Application 11/19/14 17

  18. Solution Building blocks Apache Syncope 11/19/14 18

  19. Identity Access Management ● Who has/had access to What, When, How, and Why? 11/19/14 19

  20. Identity & Access Management ● IAM is concerned with managing user data on systems and applications during the entire life cycle ● Involves user attributes, roles, resources, entitlements, etc. ● Provisioning / Reconciliation ● Synchronize user (account) data across identity stores and a broad range of data sources, formats, meanings and purposes ● Read user data from source systems ● Write user data to target systems ● Reporting / Auditing ● Policy Enforcement (Segregation of Duty) 11/19/14 20

  21. IAM Product Architecture 11/19/14 21

  22. Apache Syncope Architecture (1/2) 11/19/14 22

  23. Apache Syncope Architecture (2/2) ● Different Connector support (ConnId project) ● Workflow customizable (based on Activiti) ● User Schema definition ● Propagation/Synchronization ● Business Intelligence (Audit, Report) ● REST API 11/19/14 23

  24. Apache Syncope - Schemas ● Apply for User and Roles ● Normal Attributes ● Stored in Syncope DB FirstName = John LastName = Black ● Propagaded and synchronized when selected ● Derived Attributes ● Combination of Attributes FullName = FirstName + LastName FullName = John Black ● JEXL Expression Language ● Virtual Attributes ● Not stored in Syncope DB ● Lookup from remote resource ● 11/19/14 24

  25. Apache Syncope – Attribute Mapping 11/19/14 25

  26. Apache Syncope - Workflow 11/19/14 26

  27. Solution Building blocks Demo IAM Syncope Federation/SSO with Apache Tomcat Application 11/19/14 27

  28. More information ● Talend 4 www.talend.com ● Apache Projects ● Fediz 4 http://cxf.apache.org/fediz.html ● Syncope 4 http://syncope.apache.org/ ● Blogs ● http://coheigea.blogspot.com ● http://www.dankulp.com/blog/ ● http://sberyozkin.blogspot.com ● http://owulff.blogspot.com 11/19/14 28

  29. Thank You

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

If you have the Content, then Apache has the Technology! A whistle-stop tour of the Apache

If you have the Content, then Apache has the Technology! A whistle-stop tour of the Apache

If you have the Content, then Apache has the Technology! A whistle-stop tour of the Apache content related projects Nick Burch CTO Quanticate Apache Projects 154 Top Level Projects 33 Incubating Projects 46 Content

548 views • 52 slides
Security best practices for Security best practices for Apache web services Apache web services

Security best practices for Security best practices for Apache web services Apache web services

Security best practices for Security best practices for Apache web services Apache web services Agenda Security Advisories @ Apache Issues associated with the advisory process Apache CXF advisories + lessons learned

394 views • 28 slides
Digital signing Digital signing an upcomming service for all apache projects Target of project:

Digital signing Digital signing an upcomming service for all apache projects Target of project:

Digital signing Digital signing an upcomming service for all apache projects Target of project: Use symantec as provider Infra-root as Enterprise Service Provider PMC as Software Publishers Provide signing for microsoft jani

359 views • 8 slides
The other Apache Technologies your Big Data solution needs! Nick Burch The Apache Software

The other Apache Technologies your Big Data solution needs! Nick Burch The Apache Software

The other Apache Technologies your Big Data solution needs! Nick Burch The Apache Software Foundation Apache T echnologies as in the ASF 91 T op Level Projects 59 Incubating Projects (74 past ones) Y is the only letter we lack

1.03k views • 65 slides
FAMP FreeBSD/Apache/MySQL/PHP zswu Computer Center, CS, NCTU Introduction Web service

FAMP FreeBSD/Apache/MySQL/PHP zswu Computer Center, CS, NCTU Introduction Web service

FAMP FreeBSD/Apache/MySQL/PHP zswu Computer Center, CS, NCTU Introduction Web service Apache GWS, Nginx, IIS SQL service MySQL, MariaDB MS SQL, Oracle DB, PostgreSQL NoSQL service MongoDB Web backend language

1.53k views • 57 slides
Apache Shiro - Executive Summary Apache Shiro is a powerful, easy-to-use Java Security

Apache Shiro - Executive Summary Apache Shiro is a powerful, easy-to-use Java Security

Christopher Lynch - CSCI 5448 Graduate Presentation Apache Shiro - Executive Summary Apache Shiro is a powerful, easy-to-use Java Security Framework with a goal to be more powerful and easier to use than the standard Java APIs. If you

348 views • 34 slides
Web Service development Talk Outline w ith Apache Axis2 and ODE Apache Axis2 Overview and

Web Service development Talk Outline w ith Apache Axis2 and ODE Apache Axis2 Overview and

Web Service development Talk Outline w ith Apache Axis2 and ODE Apache Axis2 Overview and Introduction Overview and Introduction Tutorial Installation & Administration Bottom up Web Service development and deployment B

361 views • 6 slides
InnerSource 101 and The Apache Way Jim Jagielski About Me Apache Software Foundation

InnerSource 101 and The Apache Way Jim Jagielski About Me Apache Software Foundation

InnerSource 101 and The Apache Way Jim Jagielski About Me Apache Software Foundation Co-founder, Director, Member and Developer Director Outercurve, MARSEC-XL, OSSI, OSI (ex) Developer Mega FOSS projects OReilly

574 views • 24 slides
Apache Security Secrets: Revealed! (Again!) for ApacheCon 2003, Las Vegas Mark J Cox revision 3

Apache Security Secrets: Revealed! (Again!) for ApacheCon 2003, Las Vegas Mark J Cox revision 3

Apache Security Secrets: Revealed! (Again!) for ApacheCon 2003, Las Vegas Mark J Cox revision 3 www.awe.com/mark/apcon2003 Apache Apache web server Powers over half of the Internet web server infrastructure Mature project, over 7

890 views • 53 slides
CSN09101 Networked Services Week 10: Using Apache Week 10: Using Apache Module Leader: Dr

CSN09101 Networked Services Week 10: Using Apache Week 10: Using Apache Module Leader: Dr

CSN09101 Networked Services Week 10: Using Apache Week 10: Using Apache Module Leader: Dr Gordon Russell Lecturers: G. Russell This lecture Apache Basic Authentication Log Analysis Security Issues Discussions

803 views • 51 slides
Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1

Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1

Apache Security Secrets: Revealed for ApacheCon 2002, Las Vegas Mark J Cox revision 1 www.awe.com/mark/apcon2002 Quick Introduction Who am I? Why do you care? What is Security Response Why do we need it? Red Hat, Apache,

551 views • 51 slides
Web Sever Security APACHE; MYSQL; NIKTO B Y : Y : M E G E G A N C U N C U T L E R E R A N

Web Sever Security APACHE; MYSQL; NIKTO B Y : Y : M E G E G A N C U N C U T L E R E R A N

Web Sever Security APACHE; MYSQL; NIKTO B Y : Y : M E G E G A N C U N C U T L E R E R A N A N D R I T I T I K A M A M O O R J A N A N I Introduction Topics Covered Security Checking using Nikto Dangers of Default

262 views • 22 slides
Apache Security - I m proving the security of your w eb server by breaking into it Sebastian

Apache Security - I m proving the security of your w eb server by breaking into it Sebastian

Risk Advisory Services Apache Security - I m proving the security of your w eb server by breaking into it Sebastian Wolfgarten, 21C3, December 2004 sebastian.wolfgarten@de.ey.com 1 Berlin, Germany - 29.12.2004 Agenda Preface

697 views • 41 slides
Apache Wicket Trifork Projects Copenhagen A/S Niels Sthen Hansen, nsh@trifork.com Claus

Apache Wicket Trifork Projects Copenhagen A/S Niels Sthen Hansen, nsh@trifork.com Claus

Apache Wicket Trifork Projects Copenhagen A/S Niels Sthen Hansen, nsh@trifork.com Claus Myglegaard Vagner, cmv@trifork.com Apache Wicket The Wicket approach Brief tour of key Wicket concepts Lots of code examples! Hello World'ish

567 views • 28 slides
Capstone Projects Capstone Projects A.K.A. Service Projects 1-888-SCOUTS-NOW | scouts.ca |

Capstone Projects Capstone Projects A.K.A. Service Projects 1-888-SCOUTS-NOW | scouts.ca |

Capstone Projects Capstone Projects A.K.A. Service Projects 1-888-SCOUTS-NOW | scouts.ca | 1-888-SCOUTS-OUI Objective Complete a challenging project that provides meaningful personal development for youth and makes a positive difference

676 views • 22 slides
Painless Applica,on Security Les Hazlewood Apache Shiro Project

Painless Applica,on Security Les Hazlewood Apache Shiro Project

Painless Applica,on Security Les Hazlewood Apache Shiro Project Chair CTO, Kataso5 Inc / CloudDirectory What is Apache Shiro? Applica>on security

628 views • 43 slides
Mempool Analysis & Simulation Karl-Johan Alm @kallewoof C42A FF7C 61B3 E44A 1454 CD35 57AF

Mempool Analysis & Simulation Karl-Johan Alm @kallewoof C42A FF7C 61B3 E44A 1454 CD35 57AF

Mempool Analysis & Simulation Karl-Johan Alm @kallewoof C42A FF7C 61B3 E44A 1454 CD35 57AF 762D B335 3322 Agenda Why? What? How? So! Why? Background " Optimizing fee estimation via the mempool state ", Scaling

834 views • 36 slides
Primordial non-Gaussianity and the Bispectrum of the Cosmic Microwave Background Filippo Oppizzi

Primordial non-Gaussianity and the Bispectrum of the Cosmic Microwave Background Filippo Oppizzi

Primordial non-Gaussianity and the Bispectrum of the Cosmic Microwave Background Filippo Oppizzi Universit` a degli studi di Padova Dipartimento di Fisica e Astronomia Galileo Galilei Filippo Oppizzi (UniPD) PNG and the CMB Bispectrum

256 views • 11 slides
HOW TO DEVELOP WITH NTAG 5 NTAG 5 WEBINAR SERIES PABLO FUENTES FEBRUARY 2020 PUBLIC Agenda

HOW TO DEVELOP WITH NTAG 5 NTAG 5 WEBINAR SERIES PABLO FUENTES FEBRUARY 2020 PUBLIC Agenda

HOW TO DEVELOP WITH NTAG 5 NTAG 5 WEBINAR SERIES PABLO FUENTES FEBRUARY 2020 PUBLIC Agenda NTAG 5 Family Overview General development considerations Using GPIO features Using PWM features Using Pass-through mode Using I

691 views • 65 slides
Seminar 18122 Automatic Quality Assurance and Release Seminar 18122 Automatic Quality

Seminar 18122 Automatic Quality Assurance and Release Seminar 18122 Automatic Quality

www.eng.it Seminar 18122 Automatic Quality Assurance and Release Seminar 18122 Automatic Quality Assurance and Release Automatic Quality Assurance and Release Introductions Daniele Gagliardi Technical Manager / Engineering Group

383 views • 10 slides
Breakthroughs in Scalability at Intel Haim Mousan Senior DevOps Engineer Introduction Haim

Breakthroughs in Scalability at Intel Haim Mousan Senior DevOps Engineer Introduction Haim

From ClearCase to Perforce Helix: Breakthroughs in Scalability at Intel Haim Mousan Senior DevOps Engineer Introduction Haim Mousan SCM & ALM/BI Tech Lead Intel Firmware Department (~600 people, 3 Geos) Responsible for delivery

871 views • 48 slides
ACRS MEETING WITH THE U.S. NUCLEAR REGULATORY COMMISSION December 6, 2012 Overview J. Sam

ACRS MEETING WITH THE U.S. NUCLEAR REGULATORY COMMISSION December 6, 2012 Overview J. Sam

ACRS MEETING WITH THE U.S. NUCLEAR REGULATORY COMMISSION December 6, 2012 Overview J. Sam Armijo 2 Accomplishments Since our last meeting with the Commission on June 7, 2012, we issued 19 Reports. Topics SECY-12-0064,

634 views • 60 slides
DUNE Project Status Jolie Macier DUNE PMG Meeting 17 April 2018 Outline ES&H Update

DUNE Project Status Jolie Macier DUNE PMG Meeting 17 April 2018 Outline ES&H Update

DUNE Project Status Jolie Macier DUNE PMG Meeting 17 April 2018 Outline ES&H Update QA Update Schedule & Budget Status PM Update DUNE Update FD Engineering FD Installation FD TPC Electronics FD

441 views • 26 slides
GARCH models Magnus Wiktorsson SW-[?]ARCH An advanced extension is the switching ARCH model.

GARCH models Magnus Wiktorsson SW-[?]ARCH An advanced extension is the switching ARCH model.

GARCH models Magnus Wiktorsson SW-[?]ARCH An advanced extension is the switching ARCH model. ARCH, GARCH or EGARCH (the later two are non-trivial, due to their non-Markovian structure) parameters. The conditional variance is given by a

1.52k views • 37 slides

More recommend