Fernando Lopez Aguilar, profile picture
Uploaded byFernando Lopez Aguilar
PPTX, PDF3,127 views

Adding Identity Management and Access Control to your Application

This document discusses adding identity management and access control to applications using FIWARE. It introduces the FIWARE Identity Manager for user authentication and the OAuth 2.0 protocol. It also discusses three levels of authorization: 1) authenticating users with FIWARE accounts, 2) basic authorization of HTTP requests, and 3) advanced authorization using XACML policies. Code examples and documentation links are provided to help integrate these security features.

Embed presentation

Downloaded 77 times
Adding Identity Management and Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
Identity Manager 2
Identity Manager 3 Account
Oauth 2.0 Login with
FIWARE Account (Identity Manager) Demo 5
OAuth 2.0 6
Oauth 2.0 Message Flow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
Oauth 2.0 Demo 9
Web Applications and GEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
Web Applications and GEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
Level 2: Basic Authorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
Level 3: Advanced Authorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
FIWARE Proxy Demo 17
Documentation • FIWARE Account: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
Adding Identity Management and Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso

More Related Content

PPTX
FI-WARE Account and OAuth solution
byJavier Cerviño
 
PDF
How to authenticate users in your apps using FI-WARE Account - Introduction
byJavier Cerviño
 
PPTX
IdM and AC
byFernando Lopez Aguilar
 
PPTX
Adding Identity Management and Access Control to your Application, Authorization
byFernando Lopez Aguilar
 
PDF
FIware Identity Manager
byJoaquín Salvachúa
 
PDF
FIWARE Identity Manager Exercises
byJoaquín Salvachúa
 
PPTX
Adding Identity Management and Access Control to your Application
byÁlvaro Alonso González
 
PPTX
Adding Identity Management and Access Control to your Application - Exersices
byÁlvaro Alonso González
 
FI-WARE Account and OAuth solution
byJavier Cerviño
 
How to authenticate users in your apps using FI-WARE Account - Introduction
byJavier Cerviño
 
IdM and AC
byFernando Lopez Aguilar
 
Adding Identity Management and Access Control to your Application, Authorization
byFernando Lopez Aguilar
 
FIware Identity Manager
byJoaquín Salvachúa
 
FIWARE Identity Manager Exercises
byJoaquín Salvachúa
 
Adding Identity Management and Access Control to your Application
byÁlvaro Alonso González
 
Adding Identity Management and Access Control to your Application - Exersices
byÁlvaro Alonso González
 

What's hot

PDF
Integrating Fiware Orion, Keyrock and Wilma
byDalton Valadares
 
PPTX
Api security-eic-prabath
byWSO2
 
PPTX
Adding Identity Management and Access Control to your App
byFIWARE
 
PPTX
Hybrid authentication - Talking To Major Social Networks
byRayhan Chowdhury
 
PPTX
Securing RESTful APIs using OAuth 2 and OpenID Connect
byJonathan LeBlanc
 
PPTX
Securing the Web @DevDay Da Nang 2018
bySumanth Damarla
 
PPT
Openid & Oauth: An Introduction
bySteve Ivy
 
PDF
OAuth2 and Spring Security
byOrest Ivasiv
 
PPTX
Securing RESTful Payment APIs Using OAuth 2
byJonathan LeBlanc
 
PPTX
REST Service Authetication with TLS & JWTs
byJon Todd
 
PPTX
JWT Authentication with AngularJS
byrobertjd
 
PPTX
Intro to Deception techniques - Honey-*
byHarish Ramadoss
 
PPTX
Security Function
bySamuel Soon
 
PPTX
Pentest Expectations
byIhor Uzhvenko
 
PDF
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
byJava User Group Latvia
 
PDF
Building an API Security Ecosystem
byPrabath Siriwardena
 
PDF
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
byAlexandre Morgaut
 
PDF
Fun With Spring Security
byBurt Beckwith
 
PPTX
Demystifying REST
byKirsten Hunter
 
PPTX
JWT SSO Inbound Authenticator
byMifrazMurthaja
 
Integrating Fiware Orion, Keyrock and Wilma
byDalton Valadares
 
Api security-eic-prabath
byWSO2
 
Adding Identity Management and Access Control to your App
byFIWARE
 
Hybrid authentication - Talking To Major Social Networks
byRayhan Chowdhury
 
Securing RESTful APIs using OAuth 2 and OpenID Connect
byJonathan LeBlanc
 
Securing the Web @DevDay Da Nang 2018
bySumanth Damarla
 
Openid & Oauth: An Introduction
bySteve Ivy
 
OAuth2 and Spring Security
byOrest Ivasiv
 
Securing RESTful Payment APIs Using OAuth 2
byJonathan LeBlanc
 
REST Service Authetication with TLS & JWTs
byJon Todd
 
JWT Authentication with AngularJS
byrobertjd
 
Intro to Deception techniques - Honey-*
byHarish Ramadoss
 
Security Function
bySamuel Soon
 
Pentest Expectations
byIhor Uzhvenko
 
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry Buzdin
byJava User Group Latvia
 
Building an API Security Ecosystem
byPrabath Siriwardena
 
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
byAlexandre Morgaut
 
Fun With Spring Security
byBurt Beckwith
 
Demystifying REST
byKirsten Hunter
 
JWT SSO Inbound Authenticator
byMifrazMurthaja
 

Viewers also liked

PDF
Chela stress test
bysuperserch
 
PDF
May: If I Were 22
byLinkedIn Editors' Picks
 
PDF
Cwin16 - Paris - ux design
byCapgemini
 
PDF
Ia32 Modo Protegido
byErwin Meza
 
PDF
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
byJakob Schneider
 
PDF
Netflix Nebula - Gradle Summit 2014
byJustin Ryan
 
PDF
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
byXavier Amatriain
 
PDF
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
byCapgemini
 
PDF
Disciplined agile business analysis
byScott W. Ambler
 
PDF
How Comcast uses Data Science to Improve the Customer Experience
byTuri, Inc.
 
PDF
How to Start a Startup at NYU
byNYU Entrepreneurial Institute
 
PDF
Introduction to the Innovation Corps (NSF I-Corps)
byNYU Entrepreneurial Institute
 
PPTX
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
by500 Startups
 
PDF
Cwin16 - lyon - faurecia customer cockpit
byCapgemini
 
PDF
April: My Best Mistake
byLinkedIn Editors' Picks
 
Chela stress test
bysuperserch
 
May: If I Were 22
byLinkedIn Editors' Picks
 
Cwin16 - Paris - ux design
byCapgemini
 
Ia32 Modo Protegido
byErwin Meza
 
Marc Stickdorn & Jakob Schneider – Mobile ethnography and ExperienceFellow, a...
byJakob Schneider
 
Netflix Nebula - Gradle Summit 2014
byJustin Ryan
 
MMDS 2014 Talk - Distributing ML Algorithms: from GPUs to the Cloud
byXavier Amatriain
 
Cwin16 tls-partner-hpe-digital economy & Hybrid IT
byCapgemini
 
Disciplined agile business analysis
byScott W. Ambler
 
How Comcast uses Data Science to Improve the Customer Experience
byTuri, Inc.
 
How to Start a Startup at NYU
byNYU Entrepreneurial Institute
 
Introduction to the Innovation Corps (NSF I-Corps)
byNYU Entrepreneurial Institute
 
[PREMONEY 2014] Mayfield Fund >> Tim Chang, "Mobile Is The Future Of YOU: Why...
by500 Startups
 
Cwin16 - lyon - faurecia customer cockpit
byCapgemini
 
April: My Best Mistake
byLinkedIn Editors' Picks
 

Similar to Adding Identity Management and Access Control to your Application

PDF
FIWARE ID Management
byMiguel García González
 
PDF
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
byFIWARE
 
PPTX
Adding identity management and access control to your app
byÁlvaro Alonso González
 
PPTX
Id fiware upm-dit
byJoaquín Salvachúa
 
PPTX
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
bycdanger
 
PDF
Securing FIWARE Architectures
byFIWARE
 
PDF
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
byFIWARE
 
PPTX
Secure your app with keycloak
byGuy Marom
 
PPTX
Security Access with OAuth2.0
byFernando Lopez Aguilar
 
PPTX
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
byFIWARE
 
PDF
FIWARE Identity Management and Access Control
byFernando Lopez Aguilar
 
PDF
Navigating Identity and Access Management in the Modern Enterprise
byWSO2
 
PDF
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
byCA API Management
 
PPTX
Esquema de pasos de ejecución IdM
byFernando Lopez Aguilar
 
PDF
API Security - OWASP top 10 for APIs + tips for pentesters
byInon Shkedy
 
PDF
Full stack security
byDPC Consulting Ltd
 
PDF
FIWARE Global Summit - Identity Management and Access Control
byFIWARE
 
PPTX
Mit 2014 introduction to open id connect and o-auth 2
byJustin Richer
 
PDF
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
byAdar Weidman
 
PDF
FIWARE Identity Management and Access Control
byFIWARE
 
FIWARE ID Management
byMiguel García González
 
FIWARE Global Summit - Adding Identity Management, Access Control and API Man...
byFIWARE
 
Adding identity management and access control to your app
byÁlvaro Alonso González
 
Id fiware upm-dit
byJoaquín Salvachúa
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
bycdanger
 
Securing FIWARE Architectures
byFIWARE
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
byFIWARE
 
Secure your app with keycloak
byGuy Marom
 
Security Access with OAuth2.0
byFernando Lopez Aguilar
 
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
byFIWARE
 
FIWARE Identity Management and Access Control
byFernando Lopez Aguilar
 
Navigating Identity and Access Management in the Modern Enterprise
byWSO2
 
Understanding Identity in the World of Web APIs – Ronnie Mitra, API Architec...
byCA API Management
 
Esquema de pasos de ejecución IdM
byFernando Lopez Aguilar
 
API Security - OWASP top 10 for APIs + tips for pentesters
byInon Shkedy
 
Full stack security
byDPC Consulting Ltd
 
FIWARE Global Summit - Identity Management and Access Control
byFIWARE
 
Mit 2014 introduction to open id connect and o-auth 2
byJustin Richer
 
Checkmarx meetup API Security - API Security in depth - Inon Shkedy
byAdar Weidman
 
FIWARE Identity Management and Access Control
byFIWARE
 

More from Fernando Lopez Aguilar

PDF
Introduction to FIWARE technology
byFernando Lopez Aguilar
 
PDF
DW2020 Data Models - FIWARE Platform
byFernando Lopez Aguilar
 
PPTX
FIWARE and Smart Data Models
byFernando Lopez Aguilar
 
PPTX
How to deploy a smart city platform?
byFernando Lopez Aguilar
 
PPTX
Building the Smart City Platform on FIWARE Lab
byFernando Lopez Aguilar
 
PDF
Data Modeling with NGSI, NGSI-LD
byFernando Lopez Aguilar
 
PDF
FIWARE and Robotics
byFernando Lopez Aguilar
 
PDF
Big Data and Machine Learning with FIWARE
byFernando Lopez Aguilar
 
PDF
Operational Dashboards with FIWARE WireCloud
byFernando Lopez Aguilar
 
PDF
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
byFernando Lopez Aguilar
 
PDF
Data persistency (draco, cygnus, sth comet, quantum leap)
byFernando Lopez Aguilar
 
PDF
How to debug IoT Agents
byFernando Lopez Aguilar
 
PDF
Core Context Management
byFernando Lopez Aguilar
 
PDF
What is an IoT Agent
byFernando Lopez Aguilar
 
PDF
FIWARE Overview
byFernando Lopez Aguilar
 
PDF
Overview of the FIWARE Ecosystem
byFernando Lopez Aguilar
 
PPTX
Cloud and Big Data in the agriculture sector
byFernando Lopez Aguilar
 
PDF
Berlin OpenStack Summit'18
byFernando Lopez Aguilar
 
PPTX
Context Information Management in IoT enabled smart systems - the basics
byFernando Lopez Aguilar
 
PPTX
FIWARE IoT Introduction 1
byFernando Lopez Aguilar
 
Introduction to FIWARE technology
byFernando Lopez Aguilar
 
DW2020 Data Models - FIWARE Platform
byFernando Lopez Aguilar
 
FIWARE and Smart Data Models
byFernando Lopez Aguilar
 
How to deploy a smart city platform?
byFernando Lopez Aguilar
 
Building the Smart City Platform on FIWARE Lab
byFernando Lopez Aguilar
 
Data Modeling with NGSI, NGSI-LD
byFernando Lopez Aguilar
 
FIWARE and Robotics
byFernando Lopez Aguilar
 
Big Data and Machine Learning with FIWARE
byFernando Lopez Aguilar
 
Operational Dashboards with FIWARE WireCloud
byFernando Lopez Aguilar
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
byFernando Lopez Aguilar
 
Data persistency (draco, cygnus, sth comet, quantum leap)
byFernando Lopez Aguilar
 
How to debug IoT Agents
byFernando Lopez Aguilar
 
Core Context Management
byFernando Lopez Aguilar
 
What is an IoT Agent
byFernando Lopez Aguilar
 
FIWARE Overview
byFernando Lopez Aguilar
 
Overview of the FIWARE Ecosystem
byFernando Lopez Aguilar
 
Cloud and Big Data in the agriculture sector
byFernando Lopez Aguilar
 
Berlin OpenStack Summit'18
byFernando Lopez Aguilar
 
Context Information Management in IoT enabled smart systems - the basics
byFernando Lopez Aguilar
 
FIWARE IoT Introduction 1
byFernando Lopez Aguilar
 

Recently uploaded

PDF
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
PDF
Sylvester Konadu Worcester MA - An Accomplished IT Analyst
bySylvester Konadu Worcester
 
PDF
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
PDF
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
PDF
Database Performance at Scale: The TL;DR
byScyllaDB
 
PDF
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
PPTX
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
PDF
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
PPSX
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
PDF
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
PDF
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
PDF
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
PDF
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
PDF
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
PPTX
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
PDF
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
PDF
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
PDF
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
PPTX
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 
Control Access to Files - RHCSA (RH124).pdf
byLinuxCert Guru
 
Private Governance: How Decentralized Mechanisms Can Regulate the Crypto Economy
byFederico Ast
 
Sylvester Konadu Worcester MA - An Accomplished IT Analyst
bySylvester Konadu Worcester
 
Upskill to Agentic Automation - Working Smarter with AI: Real-World Tools for...
byDianaGray10
 
Do more with the HP Z2 Mini G1a
byPrincipled Technologies
 
Database Performance at Scale: The TL;DR
byScyllaDB
 
"Visual Guide to DSA: Big O Notation, Data Structures, and Algorithms Fundame...
byNusrat Gulbarga
 
Odoo_by_Infinys_All_in_One_Business_Solution_for_Small_Companies.pptx
byAgusto Sipahutar
 
Manage Local Users and Groups - RHCSA (RH124)
byLinuxCert Guru
 
AppSec Role Based Training OWASP Global AppSec USA 2025-11-06
byRobert Grupe, CSSLP CISSP PE PMP
 
ENTSO-E's Response to the European Commission Call for Evidence on the Strate...
byReynir Orn Bachmann Gudmundsson
 
Revolutionizing SQL Database Design for the Modern Era.pdf
bySQL DBM
 
Install and Update Software - RHCSA (RH124).pdf
byLinuxCert Guru
 
Inclusive India_Samir_Dash_10 NOV_FINAL 2025.pdf
bySamir Dash
 
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
Exclusive Hands-On Workshop: Agentic Automation with UiPath (First Edition)
byanabulhac
 
Unveiling the Basics of Agentic AI - OSUG Mumbai
bythesubuiyer
 
Cybersecurity in ASEAN and Singapore Columbia SIPA 2025.pdf
byBenjamin Ang
 
Sephora UAE API Service Real-Time Product & Price Data Access.pptx
bycreativeclicks1733
 

Adding Identity Management and Access Control to your Application

  • 1.
    Adding Identity Managementand Access Control to your Application Joaquin Salvachua // Álvaro Alonso UPM – DIT Security Chapter. FIWARE jsalvachua@dit.upm.es, @jsalvachua aalonsog@dit.upm.es, @larsonalonso
  • 2.
  • 3.
  • 4.
  • 5.
    FIWARE Account (IdentityManager) Demo 5
  • 6.
  • 7.
    Oauth 2.0 MessageFlow redirect access-code Web App Account request access-token access-token 7 OAuth Library Request user info using access-token
  • 8.
    Oauth 2.0 Libraries • http://oauth.net/2/ – PHP, Cocoa, iOS, Java, Ruby, Javascript, Python. • Example using Node.js – https://github.com/ging/oauth2-example-client 8
  • 9.
  • 10.
    Web Applications andGEs 10 Generic Enabler Account Request + access-token Oauth2 flows access-token OK + user info (roles) Web App OAuth Library access_token
  • 11.
    Web Applications andGEs GET https://GE_URL HTTP/1.1 Host: GE_hostname X-Auth-Token: access_token 11
  • 12.
    Securing your back-end Oauth2 flows access_token 12 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  • 13.
    Securing your back-end • Level 1: Authentication – Check if a user has a FIWARE account • Level 2: Basic Authorization – Checks if a user has permissions to access a resource – HTTP verb + resource path • Level 3: Advanced Authorization – Custom XACML policies
  • 14.
    Level 1: Authentication Oauth2 flows access_token 14 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token OK + user info (roles)
  • 15.
    Level 2: BasicAuthorization Oauth2 flows access_token 15 Web App Back-end Apps Account Request + access-token Oauth Library Proxy access-token + verb + path OK + user info AC GE
  • 16.
    Level 3: AdvancedAuthorization Oauth2 flows access_token 16 Web App Back-end Apps Account Request + access-token Oauth Library Proxy extension XACML policy OK + user info AC GE
  • 17.
  • 18.
    Documentation • FIWAREAccount: – Source Code: https://github.com/ging/fi-ware- idm – Documentation: https://github.com/ging/fi-ware- idm/wiki • FIWARE Access Control – http://catalogue.fi-ware.org/enablers/access-control- tha-implementation/documentation • FIWARE OAuth2 Demo: – https://github.com/ging/oauth2-example-client • FIWARE Proxy: – https://github.com/ging/fi-ware-pep-proxy 18
  • 19.
    Adding Identity Managementand Access Control to your Application Álvaro Alonso UPM – DIT Security Chapter. FIWARE aalonsog@dit.upm.es, @larsonalonso