Mastering health IT complexity with Fine-Grained REST APIs
|
|
- Andrew Caldwell
- 8 years ago
- Views:
Transcription
1 Mastering health IT complexity with Fine-Grained REST APIs Orion Health White Paper Dale Moberg, Ph.D
2 1 Securing APIs The future shape of personalized and precise medicine rests on expectations of a deluge of patient monitoring feeds, new instrumentation revealing gene expression levels, vast molecular biological genomic and proteomic databases that provide multi-leveled views of patient health dynamics. New accountable care organizations can monitor and influence care; the trick will be in getting applications that can tap into the longitudinal patient data flows systematically. New data APIs will enable many new kinds of specialty applications involving fine-grained patient data integration tasks. New generation platforms are needed to cover both legacy EHR/HIE data and new emerging data sources such as those tracking patient environmental exposure, therapy, exercise, and other fitness and social interaction evidence. These new applications are to enable personalized and precise health care. Today, providers are already overwhelmed by irrelevant data. Adding to the proliferation of kinds of data is the problem of maintaining coherent and comprehensive views of data. How many views will be needed? One view not going away will be patient-centric, but other views involve employment, geography, neighborhood, financial, environment, and social interaction aspects of health. Interoperable technological processes and semantics for data are the foundation for building out these platforms. Improvements in simplified submission (voice) and retrieval (click or swish) can also be merged with these increasingly larger data sources. One good thing about the future is that it does not come all at once, but building a solid basis for an explosion in healthcare data needs to be underway now. In the following, we consider API architectural platforms as a future-proof foundation for these new healthcare applications. These healthcare information platforms can be thought of as a data distribution grid, analogous to an electrical grid. If we think of applications as appliances that we plug into the electrical grid, an API (application programming interface) enables plugging into the health information grid created from terminologically clean, high-quality healthcare data of many kinds. Standardization has begun for one API (FHIR) that will permit appliances to tap into a health information grid. Like the standardization of appliance plug-in to the electrical grid, the original plug with hot and neutral evolved by adding a grounding prong to support safety and security concerns. For the health information platform, the plug design must from the outset include security elements controlling who is authorized to access, and what information they are authorized to integrate our grounding prong. In addition, the number of users (as well as the amount of information available) must be scalable, and so the security must apply to platforms that are deployed in the cloud. Fortunately, there are already some approaches addressing the concerns for health information grids. One critical element will be provided by new Internet security standards based on the OAuth2 framework. Solutions need to be based on tested technologies, and several very large organizations (Google, GitHub, Twitter) make use of OAuth2 security at web scale. Initially, it will be good to understand the architectural transitions in Internet web and mobile applications that enable the construction of API platforms. With the architectural background settled, the security functions and patterns of OAuth2 authorization code grants will illustrate one way the safety prong works.
3 2. Roadmap The core description of an API includes the information or service contract between the consumer and provider in terms of information exchanged or services provided. At a less abstract level, an API involves protocols and configurations that are needed for the implementation of the API, and at even more detailed levels, programming language bindings for configuration and protocols. In discussing security for APIs, it will be necessary to dip into some details about protocols (REST HTTP, TLS, OAuth2). Security for cloud-based API applications differs in some key ways from security for on-premises applications. The transition is from a more closed, less distributed web app architecture to an architecture distributed over more tiers, with more communication over the public Internet. The following diagrams show changes needed in web apps when using REST API platforms. 2.1 Traditional Web app Solution The browser-webserver pattern is by now familiar to everyone at least at a high level: any number of browser clients can connect to web server(s) over the HTTP protocol over the public Internet. It is also widely understood that web servers can be viewed as a top layer in a multilayer structure. A typical three-layer structure of a web app is depicted below, with the browser layer separated by a cloud, symbolizing that the system is distributed over the public Internet. The server side of the composite application consists of a web app layer, a domain logic layer, and a data access and persistence layer. For on-premises, the layers may be bundled in a stack. Scalability of these tightly stacked layers is generally limited and makes light use of fully networked services. Figure 1 Illustration of a traditional Web App Solution
4 2.2 Distributed and Open API Pattern In order that APIs be used in a distributed Web app, the data layer needs to become separable from the domain logic layer by a network connection over the open Internet. For the API to be an interface for application programming, the data layer has to become a webenabled REST API with its own authorization logic. Notice that the browser and Web app layer are still wired up through a public Internet connection. The new addition is that the domain-logic, lower Web app layer is connected to an HTTP-enabled data access layer providing an API for data services. The Web app forms a horizontally scalable tier distributed over the Internet and that consumes the data returned by API calls. The above API pattern and transition to a more highly distributed system leverages REST APIs and, depending on the information model for the data, can provide APIs for data as well as functional services built over/within what is labeled the data access layer. Figure 2 Illustration of an open distributed web app Because the connections between the web app appliances which can provide the server side for either mobile or browser and the API are over the public Internet, the design for the grounding plug becomes very important. Standardization for security will be seen to involve encryption over the connection (TLS) and also a new security approach found in the OAuth2 framework.
5 3 Fine-Grained REST API Architectures Fine-grained REST APIs should not to be thought of as just another term for web services or SOA, REST is one design style of SOA. In other words, APIs are application programming interfaces that programmers and developers can leverage in building applications. Developers are more willing to develop specialty applications to meet special needs in the healthcare industry if they can pull from a rich data lake and mix it with their own data. A good example would be meeting care coordination-specific needs of cancer centers and/ or bring proteomic data and genomic data to the clinical data to enhance cancer diagnosis and treatment. The Fine-grained APIs benefits are: A deep level of control over connected healthcare applications and their access to data Protection of patient data from unauthorized consumers and external threats using a secure gateway Massively scalable to support millions of consumers/ patients and petabytes of data 3.1 REST APIs REST APIs are services following an architectural pattern called representational state transfer. REST services are stateless at the resource level; in other words, each REST HTTP request is self-contained, and not dependent upon prior requests. Naturally, developers may need to sequence ( orchestrate ) their calls to the API endpoints. The values returned from the API contribute to deciding which API call is next. And even richer REST APIs can create responses with hyperlinks to other resources. Those links then allow the developer to blend user interactions in creating a trajectory over the API s underlying resources. Rich and friendly APIs apply to the healthcare industry will help developers create more expressive specialty applications that can deep dive into a patient longitudinal record data without having to load all the information upfront. These APIs link to information that can give immediate access to follow-up data for deeper dives. An example of this speed and flexibility is seen in Netflix s APIs management. A search result on Netflix movies rapidly gives users links to specific movie icons that, once clicked allow immediate incremental upload of the data. The inclusion of Fine-grained APIs complements FHIR standards and aligns well with the ONC s plan to achieve nationwide interoperability. 3.2 Emerging Architecture for Data-Sharing The simplest REST APIs leverage HTTP protocol features in creating easily usable APIs. HTTP methods, URI resource identifiers, and newly developed security authorization protocols (OAuth2) have emerged to enable a variety of applications to make use of REST API services. Each of these components will be described more fully in what follows, with special focus on how they enable the newly emerging healthcare APIs. REST APIs are open as to what counts as a resource. A resource URI might, for example, identify the current temperature in Scottsdale, Arizona. The HTTP GET method (triggered by a click of a browser link) would return the state of that resource as, for example, 95 Fahrenheit. For APIs, the representational state is usually specific and fine-grained information about individual persons, places, events, or other objects or collections of such objects, such as a portion of a social graph of personal connections. An API for patients such as the FHIR information model has around 100 resource types for patients. These patient-centric models fit APIs REST architecture, where each record within a patient s record can be addressed by a URL, and where the retrieval involves a REST GET URL pattern. Within this architecture, each distinct URL can be thought of as an API resource, and a thematically connected collection of distinct URLs provide an API. The plural ( APIs ) usually reflects different thematically organized collections. A security authorization framework called OAuth2 has become available that explicitly addresses the issues involved in using API REST APIs over highly distributed
6 Web apps. Safe use of API platforms often rests on the OAuth2 framework; the next section provides one possible deployment pattern. 3.3 Browser-Side, Server-Side, API Gateway, and API Backend The consumer of APIs is the application that, in security lingo, is also called a client. Unfortunately, modern applications are often distributed in many ways, and therefore, what pieces of the software system is the client can become terminologically confusing. The appliances to be plugged into the APIs are actually the server-side component of a web app. In other words, a web app server is technically the client of the APIs platform! The server-side component is what needs to be authorized for API access using an OAuth2 authorization code grant. It is true that a mobile application can be a native client, and can access data over a network to a server tier. Likewise, browser-side applications can make use of Javascript code and techniques (AJAX, websockets) to access an API, and so also have a client role. However, in OAuth2 terminology, mobile and browser clients are treated differently from the server-side client. Technically, granting browsers or mobile app tokens that authorize access to API resources is not an authorization code grant, but rather, either an implicit or password grant. These security architectural patterns will not be mentioned further here. So, appliances that will plug into the grid are referred to as OAuth2 clients. Our APIs platform is called a resource server within OAuth2. The resource server has a security domain over which admission is granted to APIs only when a person (having a user ID and a password or similar credential) agrees to that access. In other words, a user must participate in authorizing the appliance s access to APIs. But user approval is not sufficient for getting an access token. The appliance itself must also present an identifier and a secret for an access token to be granted. When both identities are checked and authenticated, policy-based authorization will result in granting an authorization code. This code will be exchanged for tokens that can be used to access the API platform. Figure 3 Expanded view of browser side, server side, API Gateway and API backend
7 To enable the appliance s identity check, developers will register their appliances within the security domain of the API resource server. The appliance must specify a specific callback where authorization codes will be returned. When registration is approved, the developer will receive an identifier and a secret for each client that the developer is creating. When this server-side client and the user both are authenticated and authorized within the security domain of the API server, the server side will gain access to the APIs on the resource server. The developer s application can then combine the API resources with local and other external resources. The Safety Prong Detailed Design The basic idea of OAuth2 authorization code pattern is that a customer of a REST API needs to make two requests to OAuth2 security services. First, an authorization code is obtained by submitting user identifiers and credentials together with appliance identifiers and secrets. An authorization code is obtained. The appliance then immediately makes a second request, submitting the authorization code, and asking for it to be exchanged for tokens. The request can ask for a refresh token along with an access token. Each of these tokens (which are random strings) has an expiration date. The refresh token can be used to obtain new access tokens, once the current access token expires. For our server-side access, the server side starts with a request to an authorization service to obtain an authorization code. The request for authorization involves submitting credentials and identifiers as mentioned previously. The next step is to actually gain the access tokens. The authorization code previously acquired is placed in a request to a token service in a second request. Typically, this request is to obtain both a refresh and an access token. An access token for an API may be granted to allow access for a whole group of specific resources. If so, a token can be retained in a server-side vault and used repeatedly, and for different URIs, without a need to get another authorization code. However, eventually the access code will expire and not be valid. But a refresh code can be submitted to obtain a fresh access code. Eventually, the refresh code will expire. After that, a new authorization code will need to be obtained, and that requires both user and client cooperation once more. OAuth2 is mainly about grants, tokens, flows, and conventions for the serialization of information involved in the authorization of access, but little constraint is placed upon what can plug in to make authorization decisions. Policy itself remains distinct from the services and protocols specified, and so is open to being combined with modern authorization policy decision engines with flexible policy expressions. OAuth2 does presume that the REST API entrance (often on an API manager) enforces policy execution; while the authorization service (which can grant an authorization code) is the focal point for the policy decision. Policy application almost always involves authentication of user IDs and credentials. But if policies express variable access to API resources, then additional attributes to make these policy decisions may be needed. For example, API access could be permitted only if a user s roles or clearance levels match resource classifications. Granularity of resource classifications could extend down to individual URLs in the API, or could be based on groupings of URLs with similar security attributes. The policy decisions then are entirely configurable. The healthcare s API revolution is here The need is urgent for the healthcare industry to transform their IT environments into API-centric platforms. With the right underlying architecture and an open API management layer addressing scalability and security, healthcare organizations will be able to govern the flow and entitlement of data with the security they need to protect sensitive information down to the granular level, and will have the performance required to support unlimited connected healthcare applications, live streams of patient data, and real-time analytics. They will have like other industries earlier adopters the chance to develop new customer services, improve operational efficiency and create new revenue opportunities.
8 About our writer: Dale Moberg joined Orion Health in May 2014 and now plays a key role in the Orion Health Open Platform architecture and research. Dale has been involved in defining or enabling reliable, secure systems for business collaboration since He has worked in product development, architecture, strategy, and research. Many of his activities have been concerned with integrating security standards for B2B such as digital signatures for nonrepudiation of origin and nonrepudiation of receipt. He has chaired or co-chaired ebxml TCs in OASIS working on ebusiness transactions choreography and agreements. He currently works on designs and functional requirements for products in areas of application integration, B2B gateways, business activity monitoring, and business intelligence. He holds an M.A. and Ph.D from Northwestern University, and an M.S. from Ohio State University and has worked in academic and commercial organizations. Copyright 2015 Orion Health group of companies All rights reserved Fine Grained REST APIs_White Paper_US_062015
Enterprise Access Control Patterns For REST and Web APIs
Enterprise Access Control Patterns For REST and Web APIs Francois Lascelles Layer 7 Technologies Session ID: STAR-402 Session Classification: intermediate Today s enterprise API drivers IAAS/PAAS distributed
More informationOAuth 2.0 Developers Guide. Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900
OAuth 2.0 Developers Guide Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900 Table of Contents Contents TABLE OF CONTENTS... 2 ABOUT THIS DOCUMENT... 3 GETTING STARTED... 4
More informationOPENIAM ACCESS MANAGER. Web Access Management made Easy
OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access
More informationOnegini Token server / Web API Platform
Onegini Token server / Web API Platform Companies and users interact securely by sharing data between different applications The Onegini Token server is a complete solution for managing your customer s
More informationIBM API Management Overview. 2014 IBM Corporation
IBM API Management Overview Please Note IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding potential
More informationOpen Platform. Clinical Portal. Provider Mobile. Orion Health. Rhapsody Integration Engine. RAD LAB PAYER Rx
Open Platform Provider Mobile Clinical Portal Engage Portal Allegro PRIVACY EMR Connect Amadeus Big Data Engine Data Processing Pipeline PAYER CLINICAL CONSUMER CUSTOM Open APIs EMPI TERMINOLOGY SERVICES
More informationG Cloud 6 CDG Service Definition for Forgerock Software Services
G Cloud 6 CDG Service Definition for Forgerock Software Services Author: CDG Date: October 2015 Table of Contents Table of Contents 2 1.0 Service Definition 3 1.0 Service Definition Forgerock as a Platform
More informationA Standards-based Mobile Application IdM Architecture
A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted
More informationM2M. Machine-to-Machine Intelligence Corporation. M2M Intelligence. Architecture Overview
M2M Machine-to-Machine Intelligence Corporation M2M Intelligence Architecture Overview M2M Intelligence - Essential platform for the M2M and IoT Economy Architecture Overview Revised styles and edits 6/3/2016
More informationUse Cases for Argonaut Project. Version 1.1
Page 1 Use Cases for Argonaut Project Version 1.1 July 31, 2015 Page 2 Revision History Date Version Number Summary of Changes 7/31/15 V 1.1 Modifications to use case 5, responsive to needs for clarification
More informationMIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation
MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation Approved for Public Release Distribution Unlimited 13-1871 2013 The MITRE Corporation All Rights Reserved } OpenID Connect and OAuth2 protocol
More informationTraitware Authentication Service Integration Document
Traitware Authentication Service Integration Document February 2015 V1.1 Secure and simplify your digital life. Integrating Traitware Authentication This document covers the steps to integrate Traitware
More informationFairsail REST API: Guide for Developers
Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,
More informationIntroduction to SAML
Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments
More informationUMA in Health Care: Providing Patient Control or Creating Chaos?
SESSION ID: IDY-F03 UMA in Health Care: Providing Patient Control or Creating Chaos? David Staggs JD, CISSP Technologist / IP Attorney Staggs PLLC UMA Value Proposition User Managed Access (UMA) brings
More informationWeb Cloud Architecture
Web Cloud Architecture Introduction to Software Architecture Jay Urbain, Ph.D. urbain@msoe.edu Credits: Ganesh Prasad, Rajat Taneja, Vikrant Todankar, How to Build Application Front-ends in a Service-Oriented
More informationAxway API Gateway. Version 7.4.1
O A U T H U S E R G U I D E Axway API Gateway Version 7.4.1 3 February 2016 Copyright 2016 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.4.1
More informationWeb Applications Access Control Single Sign On
Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationnexus Hybrid Access Gateway
Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries
More informationThe increasing popularity of mobile devices is rapidly changing how and where we
Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to
More informationService-Oriented Architecture and Software Engineering
-Oriented Architecture and Software Engineering T-86.5165 Seminar on Enterprise Information Systems (2008) 1.4.2008 Characteristics of SOA The software resources in a SOA are represented as services based
More informationMobile Web Enterprise Application Advantages
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 2, February 2013,
More informationTrustedX - PKI Authentication. Whitepaper
TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...
More informationExploring ADSS Server Signing Services
ADSS Server is a multi-function server providing digital signature creation and signature verification services, as well as supporting other infrastructure services including Time Stamp Authority (TSA)
More informationIBM WebSphere Application Server
IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt
More informationOAuth 2.0. Weina Ma Weina.Ma@uoit.ca
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow What s the problem As the web grows, more
More informationSetting the World on FHIR
Setting the World on FHIR W. Ed Hammond. Ph.D., FACMI, FAIMBE, FIMIA, FHL7 Director, Duke Center for Health Informatics Director, Applied Informatics Research, DHTS Director of Academic Affairs, MMCi Program
More informationSymantec Enterprise Vault.cloud Overview
Fact Sheet: Archiving and ediscovery Introduction The data explosion that has burdened corporations and governments across the globe for the past decade has become increasingly expensive and difficult
More informationBuild Your Mobile Strategy Not Just Your Mobile Apps
Mobile Cloud Service Build Your Mobile Strategy Not Just Your Mobile Apps Copyright 2015 Oracle Corporation. All Rights Reserved. What is is it? Oracle Mobile Cloud Service provides everything you need
More informationAPI Architecture. for the Data Interoperability at OSU initiative
API Architecture for the Data Interoperability at OSU initiative Introduction Principles and Standards OSU s current approach to data interoperability consists of low level access and custom data models
More informationtibbr Now, the Information Finds You.
tibbr Now, the Information Finds You. - tibbr Integration 1 tibbr Integration: Get More from Your Existing Enterprise Systems and Improve Business Process tibbr empowers IT to integrate the enterprise
More informationOpenID Connect 1.0 for Enterprise
OpenID Connect 1.0 for Enterprise By Paul Madsen Executive Overview In order to meet the challenges presented by the use of mobile apps and cloud services in the enterprise, a new generation of identity
More informationCopyright Pivotal Software Inc, 2013-2015 1 of 10
Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10
More informationFlexible Identity Federation
Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services
More informationSOA and API Management
SOA and API Management Leveraging Your Investment in Service Orientation Version 1.0 December 2013 John Falkl General Manager, Technology, Strategy & Integration Haddon Hill Group, Inc. Contents Introduction...
More informationMarkLogic Server. Reference Application Architecture Guide. MarkLogic 8 February, 2015. Copyright 2015 MarkLogic Corporation. All rights reserved.
Reference Application Architecture Guide 1 MarkLogic 8 February, 2015 Last Revised: 8.0-1, February, 2015 Copyright 2015 MarkLogic Corporation. All rights reserved. Table of Contents Table of Contents
More informationC05 Discovery of Enterprise zsystems Assets for API Management
C05 Discovery of Enterprise zsystems Assets for API Management Unlocking mainframe assets for mobile and cloud applications Haley Fung hfung@us.ibm.com IMS Mobile and APIM Development Lead * IMS Technical
More informationUsing XACML Policies as OAuth Scope
Using XACML Policies as OAuth Scope Hal Lockhart Oracle I have been exploring the possibility of expressing the Scope of an OAuth Access Token by using XACML policies. In this document I will first describe
More informationHow To Use Kiteworks On A Microsoft Webmail Account On A Pc Or Macbook Or Ipad (For A Webmail Password) On A Webcomposer (For An Ipad) On An Ipa Or Ipa (For
GETTING STARTED WITH KITEWORKS DEVELOPER GUIDE Version 1.0 Version 1.0 Copyright 2014 Accellion, Inc. All rights reserved. These products, documents, and materials are protected by copyright law and distributed
More informationIs Liferay Right for Your Organization? Seven Things to Consider When Choosing a Portal Platform
Is Liferay Right for Your Organization? Seven Things to Consider When Choosing a Portal Platform BY DAN LILIEDAHL, CTO, TANDEMSEVEN The outcome of your portal initiative and its success is directly related
More informationService Virtualization: Managing Change in a Service-Oriented Architecture
Service Virtualization: Managing Change in a Service-Oriented Architecture Abstract Load balancers, name servers (for example, Domain Name System [DNS]), and stock brokerage services are examples of virtual
More informationEPB Managed Wi-Fi Creating Social Media Apps with AirTight Guest Manager
EPB Managed Wi-Fi Creating Social Media Apps with AirTight Guest Manager EPB s Managed Wi-Fi solution allows you to create social media integration with your new guest manager. This functionality allows
More informationMonitoring the Real End User Experience
An AppDynamics Business White Paper HOW MUCH REVENUE DOES IT GENERATE? Monitoring the Real End User Experience Web application performance is fundamentally associated in the mind of the end user; with
More informationService-Oriented Architectures
Architectures Computing & 2009-11-06 Architectures Computing & SERVICE-ORIENTED COMPUTING (SOC) A new computing paradigm revolving around the concept of software as a service Assumes that entire systems
More informationUSING FEDERATED AUTHENTICATION WITH M-FILES
M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication
More informationMashery OAuth 2.0 Implementation Guide
Mashery OAuth 2.0 Implementation Guide June 2012 Revised: 7/18/12 www.mashery.com Mashery, Inc. 717 Market Street, Suite 300 San Francisco, CA 94103 Contents C hapter 1. About this Guide...5 Introduction...
More informationWebmail Using the Hush Encryption Engine
Webmail Using the Hush Encryption Engine Introduction...2 Terms in this Document...2 Requirements...3 Architecture...3 Authentication...4 The Role of the Session...4 Steps...5 Private Key Retrieval...5
More informationAPIs The Next Hacker Target Or a Business and Security Opportunity?
APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone
More informationMiddleware- Driven Mobile Applications
Middleware- Driven Mobile Applications A motwin White Paper When Launching New Mobile Services, Middleware Offers the Fastest, Most Flexible Development Path for Sophisticated Apps 1 Executive Summary
More informationConfiguration Guide - OneDesk to SalesForce Connector
Configuration Guide - OneDesk to SalesForce Connector Introduction The OneDesk to SalesForce Connector allows users to capture customer feedback and issues in OneDesk without leaving their familiar SalesForce
More informationOAuth: Where are we going?
OAuth: Where are we going? What is OAuth? OAuth and CSRF Redirection Token Reuse OAuth Grant Types 1 OAuth v1 and v2 "OAuth 2.0 at the hand of a developer with deep understanding of web security will likely
More informationDevelopers Integration Lab (DIL) System Architecture, Version 1.0
Developers Integration Lab (DIL) System Architecture, Version 1.0 11/13/2012 Document Change History Version Date Items Changed Since Previous Version Changed By 0.1 10/01/2011 Outline Laura Edens 0.2
More informationIntroduction to UDDI: Important Features and Functional Concepts
: October 2004 Organization for the Advancement of Structured Information Standards www.oasis-open.org TABLE OF CONTENTS OVERVIEW... 4 TYPICAL APPLICATIONS OF A UDDI REGISTRY... 4 A BRIEF HISTORY OF UDDI...
More informationFederated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.
PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading
More informationMedia Shuttle s Defense-in- Depth Security Strategy
Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among
More informationCustomer Bank Account Management System Technical Specification Document
Customer Bank Account Management System Technical Specification Document Technical Specification Document Page 1 of 15 Table of Contents Contents 1 Introduction 3 2 Design Overview 4 3 Topology Diagram.6
More informationAPI Management: Powered by SOA Software Dedicated Cloud
Software Dedicated Cloud The Challenge Smartphones, mobility and the IoT are changing the way users consume digital information. They re changing the expectations and experience of customers interacting
More informationTHE MOBlLE APP. REVOLUTlON. 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD
THE MOBlLE APP REVOLUTlON 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD People use hand-held devices for everything from communicating and playing games to shopping and surfing the Internet. In fact,
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationQLIKVIEW IN THE ENTERPRISE
QLIKVIEW IN THE ENTERPRISE IT Overview The QlikView Business Discovery platform is a natural fit within an organization s Information Architecture, allowing IT and BI groups to serve the ever-growing analytical
More informationMobilize Your ERP with ADF Mobile
Mobilize Your ERP with ADF Mobile Ramesh Kumar ealliance Corp Founder & CEO rkumar@ealliancecorp.com 630-618-0916 1 ealliance Background ealliance started in 1998 as an Oracle Partner specializing in Oracle
More informationSalesforce Files Connect Implementation Guide
Salesforce Files Connect Implementation Guide Salesforce, Winter 16 @salesforcedocs Last updated: December 10, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationperspective Microservices A New Application Paradigm Abstract
perspective Microservices A New Application Paradigm Abstract Microservices Architecture is introducing the concept of developing functionality as a number of small self-contained services. This paper
More informationApigee Edge API Services Manage, scale, secure, and build APIs and apps
Manage, scale, secure, and build APIs and apps Hex #FC4C02 Hex #54585A Manage, scale, secure, and build APIs and Apps with is designed to unite the best of Internet and enterprise technologies to provide
More informationGroup-Based Policy for OpenStack
Group-Based Policy for OpenStack Introduction Over the past four years, OpenStack has grown from a simple open source project to a major community-based initiative including thousands of contributors in
More informationEHR OAuth 2.0 Security
Hospital Health Information System EU HIS Contract No. IPA/2012/283-805 EHR OAuth 2.0 Security Final version July 2015 Visibility: Restricted Target Audience: EHR System Architects EHR Developers EPR Systems
More informationNCSU SSO. Case Study
NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must
More informationService Oriented Architecture
Service Oriented Architecture Charlie Abela Department of Artificial Intelligence charlie.abela@um.edu.mt Last Lecture Web Ontology Language Problems? CSA 3210 Service Oriented Architecture 2 Lecture Outline
More informationBuilding Web-based Infrastructures for Smart Meters
Building Web-based Infrastructures for Smart Meters Andreas Kamilaris 1, Vlad Trifa 2, and Dominique Guinard 2 1 University of Cyprus, Nicosia, Cyprus 2 ETH Zurich and SAP Research, Switzerland Abstract.
More informationSeptember 2009 Cloud Storage for Cloud Computing
September 2009 Cloud Storage for Cloud Computing This paper is a joint production of the Storage Networking Industry Association and the Open Grid Forum. Copyright 2009 Open Grid Forum, Copyright 2009
More informationFIVE SIGNS YOU NEED HTML5 WEBSOCKETS
FIVE SIGNS YOU NEED HTML5 WEBSOCKETS A KAAZING WHITEPAPER Copyright 2011 Kaazing Corporation. All rights reserved. FIVE SIGNS YOU NEED HTML5 WEBSOCKETS A KAAZING WHITEPAPER HTML5 Web Sockets is an important
More informationPingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0
Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity
More informationHow To Use B Insight'S New Search Engine On Sharepoint
How the BA Insight Federator Extends SharePoint Search BA Insight 2015 20 Park Plaza, Suite 1115 Boston, MA 02116, USA 1.339.368.7234 info@bainsight.com www.bainsight.com BA Insight Federator The BA Insight
More informationAPI Management Buyers Guide. White Paper
API Management Buyers Guide White Paper What Is an API? The value of your software, data, or other digital assets can be dramatically increased by reaching new audiences. This is possible through the use
More informationHow To Get To A Cloud Storage And Byod System
Maginatics Security Architecture What is the Maginatics Cloud Storage Platform? Enterprise IT organizations are constantly looking for ways to reduce costs and increase operational efficiency. Although
More informationCloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage
Cloud Service Brokerage Case Study Health Insurance Association Launches a Security and Integration Cloud Service Brokerage Cloud Service Brokerage Case Study Health Insurance Association Launches a Security
More informationBuilding WebRTC Solutions with the Avaya WebRTC Collaboration Environment Snap-in. Joel Ezell Lead Architect, Collaboration Environment R&D
Building WebRTC Solutions with the WebRTC Collaboration Environment Snap-in Joel Ezell Lead Architect, Collaboration Environment R&D Use Cases for Collaboration Environment 3.0 WebRTC Outbound only Click
More informationVortex White Paper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems
Vortex White Paper Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems Version 1.0 February 2015 Andrew Foster, Product Marketing Manager, PrismTech Vortex
More informationSecure Semantic Web Service Using SAML
Secure Semantic Web Service Using SAML JOO-YOUNG LEE and KI-YOUNG MOON Information Security Department Electronics and Telecommunications Research Institute 161 Gajeong-dong, Yuseong-gu, Daejeon KOREA
More informationIdentity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics
Identity, Privacy, and Data Protection in the Cloud XACML David Brossard Product Manager, Axiomatics 1 What you will learn The issue with authorization in the cloud Quick background on XACML 3 strategies
More informationInstallation and Administration Guide
Installation and Administration Guide Release 8 This installation guide will walk you through how to install and deploy Conga Composer, including recommended settings for the application. Contact Support:
More informationElectronic Ticket and Check-in System for Indico Conferences
Electronic Ticket and Check-in System for Indico Conferences September 2013 Author: Bernard Kolobara Supervisor: Jose Benito Gonzalez Lopez CERN openlab Summer Student Report 2013 Project Specification
More informationAWS CodePipeline. User Guide API Version 2015-07-09
AWS CodePipeline User Guide AWS CodePipeline: User Guide Copyright 2015 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection
More informationPrinciples and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)
Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards) Michael P. Papazoglou (INFOLAB/CRISM, Tilburg University, The Netherlands)
More informationA Java proxy for MS SQL Server Reporting Services
1 of 5 1/10/2005 9:37 PM Advertisement: Support JavaWorld, click here! January 2005 HOME FEATURED TUTORIALS COLUMNS NEWS & REVIEWS FORUM JW RESOURCES ABOUT JW A Java proxy for MS SQL Server Reporting Services
More informationImplementing Software- Defined Security with CloudPassage Halo
WHITE PAPER Implementing Software- Defined Security with CloudPassage Halo Introduction... 2 Implementing Software-Defined Security w/cloudpassage Halo... 3 Abstraction... 3 Automation... 4 Orchestration...
More informationEnabling REST Services with SAP PI. Michael Le mle@advantco.com Peter Ha pha@advantco.com
Enabling REST Services with SAP PI Michael Le mle@advantco.com Peter Ha pha@advantco.com Learning Points Understanding the REST architecture and concepts Understanding the differences between SOAP and
More informationCopyright 2013 Splunk Inc. Introducing Splunk 6
Copyright 2013 Splunk Inc. Introducing Splunk 6 Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future events or the expected performance
More informationCloud-based Identity and Access Control for Diagnostic Imaging Systems
Cloud-based Identity and Access Control for Diagnostic Imaging Systems Weina Ma and Kamran Sartipi Department of Electrical, Computer and Software Engineering University of Ontario Institute of Technology
More information1 Overview 1 1.1 Configuration on MACH Web Portal 1
API Guide Version 2 Table of Content 1 Overview 1 1.1 Configuration on MACH Web Portal 1 1.2 Other Pre-requisites 1 1.2.1 Apple Push SSL Certificate 1 1.2.2 Android GCM Key 2 1.2.3 Enabling Push Notification
More informationOpenText Information Hub (ihub) 3.1 and 3.1.1
OpenText Information Hub (ihub) 3.1 and 3.1.1 OpenText Information Hub (ihub) 3.1.1 meets the growing demand for analytics-powered applications that deliver data and empower employees and customers to
More informationTenable for CyberArk
HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments
More informationLogin with Amazon. Getting Started Guide for Websites. Version 1.0
Login with Amazon Getting Started Guide for Websites Version 1.0 Login with Amazon: Getting Started Guide for Websites Copyright 2016 Amazon Services, LLC or its affiliates. All rights reserved. Amazon
More informationWeb 2.0 Lecture 9: OAuth and OpenID
Web 2.0 Lecture 9: OAuth and OpenID doc. Ing. Tomáš Vitvar, Ph.D. tomas@vitvar.com @TomasVitvar http://www.vitvar.com Leopold-Franzens Universität Innsbruck and Czech Technical University in Prague Faculty
More informationA Look at the New Converged Data Center
Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable
More information5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP
5 Key Reasons to Migrate from Cisco ACE to F5 BIG-IP With support for Cisco ACE load balancer ending, organizations need to find an alternative. Contents Introduction 3 Advanced Architecture 3 Ease of
More informationHow In-Memory Data Grids Can Analyze Fast-Changing Data in Real Time
SCALEOUT SOFTWARE How In-Memory Data Grids Can Analyze Fast-Changing Data in Real Time by Dr. William Bain and Dr. Mikhail Sobolev, ScaleOut Software, Inc. 2012 ScaleOut Software, Inc. 12/27/2012 T wenty-first
More informationMid-Project Report August 14 th, 2012. Nils Dussart 0961540
Mid-Project Report August 14 th, 2012 Nils Dussart 0961540 CONTENTS Project Proposal... 3 Project title... 3 Faculty Advisor... 3 Project Scope and Individual Student Learning Goals... 3 Proposed Product
More information