Onegini Token server / Web API Platform

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Onegini Token server / Web API Platform"

Transcription

1 Onegini Token server / Web API Platform Companies and users interact securely by sharing data between different applications The Onegini Token server is a complete solution for managing your customer s authorizations. It provides a comprehensive security token server that integrates with enterprise identity and access management systems based on the latest Web and API security standards such as OAuth 2.0. With the Token Server, companies and users can interact by securely sharing data between different applications, and allow users to approve applications to act on their behalf without sharing passwords. OAuth 2.0 and API s OAuth is becoming the standard for access management with RESTful APIs. OAuth has the advantage of being: lightweight, Universal access for web, mobile app or any other third party application Unfortunately, OAuth can also be complex to set up, given the number of actors, token formats, transports, management, logging and security mechanisms required. Especially handling all the user interactions requires a flexible architecture since the number of devices is growing rapidly. Onegini bridges the security gap between companies and the Internet. For more information visit our website:

2 Onegini Key components The Onegini Token Server is a complete solution for managing authorizations of resource access compliant to the OAuth 2.0 standard. It can easily be plugged in to your current infrastructure and can cooperate with existing authentication services. The key components are: Component Core OAUTH 2.0 spec compliant authorization server Monitoring and auditing Management console Management and user Interface API Description The core engine of the Onegini OAuth Server is responsible for token management To keep track of all events and to enable operators to analyze behavior. For administrators, a complete dashboard is available. End-user and management api s enables to integrate Onegini functionality into you own systems. OAuth is mandatory in consumer IAM OAuth allows individual resource owners to delegate resource access rights to third-parties in a discretionary fashion with a limited scope based on a user dialogue. In that respect, OAuth is unprecedented and fundamentally important. The original flavor of OAuth comprises a 3-party exchange requiring the presence of the individual resource owner which does confine OAuth to the consumer IAM space. OAuth defeats the password anti-pattern, creating a consistent, flexible identity and policy architecture for web applications, web services, devices, and desktop clients attempting to communicate with Cloud APIs. It s al about tokens OAuth does care about two things: How to use a token to access resources? How to obtain such tokens? There is a variety of token types (self-contained vs. identifier tokens, refresh vs. access tokens), means of presenting tokens (HTTP Authorization request headers, URL query parameters, form-encoded body parameters) and obtaining them (various combinations of protocol exchanges called flows). This is where the specification and framework complexity actually comes from. Onegini will handle this for you. The Onegini Authorisation Server enables enterprises to deploy applications anywhere, using the same security infrastructure Secure your API s and meet Compliance Protecing API s againt attacks is crucial these days. The Onegini Token Server provides comprehensive API security and prebuilt identity management integration. Onegini protects the API s by managing tokens and preventing token abuse. Onegini also provides auditing and monitoring capabilities to support enterpises in being complaint. Why is Onegini different? The Onegini Token Server is unique because it s a complete solutions with a clear focus: protecting your enterprise API s using OAuth. It can be easily integrated within your IT infrastructure. The software is easy to install and there is no coding anymore. It s a stateless scaleable engine, including administration and operational consoles.

3 How does the Ongini Token Server work? The core of Onegini The core of Onegini is managing and protecting tokens. Long-lived Tokens and identity information will be stored encrypted in the database. It contains access and refresh tokens including properties such as one time tokens, expiration date, number of times to be used, scope linking etc. Onegini architecture is an event-based engine and all events will be stored in multiple databases. Onegini s search database enables real-time analyse of token abuse. Onegini supports the latest OAuth 2.0 spec including the required threat model. Both the spec and Threat model will be monitored and applied throughout the lifecycle of the Onegini Token server. END-USER & MANAGEMENT API OAUTH END-POINTS: AUTHORIZATION TOKEN VALIDATION TOKEN MANAGEMENT TOKEN ABUSE DETECTION ADMINISTRATION & MONITORING EVENTS TOKENS EVENT STORE Prevent token abuse Preventing token abuse is a complex process most organizations do not implement. Using Onegini, your company will benefit immediately from our unique technology created to prevent token abuse. Onegini logs all action events into our operations data store. The events logged are analyzed in real-time allowing our risk-based engine to trigger new actions, such as revoke tokens. Get the user Consent OAuth assumes the individual resource owner to be present and attentive unless the token endpoint can decide whether to supply an OAuth token in a token endpoint request from own, local context. In order to get consent from the resoure owner, a consent page will be displayed to the end user when a client requests an access grant and the user did not provide consent to any of the requested scopes for this particular client. As the application is stateless this page has the responsibility to forward all request parameters used in the authorization request. This set of request parameters is available via variables in the template. Customizable templates for the consent page and other user interactions are available. Dynamic Client registration Native applications running on mobile devices often pose a security thread since there is a lack of a trusted computing base. The Onegini Token server provides a mechanism to uniquely identify devices running native applications. This dynamic client registration process allows a client to register itself with the authorization server. Onegini will dynamically provision a client identifier and a client secret to be used by the client. Because the Onegini Token server can uniquely identify the different devices that are interacting with the server it can properly detect abuse and take appropriate action. SIEM SOLUTION A SIEM-tool correlates incidents and events from different resources and raises an alarm if an unexpected behavior occurs. Onegini can easily be integrated with existing SIEM solutions in order to track and trace the complete session. Onegini core is event based and will log events in a database. Via our API, these the events can be extracted. In order to correlate events of a certain request in the entire chain, a transaction id is used. Onegini has a plug-ins for products such as WebSeal, Apache or others.

4 Onegini integration in your IT Infrastructure Security is all about integration. Onegini seamlessly integrates with current IT infrastructures. Onegini can be placed in the DMZ or the local infrastructure, as long as the proper security measures related to deployed infrastructure are implemented. Administration The Onegini Token Server is easy to use for administrators. An administration dashboard will guide you through all tasks. Configuration, event logs, statistics, and user management. A number of different roles are supported so operators or help desk employees will have limited access. The configuration dashboard is a user interface where administrators can configure items such as applications, clients and scopes. Monitoring the api s An advanced operational monitoring dashboard will empower IT operations to monitor behavior and to get more insight about system health. Filters can be used to quickly analyze specific clients or events to prevent abuse. Authorized system users can block clients immediately. Security Onegini is a security solution to manage authorizations of resource access complaint to the OAuth 2.0 standard. Onegini supports the latest standards and implements many of the security considerations proposed in the OAuth Threat Model. Some of the security considerations are: credential storage protection, bind tokens to a particular resource server, bind token to client, validation of preregistered redirect_uri and binding of authorisation code to a specific client. In addition the following security measures are support: Explicitly defined Scopes for Audience and Tokens Configuration of Token time expiration and usage limitation Security event auditing to allow to identify patterns and potential threats Validating HTTP parameters, REST query/post parameters Protection against cross site scripting (XSS), SQL Injection High performance The Onegini Token Server is a high scalable and high performance authorization engine. All end-points are able to meet enterprise performance. The performance will scale linear for every server added. For performance improvement Onegini supports caching of access grants and access tokens. It will also cache configuration items when needed to optimize performance. YOUR ORGANISATION RESOURCES AUTHENTICATION Management and end-user api Onegini has an extensive management and end-user api which can be used by your own applications / clients. Onegini supports the following interfaces: Token management end-user (list, revoke) Device Management (list, revoke) Consent management (list, revoke, notification types) Client management (list, add, delete, update) Scope management (list, add, delete, update)

5 Onegini Feature highlights OAuth protocol flows Authorization code, implicit grant, client credentials, resource owner password credentials Integration with authentication engines A Modular architecture enables to plug-in authentication services such as Onegini, IBM, Oracle or any other. Authentication level per scope Databases Encryption API Interface Dynamic device registration Advanced scope definitions Integration with Security gateways Multi-language Integration IAM Various levels of STEP up authentication can be assigned per scopes. This enables granular configuration based on the specific authentication requirements of the resources you are protecting. Oracle, MySQL and DB2 Config files, tokens and identity information are all encrypted. Onegini offers interfaces for end-user, management and dynamic client registration. The process allows a client to register itself with the authorization server. The authorization server will dynamically provision a client identifier and a client secret to be used by the client. Scopes can be configured with a usage limit. This enables limiting the number of times an access token for a particular scope can be used. Layer7, SecurIT Trustbuider, Vordel and others Support for end-user interactions, all languages supported The Token server can be integrated with most popular identity and access management (IAM) and SSO solutions sucha as Onegini, Oracle, CA, Novell and IBM Pluggable architecture for notifications Enables to send notifications to end-users via preferred channel. (e.g. SMS or ). User can define preferred method Token abuse detection and reporting Advanced logging Prevents token te be used by unauthorized devices Onegini stores all events including administration taskes and data changes. Client authentication using JWT JSON Web Token (JWT) Bearer Token as a means for requesting an OAuth 2.0 access token as well as for use as a means of client authentication. Support for the JSON Web Token (JWT ) token type SIEM integration Configurable consent page Consent Notification templates Scope verification service Notification service LDAP integration Standards Onegini Supports the JWT token type with support for it s required and recommended encryption and hashing algorithms. SIEM integration is facilitated by means of configurable HTTP headers that communicate throughout the entire session. These headers are used to correlate events and be consumed by the on-premise SIEM solution. The consentpage is configureable html file that supports configuration of specific redirections, company logo to be used etc. Consent notification can be send using either or SMS. For both options configuration files are available. The Onegini Token Server provides a service to perform a scope check. This call is used to verify whether the end user is entitled to request a certain scope. When a user provides his consent on a authorization request for a resource, a notification is send to the user. The management console can integrate with an LDAP to secure access to the management console. Threat Model and Security Considerations OAuth 2.0 and higher

IBM WebSphere Application Server

IBM WebSphere Application Server IBM WebSphere Application Server OAuth 2.0 service provider and TAI 2012 IBM Corporation This presentation describes support for OAuth 2.0 included in IBM WebSphere Application Server V7.0.0.25. WASV70025_OAuth20.ppt

More information

OAuth: Where are we going?

OAuth: Where are we going? OAuth: Where are we going? What is OAuth? OAuth and CSRF Redirection Token Reuse OAuth Grant Types 1 OAuth v1 and v2 "OAuth 2.0 at the hand of a developer with deep understanding of web security will likely

More information

A Standards-based Mobile Application IdM Architecture

A Standards-based Mobile Application IdM Architecture A Standards-based Mobile Application IdM Architecture Abstract Mobile clients are an increasingly important channel for consumers accessing Web 2.0 and enterprise employees accessing on-premise and cloud-hosted

More information

Copyright Pivotal Software Inc, 2013-2015 1 of 10

Copyright Pivotal Software Inc, 2013-2015 1 of 10 Table of Contents Table of Contents Getting Started with Pivotal Single Sign-On Adding Users to a Single Sign-On Service Plan Administering Pivotal Single Sign-On Choosing an Application Type 1 2 5 7 10

More information

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps

Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps Dell One Identity Cloud Access Manager 8.0.1 - How to Develop OpenID Connect Apps May 2015 This guide includes: What is OAuth v2.0? What is OpenID Connect? Example: Providing OpenID Connect SSO to a Salesforce.com

More information

SSO for Modern Applications

SSO for Modern Applications SSO for Modern Applications Modern Applications - Big shift in how we do web applications - Classic: - Compose HTML on the server - Use server-side frameworks like JSF / JSP, PHP, ASP - In a browser every

More information

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation

MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation MIT Tech Talk, May 2013 Justin Richer, The MITRE Corporation Approved for Public Release Distribution Unlimited 13-1871 2013 The MITRE Corporation All Rights Reserved } OpenID Connect and OAuth2 protocol

More information

USING FEDERATED AUTHENTICATION WITH M-FILES

USING FEDERATED AUTHENTICATION WITH M-FILES M-FILES CORPORATION USING FEDERATED AUTHENTICATION WITH M-FILES VERSION 1.0 Abstract This article provides an overview of federated identity management and an introduction on using federated authentication

More information

OAuth 2.0 Developers Guide. Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900

OAuth 2.0 Developers Guide. Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900 OAuth 2.0 Developers Guide Ping Identity, Inc. 1001 17th Street, Suite 100, Denver, CO 80202 303.468.2900 Table of Contents Contents TABLE OF CONTENTS... 2 ABOUT THIS DOCUMENT... 3 GETTING STARTED... 4

More information

APIs The Next Hacker Target Or a Business and Security Opportunity?

APIs The Next Hacker Target Or a Business and Security Opportunity? APIs The Next Hacker Target Or a Business and Security Opportunity? SESSION ID: SEC-T07 Tim Mather VP, CISO Cadence Design Systems @mather_tim Why Should You Care About APIs? Amazon Web Services EC2 alone

More information

EHR OAuth 2.0 Security

EHR OAuth 2.0 Security Hospital Health Information System EU HIS Contract No. IPA/2012/283-805 EHR OAuth 2.0 Security Final version July 2015 Visibility: Restricted Target Audience: EHR System Architects EHR Developers EPR Systems

More information

Enterprise Access Control Patterns For REST and Web APIs

Enterprise Access Control Patterns For REST and Web APIs Enterprise Access Control Patterns For REST and Web APIs Francois Lascelles Layer 7 Technologies Session ID: STAR-402 Session Classification: intermediate Today s enterprise API drivers IAAS/PAAS distributed

More information

S-Drive Security Whitepaper

S-Drive Security Whitepaper S-Drive Security Whitepaper Introduction S-Drive is a cloud file management solution built on Salesforce.com and Amazon Web Services. S- Drive has been architected with Security and Scalability in mind

More information

Mashery OAuth 2.0 Implementation Guide

Mashery OAuth 2.0 Implementation Guide Mashery OAuth 2.0 Implementation Guide June 2012 Revised: 7/18/12 www.mashery.com Mashery, Inc. 717 Market Street, Suite 300 San Francisco, CA 94103 Contents C hapter 1. About this Guide...5 Introduction...

More information

Qlik Sense Enabling the New Enterprise

Qlik Sense Enabling the New Enterprise Technical Brief Qlik Sense Enabling the New Enterprise Generations of Business Intelligence The evolution of the BI market can be described as a series of disruptions. Each change occurred when a technology

More information

GETTING STARTED WITH KITEWORKS DEVELOPER GUIDE

GETTING STARTED WITH KITEWORKS DEVELOPER GUIDE GETTING STARTED WITH KITEWORKS DEVELOPER GUIDE Version 1.0 Version 1.0 Copyright 2014 Accellion, Inc. All rights reserved. These products, documents, and materials are protected by copyright law and distributed

More information

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES CONTENTS About Tools4ever... 3 About Deloitte Risk Services... 3 HelloID... 4 Microsoft Azure... 5 HelloID Security Architecture... 6 Scenarios... 8 SAML Identity Provider (IDP)... 8 Service Provider SAML

More information

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning. PingFederate We went with PingFederate because it s based on standards like SAML, which are important for a secure implementation. John Davidson Senior Product Manager, Opower PingFederate is the leading

More information

OpenID Connect 1.0 for Enterprise

OpenID Connect 1.0 for Enterprise OpenID Connect 1.0 for Enterprise By Paul Madsen Executive Overview In order to meet the challenges presented by the use of mobile apps and cloud services in the enterprise, a new generation of identity

More information

Apigee Gateway Specifications

Apigee Gateway Specifications Apigee Gateway Specifications Logging and Auditing Data Selection Request/response messages HTTP headers Simple Object Access Protocol (SOAP) headers Custom fragment selection via XPath Data Handling Encryption

More information

Feature Comparison. Help Desk. Ticket Management. Email to Ticket. Fully Customizable User Interface. Escalation Rules.

Feature Comparison. Help Desk. Ticket Management. Email to Ticket. Fully Customizable User Interface. Escalation Rules. Feature Comparison Help Desk Ticket Management Email to Ticket Fully Customizable User Interface Escalation Rules Routing Rules Granular Permission Control Customizable Survey Multiple Survey Questions

More information

Flexible Identity Federation

Flexible Identity Federation Flexible Identity Federation Quick start guide version 1.0.1 Publication history Date Description Revision 2015.09.23 initial release 1.0.0 2015.12.11 minor updates 1.0.1 Copyright Orange Business Services

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

Axway API Gateway. Version 7.4.1

Axway API Gateway. Version 7.4.1 O A U T H U S E R G U I D E Axway API Gateway Version 7.4.1 3 February 2016 Copyright 2016 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.4.1

More information

Fairsail REST API: Guide for Developers

Fairsail REST API: Guide for Developers Fairsail REST API: Guide for Developers Version 1.02 FS-API-REST-PG-201509--R001.02 Fairsail 2015. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced,

More information

G Cloud 6 CDG Service Definition for Forgerock Software Services

G Cloud 6 CDG Service Definition for Forgerock Software Services G Cloud 6 CDG Service Definition for Forgerock Software Services Author: CDG Date: October 2015 Table of Contents Table of Contents 2 1.0 Service Definition 3 1.0 Service Definition Forgerock as a Platform

More information

OAuth 2.0. Weina Ma Weina.Ma@uoit.ca

OAuth 2.0. Weina Ma Weina.Ma@uoit.ca OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow What s the problem As the web grows, more

More information

TrustedX - PKI Authentication. Whitepaper

TrustedX - PKI Authentication. Whitepaper TrustedX - PKI Authentication Whitepaper CONTENTS Introduction... 3 1... 4 Use Scenarios... 5 Operation... 5 Architecture and Integration... 6 SAML and OAuth 7 RESTful Web Services 8 Monitoring and Auditing...

More information

An Oracle White Paper Dec 2013. Oracle Access Management OAuth Service

An Oracle White Paper Dec 2013. Oracle Access Management OAuth Service An Oracle White Paper Dec 2013 Oracle Access Management OAuth Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may

More information

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE

Identity Management in Liferay Overview and Best Practices. Liferay Portal 6.0 EE Identity Management in Liferay Overview and Best Practices Liferay Portal 6.0 EE Table of Contents Introduction... 1 IDENTITY MANAGEMENT HYGIENE... 1 Where Liferay Fits In... 2 How Liferay Authentication

More information

Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0)

Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0) Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.4.0) July 2015 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.4.0) Copyright 1999, 2015, Oracle and/or its

More information

For System Integrators

For System Integrators For System Integrators The Connect2id mantra Your users Your UIs / UX Your rules Your premise / cloud You are in control Top integration concerns of enterprises authz logic user authentication + shape

More information

THE MOBILE HELIX SECURE DELIVERY PLATFORM

THE MOBILE HELIX SECURE DELIVERY PLATFORM SECURE ENTERPRISE HTML5 THE MOBILE HELIX SECURE DELIVERY PLATFORM A MOBILE HELIX WHITEPAPER THE MOBILE HELIX SECURE DELIVERY PLATFORM This whitepaper describes the way the Mobile Helix solution delivers

More information

Secret Server Qualys Integration Guide

Secret Server Qualys Integration Guide Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX SECURE YOUR DATA EXCHANGE SAFE-T BOX WHITE PAPER Safe-T. Smart Security Made Simple. 1 The Costs of Uncontrolled Data Exchange 2 Safe-T Box Secure Data Exchange Platform 2.1 Business Applications and Data

More information

Identity Management with Spring Security. Dave Syer, VMware, SpringOne 2011

Identity Management with Spring Security. Dave Syer, VMware, SpringOne 2011 Identity Management with Spring Security Dave Syer, VMware, SpringOne 2011 Overview What is Identity Management? Is it anything to do with Security? Some existing and emerging standards Relevant features

More information

Use Enterprise SSO as the Credential Server for Protected Sites

Use Enterprise SSO as the Credential Server for Protected Sites Webthority HOW TO Use Enterprise SSO as the Credential Server for Protected Sites This document describes how to integrate Webthority with Enterprise SSO version 8.0.2 or 8.0.3. Webthority can be configured

More information

tibbr Now, the Information Finds You.

tibbr Now, the Information Finds You. tibbr Now, the Information Finds You. - tibbr Integration 1 tibbr Integration: Get More from Your Existing Enterprise Systems and Improve Business Process tibbr empowers IT to integrate the enterprise

More information

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved

Building a Mobile App Security Risk Management Program. Copyright 2012, Security Risk Advisors, Inc. All Rights Reserved Building a Mobile App Security Risk Management Program Your Presenters Who Are We? Chris Salerno, Consultant, Security Risk Advisors Lead consultant for mobile, network, web application penetration testing

More information

Axway API Portal. Putting APIs first for your developer ecosystem

Axway API Portal. Putting APIs first for your developer ecosystem Axway API Portal Putting APIs first for your developer ecosystem To fully embrace an API-first strategy, it s no longer enough to simply develop and deploy APIs. Organizations need broad API management

More information

Globus Auth. Steve Tuecke. The University of Chicago

Globus Auth. Steve Tuecke. The University of Chicago Globus Auth Enabling an extensible, integrated ecosystem of services and applications for the research and education community. Steve Tuecke The University of Chicago Cloud has transformed how platforms

More information

ActiveVOS Server Architecture. March 2009

ActiveVOS Server Architecture. March 2009 ActiveVOS Server Architecture March 2009 Topics ActiveVOS Server Architecture Core Engine, Managers, Expression Languages BPEL4People People Activity WS HT Human Tasks Other Services JMS, REST, POJO,...

More information

CA Single Sign-On Migration Guide

CA Single Sign-On Migration Guide CA Single Sign-On Migration Guide Web access management (WAM) systems have been a part of enterprises for decades. It is critical to control access and audit applications while reducing the friction for

More information

Application Security Testing. Indian Computer Emergency Response Team (CERT-In)

Application Security Testing. Indian Computer Emergency Response Team (CERT-In) Application Security Testing Indian Computer Emergency Response Team (CERT-In) OWASP Top 10 Place to start for learning about application security risks. Periodically updated What is OWASP? Open Web Application

More information

SAML and OAUTH comparison

SAML and OAUTH comparison SAML and OAUTH comparison DevConf 2014, Brno JBoss by Red Hat Peter Škopek, pskopek@redhat.com, twitter: @pskopek Feb 7, 2014 Abstract SAML and OAuth are one of the most used protocols/standards for single

More information

An Approach to Achieve Delegation of Sensitive RESTful Resources on Storage Cloud

An Approach to Achieve Delegation of Sensitive RESTful Resources on Storage Cloud An Approach to Achieve Delegation of Sensitive RESTful Resources on Storage Cloud Kanchanna Ramasamy Balraj Engineering Ingegneria Informatica Spa, Rome, Italy Abstract. The paper explains a simple approach

More information

Improve your mobile application security with IBM Worklight

Improve your mobile application security with IBM Worklight Improve your mobile application security with IBM Worklight Contents 1 Introduction 2 IBM Worklight overview 4 Enabling mobile security with IBM Worklight 6 Integrating IBM Worklight with enterprise security

More information

MySQL Security: Best Practices

MySQL Security: Best Practices MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Oracle OAuth Service O R A C L E W H I T E P A P E R M A R C H Oracle OAuth Service

Oracle OAuth Service O R A C L E W H I T E P A P E R M A R C H Oracle OAuth Service Oracle OAuth Service O R A C L E W H I T E P A P E R M A R C H 2015 1 Oracle OAuth Service Disclaimer The following is intended to outline our general product direction. It is intended for information

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Administrator's Guide. SAP BusinessObjects User Management System

Administrator's Guide. SAP BusinessObjects User Management System SAP BusinessObjects User Management System Administrator's Guide SAP BusinessObjects User Management System 1.0 2009-02-26 Copyright 2009 SAP BusinessObjects. All rights reserved. SAP BusinessObjects and

More information

How to Extend Identity Security to Your APIs

How to Extend Identity Security to Your APIs How to Extend Identity Security to Your APIs Executive Overview The number of users and devices requesting access to applications is growing exponentially and enterprises are scrambling to adapt their

More information

Oracle Access Manager. An Oracle White Paper

Oracle Access Manager. An Oracle White Paper Oracle Access Manager An Oracle White Paper NOTE: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any

More information

Security and ArcGIS Web Development. Heather Gonzago and Jeremy Bartley

Security and ArcGIS Web Development. Heather Gonzago and Jeremy Bartley Security and ArcGIS Web Development Heather Gonzago and Jeremy Bartley Agenda Types of apps Traditional token-based authentication OAuth2 authentication User login authentication Application authentication

More information

REDCap General Security Overview

REDCap General Security Overview REDCap General Security Overview Introduction REDCap is a web application for building and managing online surveys and databases, and thus proper security practices must instituted on the network and server(s)

More information

JVA-122. Secure Java Web Development

JVA-122. Secure Java Web Development JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard

More information

RFI Template for Enterprise MDM Solutions

RFI Template for Enterprise MDM Solutions RFI Template for Enterprise MDM Solutions 2012 Zenprise, Inc. 1 About This RFI Template A secure mobile device management solution is an integral part of any effective enterprise mobility program. Mobile

More information

Login with Amazon. Developer Guide for Websites

Login with Amazon. Developer Guide for Websites Login with Amazon Developer Guide for Websites Copyright 2014 Amazon Services, LLC or its affiliates. All rights reserved. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

More information

Integrasjon for mobile løsninger

Integrasjon for mobile løsninger Integrasjon for mobile løsninger Hvilke krav stiller mobile løsninger til din integrasjonsplattform? Per Anders Jørgensen Solution Architect Oracle Fusion Middleware Mobile Sept 4, 2014 Oracle Confidential

More information

SCRIBE ONLINE SECURITY

SCRIBE ONLINE SECURITY SCRIBE ONLINE SECURITY This document provides an overview of Scribe Online s Security. SCRIBE ONLINE Scribe Online is an Integration Platform as a service, allowing you to quickly and easily integrate

More information

OAuth Guide Release 6.0

OAuth Guide Release 6.0 [1]Oracle Communications Services Gatekeeper OAuth Guide Release 6.0 E50767-02 November 2015 Oracle Communications Services Gatekeeper OAuth Guide, Release 6.0 E50767-02 Copyright 2012, 2015, Oracle and/or

More information

Take Control of Identities & Data Loss. Vipul Kumra

Take Control of Identities & Data Loss. Vipul Kumra Take Control of Identities & Data Loss Vipul Kumra Security Risks - Results Whom you should fear the most when it comes to securing your environment? 4. 3. 2. 1. Hackers / script kiddies Insiders Ex-employees

More information

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

CrashPlan Security SECURITY CONTEXT TECHNOLOGY TECHNICAL SPECIFICATIONS CrashPlan Security CrashPlan is a continuous, multi-destination solution engineered to back up mission-critical data whenever and wherever it is created. Because mobile laptops

More information

IBM API Management Overview. 2014 IBM Corporation

IBM API Management Overview. 2014 IBM Corporation IBM API Management Overview Please Note IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding potential

More information

PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS

PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS www.openi-ict.eu Open-Source, Web-Based, Framework for Integrating Applications with Social Media Services and Personal Cloudlets PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS Open-Source,

More information

Datasheet FUJITSU Cloud Monitoring Service

Datasheet FUJITSU Cloud Monitoring Service Datasheet FUJITSU Cloud Monitoring Service FUJITSU Cloud Monitoring Service powered by CA Technologies offers a single, unified interface for tracking all the vital, dynamic resources your business relies

More information

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions 1800 ULEARN (853 276) www.ddls.com.au CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions Length 5 days Price $5500.00 (inc GST) Overview The objective of Implementing Citrix NetScaler

More information

CERTIFIED MULESOFT DEVELOPER EXAM. Preparation Guide

CERTIFIED MULESOFT DEVELOPER EXAM. Preparation Guide CERTIFIED MULESOFT DEVELOPER EXAM Preparation Guide v. November, 2014 2 TABLE OF CONTENTS Table of Contents... 3 Preparation Guide Overview... 5 Guide Purpose... 5 General Preparation Recommendations...

More information

Pentaho Reporting Overview

Pentaho Reporting Overview Pentaho Reporting Copyright 2006 Pentaho Corporation. Redistribution permitted. All trademarks are the property of their respective owners. For the latest information, please visit our web site at www.pentaho.org

More information

http://docs.trendmicro.com/en-us/enterprise/safesync-for-enterprise.aspx

http://docs.trendmicro.com/en-us/enterprise/safesync-for-enterprise.aspx Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet Technical Data Sheet DirX Identity V8.4 Secure and flexible Password Management DirX Identity provides a comprehensive password management solution for enterprises and organizations. It delivers self-service

More information

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Netop Remote Control Security Server

Netop Remote Control Security Server A d m i n i s t r a t i o n Netop Remote Control Security Server Product Whitepaper ABSTRACT Security is an important factor when choosing a remote support solution for any enterprise. Gone are the days

More information

RingCentral OAuth 2.0 Authentication & Authorization* *This pdf includes beta 3-legged OAuth 2.0 authorization code flow

RingCentral OAuth 2.0 Authentication & Authorization* *This pdf includes beta 3-legged OAuth 2.0 authorization code flow RingCentral OAuth 2.0 Authentication & Authorization* *This pdf includes beta 3-legged OAuth 2.0 authorization code flow Contents Overview... 3 RingCentral OAuth 2.0... 3 Tokens... 3 Authorization Flows...

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

WHITE PAPER Usher Mobile Identity Platform

WHITE PAPER Usher Mobile Identity Platform WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

ACE Management Server Deployment Guide VMware ACE 2.0

ACE Management Server Deployment Guide VMware ACE 2.0 Technical Note ACE Management Server Deployment Guide VMware ACE 2.0 This technical note provides guidelines for the deployment of VMware ACE Management Servers, including capacity planning and best practices.

More information

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet Technical Data Sheet DirX Identity V8.5 Secure and flexible Password Management DirX Identity provides a comprehensive password management solution for enterprises and organizations. It delivers self-service

More information

Authentication Integration

Authentication Integration Authentication Integration VoiceThread provides multiple authentication frameworks allowing your organization to choose the optimal method to implement. This document details the various available authentication

More information

HOL9449 Access Management: Secure web, mobile and cloud access

HOL9449 Access Management: Secure web, mobile and cloud access HOL9449 Access Management: Secure web, mobile and cloud access Kanishk Mahajan Principal Product Manager, Oracle September, 2014 Copyright 2014, Oracle and/or its affiliates. All rights reserved. Oracle

More information

FUJITSU Cloud Service K5 API Management Service Functional Overview

FUJITSU Cloud Service K5 API Management Service Functional Overview FUJITSU Cloud Service K5 API Management Service Functional Overview July 2016 Fujitsu Limited - Unauthorized copying and replication of the contents of this document is prohibited. - The contents of this

More information

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0

PingFederate. Windows Live Cloud Identity Connector. User Guide. Version 1.0 Windows Live Cloud Identity Connector Version 1.0 User Guide 2011 Ping Identity Corporation. All rights reserved. Windows Live Cloud Identity Connector User Guide Version 1.0 April, 2011 Ping Identity

More information

OpenText Information Hub (ihub) 3.1 and 3.1.1

OpenText Information Hub (ihub) 3.1 and 3.1.1 OpenText Information Hub (ihub) 3.1 and 3.1.1 OpenText Information Hub (ihub) 3.1.1 meets the growing demand for analytics-powered applications that deliver data and empower employees and customers to

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Expert Oracle Application. Express Security. Scott Spendolini. Apress"

Expert Oracle Application. Express Security. Scott Spendolini. Apress Expert Oracle Application Express Security Scott Spendolini Apress" Contents Foreword About the Author About the Technical Reviewer Acknowledgments Introduction xv xvii xix xxi xxiii BChapter 1: Threat

More information

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo

Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence. Greg Wcislo Session Code*: 0310 Demystifying Authentication and SSO Options in Business Intelligence Greg Wcislo Introduction We will not go into detailed how-to, however links to multiple how-to whitepapers will

More information

Simplify Identity Management with the CA Identity Suite

Simplify Identity Management with the CA Identity Suite SOLUTION BRIEF CA DATABASE IDENTITY SUITE MANAGEMENT IDENTITY FOR MANAGEMENT DB2 FOR z/os DRAFT Answer the cover question by stating how the solution can deliver the desired benefits; typically, technical

More information

Integrating Mobile apps with your Enterprise

Integrating Mobile apps with your Enterprise Integrating Mobile apps with your Enterprise Jonathan Marshall marshalj@uk.ibm.com @jmarshall1 Agenda Mobile apps and the enterprise Integrating mobile apps with Enterprise Applications Mobile apps and

More information

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen

From the Intranet to Mobile. By Divya Mehra and Stian Thorgersen ENTERPRISE SECURITY WITH KEYCLOAK From the Intranet to Mobile By Divya Mehra and Stian Thorgersen PROJECT TIMELINE AGENDA THE OLD WAY Securing monolithic web app relatively easy Username and password

More information

Adding Stronger Authentication to your Portal and Cloud Apps

Adding Stronger Authentication to your Portal and Cloud Apps SOLUTION BRIEF Cyphercor Inc. Adding Stronger Authentication to your Portal and Cloud Apps Using the logintc April 2012 Adding Stronger Authentication to Portals Corporate and consumer portals, as well

More information

Salesforce1 Mobile Security Guide

Salesforce1 Mobile Security Guide Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,

More information

Strengthen security with intelligent identity and access management

Strengthen security with intelligent identity and access management Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers

More information

Trust but Verify: Best Practices for Monitoring Privileged Users

Trust but Verify: Best Practices for Monitoring Privileged Users Trust but Verify: Best Practices for Monitoring Privileged Users Olaf Stullich, Product Manager (olaf.stullich@oracle.com) Arun Theebaprakasam, Development Manager Chirag Andani, Vice President, Identity

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

Single Sign On. SSO & ID Management for Web and Mobile Applications

Single Sign On. SSO & ID Management for Web and Mobile Applications Single Sign On and ID Management Single Sign On SSO & ID Management for Web and Mobile Applications Presenter: Manish Harsh Program Manager for Developer Marketing Platforms of NVIDIA (Visual Computing

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information