Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

Size: px

Start display at page:

Download "Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems jmacy@forumsys.com"

Gabriel Beasley
8 years ago
Views:

1 Mobile Identity and Edge Security Forum Sentry Security Gateway Jason Macy CTO, Forum Systems

on-demand Service Oriented Architecture Paradigm for designing and developing software Combined Web Services

2 Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service PaaS Platform as a Service Virtualization Taking physical resources and rendering virtual Operating Systems and Systems provided on-demand Service Oriented Architecture Paradigm for designing and developing software Combined Web Services for Loosely Coupled Architecture Web Services Re-usable service components Open standards Messaging and Protocols

3 Evolution Evolution of Enterprise Identities Cloud Computing Iaas Infrastructure as a Service PaaS Platform as a Service Mobile Apps Users / Portals B2B Cloud / 3 rd Party OAuth SAML WS-Tokens HTTP Basic HTTP Form Post Virtualization Taking physical resources and rendering virtual Operating Systems and Systems provided on-demand Service Oriented Architecture Paradigm for designing and developing software Combined Web Services for Loosely Coupled Architecture Web Services Re-usable service components Open standards Messaging and Protocols NTLM Kerberos X509 Mutual RSA SecureID Cookies

Operating Systems and Systems provided on-demand Service Oriented Architecture Paradigm for designing and developing software Combined Web Services

4 Enterprise Identities External FW B2B

5 Enterprise Identities External FW B2B

6 Enterprise Identities External FW Multiple Protocols Protocol Token Formats Message Token Formats

7 Enterprise Identities External FW Scalability Centralized Access Control Single Sign On

8 Gateway Architecture Edge Security / Identity

9 API Security Edge Deployment External FW Internal FW Mobile Apps Users / Portals B2B L O A D B A L A N C E R Secure API Protocol Break Forum Sentry SOAP, XML, REST, JSON, HTML, ebxml, SwA HTTP, FTP, SFTP, SMTP, JBOSS, IBM MQ, AS2, Tibco, Oracle, Active MQ, AMQP LOAD BALANCER DMZ Cloud / 3 rd Party Identity: Oauth, SAML, WS-Tokens, HTTP Form Post, HTTPBasic, HTTP Digest, NTLM, Kerberos, X509 Mutual, RSA SecureID, FTP Auth, SFTP Auth Mobile Services HTML Portal Servers REST Services FTP/SFTP Services XML Services SOAP Services ESB Services

BALANCER DMZ Cloud / 3 rd Party Identity: Oauth, SAML, WS-Tokens, HTTP Form Post, HTTPBasic, HTTP Digest, NTLM, Kerberos, X509 Mutual,

10 SECURITY Threat Mitigation (IDP)?? Parse Detect Prevent Privacy Inbound Accountability Outbound ASIC Crypto Acceleration - Patent #7,516,333 PKI Infrastructure - DoD JITC Certified Security Architecture - FIPS Certified Integrity?

Outbound ASIC Crypto Acceleration - Patent #7,516,333 PKI

11 Identity Management IDENTITY Access Control Federation OAuth, SAML, Active Directory, LDAP, Siteminder, Tivoli AM, ClearTrust, Kerberos KDC, CoreID, JSAM, WS-Trust, REST

12 MEDIATION Standards PKI Protocols Comprehensive OASIS and W3C standards support Over 100 Task Processing Functions Mapping, Conversion, and Enrichment

13 Mobile Identity

14 Mobile Identity

15 Mobile Identity

16 Mobile Identity External FW

17 Single Sign On SAML SSO

18 SP-Initiated SSO Service Provider Mobile Apps Users / Portals

19 SP-Initiated SSO Service Provider Mobile Apps Users / Portals HTTP Redirect to IdP Identity Provider Javascript HTTP POST Redirect -- Signed SAML Request

20 SP-Initiated SSO Service Provider Mobile Apps Users / Portals Authentication Identity Provider

21 SP-Initiated SSO Service Provider Mobile Apps Users / Portals Redirect w/ Embedded Signed SAML Identity Provider

22 SP-Initiated SSO Service Provider Mobile Apps Users / Portals Access to Resource w/ SAML (allowed via DSIG Verify) Identity Provider

23 Mobile Authentication Use Case Distributed SSO

24 Mobile Authentication External FW HTTP / HTTPS Internal Apps Mobile Apps Basic Auth Cookie Auth Form Post Auth X509 Auth OAuth SAML SSO

25 Mobile Authentication - Direct External FW AUTH SESSION TOKEN Map User and Roles into request for back-end Internal Apps Forum Sentry Mobile Apps Intercept and provide authentication, access control, and session management No Agents, no central policy server calls Maximized performance, simpler architecture

26 Mobile Authentication 3 rd Party / Cloud Redirect w/signed SAML Request Mobile Device makes request Token is sent and validated by Sentry SAML parameters and DSIG are verified Internal Apps Forum Sentry Mobile Apps

27 Mobile Authentication 3 rd Party / Cloud SAML DSIG verify is used to validate trust And establish new SESSION Redirect w/signed SAML Response which Includes original target URI Internal Apps Forum Sentry Mobile Apps

28 Mobile API Security Identity Edge Deployment External FW Internal FW Mobile Apps Users / Portals B2B L O A D B A L A N C E R Forum Sentry HTML, XML, REST, JSON HTTP, FTP, SFTP, SMTP, JBOSS, IBM MQ, AS2, Tibco, Oracle, Active MQ, AMQP LOAD BALANCER DMZ Cloud / 3 rd Party Identity: Oauth, SAML, HTTP WS-Tokens, Form Post, HTTP Form Post, HTTPBasic, X509 HTTP Mutual, Digest, NTLM, RSA SecureID Kerberos, X509 Mutual, RSA SecureID, FTP Auth, SFTP Auth Mobile Services HTML Portal Servers REST Services FTP/SFTP Services ESB Services XML Services SOAP Services

29 What s Next Enhanced Mobile Device Identification Sentry Instance Auto-policy Enrollment Large Scale Secure Edge Caching & Persistence Geospatial Synchronization

30 Questions / Comments

Core Feature Comparison between. XML / SOA Gateways. and. Web Application Firewalls. Jason Macy jmacy@forumsys.com CTO, Forum Systems

Core Feature Comparison between XML / SOA Gateways and Web Application Firewalls Jason Macy jmacy@forumsys.com CTO, Forum Systems XML Gateway vs Competitive XML Gateways or Complementary? and s are Complementary