Connecting The Real World With The Virtual World
Download as PPTX, PDF1 like1,364 views
The document discusses how identity management protocols like OAuth 2.0 and OpenID Connect can help connect physical devices and systems to digital networks and services by providing scalable identification, authentication, and authorization. It outlines challenges like security at scale and password overuse that these protocols help address. Examples are given of how identity solutions can enable use cases across different industries involving manufacturing, healthcare, automotive, and home automation.
Connecting The Real World With The Virtual World
- 1. CONNECTING THE REAL WORLD WITH THE VIRTUAL WORLD The Identity of Things EIC May 15, 2014 Hans Zandbelt – CTO Office – Ping Identity Copyright © 2014 Ping Identity Corp. All rights reserved. 1
- 2. Overview 1 • Internet- & Identity of Things 2 • Infrastructure & Protocols 3 • Now what?
- 3. • Remote tracking • Controlling functions • Routing functions • enabled by smart sensor nodes and devices Use case: Manufacturing Copyright © 2014 Ping Identity Corp. All rights reserved. 3
- 4. • integration with real- time monitoring • Health care providers (insurers) Use case: Healthcare Copyright © 2014 Ping Identity Corp. All rights reserved. 4
- 5. • Self-driving cars • Monitoring & reporting (today) Use case: Automotive Copyright © 2014 Ping Identity Corp. All rights reserved. 5
- 6. • smart thermometers/heating • audio/video between ALL devices with those capabilities (phone, mobile and fixed, iPad, front door cam, TV, stereo) • integrating all electrical devices household/building Use case: Home/Building Automation Copyright © 2014 Ping Identity Corp. All rights reserved. 6
- 7. • Cloud / SaaS & Social • Mobile Ubiquity • Embedded, Wearable • Smart Meters • Industry Automation • Home Automation • Retail & Consumer Automation Internet of Things
- 8. • Security Scalability – Access & Account Mgmt • Discovery, Identification & Authentication – Devices & Clients – Services & Servers – Users • Passwords … NOOO!! Challenges
- 9. Ehm Copyright © 2014 Ping Identity Corp. All rights reserved. 9
- 10. INFRASTRUCTURE Building the identity-enabled internet of everything
- 11. Consequence Traditional firewall and enterprise domain-based security cannot deal with Cloud, Mobile & IoT – Users, Applications or Devices. IDENTITY IS THE NEW PERIMETER FIREWALL
- 12. Network Applications IDENTITY • Scalable Identification • Scalable Security – Authentication – Privacy – Confidentiality – Integrity • Scalable Trust The Identity Layer
- 13. PROTOCOLS Realizing the Identiverse and IoT infrastructure
- 14. Today’s Identity Protocol Landscape SAML LDAP X.509
- 15. Modern Identity Protocol Stack OpenID Connect SCIM OAuth 2.0
- 16. OAUTH 2.0 A 30,000 feet overview
- 17. • 3rd party client store user passwords • Teaches users to be indiscriminate with passwords • No multi-factor or federated authentication • No granularity • No differentiation • No revocation Drawbacks Password anti-pattern
- 18. OAuth 2.0 Drivers Lack Of Standar ds Passwo rd Anti Pattern Native Mobile Apps REST Cloud APIs OAuth 2.0
- 19. • Secure API authorization – simple & standard, secure-enough (Bearer) – for desktop, mobile, web, IoT • Delegated access – mitigates password anti- pattern • Issue tokens for granular access – Without divulging your credentials Characteristics OAuth 2.0 Protocol Framework
- 20. Open Redirect somewhere in RP website + RP website uses federated SSO for user login + SSO Token callback from IDP to website is configurable => Assume the following Intermezzo: Covert Redirect Lesson: don’t forward messages that were meant for you to anyone else…
- 21. CONCLUSIONS
- 22. Emerging Business Landscape Cloud Business Mobile Ubiquity Social Integration Internet of Things Secure Identity Layer
- 23. 1. Modern identity protocol adoption – OAuth 2.0 & OpenID Connect – Bindings to IoT 2. Password reduction – Federation : default – Strong / multi-factor – Discrete > Continuous 3. Automation – Scale and ease of use – self-service as a backup Actions
- 24. • IoT – Scale – Security – Standards • Identity Platform – Spanning Cloud and IoT – Identity Function APIs – Multi-protocol • Don’t Panic – Let’s Start Moving Today Summary
- 25. Thank You http://www.pingidentity.com Hans Zandbelt hzandbelt@pingidentity.com Twitter: @hanszandbelt Ping Identity
- 26. Client SOAP/REST API • HTTP – basic/digest… • SOAP - WS-Security/WS- Trust • REST - ? • Token-based – Obtain – Use – Validate Methods API Access Token
- 27. • Separate protocols for SSO and API security • Heavyweight - in payload and processing • Complex – develop and manage • Manual trust bootstrapping and certificate management • SSO and API security in one • Lightweight – mobile • Simple – developer friendly • Auto client registration and key management SAML and OpenID Connect SAML OpenID Connect
Editor's Notes
- #18: Deprecated way of dealing with API access: hand out your password to a client or third party service. Bad: store pwd, indiscriminate, no multi-factor, no granularity, no differentation, no revocation. Need something better.
- #20: Enter Oauth 2.0: a protocol for secure API authorization. Simple standard or framework, based on REST and JSON, meant for the mobile web world. Delegated authorization, tokens are issued, obtained and used to mitigate the anti-password pattern. Granular, revokable access to specified parties, without exposing your credentials.
- #27: How would you secure web apis: SOAP: WS-Security REST: nothing there yet until recently. Only passwords. What we need is a token based method to access APIs: will explain in the next slide.