Upload File

adapting oauth to the enterprise

17
Session ID: Session Classification: Chuck Mortimore salesforce.com IAM-F42A Intermediate ADAPTING OAUTH TO THE ENTERPRISE Pat Patterson salesforce.com

Upload: pat-patterson

Post on 10-May-2015

2.178 views

Category:

Technology


0 download

Report

Tags:

DESCRIPTION

OAuth has won wide acceptance in the web consumer space, with providers such as Facebook, Google and Twitter rolling the technology out to millions of users. What about the enterprise? In this session, we will reveal how salesforce.com has deployed OAuth to secure API access for thousands of enterprise customers, putting them firmly in control of access to their business data.

TRANSCRIPT

Page 1: Adapting OAuth to the Enterprise

Session ID:

Session Classification:

Chuck Mortimoresalesforce.com

IAM-F42A

Intermediate

ADAPTING OAUTH TO THE ENTERPRISE

Pat Pattersonsalesforce.com

Page 2: Adapting OAuth to the Enterprise

THE CONSUMER EXPERIENCE

Page 3: Adapting OAuth to the Enterprise

CONSUMER EXPERIENCE

Page 4: Adapting OAuth to the Enterprise

CONSUMER EXPERIENCE

Page 5: Adapting OAuth to the Enterprise

CONSUMER EXPERIENCE

Page 6: Adapting OAuth to the Enterprise

CONSUMER EXPERIENCE

Page 7: Adapting OAuth to the Enterprise

STRAIGHT OAUTH

Page 8: Adapting OAuth to the Enterprise

► Device opened a browser with authorization URL

► Tokens returned on URL behind # fragment – instrumented browser is monitoring and parses URL

WHAT JUST HAPPENED?

Page 9: Adapting OAuth to the Enterprise

► Simple Developer Experience► Approachable without massive investment

► Mobile Optimized► This is where your business processes are going

► Broad platform applicability► It’s just HTTP

► Adaptive Authentication► Allows us to leverage the web

► Context► Adds Application as an actor

WHY WE LOVE OAUTH

Page 10: Adapting OAuth to the Enterprise

► Passwords► What about assertions, token services, and federation?

► Consumer Authorization► Who has jurisdiction over enterprise resources?

► Server to Server ► What if I don’t have a “user”?

WHAT THE ENTERPRISE DOESN’T LOVE

Page 11: Adapting OAuth to the Enterprise

► 1 - Device opens browser with Authorize URL► 2 - Service Provider sends SAML Request to IDP► 3 - User Authenticates ► 4 - Identity Provider sends SAML Response to SP► 5 - OAuth request is Authorized ► 6 - Authorization Service responds with code or Token

Response

MOBILE FEDERATION

Page 12: Adapting OAuth to the Enterprise

OAUTH + SAML

Page 13: Adapting OAuth to the Enterprise

► Admin “installs” app

► App Uses any OAuth Flow

► User Authorization is determined via Admin settings

► Optional Policy Enforcement

ADMIN AUTHORIZATION

Page 14: Adapting OAuth to the Enterprise

► RESTful STS Pattern► Apps can exchange Credentials or Assertions for API

tokens► Enables API Federation, and password-less Cloud

► Username / Password Flow► Simple, but uses passwords

► Web SSO Assertion Flow► Reuse SAML SSO and existing Trust

► SAML/JWT Assertion Flow► Cert and Trust Specific to the App

SERVER TO SERVER OAUTH

Page 15: Adapting OAuth to the Enterprise

SUMMARY

Page 16: Adapting OAuth to the Enterprise

► OAuth 2.0 is not just for consumer apps► Can be composed with federation protocols – SAML etc► Can be brought under enterprise admin control► Can be used for Server-to-Server integration

SUMMARY

Page 17: Adapting OAuth to the Enterprise

Q & A

Chuck [email protected]

Pat [email protected]


CIS13: dentity in the Enterprise: Using OAuth in Google’s Cloud Platform and Identity and Security in Google Apps

Twitter oauth

OAuth protokol - sigurnost.zemris.fer.hrsigurnost.zemris.fer.hr/protokoli/2011_budiselic/OAuth protokol.pdf · OAuth protokol Ivan Budiseli c Seminarski rad za poslijediplomski predmet

The Borderless Enterprise: Adapting Network Management to Mobility, Cloud, & Shadow IT

Using Runtime Information for Adapting Enterprise Java Beans Application Servers

oAuth test

Everything OAuth

WordPress + OAuth

Facebook & OAuth

Adapting to Uncertain and Evolving Enterprise Requirementsalexei/pub/RCIS2013.pdf · Adapting to Uncertain and Evolving Enterprise Requirements The case of business-driven business

Oauth tutorial

Mastering OAuth 2 - Adobe Inc.€¦ · leveraging the OAuth 2.0 Authorization Framework Mastering OAuth 2.0 Charles Bihis Mastering OAuth 2.0 OAuth 2.0 is a powerful authorization

Adapting to Change: The Impact of Youth and Technology on the Global Enterprise

Identity Workshopinnovbfa.viabloga.com/files//Cloud_Identity_Summit... · OAuth 2.0 OAuth 1 + OAuth-WRAP + IETF = OAuth 2.0 Expanded participation with other major vendors such as

Oracle Access Management OAuth Service€¦ · OAuth 2.0 authorization server and also offers several compelling differentiations to enable the OAuth 2.0 Client and the OAuth 2.0

The How of OAuth OAuth Hackathon – 4/26 @ Six Apart

Adapting to Uncertain and Evolving Enterprise Requirements

OAuth Tokens

Entendiendo oAuth

Adapting the Lean Enterprise Self-Assessment Tool for Software Development Domain

OAUTH 2 UND OPENID CONNECT SECURING MICROSERVICES … · OAUTH 2.0 101 RFC 6749: The OAuth 2.0 A uthorization Frame work RFC 6750: OAuth 2.0 Bearer Token Usage RFC 6819: OAuth 2.0

The Essential OAuth Primer: Understanding OAuth …docs.media.bitpipe.com/.../item_426600/The-Essentials-of-OAuth.pdfThe Essential OAuth Primer: Understanding OAuth for Securing Cloud

ì OAuth & OpenID Connect · 2018-12-04 · OAuth ìOAuth is a framework, not a protocol ìImplementations vary by enterprise ìInteroperabilityL ìYou can’t switch from Google

Akana OAuth Server - Share data securely for mobile, APIs and web apps · 2019-06-19 · Share Data Securely for Mobile, APIs and Web Apps OAuth Server™ is an enterprise authentication

OAuth 2 - Sesar Labsesar.di.unimi.it/corsi/SOASecurity/slide/OAuth2.0from...OAuth 2.0 From scratch What is OAuth 2 •OAuth 2 is an authorization framework that enables applications

Enterprise Secure Chat3.1 OAuth The Enable OAuth tab is appropriate for customers who wish to have different users sign into the same device for shift work. This option requires an

THE ENTERPRISE AUTOMATION ACROSS · ENTERPRISE INTEGRATIONS Integrate with enterprise authentication like TACACS+, RADIUS, Azure AD. Setup token authentication with OAuth 2. Setup

Enterprise Mission Tailored OAuth 2.0 Profile · 2020-02-19 · 1 Introduction This document profiles the OAuth 2.0 web authorization framework [RFC6749] for use in the context of

Twitter4R OAuth

API Security and OAuth for the Enterprise

Incorporating OAuth: How to integrate OAuth into your mobile app

ADAPTING TO CHANGE - Social Enterprise Scotland · 2020. 11. 3. · 2 Social enterpriSe Scotland | ADAPTING TO CHANGE 2020 has been a year like no other. our sector has faced many

OAuth Passport

The Essential OAuth Primer: Understanding OAuth for Securing Cloud

Adapting to Ever-Changing Technology with a Complete Enterprise