Patterns and Practices in Mobile SSO
-
Upload
wso2 -
Category
Technology
-
view
629 -
download
1
description
Transcript of Patterns and Practices in Mobile SSO
![Page 1: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/1.jpg)
Patterns & Practices in Mobile SSO
Prabath Siriwardena, Director of Security, WSO2
![Page 2: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/2.jpg)
About WSO2
๏ Global enterprise, founded in 2005 by acknowledged leaders in XML, web services technologies, standards and open source
๏ Provides only open source pla:orm-‐as-‐a-‐service for private, public and hybrid cloud deployments
๏ All WSO2 products are 100% open source and released under the Apache License Version 2.0.
๏ Is an AcIve Member of OASIS, Cloud Security Alliance, OSGi Alliance, AMQP Working Group, OpenID FoundaIon and W3C.
๏ Driven by InnovaIon
๏ Launched first open source API Management soluIon in 2012
๏ Launched App Factory in 2Q 2013
๏ Launched Enterprise Store and first open source Mobile soluIon in 4Q 2013
![Page 3: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/3.jpg)
What WSO2 Deliver
![Page 4: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/4.jpg)
Within the first decade of the 21st century – internet worldwide increased from 350
million to more than 2 billion.
![Page 5: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/5.jpg)
Mobile phone subscribers increased from
750 million to 5 billion
Today it’s around 6 billion
![Page 6: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/6.jpg)
Only 30% of mobile users, password protect their mobile devices
![Page 7: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/7.jpg)
Many SaaS providers ignore multifactor authentication for mobile applications
![Page 8: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/8.jpg)
113 cell phones are lost or stolen every minute in the U.S and $7 million worth
of smartphones are lost daily
![Page 9: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/9.jpg)
62% of mobile workers currently use their personal smartphones
for work
![Page 10: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/10.jpg)
http://www.websense.com/assets/reports/websense-2013-threat-report.pdf
![Page 11: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/11.jpg)
Mobile Device Management systems need to be an integral part of the corporate
Identity Management
![Page 12: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/12.jpg)
Cloud service providers are becoming mobile friendly with REST/JSON APIs
![Page 13: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/13.jpg)
OAuth 2.0 dominates Mobile and API security
![Page 14: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/14.jpg)
Avoid using Resource Owner Password OAuth grant type
![Page 15: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/15.jpg)
Mobile applications secured with OAuth can be vulnerable to phishing
![Page 16: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/16.jpg)
Your Facebook or Twitter account credentials can be quite easily phished
through your mobile phone - than from a laptop computer
![Page 17: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/17.jpg)
The need to bake-in client key and the secret key into the mobile app itself is an
issue yet to solve
![Page 18: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/18.jpg)
OAuth has given a better failover capability to mobile applications in case
of an attack
![Page 19: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/19.jpg)
It takes an average of 20 seconds for a user to log into a resource
![Page 20: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/20.jpg)
Single Sign On increases user productivity
![Page 21: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/21.jpg)
Browser based Single Sign On
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
![Page 22: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/22.jpg)
![Page 23: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/23.jpg)
Native Single Sign On
Native App Native IdP App
Mobile Device
![Page 24: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/24.jpg)
![Page 25: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/25.jpg)
OpenID Foundation is working on standardizing Native Single Sign On based on
OpenID Connect
![Page 26: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/26.jpg)
Federated Single Sign On
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
SAML2 IdP
SAML2 IdP
![Page 27: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/27.jpg)
Federated Single Sign On with heterogeneous Authorization Servers
![Page 28: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/28.jpg)
Native App Native Web Browser
Authorization Server (IdP)
Mobile Device
Federation Hub
Authorization Server (IdP)
![Page 29: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/29.jpg)
1 Native IdP Proxy App
![Page 30: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/30.jpg)
2 Native IdP App
![Page 31: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/31.jpg)
3 Native IdP App
![Page 32: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/32.jpg)
4 Native IdP App
![Page 33: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/33.jpg)
5 Native IdP App
![Page 34: Patterns and Practices in Mobile SSO](https://reader034.fdocuments.us/reader034/viewer/2022051816/546de18caf79597b298b5560/html5/thumbnails/34.jpg)
Contact us !