TrueNTH OAuth Role Based Permission System Victor de Lima Soares TrueNTHConnect TrueNTH OAuth Role Based Permission System Victor de Lima Soares

TrueNTH “TrueNTH will provide personalised practical, information, support and programs that can address the individual needs of men and their families.” [2] understands that treatment alone is not enough Interventions CMS Research Social features, sharing 2

User experience platform TrueNTHConnect The conception a secure space were information can be constructed and shared to help Movember in improving patients’ life experience. User experience platform Unified look and feel Unified Session Management Sharing information CMS to User Experience SSO 3

TrueNTHConnect sub-projects

TrueNTHConnect phases Support library Management interfaces Standard evaluation Protocol review Protocol development Protocol development Support library Library selection Alternatives Management interfaces Standard evaluation CORS for authentication

TrueNTHConnect at a glance

Major components that trigger login actions, example Project scope Technology type and location Liferay Licence Project reuse 7

Session management protocol TrueNTHConnect Session management protocol

TrueNTHConnect TrueNTHConnect is a plug-in and hot pluggable project, which is responsible for turning Liferay into an OAuth client, following our protocol specifications to attain our target security services: identification, authentication and authorization.

OAuth Why? Challenge Central authority with many protected resources OAuth is a flexible authorization framework Widely deployed OAuth is not an authentication framework It does not provide build-in protocols Client logic is undefined

OAuth Presence !! Bearer token – no owner 11

SS OAuth Presence !! 12

SS OAuth for authentication Presence !! Compliance with Oauth and standards for Oauth over HTTP 13

SS OAuth for authentication Presence !! 14

SS OAuth for authentication Presence !! 15

SS OAuth for authentication Presence !! 16

Command receiver Receive orders Micro framework Struts entrance point Roles deletion Unilateral logout Information update Maintenance 17

Session manager Session search Spring – shared memory 18

Shared resource

Configuration portlet Security policies that are conseptionaly linked to SS Configuration 20

Configuration portlet Security policies that are conseptionaly linked to SS Controller 21

TrueNTHConnect User Roles

Liferay’s permission system

Role mapping Security policies that are conseptionaly linked to SS 24

Role mapping Security policies that are conseptionaly linked to SS 25

Role mapping Security policies that are conseptionaly linked to SS Configuration 26

Role mapping Security policies that are conseptionaly linked to SS Visualization 27

Role mapping Security policies that are conseptionaly linked to SS Adding new rules 28

Role mapping Security policies that are conseptionaly linked to SS Database 29

Role mapping Security policies that are conseptionaly linked to SS Portlet 30

Data driven services

Uniformity everywhere OAuth Library Uniformity everywhere

Login flow Multiple calls!! LR was building the HTTP requests, line by line Different URLs, parameters, signatures 33

Extractor API Demographics

Extractor API Roles

Library Uniform flow for requests Parameters and signatures build in the same way Safer options to communicate with SS RFCs’ use case isolated and tailored for SS Shared knowledge Knowledge of data model specifications Solid base: ScribeJava (version 1.3) Apache Commons Codec (version 1.10 or superior) JSON Processing (version 1.0.4 or superior) Java SE Library

Library Service

Questions?