Security Considerations

Slides:

Advertisements

Similar presentations

The How of OAuth OAuth Hackathon – Six Apart

Advertisements

Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting.

Network Secure Gateway What is the Network Secure Gateway ? It is in essence Secure remote access to PC’s and resources on your network. This includes.

FI-WARE Testbed Access Control temporary solution.

Foundation API: Today and Tomorrow Rion Dooley. Today v1 is in production 192 apps Creeping up on 200,000 requests/month About to hit 10,000th job Blowing.

TWEETSTER FOR OMEKA Kathleen Comeau. Tweetser: An Introduction  What is Tweetster?  Tweetster is a plugin for Omeka and WordPress websites that automatically.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

WSO2 Identity Server Road Map

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

Active Directory federation user provisioning.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Advanced Java Class Web Applications – Part 0 (Introduction)

Active Directory federation user provisioning.

©2012 Microsoft Corporation. All rights reserved..

Authenticating REST/Mobile clients using LDAP and OERealm

SSL From Your Smartphone Support for Android Smartphones /

Google App Engine Google APIs OAuth Facebook Graph API

Fraser Technical Solutions, LLC

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.

Course 201 – Administration, Content Inspection and SSL VPN

Excel Connector for JIRA Installation and functional presentation.

MAE Atlassian Tool Suite Administration Training July 8 th, 2013.

Timothy Heeney| Microsoft Corporation. Discuss the purpose of Identity Federation Explain how to implement Identity Federation Explain how Identity Federation.

CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

1 ® Copyright 2009 Adobe Systems Incorporated. All rights reserved. Adobe confidential. 1 Building Portlets with ColdFusion Pete Freitag Foundeo, Inc.

Secure Socket Layer (SSL) and Secure Electronic Transactions (SET) Network Security Fall Dr. Faisal Kakar

First App Bhanu Kishan. Note Before proceeding further, please go through the MIT App Inventor tutorials in Youtube for better understanding the slides.

SE-2840 Dr. Mark L. Hornick1 Web Application Security.

ArcGIS Server for Administrators

1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.

Confidential. For use within only Slide 1 iOS and Android content protection requirements Version 0.2 Sony Pictures Entertainment Tim Wright.

JIRA Integration 0.04 Version of JIRA Plugin Rajesh Jain.

IS 4506 Establishing Microsoft NNTP Service.  Overview NNTP Service benefits How the NNTP Service works Configuring and managing NNTP Service.

Securing Sensitive Information Data Security Dashboards often contain the most important data in the company Securing that information makes business.

Integrating and Troubleshooting Citrix Access Gateway.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.

EL 10 - From IoT to Mainframe, secured and all Mobile Integration with z Systems Aymeric Affouard IT Specialist

Your friend, Bluestem. What is Bluestem? “Bluestem is a software system which enables one or more high-security SSL HTTP servers in a domain (entrusted.

1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.

Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.

Combining ArcGIS for Server & ArcGIS Online Julia Guard and Matt Monson.

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.

F5 APM & Security Assertion Markup Language ‘sam-el’

#SummitNow Consuming OAuth Services in Alfresco Share Alfresco Summit 2013 Will Abson

Lecture 6 (Chapter 16,17,18) Network and Internet Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Integrating Pantheon-Hosted Drupal with the UC Berkeley Research Hub BDUG Monday, February 24, 2014 Room 4, Dwinelle Hall.

#SummitNow Alfresco for Salesforce 5 November 2013 / 13 November 2013 Will Abson Jared Ottley

ZIMBRA ROADMAP. Contains proprietary and confidential information owned by Synacor, Inc. © / 2015 Synacor, Inc. Deliver an advanced, feature rich collaboration.

Use Outlook Task API to access tasks stored on user’s mailbox. These REST API’s are  Simple to use.  Supports CRUD.  JSON structured.  OAuth 2.0.

Barracuda SSL VPN 2012.

Consuming OAuth Services in Alfresco Share

OceanWP Theme On Managed Cloud Hosting In Just 1-Click.

What is OAuth and Why?.

SharePoint Online Authentication Patterns

Electronic Payment Security Technologies

Presentation transcript:

Security Considerations February 15, 2015 2008-2015 Proprietary and Confidential, zAgile, Inc.

zAgileConnect Prerequisites Connectivity between Salesforce and JIRA zAgileConnect Salesforce App zAgileConnect JIRA Plugin OAuth REST over HTTPS OAuth Active Objects Components: Salesforce App (AppExchange) JIRA plugin (Atlassian Marketplace) On-premise JIRA (Version 6.x) HTTPS connection between Salesforce and JIRA 2008-2015 Proprietary and Confidential, zAgile, Inc.

zAgileConnect Authentication Salesforce to JIRA Requires JIRA SSL port accessible to Salesforce whitelisted IP addresses Uses OAuth token to authenticate all transactions from Salesforce to JIRA Communication over HTTPS All actions performed in JIRA on behalf of Salesforce users are restricted at Project and Issue Level with following precedence: first using privileges defined for that user in JIRA, if Salesforce user has an account in JIRA else using privileges defined for ‘Integration User’ in JIRA, if Salesforce user does not have an account in JIRA Requires JIRA URL to be defined as Remote Site in Salesforce Salesforce App communicates with zAgileConnect JIRA plugin, as well as JIRA via REST API https://developer.salesforce.com/page/Secure_Coding_Storing_Secrets#Apex_and_Visualforce_Applications 2008-2015 Proprietary and Confidential, zAgile, Inc.

zAgileConnect Authentication JIRA to Salesforce Uses OAuth for authenticating all transactions from JIRA to Salesforce JIRA defined in Salesforce as ‘Connected App’ with the following options: Full Access Perform requests on your behalf at any time ‘Consumer key’ and ‘Consumer secret’ tokens for Connected App stored in JIRA Application Properties Salesforce ‘Integration User’ account used to log in to Salesforce using the above tokens to generate Authentication token (also stored in JIRA Application Properties) Authentication token used with each REST call from JIRA to Salesforce Communication over HTTPS All transaction from JIRA use Salesforce REST API 2008-2015 Proprietary and Confidential, zAgile, Inc.