Presentation is loading. Please wait.

Presentation is loading. Please wait.

OAuth protocol for CERN Web Applications

Published byClemence Nicholson Modified over 6 years ago

Similar presentations

Presentation on theme: "OAuth protocol for CERN Web Applications"— Presentation transcript:

1 OAuth protocol for CERN Web Applications
CERN openlab Summer Student Supervisor: Luis Rodriguez Fernandez IT-DB-IMS Emil Kleszcz 18/08/2016

2 Goals How CERN Java Web Application can make use of OAuth2 protocol?
Comparison of SAML2 and OAuth2 protocols, Providing SSO (Single Sign-On), Integrate with current infrastructure. 18/08/2016 Emil Kleszcz

3 Challenges Find the best solution: easy to maintain and secure
SAML2 has some limitations: For instance, logout protocol session fails if one or more participants fail in the session (solution delete cookies) 18/08/2016 Emil Kleszcz

4 Single Sign-On (SSO) 18/08/2016 Emil Kleszcz

5 OAuth2 18/08/2016 Emil Kleszcz

6 SAML2 18/08/2016 Emil Kleszcz

7 Best solution? 18/08/2016 Emil Kleszcz

8 Comparison (pros & cons)
OAuth simpler and more standardized solution (native), SAML2 - more complete specification (web), Both work fine for SSO, They are complementary. 18/08/2016 Emil Kleszcz

9 Results & Future Proof of Concept: github.com/tr0k/OAuth2LibPoc
Entries on blog (db-blog.web.cern.ch) Testing on Oracle Java Cloud 18/08/2016 Emil Kleszcz

10 Thank you for attention 
18/08/2016 Emil Kleszcz

Download ppt "OAuth protocol for CERN Web Applications"

Similar presentations

Identity Network Ideals – Heterogeneity & Co-existence

Identity Network Ideals – Heterogeneity & Co-existence
Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.

Cloud PIV Authentication and Authorization Demo PIV Card User Workstation Central Security Server In order to use Cloud Authentication and Authorization.
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Contrail and Federated Identity Management

Contrail and Federated Identity Management
Oracle IDM at First National Bank

Oracle IDM at First National Bank
Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.

Eunice Mondésir Pierre Weill-Tessier 1 Federated Identity with Ping Federate Project Supervisor: M. Maknavicius-Laurent ASR Coordinator: G. Bernard ASR.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.

Digital DNA Server Login People ®. Login People ˃ IT security vendor ˃ Patented Digital DNA ® technology innovation Digital DNA Server Multi-factor Authentication.
Amazon RDS (MySQL and Oracle) and SQL Azure Emil Tabakov Telerik Software Academy academy.telerik.com.

Amazon RDS (MySQL and Oracle) and SQL Azure Emil Tabakov Telerik Software Academy academy.telerik.com.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Grid Programming Environment (GPE) Grid Summer School, July 28, 2004 Ralf Ratering Intel - Parallel and Distributed Solutions Division (PDSD)

Grid Programming Environment (GPE) Grid Summer School, July 28, 2004 Ralf Ratering Intel - Parallel and Distributed Solutions Division (PDSD)
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
Widely Distributed Access Management Tom Barton University of Chicago.

Widely Distributed Access Management Tom Barton University of Chicago.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.

ORACLE APPLICATION SERVER BY PHANINDER SURAPANENI CIS 764.
Shibboleth Use in the Open Source Community Keith Hazelton for Steven Carmody.

Shibboleth Use in the Open Source Community Keith Hazelton for Steven Carmody.
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Elia Windows 10 journey. TMD.Net Manager. Elia & Owner

Elia Windows 10 journey. TMD.Net Manager. Elia & Owner
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

Similar presentations

Ads by Google