Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dataporten Andreas Åkre Solberg

Published byBerenice Blake Modified over 6 years ago

Similar presentations

Presentation on theme: "Dataporten Andreas Åkre Solberg"— Presentation transcript:

1 Dataporten Andreas Åkre Solberg andreas.solberg@uninett.no
– from SAML and Single Sign-On to an API Platform for data sharing TNC2017, Linz May 30th, 2017 Andreas Åkre Solberg

2

3

4

5

6

7

8

9 Dataporten 100% Self service. No service provider fee, and no contract. Authentication and Authorization: OpenID Connect + OAuth Client gets a key (token) to access a set of APIs Userinfo endpoint Groups API Third party APIs

10 100% self service Dataporten Developer Dashboard.
Selvbetjening av både registrering av applikasjoner og API-er.

11 Developer dashboard: Choosing auth providers

12 Auth Providers Feide (Norwegian Higher and lower education)
Norwegian Government ID (ID-porten) eIDAS (soon) eduGAIN (piloting) Social network login (Facebook, LinkedIn, Twitter) Guest login (Feide OpenIdP)

13 OpenID Connect Identity layer on top of OAuth 2.0
Standardises userinfo endpoint Sends cryptographic signed token with user identity along with the Oauth token. JWT - JSON Web Token (various signed messages in OpenID Connect)

14 The combo OAuth 2.0 and OpenID Connect
is very convenient for building an API Platform. It allows you to build API authorization into the authentication UI.

15 Mobile (Native apps) OpenID Connect / OAuth works better with Mobile (native apps) Supporting long-lived tokens. Secures mobile app communication with its own backend. Not supporting synchronized user sessions and Single Logout.

16 Choosing auth provider
End-user experience Choosing auth provider Choose institutions, or social login, guests. Choose country for international intitutions. Logos, coordinates, and geo-positioning. Incremental search Only viewed the first time.

17 Choosing auth provider
End-user experience Choosing auth provider Choose institutions, or social login, guests. Choose country for international intitutions. Logos, coordinates, and geo-positioning. Incremental search Only viewed the first time.

18 End-user experience Account chooser Remembers your account(s)
Easy bypass choosing organization, but still has the option to select something else. Give user context with service provider, account, even in case of SSO. Shows a visual indication of accounts where you are already logged in.

19 End-user experience User consent OAuth authorization dialog
Not limited to attribute transfer: also access third party resources / APIs.

20 Groups API

21 Group model Group API – VOOT
Fetch the list of groups the current authenticated user is member of.

22

23 ad-hoc groups Dedicated frontend to create user controlled collaboration groups. Person API allows users to find other users by incremental search and add to group.

24 Third party APIs

25 Nytt grensesnitt mot tjenester..
Flere autentiseringskilder. Gruppe API-er Tilgang til tredjeparts gruppe API-er.

26 Self service for API Providers
Anyone can register new APIs, and connect their own clients to the backends, or expose them for others to request access.

27 API Library Public third party APIs forms the API Library
Clients may search and navigate in the API catalogue and request access to the ones needed.

28 OAuth 2.0 Access Token The OAuth access token that the client receives has a combination of global scopes, and scopes namespaced for third party APIs. userinfo, feide, , gk_mediasite, gk_mediasite_admin

29 Client API Gatekeeper

30 Signed/encrypted tokens
For some use cases, where data is required to go directly from client to API because of security or performance requirements, we make use of a JWT Token Issuer Service.

31 Dataporten source code
All open source Available on github All components run as docker containers. All components run replicated (lb + fail-over) Uses cassandra for storage.

32 Preparations for next step multiple data centers
running Dataporten across multiple data centers

33 OAuth / OpenID Connect libraries docs.dataporten.no
We’ve collected some experience with OAuth / OpenID Connect libraries. As well as demoed a large set of open source software to Dataporten. Vi har gjort litt arbeid med demotjenester og eksempler, og forsøker å holde oppdatert en liste med lenker til biblioteker og eksempelkode på docs.dataporten.no. Vi skiller mellom Utvidet OAuth 2.0 plugins, og docs.dataporten.no

34 Open Source applikasjoner Dataporten + Docker
DokuWiki MediaWiki Wordpress Drupal Mattermost GitLab Redmine WekanBoard OwnCloud Jupyter Notebook Flarum Etherpad Rocket.chat

35 Flarum Etherpad

36 Rocket.chat

37 Thanks. andreas.solberg@uninett.no

Download ppt "Dataporten Andreas Åkre Solberg"

Similar presentations

FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
Oracle IDM at First National Bank

Oracle IDM at First National Bank
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.

FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Securing Insecure Prabath Siriwardena, WSO2 Twitter

Securing Insecure Prabath Siriwardena, WSO2 Twitter
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Confidential FullArmor Corp. 2015 Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.

Confidential FullArmor Corp Platform for SaaS and mobile apps to remotely access, migrate, and sync Active Directory resources with the cloud ADanywhere.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.

GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.

Clients using wide variety of devices/languages/platforms Server applications using wide variety of platforms/languages Browser Native app Server.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
Google App Engine Google APIs OAuth Facebook Graph API

Google App Engine Google APIs OAuth Facebook Graph API
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten

OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten
Office 365 Platform Flexible Tools Each Office 365 Workload API required different Authentication.

Office 365 Platform Flexible Tools Each Office 365 Workload API required different Authentication.
© 2012 Autodesk Implementing Cloud-Based Productivity Solutions with the AutoCAD® ObjectARX® API Ravi Krishnaswamy Senior Software Architect.

© 2012 Autodesk Implementing Cloud-Based Productivity Solutions with the AutoCAD® ObjectARX® API Ravi Krishnaswamy Senior Software Architect.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.

FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Openid Connect https://store.theartofservice.com/the-openid-connect-toolkit.html.

Openid Connect
FriendFinder Location-aware social networking on mobile phones.

FriendFinder Location-aware social networking on mobile phones.
Building consumer apps with Azure AD B2C

Building consumer apps with Azure AD B2C
Adxstudio Portals Training

Adxstudio Portals Training
Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Slavko Kukrika MVP Connect Windows 10 to the Cloud – Cloud Join.

Similar presentations

Ads by Google