web-based access management and Enterprise UMA - PowerPoint PPT Presentation

About This Presentation
Title:

web-based access management and Enterprise UMA

Description:

The Gluu Server is a combination of open source identity and access management software that is built, configured, and supported by Gluu. – PowerPoint PPT presentation

Number of Views:10

less

Transcript and Presenter's Notes

Title: web-based access management and Enterprise UMA


1
 Web-based access management and Enterprise
UMA
  • User-Managed Access, also known as UMA, is a
    web-based access management protocol. The
    protocol is currently defined in a draft version
    1.0 specification. UMA leverages two factor
    security and OAuth 2.0, and for the first time,
    enables organizations to use open standards to
    protect web resources and APIs.
  •  
  • Where once web access management (WAM) and single
    sign-on (SSO) were sufficient for many purposes
    in the enterprise context, a new requirement has
    surfaced managing access to an enterprises web
    APIs, not just web apps. Todays systems for
    managing this type of access have a number of
    challenges.
  •  
  • Using current WAM solutions to provide API
    security can be unfriendly to developers,
    complex, expensive, and likely proprietary.
    Mobile clients struggle to deal with XML-based
    and SOAP-based security mechanisms. Enterprise IT
    struggles to deploy agents or proxies.
  •  
  • As a profile of OAuth 2.0 (IETF RFCs 6749 and
    6750) that is complementary to OpenID Connect,
    UMA defines RESTful, JSON-based, standardized
    flows and constructs for coordinating the
    protection of any API or web resource in a way
    that will be familiar to
  •  

2
any developer already acquainted with OAuth.
Mobile developers accept technologies that use
HTTP and JSON at their core. UMAs notion of
machine-readable resource set and scope
descriptions creates an access control mechanism
that enables control over specific API scopes
(customizable buckets of API functionality), not
just domains. With UMA, client app developers can
handle authorization tasks by calling simple
REST/JSON endpoints administrators dont have to
deploy a web server agent or reverse proxy to
enable centralization.   UMA defines interfaces
between authorization servers and resource
servers that, by default, enable centralized
policy decision-making for improved service
delivery, auditing, policy administration, and
accountability, even in a very loosely coupled
public API environment. Custom profiles enable
flexibility to move the decision-making line
outward to distributed applications, to account
for local preferences in API ecosystems. UMA does
not standardize a policy expression language,
enabling flexibility in policy expression and
evaluation through XACML, other declarative
policy languages, or procedural code as warranted
by conditions. UMA inherits authentication
agnosticism from OAuth. It concentrates on
authorization, not on authentication. It has been
profiled to work with OpenID Connect to gather
identity claims from whoever is attempting
access, and enables true claims-based
authorization (with simple group- or role-based
policies a natural subset).  
3
Solution Scenario   In UMA trust model
terminology, this scenario is in the category
non-person entity (NPE) to person sharing. An
organization say, BusinessCo is both the
resource owner (technical term) and the
Authorizing Party (contractual term), acting on
its own behalf, protecting its own resources. A
human resource owner agent acts in an IT
administrator role.   BusinessCo runs a service
that does whatever elements of the authorization
job it has chosen to centralize this is the UMA
authorization server. Think of this as a policy
decision point (PDP), though UMAs default
profile gives less than 100 of the
decision-making responsibility to it (the
authorization server may in turn outsource actual
decision-making to an XACML PDP or some other web
service). This service would also expose policy
administration point (PAP) functions to the IT
administrator in some fashion. The service may
itself be a policy information point (PIP), or
may call out to one or more PIPs.   The web
access management system and APIs it has chosen
to expose, some of which may be run and hosted by
third-party SaaS vendors these apps and APIs
represent the UMA resource servers. Think of
these as policy enforcement points (PEPs), though
UMAs default profile gives a bit of
decision-making responsibility to them.   Article
resource-http//gluu.soup.io/post/476732841/web-b
ased-access-management-and-Enterprise-UMA  
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "web-based access management and Enterprise UMA" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!