Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape
时间:
2021-03-14 00:02:46
阅读:
37
评论:
收藏:
0
[点我收藏+]
Security Basics - Providers
- User, Identity
- Where are the user credentials stored?
- Authentication
- Who does this? IDP
- How does it happen?
- Authorization
- Application does this
- Uses information from IDP
Security Basics - Homegrown
- Identify
- Stored in application database
- Authentication
- Authorization
- Not recommended
Security Basics - LDAP
- Identity
- Stored in LDAP database
- Microsoft Active Directory
- Authentication
- Authorization
- LDAP and Application in same data center
Security Basics - SAML(Security Assertion Markup Language)
- Communicating across data centers(use HTTP Redirect)
- Identity
- Stored in LDAP database
- Microsoft Active Directory
- Authentication
- SAML Identity Provider does the authentication
- ADFS
- Authorization
- Application controls it
- Can use LDAP groups
- SAML Metadata File
- Trust between
- SAML Identity Provider
- SAML Service Provider
- SAML Response
- Contains SAML Token
- Token contains claims
- Federated User
- Single Sign On
- Redirect importance
Security Basics - SSO
- Avoid entering the user credentials (use SSO)
- The network user is already a part of AD
- Single Sign On(SSO)
Problem Use cases
-
Cloud Apps
- How does REST calls across network boundaries get secured?
-
Machine to Machine
- Scheduled Tasks, Daemons sometimes need to call REST APIs. How are they secured?
- No user involved
- Social Media Sites
- Facebook
- LinkedIn
- Google
- Twitter
- GitHub
- Yahoo
- A user usually has Multiple Identities
- What if a third party application wants to access or publish to these sites on behalf of its user?
- User/password would be a bad idea.
Enterprise OAuth 2.0 - Enterprise and Social Media Application Landscape
原文:https://www.cnblogs.com/keepmoving1113/p/14529709.html
