1 / 4

Gluu adds inWebo to supported two-factor authentication me

Gluu provides IT services to large organizations to help them design, build, and operate authentication and authorization (“AA”) systems to secure web and mobile applications using open source software

gluu
Download Presentation

Gluu adds inWebo to supported two-factor authentication me

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Gluu Publishes Open Source “Enterprise UMA” Software to enable OAuth 2.0 Access Gluu announced today that the newest software release from OX, Gluu’s open source authorization and authentication project, implements UMA, a new profile of OAuth 2.0 for access management. As a profile of OAuth 2.0 that is complementary to OpenID Connect, UMA defines RESTful, JSON-based, standardized flows and constructs for coordinating the protection of any API or web resource. UMA defines interfaces between “authorization servers” and “resource servers” that enable centralized policy decision-making for improved policy administration, auditing, and responsiveness to security threats. According to the UMA Working Group’s case study on enterprise access management, “although UMA’s primary use cases have centered on individual people, more specifically the “users” who manage access to their own online resources, the UMA notion of authorization as a service also has relevance to modern enterprises that must secure APIs and other web resources in a developer-friendly way.”

  2. The UMA Work Group observes the utility of the protocol for multiple scenarios, noting that “Enterprise UMA” has a number of use cases, including managing client access to API’s, defining logic for Stepped-Up Authentication, and providing the foundation for standards-based interoperable web access management.” With UMA, developers can handle authorization tasks by calling simple JSON/REST endpoints. Administrators no longer have to deploy a web server plugin module or a web “reverse proxy” to enable centralized web authorization. This new paradigm can also be leveraged by “native applications”, for example mobile or cloud applications. “Integrating UMA into OX, our open source authorization and authentication platform, has opened the door for new enterprise authorization capabilities only partially solved by previous commercial access management suites,” said Gluu CEO Michael Schwartz. “UMA is a major milestone for the Internet. Right now authorization logic is managed in each application, and it is hard for large organizations to centralize policies. Previous attempts to centralize authorization policies have been proprietary, and are not Internet scale. By defining an IETF standard for a developer-friendly access management protocol, UMA reverses this trend, and ultimately will make the Internet a safer place for both people and companies.”

  3. The OX UMA Authorization Server implements all the UMA defined endpoints. It also provides a web tool to enable administrators at the domain to view the servers resource sets and to define the policies for access management. These are written using Java or Python code, and customized to meet the exact authorization requirements, including calls to external systems or datcan be highly a sources. OX also provides all OpenID Connect endpoints, which provide client registration, authentication, and attribute release policies to support an UMA policy decision point, which is required by the UMA endpoints. For more information on Gluu’s implementation of UMA visit http://gluu.org/uma-access-management About Gluu: Gluu provides an open source authentication and authorization platform for organizations that want to leverage open standards such as OpenID Connect, SAML 2.0, and UMA to enable strong authentication, active directory single sign on, and access management. Deployed quickly on the customers’ IAAS platform of choice, Gluu’s technology stack improves the quality and drives down the cost of an increasingly complex and mission critical IT service: authentication and authorization (AA).

  4. About UMA: User-Managed Access (UMA, pronounced “OOH-mah”) is an OAuth-based protocol designed to give a web user a unified control point for authorizing who and what can get access to their online personal data (such as identity attributes), content (such as photos), and services (such as viewing and creating status updates), no matter where all those things live on the web.

More Related