1 / 15

HOL10178 - Mobile Access Management and API Security

HOL10178 - Mobile Access Management and API Security. Kanishk Mahajan Principal Product Manager, Oracle.

gita
Download Presentation

HOL10178 - Mobile Access Management and API Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HOL10178 - Mobile Access Management and API Security Kanishk Mahajan Principal Product Manager, Oracle

  2. This document is for informational purposes.  It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.  The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.  This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle.  This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle.   This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.

  3. Oracle Access Management Mobile & Social Overview Social Sign-On Standards Support Mobile Security Cloud Access

  4. Mobile Security Device Fingerprinting & Tracking Device Registration Mobile and Social Access Management Lost & Stolen Devices Native App OAM Service GPS/WIFI Location Awareness Oracle SDK OAAM Service REST Risk-based KBA & OTP Web App Transactional risk analysis Directory User Profile Services Security App

  5. Example Login Flow – Native App with OAM Mobile and Social Server(Server) Security App (Mobile) 1 Request Access Token Client App(Mobile) • If valid token in local credential store, return token to App, else continue below. • Present login page • Accept username/password • Extracts device attributes and ID contexts • Makes authentication call with user/password, device attributes and device tokens • Validates device tokens • Registers Device/App if unregistered • Authenticates with OAM Server • Publishes ID context to OAM Server and OES for authorization decisions • Invokes OAAM for risk analysis • Responds User/Access Tokens 2 3 Oracle SDK 5 Use token to make calls to server application protected by OAM 4 • Stores User/Access Token • Returns token to Client App

  6. Client SDKsNative Libraries for iOS and JAVA Quickly build security into your mobile applications Store/Access Keys, Tokens, Handles and other secure data Access Mobile Device Information (OS, Carrier, Geolocation, IP/MAC) Support KBA, OTP via Email and SMS Manage Single Sign-on

  7. Mobile & Social SDK • Authentication Module • Processes authentication requests on behalf of users, devices, and applications. • Secure Storage Module • Provides APIs to store and retrieve sensitive data using the Android Preference Manager or the iOS Keychain feature • User Role Module • Provides User Profile Services that allow users and applications to get User and Group details from a configured Identity store. • Cryptography Module • Provides intuitive Java APIs (similar to Objective C APIs for the iOS) for common cryptography tasks. • REST Web Service Handler Module • Provides access to REST Web services protected by Access Manager. Components

  8. Why use the M&S SDK? Features **New in R2PS1

  9. Developing with the SDK – iOS Example Methods called by the programmer • Initialize • initWithURL:(NSURL *)url appName:(NSString *)applicationName domain:(NSString *)domain delegate:(id<OMMobileServiceDelegate>)delegate • Setup • setup • Authenticate • startAuthenticationProcess:(OMAuthenticationRequest *)authnRequest presenterViewController:(UIViewController *)presenter

  10. Developing with the SDK – iOS example Methods called back by the SDK • Callback after setup • didReceiveApplicationProfile: (NSDictionary *) applicationProfile error: (NSError *)error • Callback after authentication • didFinishAuthentication:(OMAuthenticationContext *)context error:(NSError *)error

  11. Configuring Mobile & Social Services – OAM Server • Server Administration: • Service Profiles • Service Domains • Application Profiles • Internet Identity Services

  12. Bootstrap existing customer native applications with Mobile SDK (iOS or Android) Android SDK/iOS SDK Focus DEMONSTRATION

  13. Summary • Mobile security is more than device management • Use a Mobile-focused security product to simplify the development of secure mobile applications • Oracle provides an end to end mobile security solution that leverages existing investments in access management

More Related