Pre-Con Ed: Workshop on Policy Creation, Management and Support for OAuth and OIDC

transcript

World®’16

WorkshoponPolicyCreationandManagementOlaMogstadDirector,SoftwareEngineeringCATechnologies

DO3X51E

DEVOPS

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation

Abstract

ThisworkshopwilldiveintosomeofthemanycapabilitiesoftheCAAPIGatewayandintroducetheaudiencetotheGateway’sownconfigurationpolicylanguage.

Thespeakerswillwalkyouthroughsomefundamentaltopicssuchasthebasicsofpolicy,policycreation,andpolicymanagement– butwillalsotransitionintomoreadvancedusecasessuchasleveragingexternalAPIsandexistingauthorizationstandardslikeOAuth andOpenIDConnect.

OlaMogstad

Director,SoftwareEngineeringCATechnologies

Sascha PreibischPrincipalSoftwareArchitect

DeveloperProductsVancouver,BC@nascarlogin

OlaMogstadDirector,SoftwareEngineering

DeveloperProductsVancouver,BC@OlaMogstad

AboutUs

RecommendedSessions

SESSION# TITLE DATE/TIME

DO3X50ECAMobileAPIGateway(MAG):HowtoProvideYourMobileUserWithaConvenient,YetSecure,OnboardingExperienceThroughOAuth andSAML

11/14/2016at4:00pm

DO3X40ECAAPIDeveloperPortal:PolicyWritingforthePortalusingthenewContextVariablesandAPIKeyCustomFields

11/15/2016at9:00am

Agenda

WHATISTHECAAPIGATEWAY?

INTRODUCTIONTOPOLICY

CREATINGANDMANAGINGPOLICY

SOMESIMPLEEXAMPLES

INTEGRATINGAPISWITHOAUTH

BONUSMATERIAL6

TheCAAPIGateway

CorporateNetwork

Servers

Identities

TheCAAPIGateway

CorporateNetwork

Servers

Identities

APIGateway

TheCAAPIGateway

CorporateNetwork

Servers

Identities

APIGateway

Message TransformationThreatProtection

PolicyEnforcement

ServiceOrchestration

Encryption&Decryption

TheCAAPIGateway

WhatisPolicy?

§ TheGatewayishighlyconfigurable

§ Policy“tellsitwhattodo”

§ Assertionsarecodemodulesthatdospecificthings

§ Request->Response

PolicyisactuallyXML

Assertionsarethebuildingblocksofpolicies

§ Everythinginapolicyisanassertion

§ Someincludedoutofthebox

§ CustomassertionSDK

§ Powerfulassertionscanbeverysimple

Policiescangetprettysophisticated

§ Conditionallogicthatmimicif/elsebehavior

§ Reusablesnippetscalledfragments

§ Policy-backedassertionscalledencapsulatedassertions

Whathappenshere?

Performanceiscritical

§ Withpowercomesresponsibility

§ A“perrequest”mindset

§ Doingversuswaiting– Policyexecution– Networklatency– Backendlatency

§ Caching

Policylife-cyclebecomesimportant

§ “Treatpolicylikecode”

§ Migrationandenvironment-specificconfiguration– ToolinglikeRESTMANandGMU/CMT

§ Engineeringbestpractices– Modularity,separationofconcerns– Comments

§ RBACandSecurityZones

OAuthandOIDC

§ Authorization

§ “Canyoudothis?”

§ Delegatelimitedaccesstothirdparties

§ Usesredirection

§ Pre-definedproviders

§ Authentication

§ “Whoareyou?”

§ Leveragingexistinguseraccountswiththirdparties

§ Usesredirection

§ Autodiscovery

OAuth2.0 OpenIDConnect

CAAPIGatewayOAuthToolkit

§ GatewayextensiontosupportOAuth1.0,OAuth2.0,andOIDC

§ Implementedlargelyinpolicy

§ Highlycustomizableandmodular

Questions?

Stayconnectedatcommunities.ca.com

Thankyou.

DevOps– APIManagementandApplicationDevelopment

FormoreinformationonDevOps– APIManagementandApplicationDevelopment,pleasevisit:http://cainc.to/DL8ozQ

Pre-Con Ed: Workshop on Policy Creation, Management and Support for OAuth and OIDC

Technology