Date post: | 11-May-2015 |
Category: |
Technology |
Upload: | mulesoft-inc |
View: | 1,349 times |
Download: | 4 times |
Mule Enterprise Security
Presenter: Reza Shafii, Director of Product Management
MuleSoft, @mulesoft, @cloudhub
All contents Copyright © 2011, MuleSoft Inc. 3
Agenda
Introducing Mule Enterprise Security
Drill-down into– Mule STS OAuth 2.0 Provider
– Mule Credential Vault
– Mule Security Filter Processors
Brief Overview of other New Mule Enterprise Security Features
Wrap-up and Q&A
All contents Copyright © 2011, MuleSoft Inc. 4
Mule Enterprise Security - Benefits
1 - Protect access to your Mule application end-points and the services they access
2 - Maintain the confidentiality of data used and emitted by your mule flows
3 - Guard your Mule interfaces against security attacks
SOA
Mobile
APIs
SaaS Integration
All contents Copyright © 2011, MuleSoft Inc. 5
Mule Enterprise Security
All contents Copyright © 2011, MuleSoft Inc. 6
Mule STS OAuth 2.0 Provider - Why
Protect your APIs
with OAuth
Enables credentials
to only be shared
with a single,
central entity
All contents Copyright © 2011, MuleSoft Inc. 7
Mule STS OAuth 2.0 Provider - What
Mule can act as an
OAuth 2.0 provider
OAuth element
protects flow
Supports for all
OAuth 2.0 grant
types
Supported end-points– HTTP/S, Jetty,
Servlet, Web Services
All contents Copyright © 2011, MuleSoft Inc. 8
Mule Credential Vault - Why
Access external
end-points without
exposing their
access credentials– Store credentials in
encrypted format
All contents Copyright © 2011, MuleSoft Inc. 9
Mule Credential Vault - What
Encrypt content of
Mule application
property files
Mule Studio provides
property value
encryption tool
Values decrypted
upon access from
Mule Flows
All contents Copyright © 2011, MuleSoft Inc. 10
Mule Security Filter Processors - Why
Whitelist a specific
set or range of IP
addresses
Enable expiry policy
using message
time-stamp
All contents Copyright © 2011, MuleSoft Inc. 11
Mule Security Filter Processors - What
Use Mule security
filter processors to – Set filtering needs
and parameters
Support for– IP filtering (single,
range, and CIDR)
– Message expiry
filtering
All contents Copyright © 2011, MuleSoft Inc. 12
Mule Enterprise Security – Features Overview
Feature Description
Mule Secure Token Service (STS) – OAuth 2.0 Provider
Enables a Mule server to act as an OAuth 2.0 authentication provider to protect specific mule flows.
Mule Credential Vault Encrypt sensitive values (e.g. passwords) in your Mule message flows.
Mule Security Filter Processors
Allow filtering of messages based on security criteria: IP based and expiry based.
Mule Digital Signature Processors
Simplifies the signing and verification of XML Signatures within Mule flows.
Mule Message Encryption Processors
Easily encrypt and decrypt sensitive data in Mule messages.
All contents Copyright © 2011, MuleSoft Inc. 13
Mule Enterprise Security
1 - Protect access to your Mule application end-points and the services they access
2 - Maintain the confidentiality of data used and emitted by your mule flows
3 – Guard your Mule interfaces against security attacks
SOA
Mobile
APIs
SaaS Integration
Q&A
All contents Copyright © 2011, MuleSoft Inc. 15