Skip to end of metadata
Go to start of metadata

Introduction

This section intend to explain most of the key security aspects we work with in our work to design Whydah to be a very solid and secure solution. Security is a Many-Headed Troll so we think it is important to be level with everyone on our strategy and approach to security, so you can evaluate if it is aligned with your requirements and needs. We are always very interested in discussions on this topic, so please let us know if you have comments, ideas or just want to discuss the security parameters of an IAM/SSO solution.

Simplified Whydah Security Hierarchy

Full Size

Main security-oriented module responsibilities

STS - SecurityTokenService

  • Session controller (application and user sessions)
    • session initialization, verification, extension
    • user session security elevation (user token security level)
    • user token security mechanisms
  • System threat state coordination (DEFCON-level)

UAS - UserAdminService

  • Admin API Guard (UAWA and 3rd party applications with Whydah Admin Rights)
    • Use-case API authorization
  • Borderline DMZ proxy for UIB
    • Ensure the request is issued by a verified application and verified user, before forwarding the request to UIB.
    • QoS for UIB. Ensure filtering of the content before allowing forward to UIB.
    • ApplicationFilter to UIB
  • Use-case API for clients, using UIB API with or without rights elevation to perform the work)

UIB- UserIdentityBackend

  • Secure vault for users and applications
  • Resource administration API
  • Resource protection
  • Authenticating Application Credentials and User Credentials
  • Resource authorization for Whydah internal resources.
  • Resource authorization for what 3rd. party applications may see of the UserToken.

Whydah Internal Security Model - Application Authentication

Full Size

Whydah Internal Security Model - Call to Whydah Admin APIs

Full Size
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.