View
2.097
Download
0
Category
Preview:
DESCRIPTION
Citation preview
© 2012 IBM Corporation
An IBM Proof of Technology
Securing and managing mobile applications using Worklight
© 2012 IBM Corporation
IBM Software
Securing and managing mobile applications using Worklight
Agenda
� Securing mobile applications using Worklight
� Managing mobile applications using Worklight
� Distributing mobile applications using IBM Application Center
2
© 2012 IBM Corporation
IBM Software
Worklight Server
Performs Data Transformation to streamline back-end data for mobile consumption
Built-in Adapters with support for SOAP, REST, SQL, Cast Iron, as well as a custom Adapter development interface
Server and device Security control
Supports Physical Clustering for high availability
Controls Application Deployment and Versioning
Push Notification administration
Analytics including user adoption and usage data
Securing and managing mobile applications using Worklight3
© 2012 IBM Corporation
IBM Software
Worklight Console
• Application Version Management
• Push management
• Usage reports
• Configurable audit log
• Administrative dashboards for:
• Deployed applications
• Installed adapters
• Push notifications
• Data export to BI enterprise systems
Securing and managing mobile applications using Worklight4
© 2012 IBM Corporation
IBM Software
Securing mobile applications requires a multi-pronged approach
Securing and managing mobile applications using Worklight
Validate installed applications
• Must ensure the validity of applications connecting to enterprise systems
Validate user devices• Must ensure that only specific applications
on specific devices can connect to
enterprise systems
Validate user identity
• Must be able to authenticate mobile
application users
5
© 2012 IBM Corporation
IBM Software
Ensuring application authenticity with Worklight
� Application authenticity checks protect against corruption of installed applications
� When enabled the Worklight Server checks properties of a connecting application
against a previously known value of these properties
� Various options available for authenticity checking:
– Disabled – the IBM Worklight Server does not test the authenticity of the app
(despite the developer settings).
– Enabled, servicing – the IBM Worklight Server tests the authenticity of the app. If
the app fails the test, the IBM Worklight Server outputs an information message to
the log but services the app.
– Enabled, blocking – the IBM Worklight Server tests the authenticity of the app. If
the app fails the test, the IBM Worklight Server outputs an information message to
the log and blocks the app.
� Authenticity checking is enabled in the application-descriptor.xml
Securing and managing mobile applications using Worklight6
© 2012 IBM Corporation
IBM Software
Device provisioning and authentication
� A form of mobile device authentication
– Prior to application authenticity and user authentication.
– Asserts that the device and application have confirmed identity prior to allowing access
to the Worklight server.
– Can use a 3rd party system to confirm and provide a client certificate
� Three modes of provisioning are supported:
– No provisioning: In this mode the provisioning process does not happen. This mode is
suitable during the development cycle to temporarily disable the provisioning for the
application.
– Auto-provisioning: In this mode the Worklight Server automatically issues a certificate
for the device and application data provided by the client application. This option should
only be used in conjunction with Worklight’s application authenticity features are enabled.
– Custom provisioning: In this mode the Worklight Server is augmented with custom
logic that controls the device and application provisioning process. This logic can involve
integration with an external system, such as a mobile device manager (MDM), that can
issue the client certificate based on out-of-band data obtained from the app, or can
instruct the Worklight Server to do so.
Securing and managing mobile applications using Worklight7
© 2012 IBM Corporation
IBM Software
User authentication in Worklight
� Worklight provides an extensible framework for authentication of mobile application users
� The framework consists of Realms, Authenticators, and Login Modules
– Realms encapsulate the description of how users are authenticated for a particular
application
– Authenticators are responsible for the collection of user credentials
– Login modules are responsible for the validation of user credentials
� IBM Worklight provides a number of Authenticators and Login Modules that only require
configuration from the user
� The user authentication framework is also extensible by the application developer
– Allows for the implementation of custom credential gathering (e.g. via biometrics) as well
as for integration with existing security systems
Securing and managing mobile applications using Worklight8
© 2012 IBM Corporation
IBM Software
Integrating with WebSphere Application Server security
� An Authenticator and login module are provided for authentication via LTPA tokens
– No custom coding required by the user
� Authenticator understands where to look for the LTPA token in the HTTP header
� Login module can validate those credentials with a user registry defined in WebSphere
Application Server
� LTPA token can also be propagated to back end data sources required by the mobile
application thus supporting a Single Sign On approach
Securing and managing mobile applications using Worklight
IBM Worklight Server
Session authentication
1. Call Protected Procedure
1. Call Protected Procedure
2. Request Authentication
2. Request Authentication
9
© 2012 IBM Corporation
IBM Software
Securing and managing mobile applications using Worklight
Agenda
� Securing mobile applications using Worklight
� Managing mobile applications using Worklight
� Distributing mobile applications using IBM Application Center
10
© 2012 IBM Corporation
IBM Software
Managing mobile applications with IBM Worklight
� The Worklight Server provides many application management features that are exposed to
users via the Worklight Console
� IBM Worklight allows users to deploy multiple versions of a single application concurrently
� IBM Worklight provides the capability to manage the status of a deployed application
– Active
– Active, Notifying
– Disabled
� IBM Worklight provides the capability to directly update a deployed application
Securing and managing mobile applications using Worklight11
© 2012 IBM Corporation
IBM Software
Application versioning
Supports multiple
versions on the same platform
Device specific versions are uncoupled
Securing and managing mobile applications using Worklight12
© 2012 IBM Corporation
IBM Software
Direct application update
1. Web resources packaged with app to ensure initial offline availability
2. Web resources transferred to app's cache storage
3. App checks for updates on startup and foreground events
4. Updated web resources downloaded when necessary
Worklight Server
Native Shell
Pre-packaged resources
1 Download
4 Update web resource
App Store
Web resources
Cached resources
2 Transfer
3 Check for updates
Securing and managing mobile applications using Worklight13
© 2012 IBM Corporation
IBM Software
Analyze application usage with out-of-the-box reports
� Worklight utilizes audited information to
provide several usage reports for your
consumption
– Daily visits per application
– Daily hits per application
– Total visits per application
– Newly detected devices per
application
– Total unique devices – per server or
cluster
� Access reports via Eclipse using the
BIRT plugin
� The BIRT reports are fully customizable
and extensible
– Fully documented data model to allow
other reporting or BI tools to create
additional custom reports
Securing and managing mobile applications using Worklight14
© 2012 IBM Corporation
IBM Software
Report extensibility and customization using IBM Cognos
Securing and managing mobile applications using Worklight15
© 2012 IBM Corporation
IBM Software
Securing and managing mobile applications using Worklight
Agenda
� Securing mobile applications using Worklight
� Managing mobile applications using Worklight
� Distributing mobile applications using IBM Application Center
16
© 2012 IBM Corporation
IBM Software
IBM Worklight Application Center
� The Application Center provides a
means for developers and testers to
publish and share applications with key
stakeholders during the delivery cycle
� Application owners upload applications
to the Application Center and provide
various information about the
application
� Stakeholders install the Application
Center mobile application to view,
install, rate, and provide feedback on
applications in the Application Center
� The Application Center is included with
IBM Worklight and comes pre-installed
on the Worklight Server
– Users must install the mobile
application to their device
Securing and managing mobile applications using Worklight17
© 2012 IBM Corporation
IBM Software
Using the Application Center mobile application
Securing and managing mobile applications using Worklight18
© 2012 IBM Corporation
IBM Software
Rating and feedback displays in the Application Center
Securing and managing mobile applications using Worklight19
© 2012 IBM Corporation
IBM Software
Securing and managing mobile applications using Worklight20
© 2012 IBM Corporation
IBM Software
Securing and managing mobile applications using Worklight
We appreciate your feedback.
Please fill out the survey form in order to improve this educational event.
SIMPLIFIED CHINESEHINDI JAPANESE
ARABICRUSSIANTRADITIONAL CHINESE TAMIL THAI
FRENCH
GERMAN
ITALIAN
SPANISH
BRAZILIAN PORTUGUESE
21
© 2012 IBM Corporation
IBM Software
Securing and managing mobile applications using Worklight
Reference materials
For more information:
� IBM Worklight Training Modules
– http://www-01.ibm.com/software/mobile-solutions/worklight/library/
� IBM Worklight User Documentation
– http://www-01.ibm.com/software/mobile-solutions/worklight/library/v50/documentation/
22
Recommended