Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Local Authentication
• Use device’s Touch ID - Two Models
1. Stand Alone Local Authentication- Provides access to app- Acts as a checkpoint- Fall back – Custom authentication
2. Local Authentication Integration With Keychain- Provides access to app + Authenticates Users- Allows users to stay signed in- Fall back – Device’s passcode
Securing your app in the field
Stand Alone Local AuthenticationSecuring your app in the field
• Import Local Authentication framework• Create an instance of LAContext• Evaluate Policy for Biometrics
Authentication
• Set up at Server / Portal• Types of Authentication Mechanisms
- Token based- External users, username/password- OAuth
- Windows based- Enterprise users, username/password
- PKI based- Enterprise users, Client certificate
• Save Credential to Keychain
Securing your services in the field
SDK supports all Auth Mechanisms!
Youhandle Client Code and UI!
ArcGIS
Authorization
• Set up at Server / Portal• Configured for each service• Two methods
1. Ownership Based Access Control- Owner has update / delete privileges- Can limit non-owner privileges
2. Capabilities- Can limit privileges for all users
Securing your services in the field
ArcGIS
Capabilities: Create,Query,Update
Capabilities: Create,Query
Popup Editing • SDK - handles everything• You – do nothing!
Manual Editing• You – do the checking
canDeleteFeature,canUpdateFeaturecanCreate, canDelete, canUpdatecanUpdateGeometry
ConcernAm I connecting to the right server in a secure way?
Securing your services in the field
ArcGIS
SSL
• Secure Socket Layer protocol• Digital Certificate
- Verifies Identity of Server- Creates encrypted link
• Types of Digital Certificate- Certificate Authority signed certificate- Domain certificate- Self-signed certificate
• Set up at Server / Portal
Securing your services in the field
ArcGIS
You - use https
SDK• redirects http to https• warns user about self-signed certificate
Data Protection
• iOS provides Data Encryption• Set up passcode to opt-in• Data Protection Modes
- Complete- Available only when unlocked
- Protected Unless Open- Available when unlocked - Also available when file is open already
- Protected Until First User Authentication- Available after first unlock since reboot- Default
- No Protection- Always Available
Securing your local data in the field
Modifying Data Protection Mode
• App Level- ‘Capabilities’ pane of settings
• File Level- Use NSFileManager- Set NSFileProtectionKey
Securing your local data in the field
AuthenticationAuthorization
OBACCapabilities
SSL
Services Security
Data Protection
Local Data Security
Touch ID
App Security
Summary