Enabling the Multi-Device Universe
0 likes1,632 views
The document discusses the transition from traditional single sign-on (SSO) systems to a more seamless, cross-device access experience using APIs, particularly within mobile environments. It highlights the increasing significance of mobile applications, projecting substantial growth and usage patterns, while also addressing the challenges of balancing user experience with security risks. The implementation of an API management solution at JM Smucker Company provides a framework for achieving efficient and secure SSO across multiple applications and devices.
Enabling the Multi-Device Universe
- 1. Enabling the Mul.-‐Device Universe Moving beyond conven.onal single sign-‐on to seamless cross-‐device access with APIs Sco? Morrison – SVP & Dis.nguished Engineer, CA API Management Leif Bildoy – Sr. Product Manager, CA Mobile API Gateway Bob Covington – Director, Enterprise Architecture, The JM Smucker Company November 18, 2014
- 2. 2 © 2014 CA. ALL RIGHTS RESERVED.
- 3. By 2017, mobile apps will be downloaded more than 268 billion .mes, genera.ng 3 Mobile Growth Con.nues revenue of more than $77 billion — making apps one of the most popular compu.ng tools for users across the globe. © 2014 CA. ALL RIGHTS RESERVED. * ... It’s An App, Happy World *Gartner. “Predicts 2014: Apps, Personal Cloud and Data Analy.cs Will Drive New Consumer Interac.ons.” Stephanie Baghdassarian, Brian Blau, Jessica Ekholm, Sandy Shen. November 22, 2013.
- 4. 4 App, Mobile & API Growth Con.nues 82% Time spent with apps ~12385 # of APIs as of November 2014² ... It’s An App, Happy World © 2014 CA. ALL RIGHTS RESERVED. • Harvard vs. browsers¹ Business Review, “For Mobile Devices, Think Apps, Not Ads”, Sunil Gupta, Head of HBR Marke.ng. March 2013.¹ • h?p://www.programmableweb.com/ ² • Naked security survey, “How do you compare to Steve Wozniak”, January 2013 2.9 Average # of devices people carry³
- 5. 5 Choose the Right App Experience Web App Native App What It Is Web application accessed through a mobile web browser © 2014 CA. ALL RIGHTS RESERVED. Client-side code on mobile device Pros Easy to build and change Optimized user experience for platform Not device/platform specific No download required Local data storage Easy accessibility Cons User experience is good but not great Not readily portable across devices Download required Device-specific optimization requires use of mobile-friendly technologies Updates required Crowded app marketplace
- 6. 6 © 2014 CA. ALL RIGHTS RESERVED. Password Frustra.on
- 7. 7 © 2014 CA. ALL RIGHTS RESERVED. UX vs. Risk More Convenience More Risk Less Convenience Less Risk Challenge is finding that right balance No passcode Device passcode App security
- 8. 8 Starts with the API: Enable Anything, Everywhere App Access API © 2014 CA. ALL RIGHTS RESERVED. OUTSIDE PARTNERS / DIVISIONS EXTERNAL DEVELOPERS API Server Data MOBILE APPS CLOUD SERVICES INTERNET OF THINGS APPS
- 9. 9 © 2014 CA. ALL RIGHTS RESERVED. Our Goal To move seamlessly & securely between apps
- 10. 10 2. User provide Enterprise creden.als Iden.ty App Context © 2014 CA. ALL RIGHTS RESERVED. 1. User taps one of the four enterprise apps 3. User can seamlessly switch between the four enterprise apps
- 11. How Smucker’s deployed mobile SSO with CA API Management
- 12. 12 © 2014 CA. ALL RIGHTS RESERVED. Challenge Enable single sign-‐on access to cloud applica.ons. The Cost and Complexity of tradi.onal enterprise single sign-‐on tools was prohibi.ve. Approach Leverage a combina.on of Integrated Windows Authen.ca.on, Microsom Ac.ve Directory and SAML Authen.ca.on with the API Gateway to provide seamless authen.ca.on with our cloud providers Benefit Implementa.on of Single Sign-‐ On with our exis.ng Microsom Ac.ve Directory infrastructure. One Password Cloud SSO Integra.on (SAML)
- 13. CA API Gateway Implementa.on Architecture 13 API Gateway Cluster © 2014 CA. ALL RIGHTS RESERVED. Mobile Internet Firewall / Router Mobile ASA VPN F5 Load Balancer CA API Gateway CA API Gateway Smucker Applica.on/Database Servers Desktop ESM Client API Portal (Shared) External Apps / Customers
- 14. 14 © 2014 CA. ALL RIGHTS RESERVED. Our Goal To move seamlessly & securely between devices
- 15. 15 3. App session context pushed to secure cloud storage © 2014 CA. ALL RIGHTS RESERVED. Discuss Q4 targets with Bob. Don’t forget to Discuss Q4 targets with Bob. Don’t forget to cover incen.ves. 1. Phone detects it is close to tablet using Bluetooth Low Energy 2. Session migrates to tablet so user does not have to reenter creden.als App Context Source 4. Context can be pushed to different target apps § Email § Notes § …etc. Target Iden.ty
- 16. 16 © 2014 CA. ALL RIGHTS RESERVED. Our Goal Make your phone and corporate/social iden.ty your key to the Internet of Things (IoT)
- 17. 17 1. Phone detects it is close to tablet using Bluetooth Low Energy 2. Gives user opportunity to open lock using current ac.ve ID Iden.ty © 2014 CA. ALL RIGHTS RESERVED. 3. Home controller checks to see if ID is authorized
- 18. 18 © 2014 CA. ALL RIGHTS RESERVED. Our Goal Secure Video Streams. Gesng the right data, to the right person, at the right .me.
- 19. 19 © 2014 CA. ALL RIGHTS RESERVED. Drone capturing live video Mul.ple secure, high-‐defini.on video streams
- 20. How CA API Management Delivers SSO
- 21. Simplify X-‐app Access & Security in Mobile SSO/Auth SDK NaWve App Web App What you need to do 21 © 2014 CA. ALL RIGHTS RESERVED. Mobile APIGateway § Authen.cate mobile user § Provide SSO across na.ve and mobile web apps § Simplify OAuth for developers API API Value to your business § Delight customers with great mobile experiences § Accelerate delivery of new mobile apps
- 22. Web and Mobile SSO Via CA Mobile API Gateway and CA SSO Web Server B Web Server A CA SSO (SiteMinder) Desktop/Laptop Browser Web App B Web App A 22 © 2014 CA. ALL RIGHTS RESERVED. NaWve app NaWve app Mobile Device Web Site A Web Site B Mobile API Gateway & SDK Device OS/HW CA Mobile API Gateway (MAG) EB* EB* *Enterprise Browser Unified, na6ve SSO
- 23. OneAccess is another proof point § Easy access to all Applica.ons § Unified SSO § Na.ve, WebApp, Hybrid 23 © 2014 CA. ALL RIGHTS RESERVED.
- 24. 24 © 2014 CA. ALL RIGHTS RESERVED. Identity Manager Cloud Apps On-‐Premises Enterprise Apps CA Mobile API Gateway CA SSO ( SiteMinder ) / LDAP / IdP The Mobile API Gateway enables fast, secure mobile delivery of enterprise applica.ons Benefits • A common standard across plauorms and applica.ons • Improves developer velocity and .me to value • App, User and Device level security Paul Pronsati EVP, Global Business Ops & CIO
- 25. Summary Deliver Produc.vity, Securely and with Agility Experience Security Speed 25 © 2014 CA. ALL RIGHTS RESERVED.
- 26. Ques.ons 26 © 2014 CA. ALL RIGHTS RESERVED.
- 27. Copyright © 2014 CA. The JM Smuckers logo is either a registered trademark or trademark of JM Smuckers Corpora.on in the United States and/or other countries.. All trademarks, trade names, service marks and logos referenced herein belong to their respec.ve companies. THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the informa.on. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connecWon with this presentaWon, including, without limitaWon, lost profits, lost investment, business interrupWon, goodwill, or lost data, even if CA is expressly advised in advance of the possibility of such 27 © 2014 CA. ALL RIGHTS RESERVED. damages.