2021-04-16 10:28:28 +00:00
|
|
|
#+TITLE: IROH Auth Presentation
|
|
|
|
|
#+Author: Yann Esposito
|
|
|
|
|
#+Date: [2021-04-16]
|
|
|
|
|
|
|
|
|
|
- tags ::
|
|
|
|
|
|
2021-04-16 11:25:44 +00:00
|
|
|
* IROH Auth Presentation
|
2021-04-16 10:28:28 +00:00
|
|
|
|
|
|
|
|
Yann Esposito <yaesposi@cisco.com>
|
|
|
|
|
|
2021-04-16 11:25:44 +00:00
|
|
|
* What is IROH Auth?
|
2021-04-16 10:28:28 +00:00
|
|
|
|
2021-04-16 11:26:56 +00:00
|
|
|
This is an important sub component of IROH.
|
2021-04-16 11:25:44 +00:00
|
|
|
|
2021-04-16 11:26:56 +00:00
|
|
|
* What is IROH?
|
|
|
|
|
|
2021-04-16 11:31:11 +00:00
|
|
|
IROH is the name of the API behind Threat Response and SecureX.
|
2021-04-16 11:26:56 +00:00
|
|
|
|
|
|
|
|
* So what is IROH Auth?
|
|
|
|
|
|
|
|
|
|
The sub-component of IROH taking care of:
|
|
|
|
|
|
2021-04-16 11:29:03 +00:00
|
|
|
- authentication (from user interaction provide a user id, unique identifier)
|
|
|
|
|
- authorizations (what can a user do)
|
|
|
|
|
- internal user representation
|
|
|
|
|
+ Org/Tenancy
|
|
|
|
|
+ User
|
|
|
|
|
+ OAuth2 Clients
|
2021-04-16 10:28:28 +00:00
|
|
|
|
2021-04-16 10:35:52 +00:00
|
|
|
* History
|
2021-04-16 10:28:28 +00:00
|
|
|
|
|
|
|
|
1. Login using AMP SAML (generate JWT)
|
|
|
|
|
2. OAuth2 Provider (Grants)
|
|
|
|
|
3. Login using OpenID Connect with TG (client of OpenID Connect)
|
|
|
|
|
4. Users/Orgs in DB!!!
|
|
|
|
|
5. Account Activation
|
|
|
|
|
6. Become an OpenID Connect provider
|
|
|
|
|
7. OIDC with SSE
|
|
|
|
|
|
|
|
|
|
* Internal User Structure
|
|
|
|
|
* Cisco specificity
|
