Embed Size (px)
DESCRIPTION
Authentication, authorization, and data access controls are standard requirements for most data-centric apps. And in a traditional client-server environment, these are often the most time-consuming features to implement, even for experts. In this session, you'll learn about Database.com's unique approach to user authentication with OAuth, user types, and a built-in and flexible data sharing model. Watch this webinar to learn about: :: Common authentication patterns such as OAuth and SAML :: How functional access controls provide simple administration of a user's permissions :: How record-level access provides granularity of control at enterprise scale :: How all three authorization and authentication patterns work together to do most of the work for you Date: This webinar took place on Feb 23, 2012 More details: http://wiki.developerforce.com/page/Webinar:_Security
Citation preview
sfdc_ppt_corp_template_01_01_2012.ppt
Security in the Cloud Webinar
Adam Torman Senior Product Manager
@atorman
Bud Vieira Senior Product Manager
@aavra
Chuck Mortimore Senior Director, Product Management
@cmort
Safe Harbor Safe harbor statement under the Private Securities Litigation Reform Act of 1995: This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of intellectual property and other litigation, risks associated with possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-Q for the most recent fiscal quarter ended July 31, 2011. This documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
@forcedotcom / #forcewebinar Developer Force Group facebook.com/forcedotcom
http://bit.ly/sfcloudstock
Agenda
§ Force.com Overview § Authenticating Database.com Users
§ Provisioning Database.com Users
§ Controlling Access
§ Key Take Aways
§ Q&A
Enterprise Data Collaboration Platform
§ Trusted by the enterprise § Designed for social collaboration
§ Open for any language, platform, or device
§ Support for mobile applications
Chuck Mortimore Sr. Product Management Director
Core Security
Authentication and Database.com
§ Two primary mechanisms for authentication § Direct db access with a privileged user
– 1 highly privileged user to access the data
– Classic integration and database connection model
§ Individual user accounts – Each user has a named account
– Propagates Identity all they way to the database tier – Can simplify the development of authentication
– Allows granular authorization at the data tier
What is OAuth?
§ An open protocol to allow secure API access in a simple and standard method from desktop and web applications
§ Standardization of common, successful API patterns
§ Standard track in IETF – Salesforce.com, Google, Microsoft, Facebook, Twitter, Yahoo,
Oracle, etc.
Why Use OAuth § Simple
– Protocol is HTTP based.
– Interfaces are already done – Allows you to focus on your value add
§ Works great for mobile – Salesforce mobile and desktop clients are switching
– No need for API token
§ Stops the password anti-pattern – Reduce the security and management issues with passwords
Direct DB Access with a Privileged User
§ User Name / Password Flow – Used for simple server to server integration use-cases
POST /services/oauth/token HTTP/1.1!Host: login.salesforce.com!grant_type=password&client_id={CLIENT_ID}&client_secret={CLIENT_SECRET}&redirect_uri={REDIRECT_URI}&username={USERNAME}&password={PASSWORD}!!!!!HTTP/1.1 200 OK!Content-Type: application/json!!{"id":"https://login.salesforce.com/id/00D300000000mlxEAA/00530000000gKV8AAM","issued_at":"1313612089200","instance_url":"https://cmort-developer-edition.my.salesforce.com","signature":"NRbIb/EnYBfxKz9hApUI70Pl/Rog1S8ArsTHoxbj4eg=","access_token":"00D300000000mlx!AQoAQKtgvm50TODcRU3QboID1DctJIssSMRPWIdVmXcAF9vbqIppVOGIVGZ6MR2xzS2TjQix.bW3ZHH9OnColDSH.5fg_rM"}!
Individual User Accounts
§ Web Server Flow – Web servers can protect secrets. Code returned to callback
URL and exchanged for a token via a POST
§ User Agent Flow – Used for Javascript, Mobile, and Desktop. Token returned
directly to callback URL behind # fragment
How Does It Work?
1) Device opens a browser with authorization URL
2) User is Authenticated
3) User Authorizes App
4) Tokens returned to device
What the User Sees:
Authentication Authorization
Step 1: Open a URL
https://login.salesforce.com/services/oauth2/authorize ?response_type=token
&client_id={YOUR_CLIENT_ID}
&redirect_uri={YOUR_REDIRECT_URI}
https://login.salesforce.com/services/oauth2/authorize? response_type=token&client_id=MyClient&redirect_uri=myapp%3A%2F%2Fcallback
Step 2: Parse the Response
{YOUR_REDIRECT_URI}# access_token={SESSION}
&refresh_token={LIKE_A_PASSWORD}
&instance_url={USERS_INSTANCE}
&id={IDENTITY_URL}
myapp://callback#access_token=czZCaGRSa3F0MzpnWDFmQm &refresh_token=5Aep8615VRsd_GrUz3LAcJl&redirect_uri=myapp%3A%2F%2Fcallback &instance_url=https%3A%2F%2Fna1.salesforce.com &id=https%3A%2F%2Flogin.salesforce.com%2Fid%2F00DD0000000FJCR%2F005D0000001B5bx
Step 3: Use your Token
GET /some/resource HTTP/1.1 Host: na1.salesforce.com
Authorization: Oauth czZCaGRSa3F0MzpnWDFmQm
Using a Token
§ Token Response: – XML or JSON
– access_token: an API only SID – refresh_token: a token you can use to get new access_tokens
– instance_url: the user’s instance – id: a url that is both a unique id for the user and a getUserInfo
§ Using it with the API – REST: HTTP Header: “Authorization: OAuth <access_token>”
– SOAP: place access token in SOAP header like a SID
Identity URL Service
§ Return a central identity url – https://login.salesforce.com/id/{orgid}/{userid}
§ Basic profile information similar to GetUserInfo
§ Discovery service for API endpoints
§ Chatter Status and photos
§ Working to standardize this as “OpenID Connect”
Configuring a Client Setup/Administration/Create/Remote Access
Demo Time!
Adam Torman and Bud Vieira Sr. Product Managers
Administration and Sharing
User Provisioning § Add multiple users
quickly
§ Add single users with more detail
§ Use the sObject API for bulk
§ Use REST API
§ Use SAML for upsert
User Provisioning with REST API
/services/data/v24.0/sobjects/User/!{!"Username" : "[email protected]", !"LastName" : "Bordello", !"FirstName" : "Gogol", !"Email" : "[email protected]", !"Alias" : "gUser", !"CommunityNickname" : "gogolbordello1234", !"IsActive" : false, !"TimeZoneSidKey" : "America/Los_Angeles", !"LocaleSidKey" : "en_US", !"EmailEncodingKey" : "ISO-8859-1", !"ProfileId" : "00e30000001btrSAAQ", !"LanguageLocaleKey" : "en_US", !"UserPermissionsMobileUser" : false, !"UserPreferencesDisableAutoSubForFeeds" : false!}!
/services/data/v24.0/sobjects/User/00530000004qkoH!GET: POST:
https://workbench.developerforce.com/login.php!
How do Profiles and Sharing Work Together Keep the simple simple and make the complex possible
§ Profiles – What tables and columns
can I access – Read/Create/Edit/Delete
§ Sharing – What rows can I access
– Read/Write/Transfer/Full
Event Table ü Read ü Create ü Edit q Delete
ü Read ü Write Name Description
Authentication: A Practical Guide Practical Guide…
Keynote 1 Welcome to Dream…
q Read q Edit
Demo: Access to the Dreamforce Event Object
Name Description
Authentication: A Practical… Practical Guide…
Keynote 1 Welcome to Dream…
Developer Zone Welcome Devs
Metallica! Killer Show
Event Table
What’s a permission set?
§ Like profiles, a permission set is a collection of permissions and settings that allow users to do things in Salesforce.
§ What a user can do is determined by one profile plus permission sets
Demo: Least Privilege Permissions
Event Table
Name Description Authentication: A Practical… Practical Guide…
Keynote 1 Welcome to Dream…
Developer Zone Welcome Devs
ü Read q Edit
Event Description Permission Set
q Read q Edit
Db.com w/Events Profile
Highlights of the Sharing Toolbox
Role Hierarchy
Programmatic Sharing
Org Wide Defaults
!
Sharing Rules
management access to data
target access to specific groups
most granular – complete control
default sharing model for all users
Demo: Opening up Sharing Access to Events
User Level Reason
Demo User Full Owner
Event Owner Full Owner
Demo User Read Sharing Rule
Demo User Read Custom
Event_Share Table
Key Take Aways
§ We have many ways to handle single sign on – take your pick
§ There are privileged users, admin users, and everyone in between
§ Profiles and Sharing work together to keep the simple simple and make the complex scale
Resources Security Wiki http://wiki.developerforce.com/page/Security Force.com Security Overview http://wiki.developerforce.com/page/An_Overview_of_Force.com_Security Security Implementation Guide https://na1.salesforce.com/help/doc/en/salesforce_security_impl_guide.pdf Security Cookbook Recipes http://developer.force.com/cookbook/category/security/recent I <3 Permission Sets DF11 Presentation http://www.youtube.com/watch?v=arXxUgH9cD4 Using Apex Managed Sharing to Create Custom Record Sharing Logic http://wiki.developerforce.com/page/Using_Apex_Managed_Sharing_to_Create_Custom_Record_Sharing_Logic Digging Deeper into Oauth 2.0 on Force.com http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com
Questions & Answers
Chuck Mortimore
Senior Director, Product Management
Bud Vieira
Senior Product Manager
Adam Torman
Senior Product Manager
http://bit.ly/securitywebinar
@atorman
@aavra
@cmort
