|By Jonas Jacobi||
|March 3, 2012 05:00 AM EST||
This is the second post of a two-part blog post that discusses HTML5 WebSocket and security. The first post, HTML5 WebSocket Security is Strong, talked about the security benefits that derive from being HTTP-compatible and the WebSocket standard itself. In this, the second post, I will highlight some of the extra security capabilities that Kaazing WebSocket Gateway offers.
Kaazing WebSocket Gateway makes your Web application architecture more secure. We leverage the HTTP and WebSocket standards as well as Kaazing-specific technology for capabilities beyond what the standard provides, but what real-world applications typically need. What are some of those things? Read on…
- HTTP Authentication (Challenge/Response)
Specified by RFC 2617, a WebSocket gateway/server can issue a standard HTTP challenge and receive a token or other authentication information in the HTTP Authorization header.
The WebSocket gateway/server is the front line protecting your back-end server or application code. Rather than letting an untrusted (possibly malicious) user get access to the back-end service before discovering they don’t have credentials, you could prevent an unauthenticated user from even establishing a WebSocket connection in the first place.
It’s the difference between letting someone through your front door in order to check their id versus checking their id outside the door first.
- Single Sign-On (SSO)
Our customers are enterprise companies that will usually have an SSO or authentication framework already in place. Rather than impose our own (proprietary) security restrictions on them, Kaazing’s vision is to utilize standards and plug in to your existing security architecture using an open and customizable interface.
When the Kaazing Gateway issues a (standards-based) challenge for a new WebSocket connection, if the client has an existing token or cookie then that can be returned to the Gateway for validation. Thus if a user is already signed into your SSO framework then they can also use a WebSocket application without the need to log in again.
Users can authenticate using a token provider from popular security vendors, or public token providers such as Facebook or Twitter, or your own proprietary token service.
- Authentication Re-validation
When using HTTP, a server has an opportunity (and overhead) with each individual request to re-authenticate the user. However a WebSocket connection is persistent; once a user has established the connection how do you enforce authentication rules?
You could terminate the session and make the user re-authenticate. But what if have configured short sessions, such as 30 minutes? You don’t want to disconnect your users too often thereby causing them inconvenience. However you might not want long sessions either.
Kaazing WebSocket Gateway can perform re-authentication without disconnecting your WebSocket connection. Staying consistent with the idea of plugging into your existing security framework, the Gateway will still rely on session rules dictated by your token provider rather than hard-coding them into the Gateway. And that’s the way it should be.
- Fine-grained Authorization Control
Once a user is authenticated and logged in, you know they are who they claim to be. However that doesn’t entitle them to perform any operation or see any data they want. With Kaazing WebSocket Gateway you have fine-grained authorization that lets you specify precisely what application-level operations users can perform or what data they can see.
In keeping with Kaazing’s philosophy of adhering to standards, the Gateway uses a standard authorization model based on JAAS (Java Authentication and Authorization Service).
- Distributed DMZ (DDMZ)
Kaazing WebSocket Gateway was designed to live in a DMZ as the front-level protection for your back-end services. It offers encryption, authentication, authorization, and SSO to keep your trusted data safe.
In addition, some security-conscious companies utilize layered DMZs for extra levels of protection on the Web. The Gateway has the capability to be distributed across DMZs so that each layer offers protection for the layer behind it. Users that don’t authenticate can fail fast closer to the user rather putting a burden on the center only to discover a user is not valid.
- Secure Emulation
In the real-world, emulation is a vital component for a WebSocket application. Users may be using old browsers, or intermediaries can interfere with a WebSocket connection. Over time this problem will fade as WebSocket becomes ubiquitous, but in the meantime a robust application needs to contend those times when a WebSocket connection become established.
- Unified Security
This carries over to security as well. You configure security options once on the Gateway and those settings apply to all clients,irrespective of the client technology and whether desktop, browser, or mobile.
In case you can’t already tell, at Kaazing we take security seriously. That’s because we have to. Many of our customers are banks and financial institutions with stringent security requirements, providing critical data from back-end system to users over the Web.
While standard security techniques can make a WebSocket connection secure (assuming your WebSocket vendor implements them), robust, real-world applications need more. The ability to plug in to your existing SSO framework, adhere to your existing session rules, offer fine-grained authorization, and so on are key differentiators that provide security, flexibility, and ease-of-use.
Instead of developers building security elements into the application itself, administrators can configure various security options independently of the app. This lets your developers focus on what they should be focusing on: application logic and slick user interfaces.
SYS-CON Media announced today that XebiaLabs launched a popular blog feed on DevOps Journal with close to 2,000 story reads in less than a day. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. DevOps Journal brings valuable information to DevOps professionals who are transforming the way enterprise IT is done.
Feb. 27, 2015 05:00 AM EST Reads: 2,186
Since 2008 and for the first time in history, more than half of humans live in urban areas, urging cities to become “smart.” Today, cities can leverage the wide availability of smartphones combined with new technologies such as Beacons or NFC to connect their urban furniture and environment to create citizen-first services that improve transportation, way-finding and information delivery. In her session at @ThingsExpo, Laetitia Gazel-Anthoine, CEO of Connecthings, will focus on successful use c...
Feb. 27, 2015 04:00 AM EST Reads: 2,788
Cloudian, Inc., the leading provider of hybrid cloud storage solutions, today announced availability of Cloudian HyperStore 5.1 software. HyperStore 5.1 is an enhanced Amazon S3-compliant, plug-and-play hybrid cloud software solution that now features full Apache Hadoop integration. Enterprises can now transform big data into smart data by running Hadoop analytics on HyperStore software and appliances. This in-place analytics, with no need to offload data to other systems for Hadoop analyses, en...
Feb. 27, 2015 04:00 AM EST Reads: 2,270
XebiaLabs has announced record growth and major highlights for 2014. These milestones include: Triple-digit worldwide revenue growth. Record number of new customers including 3M, Allianz, American Express, Credit Agricole, Digital Globe, Electronic Arts, EMC, Expedia, Fandango / NBC Universal, GATX, General Electric, ING, KPMG, Liberty Mutual, Natixis, Paychex, Providence Health, Societe General, Thomson Reuters TIIA-CREF and Umpqua Bank.
Feb. 27, 2015 01:30 AM EST Reads: 1,606
CodeFutures has announced Dan Lynn as its new CEO. Lynn assumes the role from Founder Cory Isaacson, who has joined RMS and will now serve as chairman of CodeFutures. Lynn brings more than 14 years of advanced technology and business success experience, and will help CodeFutures build on its industry leadership around its Agile Big Data initiatives. His technical expertise will be invaluable in advancing CodeFutures’ AgilData platform and new processes for streamlining and gaining value from gro...
Feb. 27, 2015 12:15 AM EST Reads: 1,947
The speed of software changes in growing and large scale rapid-paced DevOps environments presents a challenge for continuous testing. Many organizations struggle to get this right. Practices that work for small scale continuous testing may not be sufficient as the requirements grow. In his session at DevOps Summit, Marc Hornbeek, Sr. Solutions Architect of DevOps continuous test solutions at Spirent Communications, will explain the best practices of continuous testing at high scale, which is r...
Feb. 26, 2015 11:15 PM EST Reads: 893
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @Things...
Feb. 26, 2015 11:00 PM EST Reads: 927
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities. In his session at @ThingsExpo, Gary Hall, Chief Technology Officer, Federal Defense at Cisco S...
Feb. 26, 2015 10:30 PM EST Reads: 920
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes ...
Feb. 26, 2015 09:45 PM EST Reads: 890
DevOps is about increasing efficiency, but nothing is more inefficient than building the same application twice. However, this is a routine occurrence with enterprise applications that need both a rich desktop web interface and strong mobile support. With recent technological advances from Isomorphic Software and others, it is now feasible to create a rich desktop and tuned mobile experience with a single codebase, without compromising performance or usability.
Feb. 26, 2015 08:00 PM EST Reads: 813
The Internet of Things (IoT) is causing data centers to become radically decentralized and atomized within a new paradigm known as “fog computing.” To support IoT applications, such as connected cars and smart grids, data centers' core functions will be decentralized out to the network's edges and endpoints (aka “fogs”). As this trend takes hold, Big Data analytics platforms will focus on high-volume log analysis (aka “logs”) and rely heavily on cognitive-computing algorithms (aka “cogs”) to mak...
Feb. 26, 2015 07:00 PM EST Reads: 836
“We just completed the roll out of our first public and private cloud offerings, which are a combination of public, hybrid, and private cloud,” stated Erik Levitt, CEO of Open Data Centers, in this SYS-CON.tv interview at the 14th International Cloud Expo®, held June 10-12, 2014, at the Javits Center in New York City. Cloud Expo® 2014 Silicon Valley, November 4–6, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the...
Feb. 26, 2015 07:00 PM EST Reads: 5,958
SYS-CON Events announced today that GENBAND, a leading developer of real time communications software solutions, has been named “Silver Sponsor” of SYS-CON's WebRTC Summit, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. The GENBAND team will be on hand to demonstrate their newest product, Kandy. Kandy is a communications Platform-as-a-Service (PaaS) that enables companies to seamlessly integrate more human communications into their Web and mobile applicatio...
Feb. 26, 2015 05:00 PM EST Reads: 1,160
VictorOps is making on-call suck less with the only collaborative alert management platform on the market. With easy on-call scheduling management, a real-time incident timeline that gives you contextual relevance around your alerts and powerful reporting features that make post-mortems more effective, VictorOps helps your IT/DevOps team solve problems faster.
Feb. 26, 2015 05:00 PM EST Reads: 1,031
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, will discuss why containers should be paired with new architectural practices such as microservices ra...
Feb. 26, 2015 04:00 PM EST Reads: 1,207
Companies today struggle to manage the types and volume of data their customers and employees generate and use every day. With billions of requests daily, operational consistency can be elusive. In his session at Big Data Expo, Dave McCrory, CTO at Basho Technologies, will explore how a distributed systems solution, such as NoSQL, can give organizations the consistency and availability necessary to succeed with on-demand data, offering high availability at massive scale.
Feb. 26, 2015 03:45 PM EST Reads: 2,058
From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for real time calls and messaging. In his session at @ThingsExpo, Ivelin Ivanov, CEO and Co-Founder of Telestax, shared some of the new revenue sources that IoT created for Restcomm – the open source telephony platform from Telestax. Ivelin Ivanov is a technology entrepreneur who founded Mobicents, an Open Source VoIP Platform, to help create, de...
Feb. 26, 2015 03:30 PM EST Reads: 3,863
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focu...
Feb. 26, 2015 03:15 PM EST Reads: 1,070
SYS-CON Media announced that IBM, which offers the world’s deepest portfolio of technologies and expertise that are transforming the future of work, has launched ad campaigns on SYS-CON’s numerous online magazines such as Cloud Computing Journal, Virtualization Journal, SOA World Magazine, and IoT Journal. IBM’s campaigns focus on vendors in the technology marketplace, the future of testing, Big Data and analytics, and mobile platforms.
Feb. 26, 2015 03:04 PM EST Reads: 622
Security can create serious friction for DevOps processes. We've come up with an approach to alleviate the friction and provide security value to DevOps teams. In her session at DevOps Summit, Shannon Lietz, Senior Manager of DevSecOps at Intuit, will discuss how DevSecOps got started and how it has evolved. Shannon Lietz has over two decades of experience pursuing next generation security solutions. She is currently the DevSecOps Leader for Intuit where she is responsible for setting and driv...
Feb. 26, 2015 03:00 PM EST Reads: 2,066