Upload
adam-lewis
View
11
Download
0
Tags:
Embed Size (px)
Citation preview
1
Missio
n C
ritical A
PIs a
nd
NA
PP
S
Adam Lewis – Motorola Solutions – Chief Technology Office
Mission Critical APIs and NAPPS
4
Missio
n C
ritical A
PIs a
nd
NA
PP
S
Health APIs
Presence
&Location
Key Mgm
t
Home Agency
Public Safety LTE will usher in a new era of mobile applications for First Responders
5
Missio
n C
ritical A
PIs a
nd
NA
PP
S
EACH OF THESE APPLICATIONS IS GOING TO NEED TO KNOW WHO THE
RESPONDER ISAND WHAT THEY ARE AUTHORIZED TO DO
7
Missio
n C
ritical A
PIs a
nd
NA
PP
S
In a Nutshell
Problem: Identity solved independently =
overall solution complexity +inconvenience to both the administrator and the end-
user +weakened security +
obstacle to interoperability
Public Safety needs an Identity Ecosystem
Enabling: centralized credential management
Enabling: migration path to strong authentication
Enabling: SSO across native and web apps
And it must be built upon open standards.
8
Missio
n C
ritical A
PIs a
nd
NA
PP
S
Question
It’s 6 a.m.
Do you know where your first responder is?
9
Missio
n C
ritical A
PIs a
nd
NA
PP
S
Gesture Recognition
Holster/Weapon Sensor
Augmented Reality Eye-wear
Wrist Display& Biometric Sensors
Heart rate sensor
Camera
Time: 6:00 a.m.
CONNECTED FIRST RESPONDER
BRINGING WEARABLES TO
MISSION CRITICAL WORKGROUP
COMMUNICATIONS
10
Missio
n C
ritical A
PIs a
nd
NA
PP
S
GRABS A SHARED BROADBAND DEVICE
FROM THE FLEET CHARGING STATION.PROCEEDS TO FLEET
VEHICLE
Time: 6:10 a.m.
11
Missio
n C
ritical A
PIs a
nd
NA
PP
S
Kill Header
OFFICER ENTERS VEHICLE AND LOGS ONTO THEIR DEVICE
LITTLE DOES OFFICER KNOW, MAGIC BEGINS
TO HAPPEN BEHIND THE SCENES
Time: 6:15 a.m.
12
Missio
n C
ritical A
PIs a
nd
NA
PP
S
WEBVIEW-DRIVEN AUTHENTICATION
ENABLES TA TO BE AGNOSTIC TO
AUTHENTICATIONTHIS IS HUGE
UA
AuthZEP
TokenEP
AppInfo EP
TA
Time: 6:15 a.m.
HTTP/1.1 302 Found Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA
POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https://client.example.com/cb
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" }
https://server.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &redirect_uri=https://client.example.org/cb &scope=openid napps
GET /AppInfo/serviceAuthorization: Bearer SlAV32hkKGCache-Control: no-cache
Application Metadata tailored to User roles
13
Missio
n C
ritical A
PIs a
nd
NA
PP
S TA
PAN service
Context API(health, sight,
gun)
Time: 6:15 a.m.
grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:context_api
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600,}
14
Missio
n C
ritical A
PIs a
nd
NA
PP
S TA
Real-time Video App
Real-time Video Intelligence
Home AgencyTime: 9:17 a.m.
grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:video_api
In-vehicle camera beings streaming live video back to dispatch center
Notification sent to all responders within vicinity based upon location context
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600,}
15
Missio
n C
ritical A
PIs a
nd
NA
PP
S
TA Records
Lookup App
Time: 12:35 p.m.
grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:records_api
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache {"id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" }
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600,}
POST /token.oauth2 HTTP/1.1 Host: as.example.com Content-Type: application/x-www-form-urlencoded
grant_type=urn.ietf.params.oauth.grant-type.jwt-bearer &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6IjE2In0. eyJpc3Mi[...omitted for brevity...]. J9l-ZhwP[...omitted for brevity...]
Public Safety SaaS
OFFICER PULLS OVER DRIVER DUE
TO SUSPICIONUSES NATIVE
MOBILE APP TO RUN THE LICENSE PLATE AGAINST A CLOUD-
EXPOSED APIJWT Id_token identifies user as being a sworn law enforcement offier
16
Missio
n C
ritical A
PIs a
nd
NA
PP
S
OFFICER PULLS OVER ANOTHER VEHICLE BECAUSE
OF BROKEN TAIL LIGHTPASSENGER BEGINS TO FLEE – OFFICER BEGINS TO PURSUE
SUSPECT ON FOOT CHASE
Health APIs
Presence
&Location
Key Mgm
t
Home Agency
Time: 6:15 p.m.
First Responder’s elevated heart rate seamlessly communicated to context & health monitoring APIs, protected by previously-obtained access token
Dispatcher at command central alerted
Other responder within same vicinity are dispatched for backup
17
Missio
n C
ritical A
PIs a
nd
NA
PP
S
TA
Web Launcher
InitSSOEP
Time: 7:10 p.m.
grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:nief
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600,}
SAML response
GET /initsso.ep/service?target=NIEF HTTP/1.1Host: server.example.com:9031Authorization: Bearer qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH
19
Missio
n C
ritical A
PIs a
nd
NA
PP
S
And in Closing …
• Questions? • Comments?• Scrutiny?
• Thank you! :-)[email protected]