CIS2015-NAPPS-FirstResponders

1

Missio

n C

ritical A

PIs a

nd

NA

PP

S

Adam Lewis – Motorola Solutions – Chief Technology Office

Mission Critical APIs and NAPPS

3

Missio

n C

ritical A

PIs a

nd

NA

PP

S

Who We Are

4

Missio

n C

ritical A

PIs a

nd

NA

PP

S

Health APIs

Presence

&Location

Key Mgm

t

Home Agency

Public Safety LTE will usher in a new era of mobile applications for First Responders

5

Missio

n C

ritical A

PIs a

nd

NA

PP

S

EACH OF THESE APPLICATIONS IS GOING TO NEED TO KNOW WHO THE

RESPONDER ISAND WHAT THEY ARE AUTHORIZED TO DO

6

Missio

n C

ritical A

PIs a

nd

NA

PP

S

Friday, 17 October 2008

Enter your password

***********

7

Missio

n C

ritical A

PIs a

nd

NA

PP

S

In a Nutshell

Problem: Identity solved independently =

overall solution complexity +inconvenience to both the administrator and the end-

user +weakened security +

obstacle to interoperability

Public Safety needs an Identity Ecosystem

Enabling: centralized credential management

Enabling: migration path to strong authentication

Enabling: SSO across native and web apps

And it must be built upon open standards.

8

Missio

n C

ritical A

PIs a

nd

NA

PP

S

Question

It’s 6 a.m.

Do you know where your first responder is?

9

Missio

n C

ritical A

PIs a

nd

NA

PP

S

Gesture Recognition

Holster/Weapon Sensor

Augmented Reality Eye-wear

Wrist Display& Biometric Sensors

Heart rate sensor

Camera

Time: 6:00 a.m.

CONNECTED FIRST RESPONDER

BRINGING WEARABLES TO

MISSION CRITICAL WORKGROUP

COMMUNICATIONS

10

Missio

n C

ritical A

PIs a

nd

NA

PP

S

GRABS A SHARED BROADBAND DEVICE

FROM THE FLEET CHARGING STATION.PROCEEDS TO FLEET

VEHICLE

Time: 6:10 a.m.

11

Missio

n C

ritical A

PIs a

nd

NA

PP

S

Kill Header

OFFICER ENTERS VEHICLE AND LOGS ONTO THEIR DEVICE

LITTLE DOES OFFICER KNOW, MAGIC BEGINS

TO HAPPEN BEHIND THE SCENES

Time: 6:15 a.m.

12

Missio

n C

ritical A

PIs a

nd

NA

PP

S

WEBVIEW-DRIVEN AUTHENTICATION

ENABLES TA TO BE AGNOSTIC TO

AUTHENTICATIONTHIS IS HUGE

UA

AuthZEP

TokenEP

AppInfo EP

TA

Time: 6:15 a.m.

HTTP/1.1 302 Found Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA

POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded

grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https://client.example.com/cb

HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" }

https://server.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &redirect_uri=https://client.example.org/cb &scope=openid napps

GET /AppInfo/serviceAuthorization: Bearer SlAV32hkKGCache-Control: no-cache

Application Metadata tailored to User roles

13

Missio

n C

ritical A

PIs a

nd

NA

PP

S TA

PAN service

Context API(health, sight,

gun)

Time: 6:15 a.m.

grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:context_api

HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600,}

14

Missio

n C

ritical A

PIs a

nd

NA

PP

S TA

Real-time Video App

Real-time Video Intelligence

Home AgencyTime: 9:17 a.m.

grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:video_api

In-vehicle camera beings streaming live video back to dispatch center

Notification sent to all responders within vicinity based upon location context


15

Missio

n C

ritical A

PIs a

nd

NA

PP

S

TA Records

Lookup App

Time: 12:35 p.m.

grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:records_api

HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache {"id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" }


POST /token.oauth2 HTTP/1.1 Host: as.example.com Content-Type: application/x-www-form-urlencoded

grant_type=urn.ietf.params.oauth.grant-type.jwt-bearer &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6IjE2In0. eyJpc3Mi[...omitted for brevity...]. J9l-ZhwP[...omitted for brevity...]

Public Safety SaaS

OFFICER PULLS OVER DRIVER DUE

TO SUSPICIONUSES NATIVE

MOBILE APP TO RUN THE LICENSE PLATE AGAINST A CLOUD-

EXPOSED APIJWT Id_token identifies user as being a sworn law enforcement offier

16

Missio

n C

ritical A

PIs a

nd

NA

PP

S

OFFICER PULLS OVER ANOTHER VEHICLE BECAUSE

OF BROKEN TAIL LIGHTPASSENGER BEGINS TO FLEE – OFFICER BEGINS TO PURSUE

SUSPECT ON FOOT CHASE

Health APIs

Presence

&Location

Key Mgm

t

Home Agency

Time: 6:15 p.m.

First Responder’s elevated heart rate seamlessly communicated to context & health monitoring APIs, protected by previously-obtained access token

Dispatcher at command central alerted

Other responder within same vicinity are dispatched for backup

17

Missio

n C

ritical A

PIs a

nd

NA

PP

S

TA

Web Launcher

InitSSOEP

Time: 7:10 p.m.

grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:nief


SAML response

GET /initsso.ep/service?target=NIEF HTTP/1.1Host: server.example.com:9031Authorization: Bearer qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH

18

Missio

n C

ritical A

PIs a

nd

NA

PP

S

LOGOUT

19

Missio

n C

ritical A

PIs a

nd

NA

PP

S

And in Closing …

• Questions? • Comments?• Scrutiny?

• Thank you! :-)[email protected]

Documents

CIS2015-NAPPS-FirstResponders