Versions Compared

Old Version 1

changes.mady.by.user John Jellema

Saved on

compared with

New Version Current

changes.mady.by.user ubisebastian

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Ubisecure SSO can function as an OAuth 2.0 Authorization Server to provide a WebSSO user experience for users accessing e-services using a Web browser. In such setups, the browser acts as the OAuth 2.0 Client.

OAuth 2.0 setup and entitiesImage Added

Gliffy
size600
name
Figure 1. Basic OAuth 2.0 WebSSO Use case entities and setup

...

Ubisecure SSO can function as an OAuth 2.0 Authorization Server to provide Mobile users a secure access to e-services using a native mobile application, such as Google Android Apps, iOS apps on iPhones or Windows Mobile Apps. In such setups, the native mobile application acts as the OAuth 2.0 Client.

Gliffy
size600
nameBasic OAuth 2.0 Mobile Use case entities and setup

Image Added

Figure 2. Basic OAuth 2.0 Mobile Use case entities and setup

...

The following flow diagram indicates the primary roles Ubisecure SSO can have in a OAuth 2.0 protocol mobile use case flow.

Gliffy
namemobile login process flow using OAuth 2.0

Image Added

Figure 3. Ubisecure mobile login process flow using OAuth 2.0

...

Many e-services and content providers have information and data content which they want to offer their customers and partners through a secure API, to enable easy and secure consumption and aggregation of that data content into various 3rd party e-services and applications and based on contractual relationships.

GliffynameAccessing Data from backend API On Behalf of Authorized User using OAuth 2.0

Image Added

Figure 4. Accessing Data from backend API On Behalf of Authorized User using OAuth 2.0


In such setups, the portal or e-service of the Enterprise Account Customer acts as the OAuth 2.0 Client, whereas the content provider e-service API is the OAuth 2.0 Resource Server.

In this use case the Enterprise Account Customers are authorized based on the System Account contractually issued to them, based on the business relationship between the Content Provider and the Enterprise Customer.

GliffynameContractual Delivery of the Data over Secure API Using OAuth 2.0 Authorization and System Accounts


Image Added

Figure 5. Contractual Delivery of the Data over Secure API Using OAuth 2.0 Authorization and System Accounts


The sequence diagram of the OAuth 2.0 Authorization of Enterprise Account Users in API Security Use cases is described in page Password grant - SSO.

...

In such setups, the portal or e-service has a dual role: First, it acts as the OAuth 2.0 Resource Server for the OAuth 2.0 Client. Secondly, it also acts as a OAuth 2.0 Client whereas the backend content provider e-service API is the OAuth 2.0 Resource Server.

Gliffy
size600
nameAccessing Data from backend API On Behalf of...

Image Added

Figure 6. Accessing Data from backend API On Behalf of Authorized User using OAuth 2.0


The sequence diagram of the OAuth 2.0 Authorization of Individual Users in API Security Use cases is described in page Password grant - SSO.

Gliffysize600nameauth code grant in security

Image Added

Figure 7. Sequence diagram of authorization code grant for Authorization of Individual Users in API Security Use cases

OAuth 2.0 Grant Types in Ubisecure SSO

...