You are previewing Securing Your Mobile Business with IBM Worklight.
O'Reilly logo
Securing Your Mobile Business with IBM Worklight

Book Description

The IBM® Worklight® mobile application platform helps you to develop, deploy, host, and manage mobile enterprise applications. It also enables companies to integrate security into their overall mobile application lifecycle.

This IBM Redbooks® publication describes the security capabilities offered by Worklight to address mobile application security objectives.

The book begins with an overview of IBM MobileFirst and its security offerings. The book also describes a business scenario illustrating where security is needed in mobile solutions, and how Worklight can help you achieve it.

This publication then provides specific, hands-on guidance about how to integrate Worklight with enterprise security. It also provides step-by-step guidance to implementing mobile security features, including direct update, remote disable, and encrypted offline cache. Integration between Worklight and other IBM security technologies is also covered, including integration with IBM Security Access Manager and IBM WebSphere® DataPower®.

This Redbooks publication is of interest to anyone looking to better understand mobile security, and to learn how to enhance mobile security with Worklight.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. Preface
    1. Authors
    2. Now you can become a published author, too!
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  4. Chapter 1. Overview of IBM MobileFirst and its security offerings
    1. 1.1 Business value of mobile technologies
    2. 1.2 IBM MobileFirst solution overview
      1. 1.2.1 Mobile application development with IBM MobileFirst Platform
      2. 1.2.2 Bring your own device with IBM MobileFirst Management
      3. 1.2.3 Device and data protection with IBM MobileFirst Security
      4. 1.2.4 Optimization of mobile experiences with IBM MobileFirst Analytics
      5. 1.2.5 Putting it all together
    3. 1.3 Mobile security threats
      1. 1.3.1 Loss and theft
      2. 1.3.2 Malware
      3. 1.3.3 Spam
      4. 1.3.4 Phishing
      5. 1.3.5 Bluetooth and WiFi
    4. 1.4 Mobile application landscape
      1. 1.4.1 Mobile application platform
      2. 1.4.2 Mobile application types
      3. 1.4.3 Putting it all together
    5. 1.5 IBM MobileFirst Security solution outline
      1. 1.5.1 IBM Worklight platform as the basis for mobile security
      2. 1.5.2 User protection with IBM Security Access Manager
      3. 1.5.3 Application security testing with IBM Security AppScan
      4. 1.5.4 Delivery of services and applications with IBM WebSphere DataPower
      5. 1.5.5 Security intelligence with IBM Security QRadar SIEM
      6. 1.5.6 VPN software with IBM Mobile Connect
  5. Chapter 2. Business scenario used in this book
    1. 2.1 Mobile strategy business drivers
      1. 2.1.1 A secure platform foundation
      2. 2.1.2 Increased staff productivity
      3. 2.1.3 Secure and easy access for customers
      4. 2.1.4 Rapid development and deployment
    2. 2.2 Conclusion
  6. Chapter 3. IBM Worklight security overview
    1. 3.1 Security principles and concepts
      1. 3.1.1 Authentication and authorization
      2. 3.1.2 Confidentiality, integrity, and nonrepudiation
      3. 3.1.3 Other security concepts
    2. 3.2 IBM Worklight security capabilities
      1. 3.2.1 Protect the data on the device
      2. 3.2.2 Protect the application
      3. 3.2.3 Ensure security updates
      4. 3.2.4 Streamline corporate security processes
      5. 3.2.5 Provide robust authentication and authorization
    3. 3.3 IBM Worklight security framework
      1. 3.3.1 Realms and security tests
      2. 3.3.2 Worklight protocol and client challenge handlers
      3. 3.3.3 Integration with web container security
      4. 3.3.4 Integration with web gateways
    4. 3.4 Conclusion
  7. Chapter 4. Integrating Worklight with enterprise security
    1. 4.1 IBM Worklight security framework
      1. 4.1.1 Challenge handlers
      2. 4.1.2 Authentication configuration file
      3. 4.1.3 Authentication realms
      4. 4.1.4 Login modules
      5. 4.1.5 Security tests
      6. 4.1.6 User registries
    2. 4.2 Restricting access to resources with authentication realms
      1. 4.2.1 Protecting Worklight applications
      2. 4.2.2 Protecting Worklight adapter procedures
      3. 4.2.3 Protecting static Worklight web applications
      4. 4.2.4 Protecting event sources
    3. 4.3 Configuring Worklight for LTPA authentication
  8. Chapter 5. Applying Worklight security features
    1. 5.1 Client-side authentication concepts and entities
      1. 5.1.1 Challenge handler
      2. 5.1.2 Device single sign-on
    2. 5.2 Encrypted offline cache and JSONStore
      1. 5.2.1 EOC overview
      2. 5.2.2 EOC APIs
      3. 5.2.3 JSONStore overview
      4. 5.2.4 The JSONStore API
      5. 5.2.5 JSONStore integration with Worklight adapters
      6. 5.2.6 JSONStore encryption using FIPS 140-2
    3. 5.3 Client-side device provisioning and application authenticity
      1. 5.3.1 Device provisioning
      2. 5.3.2 Device ID on Android and iOS
      3. 5.3.3 Implementing device provisioning
      4. 5.3.4 Control and confirm application authenticity
    4. 5.4 Direct Update
      1. 5.4.1 Using Direct Update
    5. 5.5 Remote Disable
  9. Chapter 6. Integration with IBM Security Access Manager
    1. 6.1 IBM Security Access Manager introduction
      1. 6.1.1 IBM Security Access Manager components
    2. 6.2 Enabling identity aware applications
      1. 6.2.1 IBM Security Access Manager for web login form single sign-on
      2. 6.2.2 Tivoli Federated Identity Manager OAuth single sign-on
      3. 6.2.3 Other authentication types
    3. 6.3 Risk-based access
      1. 6.3.1 Risk-based access overview
      2. 6.3.2 Securing Worklight adapters with risk-based access
      3. 6.3.3 Authorization process flow
      4. 6.3.4 Policy authoring
      5. 6.3.5 Policy attachment
      6. 6.3.6 Policy evaluation
      7. 6.3.7 Step-up authentication
    4. 6.4 Worklight adapter single sign-on
    5. 6.5 Integrated security solution
      1. 6.5.1 Solution architecture
      2. 6.5.2 Conclusion
  10. Chapter 7. Integration with IBM WebSphere DataPower
    1. 7.1 Introduction to the DataPower Appliances
    2. 7.2 DataPower Integration Appliance XI52 overview
    3. 7.3 Integrating WebSphere DataPower with Worklight
      1. 7.3.1 Patterns for integration
      2. 7.3.2 Reverse Proxy Pattern
      3. 7.3.3 Configuring the Worklight Server
      4. 7.3.4 Configuring the mobile application
      5. 7.3.5 Configuring the multiprotocol gateway on the DataPower Appliance
      6. 7.3.6 Conclusion
  11. Appendix A. Additional material
    1. Locating the web material
    2. Downloading and extracting the web material
  12. Related publications
    1. IBM Redbooks
    2. Help from IBM
  13. Back cover