About Me
● Passionate about Technology and Devices● Developer● http://machadogj.com● Speaker● VP of Engineer at KidoZen
Agenda
● Security● Backend Services● Integration● Front End
Enterprise Mobile DevelopmentWhy is it different?
Multiple Applications
BYOD
Existing Infrastructure
Outside the confines of your Intranet
Third Parties
Security
● Authentication● Authorization● Mobile Context
Security – Auth Dilemma
AD
CompanyB
Security – Auth
AD
App A
App B
AD
App C
AD
AD
LIB
LIB
LIB
Security – Auth part 1DRAWBACKS
BENEFITS
● Bug fixes / Deployments● Configuration● Not extremely secure (credentials)
● Simplicity and...
Security – Auth part 2
AD
App A
lib
STSCredentials
TRUSTToken
Token
App B
lib
Token
Security – Auth part 2TOKENS
PROTOCOLS
● JWT (JSON)● SWT (form-encoded)● SAML (XML)
● WS-* (WS-Trust, WS-Federation)● OAuth 2.0● SAML 2.0 (SSO)
Security – Auth part 2DRAWBACKS
BENEFITS
● Adds Complexity● Building STS can be challenging
● Centralizes● Standardizes● Interoperability
Security – Auth part 3
AD
App A
lib
STS
Credentials
WS-FedSAML
SAML
??STS
Company B
OAuthCrede
ntials
JWT
JWT
Security – Auth part 3
AD
FedProvider
STS
WS-Fed
??STS
Company B
OAuth
Credential
s
??
Credentia
l
s ??
??
JWT
App A
libJWT
Security – Auth part 3DRAWBACKS
BENEFITS
● Adds Complexity● Building a Fed Service IS challenging
● Centralizes● Standardizes● Interoperability● Existing Federation Services
Security - Authorization
● Claims based– user.claims.ofType('action').contains('approve')
● Role based– user.isInRole('manager')
● Resource based– Allow GET /my/resource
Security - Context
● Passive (web)
● Active (native)
● Passive (native) App A
lib
STSCredentials
TRUSTToken
Token
Security - Solutions
● Windows Azure WAAD / ACS (Fed Provider)● ADFS (Fed Service)● Ping Identity (Fed Provider)● Apperian (MAM - policies)● Citrix MDX (MDM - policies)
Backend Services
● Storage● Messaging● Mobile
BS - Storage
● Configuration● Logging● Caching● Data● Files
BS - Messaging
● Queues (long running processes)● Pub Sub (real-time)● Email
BS - Mobile
● SMS● Native Push Notifications
– APNS (iOS)– C2DM (Android)– MPNS (WP)
● Media Processing
BS – Offline Sync
Everything needs to be done regardless of network access.
Backend Services - Solutions
● Twilio (SMS)● SendGrid (Email)● Urban Airship (Push Notifications)● Loggly, Splunk (Logging)● MBaaS
– KidoZen– Feedhenry– Kony– AnyPresence
Integration
● Cloud Services– SaaS Providers
● On Premise– LoB Applications– Web Services
Integration – Cloud Services
SaaS Provider
Impersonating User Service Account
Service
cred
entia
ls
Integration – Cloud Services
● Use SDKs– It's documentation– It's dependencies
● Versioning● Adds complexity to the client app● Might require a custom service
– Securely store service accounts– Enforce Authorization rules
Integration – On Premise
DMZ
SystemA
Behind Firewall
SystemB
ServiceB
Service /
Adapter
ServiceBus
Company
Integration – Solutions
● Azure Service Bus● KidoZen Enterprise APIs
Front End
● Web App● Native● Hybrid● Cross Compile
Front End – Web App
Front End – Web App
● jQuery Mobile● jqTouch● Sencha UI● Kendo UI● Bootstrap 3.0 (responsive)
Front End - NativeXcode - Objective-C Android Studio - Java
Visual Studio - C#
Front End - Native
● Full access to native capabilities● Best Performance
Front End - Hybrid
HTML5 + jsBuild Native App
WebView
APP
Libs
● Native Application Package● Access through App Stores● Access to Native capabilities● Not the best performance
Front End - Hybrid
Front End – Cross Compile
Single Codebase Compile
● Access to Native capabilities● Native performance
Native AppsInterpreted
Front End – Cross Compile
Xamarin
Front End - Summary
● Web Applications for simple apps and fast development.
● Native Apps for full Native Performance● Hybrid for maximum code reuse● Cross Compile for significant code reuse and
Native performance
Other Challenging Stuff
● Analytics● Security Policies (dual-factor auth, geo, anti-
jailbroken)● Testing – Unit Testing, Automated UI Testing,
Usability Testing.
Summary
● Federate Security● Generalize as many Backend Services as
possible● Publishing services to the internet is not the
only way, we have service bus too.● There's a front end approach (or more) for
every scenario.● Building Mobile Apps for Enterprises is HARD.