1
Mission C
ritical AP
Is and NA
PP
S
Adam Lewis – Motorola Solutions – Chief Technology Office
Mission Critical APIs and NAPPS
3
Mission C
ritical AP
Is and NA
PP
S
Who We Are
4
Mission C
ritical AP
Is and NA
PP
S
Health APIs
Presence &
Location Key
Mgmt
Home Agency
Public Safety LTE will usher in a new era of mobile applications for First Responders
5
Mission C
ritical AP
Is and NA
PP
S
EACH OF THESE APPLICATIONS IS GOING TO NEED TO KNOW WHO THE
RESPONDER IS AND WHAT THEY ARE AUTHORIZED TO DO
6
Mission C
ritical AP
Is and NA
PP
S
Friday, 17 October 2008
7
Mission C
ritical AP
Is and NA
PP
S
In a Nutshell
Problem: Identity solved independently =
overall solution complexity + inconvenience to both the administrator and the end-
user + weakened security +
obstacle to interoperability
Public Safety needs an Identity Ecosystem
Enabling: centralized credential management
Enabling: migration path to strong authentication
Enabling: SSO across native and web apps
And it must be built upon open standards.
8
Mission C
ritical AP
Is and NA
PP
S
Question
It’s 6 a.m.
Do you know where your first responder is?
9
Mission C
ritical AP
Is and NA
PP
S
Gesture Recogni.on
Holster/Weapon Sensor
Augmented Reality Eye-‐wear
Wrist Display& Biometric Sensors
Heart rate sensor
Camera
Time: 6:00 a.m.
CONNECTED FIRST RESPONDER BRINGING
WEARABLES TO MISSION CRITICAL
WORKGROUP COMMUNICATIONS
10
Mission C
ritical AP
Is and NA
PP
S
GRABS A SHARED
BROADBAND DEVICE FROM THE FLEET
CHARGING STATION. PROCEEDS TO FLEET
VEHICLE
Time: 6:10 a.m.
11
Mission C
ritical AP
Is and NA
PP
S
Kill Header
OFFICER ENTERS VEHICLE AND LOGS ONTO THEIR DEVICE
LITTLE DOES OFFICER KNOW, MAGIC BEGINS
TO HAPPEN BEHIND THE SCENES
Time: 6:15 a.m.
12
Mission C
ritical AP
Is and NA
PP
S
WEBVIEW-DRIVEN AUTHENTICATION
ENABLES TA TO BE AGNOSTIC TO
AUTHENTICATION THIS IS HUGE
UA
AuthZ EP
Token EP
AppInfo EP
TA
Time: 6:15 a.m.
HTTP/1.1 302 Found Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA
POST /token HTTP/1.1 Host: server.example.com Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=SplxlOBeZQQYbYS6WxSbIA &redirect_uri=https://client.example.com/cb
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" }
https://server.example.com/authorize? response_type=code &client_id=s6BhdRkqt3 &redirect_uri=https://client.example.org/cb &scope=openid napps
GET /AppInfo/service Authorization: Bearer SlAV32hkKG Cache-Control: no-cache
Application Metadata tailored to User roles
13
Mission C
ritical AP
Is and NA
PP
S
TA
PAN service
Context API (health, sight, gun)
Time: 6:15 a.m.
grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:context_api
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, }
14
Mission C
ritical AP
Is and NA
PP
S
TA
Real-time Video App
Real-time Video Intelligence
Home Agency Time: 9:17 a.m.
grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:video_api
In-vehicle camera beings streaming live video back to dispatch center
Notification sent to all responders within vicinity based upon location context
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, }
15
Mission C
ritical AP
Is and NA
PP
S
TA Records
Lookup App
Time: 12:35 p.m.
grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:records_api
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "id_token":"eyJ0 ... NiJ9.eyJ1c ... I6IjIifX0.DeWt4Qu ... ZXso" }
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, }
POST /token.oauth2 HTTP/1.1 Host: as.example.com Content-Type: application/x-www-form-urlencoded grant_type=urn.ietf.params.oauth.grant-type.jwt-bearer &assertion=eyJhbGciOiJFUzI1NiIsImtpZCI6IjE2In0. eyJpc3Mi[...omitted for brevity...]. J9l-ZhwP[...omitted for brevity...]
Public Safety SaaS
OFFICER PULLS OVER DRIVER DUE
TO SUSPICION USES NATIVE
MOBILE APP TO RUN THE LICENSE PLATE AGAINST A CLOUD-
EXPOSED API JWT Id_token identifies user as being a sworn law enforcement offier
16
Mission C
ritical AP
Is and NA
PP
S
OFFICER PULLS OVER ANOTHER VEHICLE BECAUSE
OF BROKEN TAIL LIGHT PASSENGER BEGINS TO FLEE –
OFFICER BEGINS TO PURSUE SUSPECT ON FOOT CHASE
Health APIs
Presence &
Location Key
Mgmt
Home Agency
Time: 6:15 p.m.
First Responder’s elevated heart rate seamlessly communicated to context & health monitoring APIs, protected by previously-obtained access token
Dispatcher at command central alerted
Other responder within same vicinity are dispatched for backup
17
Mission C
ritical AP
Is and NA
PP
S
TA
Web Launcher
InitSSO EP
Time: 7:10 p.m.
grant_type=refresh_token& refresh_token=qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH& scope=urn:oauth:nief
HTTP/1.1 200 OK Content-Type: application/json Cache-Control: no-store Pragma: no-cache { "access_token":"SlAV32hkKG", "token_type":"bearer", "expires_in":3600, }
SAML response
GET /initsso.ep/service?target=NIEF HTTP/1.1 Host: server.example.com:9031 Authorization: Bearer qANLTbu17rk17lPszecHRi7rqJt46pG1qx0nTAqXWH
18
Mission C
ritical AP
Is and NA
PP
S
LOGOUT
19
Mission C
ritical AP
Is and NA
PP
S
And in Closing …
• Questions? • Comments? • Scrutiny?
• Thank you! :-) [email protected]