Guest Blogger Leif Bildoy
The CA API Management product team recently released a new version of CA Mobile API Gateway (CA MAG). Since our 2.2 release last fall, we have listened to customer feedback and incorporated significant enhancements to improve security and user convenience for both the business (including developers) and the consumer.
The CA MAG provides design time tooling for mobile app developers that help them build secure apps faster while providing the enterprise architect tooling for run-time protection of back-end APIs accessed from mobile apps. This latest release of CA Mobile API Gateway extends that value for both app developers and the enterprise architects.
The Power of Five
Developer speed is increased with the unified JSON-based auto-configuration of the SDK. This allows developers to export a JSON message on the CA MAG which then can be saved and imported directly in the SDK. The file is the same for all platforms and in reduces the complexities around getting started with CA MAG and the SDK configuration.
New multi-user support in CA MAG helps in use cases where multiple users share a single device – situations found in healthcare, where doctors and nurses share a tablet, or in the police force where tablets are mounted in cars. From a security perspective the SDK needs to ensure that all existing security tokens are removed from the device when a new user logs in. Users always need valid credentials, but the SDK is not keeping any credential history on the SDK level. The multi-user feature is controlled via the CA MAG Manager settings. If a customer still needs to enforce a one-to-one mapping between a device ID and the user ID, this remains the default option.
Customers spoke and we listened. In previous versions of the CA MAG, the mobile SSO protocol did not allow users that had completed the login and device registration flow to re-register with the same username. This was a problem in the instance where the client registered or de-registered but could not notify the MAG due to network issues. To rectify this situation – especially for B2C use cases where the process needs to be as simple and frictionless as possible the new auto re-registration feature enables an already registered device to be registered again for the same username via the /connect/device/register endpoint on the MAG. The MAG replaces the existing registration record. This provides the developer the flexibility to use this more streamlined option for login and device registration or the more stringent option.
The 2.3 version of CA MAG comes with an enhanced Samsung KNOX feature set, building on the support provided in November 2014. The new KNOX Admin APIs added for device and application management together with the KNOX Admin Tool web app provides an API Gateway with a true end-to-end perspective to mobile security. Being able to instrument a container, which apps run inside, or validate integrity of containers and their content, gives CA MAG customers the capability to enhance API security. Add device attestation into the mix and the rules for mobile security are transformed by Samsung and CA.
Finally, we have enhanced the cross-device session sharing feature introduced in the CA Mobile API Gateway at CA World last November. In CA MAG 2.3 we have added session sharing with NFC (Near-Field Communication) and BLE (Bluetooth Low Energy). This complements the QR Code support in the platform agnostic user session sharing framework. It allows developers to securely add touchless authentication to their apps when they are deployed across a number of devices. The team has embarked on a significant and vital path to help app developers prepare for a world where apps, devices and people are increasingly connected. Not only can the CA Mobile API Gateway help with creating associations between the identities of these entities through a client side framework, but since the CA MAG knows the relationships it also can manipulate and control these in policy as required for the specific use case.
What tools do you use to create secure mobile apps and create a great end user experience? For more information about CA Mobile API Gateway and to sign up for a trial, please visit http://www.ca.com/us/securecenter/ca-mobile-api-gateway.aspx.