The Nuts and Bolts of API Security: Protecting Your Data at All Times
Travis Spencer - Curity (formerly Twobo Technologies). Nordic APIs World Tour 2015: May 11 - Copenhagen. Travis Spencer argues that API keys are insufficient for implementing proper API security and identity management. This talk delves into OAuth and OpenId Connect, with the goal to create a holistic approach to API and enterprise security that keeps all systems safe through a multi-faceted approach to identity control.
This talk specifically covers:
- The risks of relying solely on API keys
- Fundamental introduction to OAuth as an identity delegation protocol
- The actors involved in an OAuth process
- Step-by-step processes involved in the common web server OAuth flow (validating tokens, returning data, etc.)
- Overview of scopes, permissions and delegations.
- Kinds of tokens (Access Tokens, Refresh Tokens)
- Profiles of tokens (Bearer, Holder of Key)
- Overview on types of tokens (WS-Security, SAML, JWT)
- Using OpenID Connect as a federation protocol
- Step-by-step OpenID Connect flow example
- and more
For thought provoking pieces on everything APIs, check out the Nordic APIs blog: http://nordicapis.com/blog/
Read Curity's blog for more on API Security: https://curity.io/blog/
Видео The Nuts and Bolts of API Security: Protecting Your Data at All Times канала Nordic APIs
This talk specifically covers:
- The risks of relying solely on API keys
- Fundamental introduction to OAuth as an identity delegation protocol
- The actors involved in an OAuth process
- Step-by-step processes involved in the common web server OAuth flow (validating tokens, returning data, etc.)
- Overview of scopes, permissions and delegations.
- Kinds of tokens (Access Tokens, Refresh Tokens)
- Profiles of tokens (Bearer, Holder of Key)
- Overview on types of tokens (WS-Security, SAML, JWT)
- Using OpenID Connect as a federation protocol
- Step-by-step OpenID Connect flow example
- and more
For thought provoking pieces on everything APIs, check out the Nordic APIs blog: http://nordicapis.com/blog/
Read Curity's blog for more on API Security: https://curity.io/blog/
Видео The Nuts and Bolts of API Security: Protecting Your Data at All Times канала Nordic APIs
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
The Art of Documentation & Making Your API Go from Good to Great
APIs in the public transport industry — what's next?
What Does It Take to Become a Platform Company?
APIs for the B2B Social Tech Revolution
Digital first Real Estate Banking
Be REST Assured - but What's with API Usability?
The Why & How of Testing APIs
Secure Social Media Integration: Safe and simple incorporation of social into your site
Management and Security of Contextual Communications
Automatic Testing of API Documentation
Content Negotiation for REST APIs
The 10 REST Commandments
Life After Microservices: Shifting the Boundaries
Why Developers use APIs and what can you do about it.
API Economies: APIs as Bridges from Services to Real Digital Experiences
API and Platform Transformation Patterns to Power Your Business
Human in the loop Workflow Automation
The Next Challenge for API Management: Real Time on the Edge
Reigniting the API Description Wars with TypeSpec and the Next Generation of API Languages
Why Standards-Based Drivers Offer Better API Integration
Accelerating API Development, Testing and Delivery with API Virtualisation