The Nuts and Bolts of API Security: Protecting Your Data at All Times
Travis Spencer - Curity (formerly Twobo Technologies). Nordic APIs World Tour 2015: May 11 - Copenhagen. Travis Spencer argues that API keys are insufficient for implementing proper API security and identity management. This talk delves into OAuth and OpenId Connect, with the goal to create a holistic approach to API and enterprise security that keeps all systems safe through a multi-faceted approach to identity control.
This talk specifically covers:
- The risks of relying solely on API keys
- Fundamental introduction to OAuth as an identity delegation protocol
- The actors involved in an OAuth process
- Step-by-step processes involved in the common web server OAuth flow (validating tokens, returning data, etc.)
- Overview of scopes, permissions and delegations.
- Kinds of tokens (Access Tokens, Refresh Tokens)
- Profiles of tokens (Bearer, Holder of Key)
- Overview on types of tokens (WS-Security, SAML, JWT)
- Using OpenID Connect as a federation protocol
- Step-by-step OpenID Connect flow example
- and more
For thought provoking pieces on everything APIs, check out the Nordic APIs blog: http://nordicapis.com/blog/
Read Curity's blog for more on API Security: https://curity.io/blog/
Видео The Nuts and Bolts of API Security: Protecting Your Data at All Times канала Nordic APIs
This talk specifically covers:
- The risks of relying solely on API keys
- Fundamental introduction to OAuth as an identity delegation protocol
- The actors involved in an OAuth process
- Step-by-step processes involved in the common web server OAuth flow (validating tokens, returning data, etc.)
- Overview of scopes, permissions and delegations.
- Kinds of tokens (Access Tokens, Refresh Tokens)
- Profiles of tokens (Bearer, Holder of Key)
- Overview on types of tokens (WS-Security, SAML, JWT)
- Using OpenID Connect as a federation protocol
- Step-by-step OpenID Connect flow example
- and more
For thought provoking pieces on everything APIs, check out the Nordic APIs blog: http://nordicapis.com/blog/
Read Curity's blog for more on API Security: https://curity.io/blog/
Видео The Nuts and Bolts of API Security: Protecting Your Data at All Times канала Nordic APIs
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
The Art of Documentation & Making Your API Go from Good to GreatAPIs in the public transport industry — what's next?What Does It Take to Become a Platform Company?APIs for the B2B Social Tech RevolutionDigital first Real Estate BankingBe REST Assured - but What's with API Usability?The Why & How of Testing APIsSecure Social Media Integration: Safe and simple incorporation of social into your siteManagement and Security of Contextual CommunicationsAutomatic Testing of API DocumentationContent Negotiation for REST APIsThe 10 REST CommandmentsLife After Microservices: Shifting the BoundariesWhy Developers use APIs and what can you do about it.API Economies: APIs as Bridges from Services to Real Digital ExperiencesAPI and Platform Transformation Patterns to Power Your BusinessHuman in the loop Workflow AutomationThe Next Challenge for API Management: Real Time on the EdgeReigniting the API Description Wars with TypeSpec and the Next Generation of API LanguagesWhy Standards-Based Drivers Offer Better API IntegrationAccelerating API Development, Testing and Delivery with API Virtualisation