The Nuts and Bolts of API Security: Protecting Your Data at All Times скачать в хорошем качестве

The Nuts and Bolts of API Security: Protecting Your Data at All Times

Travis Spencer - Curity (formerly Twobo Technologies). Nordic APIs World Tour 2015: May 11 - Copenhagen. Travis Spencer argues that API keys are insufficient for implementing proper API security and identity management. This talk delves into OAuth and OpenId Connect, with the goal to create a holistic approach to API and enterprise security that keeps all systems safe through a multi-faceted approach to identity control. This talk specifically covers: The risks of relying solely on API keys Fundamental introduction to OAuth as an identity delegation protocol The actors involved in an OAuth process Step-by-step processes involved in the common web server OAuth flow (validating tokens, returning data, etc.) Overview of scopes, permissions and delegations. Kinds of tokens (Access Tokens, Refresh Tokens) Profiles of tokens (Bearer, Holder of Key) Overview on types of tokens (WS-Security, SAML, JWT) Using OpenID Connect as a federation protocol Step-by-step OpenID Connect flow example and more For thought provoking pieces on everything APIs, check out the Nordic APIs blog: http://nordicapis.com/blog/ Read Curity's blog for more on API Security: https://curity.io/blog/