Upload File

securing api data models

16
Building on the Ashes of Past Standards Securing API Data Models Jonathan LeBlanc Head of Developer Evangelism (North America) Github: http://github.com/jcleblanc Slides: http://slideshare.net/jcleblanc Twitter: @jcleblanc

Upload: jonathan-leblanc

Post on 28-Jan-2015

108 views

Category:

Technology


1 download

Report

Tags:

DESCRIPTION

Security and Usability, two methodologies that have fought each other since the there was a login. As we have have progressed from a simple thought that even though something is painful developers will use it if it's secure, to an enlightened stage of good security and usability balance and judgement, we have seen the death of many specs and standards. Two open standards are leading the charge for this new auth age: OAuth 2 and OpenID Connect. In this talk we will explore the principles and standards behind API auth security, which will include: Using OAuth 2 and OpenID Connect as the entry point for secure API data auth - How those implementations have cannibalized previous standards to create something both secure and usable - How to practically use these standards.

TRANSCRIPT

Page 1: Securing API data models

Building on the Ashes of Past Standards

Securing API Data Models

Jonathan LeBlancHead of Developer Evangelism (North

America)Github: http://github.com/jcleblanc

Slides: http://slideshare.net/jcleblancTwitter: @jcleblanc

Page 2: Securing API data models

The Ultimate Decision

Security Usability

Page 3: Securing API data models

The Path

to th

e Sta

ndard

Page 4: Securing API data models

The Insecure, Unmanageable Start

Page 5: Securing API data models

Very Secure, Long to Implement

Page 6: Securing API data models

Two Currently Widely Used Specs

Page 7: Securing API data models

Auth in

Pra

ctice

Page 8: Securing API data models

Fetching a Code

Prepare the Redirect URIAuthorization Endpointclient_id response_type (code)scope redirect_urinonce state

Browser RedirectRedirect URI

Page 9: Securing API data models

Fetching the Access Token

Fetch the Access TokenAccess Token Endpointclient_id code (query string)client_secret grant_type

HTTP POSTAccess Token Endpoint

Page 10: Securing API data models

A few implementation differences

Endpoints

Scopes (dynamic / static)

Using the Access Token in a request

Page 11: Securing API data models

Using th

e Ske

leto

n Key

Page 12: Securing API data models

How it’s Normally Used

Access user details

Push data throughuser social streams

Page 13: Securing API data models

But why?

Access token as a control structure

Improve Existing Products

Our showcase: Seamless Checkout

Page 14: Securing API data models

A Few Code Links

OAuth2 & OpenID Connect Sampleshttps://github.com/jcleblanc/oauthhttps://github.com/paypal/paypal-access

Log in with PayPalhttp://bit.ly/loginwithpaypal

Page 15: Securing API data models
Page 16: Securing API data models

http://bit.ly/securing_apis

Thank You! Questions?

Jonathan LeBlancHead of Developer Evangelism (North

America)Github: http://github.com/jcleblanc

Slides: http://slideshare.net/jcleblancTwitter: @jcleblanc


Securing the Perimeter of One - Akamai...Application Security DDoS Mitigation API Management Enterprise Security Customizable, advanced app rules and API protection Managed protection

Mohanraj - Securing Your Web Api With OAuth

Enabling and Securing Digital Business in API Economy · SUI BIEF Enabling and Securing Digital Business in API Economy Protect APIs Serving Business Critical Applications

The Five API Monetization Models - Rob Zazueta, RESTFest 2016

Securing your APIs on the Cloud - Red Hat€¦ · SECURING YOUR APIS ON THE CLOUD 31 3scale API Management Istio Service Mesh API Contracts Monetisation Partner Ecosystem Developer

Securing TodoMVC Using the Web Cryptography API

Securing api with_o_auth2

Securing APIs throughout the enterprise - IBM€¦ · Securing APIs throughout the enterprise z API Roadshow Eric Phan z Systems IT Specialist ... Use for securing access to mainframe,

API Security: Securing Digital Channels and Mobile Apps Against Hacks

Real World API Business Models That Worked

Securing Enterprise Securing Enterprise Securing Enterprise

API Business Models

Advancing Innovation, Embracing Transformation, Securing ......Advancing Innovation, Embracing Transformation, Securing the future • Investing in implementation models for water

Advanced API Security Healthcare Information Privacy ... · Securing APIs with OAuth, OpenID, and JSON Practical API Security is a complete reference to the next wave of challenges

Securing your APIs with OAuth 2.0 in InterSystems API

Lead the Way in the API Economy - Oracle...After you design and develop APIs, API management addresses: • Processes: Publishing, securing, promoting, and monitoring how applications

One-Click Architecture: Using the Revit API to Build Your Models

Deploying your Predictive Models as a Service via Domino API Endpoints

The Edgescan API JourneyThe Edgescan API Journey A COMPREHENSIVE STRATEGY TO SECURING YOUR APIs TI PIE VUNERAIITY MANAGEMENT TOP 10 Contributor Verizon 2019 Data Breach Investigations

Securing Rural Livelihoods Through Inclusive Business Models(IBMs) Lessons from Uganda

Pro ASP.NET Web API Security - Home - Springer978-1-4302-5783-7/1.pdf · Pro ASP.NET Web API Security Securing ASP.NET Web API Badrinarayanan Lakshmiraghavan Apress

ARCHITECTURING AND SECURING IOT PLATFORMS · PDF fileRevoke destroys stateless approach -so use just for session ... Securing Microservices ... -Secure the microservice API with authentication

Securing Serverless Workloads with Cognito and API Gateway Part I - AWS Security Day

The 5 API Monetization Models and How to Measure Their Success

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Security Day

API Top 10 2019, Case Securing your APIs: OWASP Study and … · 2020. 8. 11. · On API, Microservices Security, Container Runtime Security and MITRE ATT&CK® for Kubernetes(K8S)

Privacy Risks of Securing Machine Learning Models against ... · Machine learning models, especially deep neural networks, have been deployed prominently in many real-world applications,

Development of API Soil Models for Studying Soil- Pile ... · PDF fileDevelopment of API Soil Models for Studying Soil-Pile Interaction Analysis Using FB ... Bridge Software Institute

Apigee Edge Deployment Models · PDF fileApigee Edge Deployment Models ... API Services brings together powerful API management tools with a BaaS platform built for cloud scale, and

Axway API Management Plus...Axway API Management Plus #axway An API-first, FHIR-enabled approach to digital patient engagement 2 Increased regulation, changing coverage models and

Advanced API Security Healthcare Information Privacy ... › sgw › documents › 1451044 › ... · Securing APIs with OAuth, OpenID, and JSON Practical API Security is a complete

Securing your API and mobile application - API Connection FR

Pro ASP.NET Web API Security3A978-1-4302-5783-7%2F… · Pro ASP.NET Web API Security Securing ASP.NET Web API Badrinarayanan Lakshmiraghavan Apress

Presentation : Konstantinos Kanaris. What is Jena? Usage of Jena Main Concepts Main Components Storage Models OWL API RDF API Reasoning

Privacy-Enhancing Models and Mechanisms for Securing Provenance and its Use October 2010