Introduction to “Authlete”Your OAuth/OIDC Servers. Simpler Yet More Secure.

Authlete, Inc.

OAuth and OIDC are the Foundation for Open APIs

Credit cards

Stocks and pension

accounts

Account Information

Money Transfer

Credit Information

Managing multiple accounts

Money transfer using apps

Third Parties(e.g. Fintechs)

API Providers(e.g. Banks)

Users

Authorized access

by users

App XYZ

- Better CX

- New consumer

behavior

API Access

AuthorizationWho grants what API access to

which third party clients

OAuth 2.0

OIDC (OpenID

Connect)

• Service providers can’t follow the

standardization process

– A lot of new extensions and practices

are being created

• Poor API access authorization could

lead to security incidents

– Customers of the providers could

become victims

Difficulties in Adopting OAuth/OIDC Standards

Source: https://tools.ietf.org/wg/oauth/, https://openid.net/wg/fapi/

IDaaS“No deployment needed”

Offering limited general-purpose

features

IAM Software“Flexible customization”

Conflict with existing IdM / user

authN

API Gateways“Tightly integrated”

Lack of focus on API authZcapabilities

Problems in Traditional API Authorization Approaches

Difficult to optimize IDaaS for

your APIs and business

Non-negligible cost to migrate

the existing assets

Slow to support up-to-date API

security stds such as FAPI, eKYC

“Semi-hosted” Architecture

Providing All Features as APIs

The Leader in Supporting the

Latest OAuth/OIDC Standards

Authlete: A New Approach of “API Authorization Engine”

Authlete Fits in Any Form of Existing SystemsExposing Web APIs for OAuth/OIDC Processing and Token Management

API Infrastructure

Existing Systems

Authorization Server

Authorization

Decision Logic

User

Authentication

Consent

Management

Privilege

Management

Authlete

Au

tho

riza

tio

n

Back

en

d A

PIs

Tokens and

Config DB

Authorization and Token

Requests

API Requests

OAuth/OIDC Processing Requests

Externalizing Cumbersome

OAuth/OIDC Processing and

Token Management

Authorization Status

Check

Externalizing Access

Token Verification

Authorization

Frontend

API Servers / Gateways

/data /function /transaction /…

API Clients

Websites

Mobile

Devices

Networked

Devices

A Broad Range of Use CasesFrom Banks to Entertainments

Grand Prize IBM AwardGrand Prize

Minna No Ginko (TBD) *

Banking

Fintech

Personal Data Bank

Integrated Solution

IoT HR Entertainment

* In evaluation

Awards

SmartHROne of the Largest HR Management SaaS in Japan Has Been Utilizing Authlete For Years

“Quite a rich set of Web

APIs”

“High maintenance ability

for anyone from anywhere”

“Continuous adoption of

the latest standards is

trustworthy”Source: https://speakerdeck.com/mserizawa/smarthr-niokeru-authlete-falsehuo-yong

9

Try Authlete for Free at www.authlete.com

Thank You

www.authlete.com