SlideShare ist ein Scribd-Unternehmen logo

API Security with OAuth2.0.

Kellton Tech Solutions Ltd
Kellton Tech Solutions Ltd

Traditional security models no longer suffice in the new digital and API driven economy. APIs expose corporate data in very deliberate and thoughtful ways, but, as with any technology that involves enterprise data, security should always be a prime concern. How do you keep your customers' digital experiences as secure as your backend data and services? OAuth is an API authorization protocol that enables apps to access information on behalf of users without requiring them to divulge their usernames and passwords.

Technologie
1 von 26
Downloaden Sie, um offline zu lesen
Kellton Tech Solutions, Inc. Presented By: Siva Subrahmanyam Sr. Integration Consultant API Security : Using OAuth2 Framework
Our Values: • Incorporated • New management takes over led by Niranjan Chintam and Krishna Chintam • $ 10 MN • Acquired and merged Tekriti Software Private Limited, a software services company focusing on web/open source • Acquired SKAN DbyDx Software Private Limited, a mobility solutions company • $ 40 MN • Acquired Supremesoft Global Inc., and eVantage Solutions Inc., US based IT consulting companies • Acquired Vivos Professional Services LLC, a USA based focusing on life- sciences & healthcare space • 21st in Deloitte Technology fast 50 India 2014 • Selected among the ’20 Most Promising Travel & Hospitality Solution Providers’ and ‘Top 20 Enterprise Mobility Companies in India by CIO Review • $ 100 MN Run Rate. • Acquired ProSoft Technology Group Inc., a US based ERP, EAI Solutions company. • KLGAME was nominated in the finals of HYSEA Annual Summit and Awards 2015. • Acquired Bokanyi Group, leading US based cloud and analytics service provider. Our Mission: Our Vision: Offering infinite possibilities with technology To be “the trusted partner” of our clients Innovation Ownership Trust Speed Meritocracy Accountability Customer Centricity Milestones: FY 1993 FY 2009 FY 2013 FY 2015 FY 2017 About Kellton Tech Infinite Possibilities with Technology
Thought Leaders in Technology Adoption: As an early entrant in IoT and SMAC, we provide innovative transformation solutions to the clients leveraging cloud ERP solutions, digital business platforms, and digital systems integration Focused on Design Thinking: We understand the importance of digital customer experience and operational excellence and explore infinite possibilities with the technology to deliver desired business outcomes. Disciplined and Experienced Team: We hire the best talent, leverage the best practices from design, development and implementation of systems of record, differentiation, engagement and insight. We Are: We Do: Digital Transformation BU Digital Connected Enterprise BU Enterprise Solutions (SAP) BU Systems of Engagement New apps built leveraging design thinking that provide next competitive advantage now and in the future. Systems of Differentiation Business Processes and Orchestration layers that provide competitive advantage. Systems of Record Standardized functions and processes across the organisation that provide predictability, consistency and optimization. KLGAMETM Who we are
Millions: Software we have developed is being used by millions of people worldwide. 600: We have partnered with more than 600 innovative clients (39 Fortune 1000) in Healthcare, Retail, Insurance, Media, Software and Technology industries. 2 Million: We perform more than 2 Million hours of engineering work for our clients every year. 1100+ People: Headquartered in Princeton, NJ we have global delivery centers across US, UK, and India Our Numbers
Partial Customers by Industry OthersFinancials Services Energy Utilities ManufacturingRetail
Digital Transformation and Enterprise Architecture Strategy – Advisory Services API / SOA / ESB Core Application Integration – API/SOA Strategy, Governance and COE BPM Solutions with Business Workflows, Rules, Analytics and Dashboards Distributed In-Memory Data Solutions for High Throughput and Low Latency Applications Real-time and Streaming Analytics Solutions in IoT and Big Data Applications SaaS Integration, Cloud Enablement and Hybrid Infrastructure Services Infrastructure Modernization, Continuous Integration / Dev-Ops Services and AMS Core Services Portfolio
Technology Partnerships
Core Technology Expertise Anypoint Platform
Industry Solutions and Domain Expertise  Banking and Finance  Treasury Services – Payment and Forex Gateways  SWIFT Integration  Business Process modeling and Optimization in o Loan Origination o Account Opening o Risk and Regulatory  Transportation and Logistics  Fleet Management and Real-time On-Board Application services  B2B and Vendor Managed Inventory Solutions  Retail and Manufacturing  ERP Integration  Omni Channel Services Architecture  PoS and eCommerce Integration  Energy and Utilities  Energy Trading and Power Scheduling  RTO Integration and Market Participation  Smart Grid Integration and enablement
 API - Introduction • API, API Strategy, API Economy etc.  API Security Fundamentals. • HTTP Basic Authentication • Digest access Authentication, etc. • Token based Authentication  OAuth2.0 Framework – Deep Dive  OAuth1.0a versus Oauth2.0 – Differences.  OAuth2.0 Framework - Pros and Cons.  Software AG webMethods – OAuth2.0 Demo  Q & A  Upcoming Webinars Today’s Agenda
API - Introduction
API Security Versioning Status Codes JSON Authentication & Authorization Paginate Rate Limiting Caching Documentation
API Security Fundamentals HTTP Security Mechanisms: Basic Authentication: Client: basic-credentials = "Basic" SP basic-cookie basic-cookie = base64encode(username+":"+password) Cons: • Attacker can obtain user's plain text password • The username and password are sent with every request • The server must know user's password in plain text • If intercepted, requests can be reproduced on the future • Vulnerable to Man-in-the-middle Attacks.
API Security Fundamentals, Contd... Digestive Authentication: The client sends a hashed form of the password to the server. Although, the password cannot be captured over HTTP, it may be possible to replay requests using the hashed password. HA1=MD5(username:realm:password) HA2=MD5(method:digestURI) response=MD5(HA1:nonce:HA2) Cons: • Vulnerable to Man-In-The-Middle attacks in some cases. • Many of the security options are optional, which makes it less secure. • Difficult to design and implement. • Limitations when working with certain cryptic modules such as FIPS.
API Security Fundamentals, Contd... Token Based Authentication: What is a • Token • Bearer Token • Holder-Of-Key Token (HOK) Using a bearer token does not require a bearer to prove possession of cryptographic key material (proof-of-possession), whereas, HOK does. Advantages: • Extra security • Stateless and scalable servers • Pass authentication to other applications (Delegated Access) • Fine-grained access control (Scopes) • Expiry & Revoke Access
OAuth2.0 Framework – Deep Dive OAuth Stands for Open Authorization (Token based authorization scheme) Facilitates Delegated Authorization. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
OAuth2.0 Framework – Deep Dive, Contd… OAuth Roles: Resource Owner: An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user. Resource Server: The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens. Client: An application making protected resource requests on behalf of the resource owner and with its authorization. Authorization Server: The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.
OAuth2.0 Framework – Deep Dive, Contd… User / Resource Owner Browser / Client App Resource Server Auth Server 1. User uses his app 2. Client Requests Authorization for User 2. Authorization request redirected to Resource Owner by Authorization Server 3. Resource Owner Grants Authorization by logging into Server & And Approving Authorization Request. 4. Authorization Server sends Authorization Code 5. Client passes Auth Code and Requests for Access token 6. Authorization Server sends Access Token & Refresh token 7. Client passes Access token and invokes Rest API OAuth2.0Workflow 8. Protected Data / resource is sent by Resource Server API
OAuth2.0 Framework – Deep Dive, Contd… User / Resource Owner Browser / Client App Resource Server Auth Server 5. Client passes Expired Access token 6. Resource Server sends Invalid Token Error 7. Client passes Refresh token to Authorization Server OAuth2.0Workflow RefreshingAccessToken 8. Resource Server sends New Access Token & Optional Refresh token 9. Client passes Access token and invokes Rest API 10. Protected Data / resource is sent by Resource Server API
OAuth2.0 Grant Types OAuth2.0 Framework provides different options by various Grant Types such as, • Authorization code grant o Used for Confidential Clients such as server based clients. • Implicit Grant o Used for Public Clients such as browser based clients. • Resource owner credentials grant o Used when Client has access to User’s credentials. • Client credentials grant. o Used when the registered client wants to obtain token for itself. • Refresh token grant. o Used to refresh expired access tokens, by passing refresh tokens.
OAuth1.0a versus OAuth2.0 Differences S.No. OAuth1.0a OAuth2.0 1 Doesn’t need HTTPS Communication. Demands HTTPS Communication 2 Requires Digital Signatures to sign OAuth request messages Doesn’t need Digital Signatures and relies on SSL/TLS. 3 Client app signs all OAuth requests to Auth Server with its unique “consumer secret.” Client application includes “client secret” with every request. 2 More Secure because of the Digital signatures for OAuth Communication as well. Relatively Less Secure than OAuth1.0a, as they are centered around bearer tokens. 3 Less Flexible & More Complex to Design and Develop. Easier for 3rd Party Developers to Implement. 5 OAuth 1.0 only handled web browser based implementations. OAuth 2.0 considers non-web clients as well.
OAuth2.0 Framework - Pros and Cons OAuth2.0 Advantages: 1. Various roles defined in this framework allows better separation of duties. Eg: Handling resource requests and handling user authorization can be decoupled in OAuth 2.0. 2. Provided for greater flexibility and options by various Grant Types. 3. It lets users choose the actions the calling application can access. This serves as a limit to what third parties can do with user information. 4. Concept of Refresh tokens was introduced. 5. Easy for 3rd party clients to develop and design. 6. Supports non-browser Implementations, and hence more widely used by all major companies. OAuth2.0 Disadvantages: 1. Bearer tokens Centric., makes it relatively less secure than OAuth1.0 2. Not backward compatible with OAuth1.0
Demo  Walk through of the o OAuth2.0 Configuration in SoftwareAG webMethods Integration Server. o OAuth2.0 Authorization work flow using Browser & SOAP UI Clients. o OAuth2.0 Implementation – Server Client & Resource Server Code. Kellton Tech Solutions Inc. 3 Independence Way, Princeton, NJ 08540
Demo OAuth Support in Software AG webMethods: Built-in Services: 1. pub.oauth:authorize  Initiates an authorization request from a client application to the authorization server. 2. pub.oauth:getAccessToken  Requests an access token from the authorization server. 3. pub.oauth:refreshAccessToken  Requests a fresh token from the authorization server. 4. pub.client.oauth:executeRequest  To access protected resources on a resource server using an existing Open Authentication (OAuth) access token Kellton Tech Solutions Inc. 3 Independence Way, Princeton, NJ 08540
Kellton Tech Solutions Inc. 3 Independence Way, Princeton, NJ 08540
Upcoming Webinars Kellton Tech Solutions Inc. 3 Independence Way, Princeton, NJ 08540 Date Topic Presenter 31st Jan 2017 Software AG Integration Cloud Ankit Malhotra

Empfohlen

Managing File Transfers (MFT)
Managing File Transfers (MFT)Managing File Transfers (MFT)
Managing File Transfers (MFT)Kellton Tech Solutions Ltd
 
DevOps with Chef
DevOps with ChefDevOps with Chef
DevOps with ChefKellton Tech Solutions Ltd
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
Api management customer
Api management customerApi management customer
Api management customernick_garrod
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
Django & Python Case Studies
Django & Python Case Studies Django & Python Case Studies
Django & Python Case StudiesLeo TechnoSoft
 
AE Foyer: Soa Integration Architecture and Api Management
AE Foyer: Soa Integration Architecture and Api ManagementAE Foyer: Soa Integration Architecture and Api Management
AE Foyer: Soa Integration Architecture and Api ManagementAE - architects for business and ict
 

Empfohlen

Managing File Transfers (MFT)
Managing File Transfers (MFT)Managing File Transfers (MFT)
Managing File Transfers (MFT)Kellton Tech Solutions Ltd
 
DevOps with Chef
DevOps with ChefDevOps with Chef
DevOps with ChefKellton Tech Solutions Ltd
 
Design - Start Your API Journey Today
Design - Start Your API Journey TodayDesign - Start Your API Journey Today
Design - Start Your API Journey TodayLaurenWendler
 
Api management customer
Api management customerApi management customer
Api management customernick_garrod
 
Melbourne API Management Seminar
Melbourne API Management SeminarMelbourne API Management Seminar
Melbourne API Management SeminarCA API Management
 
OAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitOAuth 101 & Secure APIs 2012 Cloud Identity Summit
OAuth 101 & Secure APIs 2012 Cloud Identity SummitBrian Campbell
 
Django & Python Case Studies
Django & Python Case Studies Django & Python Case Studies
Django & Python Case StudiesLeo TechnoSoft
 
AE Foyer: Soa Integration Architecture and Api Management
AE Foyer: Soa Integration Architecture and Api ManagementAE Foyer: Soa Integration Architecture and Api Management
AE Foyer: Soa Integration Architecture and Api ManagementAE - architects for business and ict
 
Corporate Presentation General Overview
Corporate Presentation General OverviewCorporate Presentation General Overview
Corporate Presentation General Overviewcfann
 
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...oow123
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Atul Goyal
 
Oracle Mobile Cloud / Bot
Oracle Mobile Cloud / BotOracle Mobile Cloud / Bot
Oracle Mobile Cloud / BotMee Nam Lee
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a ServicePrabath Siriwardena
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationDelivery Centric
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a PriorityOkta-Inc
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014Andrew Ames
 
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital EconomyWSO2
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?Akana
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterpriseGuru Lakshmeekar B
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...ForgeRock
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
Service Delivery Broker - Digital Services Management
Service Delivery Broker - Digital Services ManagementService Delivery Broker - Digital Services Management
Service Delivery Broker - Digital Services ManagementAnt Cruz
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connectKellton Tech Solutions Ltd
 
Webinar- API Strategy - Are we doing it right?
Webinar- API Strategy - Are we doing it right?Webinar- API Strategy - Are we doing it right?
Webinar- API Strategy - Are we doing it right?Kellton Tech Solutions Ltd
 

Weitere ähnliche Inhalte

Was ist angesagt?

Corporate Presentation General Overview
Corporate Presentation General OverviewCorporate Presentation General Overview
Corporate Presentation General Overviewcfann
 
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...oow123
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationDelivery Centric
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Atul Goyal
 
Oracle Mobile Cloud / Bot
Oracle Mobile Cloud / BotOracle Mobile Cloud / Bot
Oracle Mobile Cloud / BotMee Nam Lee
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationDelivery Centric
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a PriorityOkta-Inc
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014Andrew Ames
 
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital EconomyWSO2
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?Akana
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...ForgeRock
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access ManagementDLT Solutions
 
Service Delivery Broker - Digital Services Management
Service Delivery Broker - Digital Services ManagementService Delivery Broker - Digital Services Management
Service Delivery Broker - Digital Services ManagementAnt Cruz
 

Was ist angesagt? (20)

Corporate Presentation General Overview
Corporate Presentation General OverviewCorporate Presentation General Overview
Corporate Presentation General Overview
 
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
CON8040 Identity as a Service - Extend Enterprise Controls and Identity to th...
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
 
Overview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer PresentationOverview of Oracle Identity Management - Customer Presentation
Overview of Oracle Identity Management - Customer Presentation
 
Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3Oracle Identity Governance Technical Overview - 11gR2PS3
Oracle Identity Governance Technical Overview - 11gR2PS3
 
Oracle Mobile Cloud / Bot
Oracle Mobile Cloud / BotOracle Mobile Cloud / Bot
Oracle Mobile Cloud / Bot
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a Service
 
Oracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer PresentationOracle Identity Governance - Customer Presentation
Oracle Identity Governance - Customer Presentation
 
5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority5 Top Enterprises Making IAM a Priority
5 Top Enterprises Making IAM a Priority
 
Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
 
SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014SSO Agility Made Possible - November 2014
SSO Agility Made Possible - November 2014
 
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
 
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
[WSO2Con EU 2017] Keynote: Mobile Identity in the Digital Economy
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
 
Open api in enterprise
Open api in enterpriseOpen api in enterprise
Open api in enterprise
 
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
Identity Summit 2015: EnerNOC Case Study: The Transformation of IAM for EnerN...
 
Oracle Identity & Access Management
Oracle Identity & Access ManagementOracle Identity & Access Management
Oracle Identity & Access Management
 
Service Delivery Broker - Digital Services Management
Service Delivery Broker - Digital Services ManagementService Delivery Broker - Digital Services Management
Service Delivery Broker - Digital Services Management
 

Andere mochten auch

Webinar- API Strategy - Are we doing it right?
Webinar- API Strategy - Are we doing it right?Webinar- API Strategy - Are we doing it right?
Webinar- API Strategy - Are we doing it right?Kellton Tech Solutions Ltd
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectNat Sakimura
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGNat Sakimura
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API SecurityJagadish Vemugunta
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeApigee | Google Cloud
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 

Andere mochten auch (14)

API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
 
Webinar- API Strategy - Are we doing it right?
Webinar- API Strategy - Are we doing it right?Webinar- API Strategy - Are we doing it right?
Webinar- API Strategy - Are we doing it right?
 
Mobility Solutions by Kellton Tech
Mobility Solutions by Kellton TechMobility Solutions by Kellton Tech
Mobility Solutions by Kellton Tech
 
Federation Lab and OpenID Connect
Federation Lab and OpenID ConnectFederation Lab and OpenID Connect
Federation Lab and OpenID Connect
 
API Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WGAPI Days 2016 Day 1: OpenID Financial API WG
API Days 2016 Day 1: OpenID Financial API WG
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WG
 
Financial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID ConnectFinancial Grade OAuth & OpenID Connect
Financial Grade OAuth & OpenID Connect
 
SAP GRC
SAP GRC SAP GRC
SAP GRC
 
Blockchain and Big Data/IoT
Blockchain and Big Data/IoTBlockchain and Big Data/IoT
Blockchain and Big Data/IoT
 
OpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WGOpenID Foundation Foundation Financial API (FAPI) WG
OpenID Foundation Foundation Financial API (FAPI) WG
 
DataPower Restful API Security
DataPower Restful API SecurityDataPower Restful API Security
DataPower Restful API Security
 
Deep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital AgeDeep-Dive: API Security in the Digital Age
Deep-Dive: API Security in the Digital Age
 
Whats new in web methods 9.12
Whats new in web methods 9.12Whats new in web methods 9.12
Whats new in web methods 9.12
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Ähnlich wie API Security with OAuth2.0.

Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportGaurav Sharma
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...Good Dog Labs, Inc.
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectLiamWadman
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19aminmesbahi
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Nilanjan Roy
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsTom Freestone
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTMobiliya
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedCalvin Noronha
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsStefan Weber
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CloudIDSummit
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTGaurav Roy
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
 

Ähnlich wie API Security with OAuth2.0. (20)

Oauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 supportOauth2 and OWSM OAuth2 support
Oauth2 and OWSM OAuth2 support
 
OAuth2 primer
OAuth2 primerOAuth2 primer
OAuth2 primer
 
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
OAuth 2.0 - The fundamentals, the good , the bad, technical primer and commo...
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect Microservice security with spring security 5.1,Oauth 2.0 and open id connect
Microservice security with spring security 5.1,Oauth 2.0 and open id connect
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
Identity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation AppsIdentity Management: Using OIDC to Empower the Next-Generation Apps
Identity Management: Using OIDC to Empower the Next-Generation Apps
 
Stateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWTStateless Auth using OAUTH2 & JWT
Stateless Auth using OAUTH2 & JWT
 
OAuth with Salesforce - Demystified
OAuth with Salesforce - DemystifiedOAuth with Salesforce - Demystified
OAuth with Salesforce - Demystified
 
Microsoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application PermissionsMicrosoft Graph API Webinar Application Permissions
Microsoft Graph API Webinar Application Permissions
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
 
Id fiware upm-dit
Id fiware upm-ditId fiware upm-dit
Id fiware upm-dit
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
 
Stateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWTStateless Auth using OAuth2 & JWT
Stateless Auth using OAuth2 & JWT
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
OAuth
OAuthOAuth
OAuth
 
Who’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and MobileWho’s Knocking? Identity for APIs, Web and Mobile
Who’s Knocking? Identity for APIs, Web and Mobile
 

Mehr von Kellton Tech Solutions Ltd

Understanding how Hybrid Integration and API Reference Architecture enables C...
Understanding how Hybrid Integration and API Reference Architecture enables C...Understanding how Hybrid Integration and API Reference Architecture enables C...
Understanding how Hybrid Integration and API Reference Architecture enables C...Kellton Tech Solutions Ltd
 
How Blockchain & Cryptocurrencies Redefining Financial Instruments in Finance
How Blockchain & Cryptocurrencies Redefining Financial Instruments in Finance How Blockchain & Cryptocurrencies Redefining Financial Instruments in Finance
How Blockchain & Cryptocurrencies Redefining Financial Instruments in Finance Kellton Tech Solutions Ltd
 
Learn how to make your IoT pilot projects and POCs successful
Learn how to make your IoT pilot projects and POCs successfulLearn how to make your IoT pilot projects and POCs successful
Learn how to make your IoT pilot projects and POCs successfulKellton Tech Solutions Ltd
 
Intelligent automation surpasses RPA to accelerate performance
Intelligent automation surpasses RPA to accelerate performance Intelligent automation surpasses RPA to accelerate performance
Intelligent automation surpasses RPA to accelerate performance Kellton Tech Solutions Ltd
 
Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Kellton Tech Solutions Ltd
 
Learn how APIs Complements Hybrid Integration Strategies
Learn how APIs Complements Hybrid Integration StrategiesLearn how APIs Complements Hybrid Integration Strategies
Learn how APIs Complements Hybrid Integration StrategiesKellton Tech Solutions Ltd
 
SAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA ImplementationSAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA ImplementationKellton Tech Solutions Ltd
 
Boomi Molecule Migration to the Cloud: Top 5 Strategies Revealed
Boomi Molecule Migration to the Cloud: Top 5 Strategies RevealedBoomi Molecule Migration to the Cloud: Top 5 Strategies Revealed
Boomi Molecule Migration to the Cloud: Top 5 Strategies RevealedKellton Tech Solutions Ltd
 
What’s Mule 4.3? How Does Anytime RTF Help? Our insights explain.
What’s Mule 4.3? How Does Anytime RTF Help? Our insights explain. What’s Mule 4.3? How Does Anytime RTF Help? Our insights explain.
What’s Mule 4.3? How Does Anytime RTF Help? Our insights explain. Kellton Tech Solutions Ltd
 
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...Kellton Tech Solutions Ltd
 
webMethods 10.5 and webMethods.io Integration: Everything You Must Know
webMethods 10.5 and webMethods.io Integration: Everything You Must KnowwebMethods 10.5 and webMethods.io Integration: Everything You Must Know
webMethods 10.5 and webMethods.io Integration: Everything You Must KnowKellton Tech Solutions Ltd
 
Digital Transformation and COVID-19: What Enterprises Can Do
Digital Transformation and COVID-19: What Enterprises Can DoDigital Transformation and COVID-19: What Enterprises Can Do
Digital Transformation and COVID-19: What Enterprises Can DoKellton Tech Solutions Ltd
 
Business Continuity and Disaster Recovery from Economic Impacts of COVID-19
Business Continuity and Disaster Recovery from Economic Impacts of COVID-19Business Continuity and Disaster Recovery from Economic Impacts of COVID-19
Business Continuity and Disaster Recovery from Economic Impacts of COVID-19Kellton Tech Solutions Ltd
 
What all it takes to build a successful hybrid integration strategy?
What all it takes to build a successful hybrid integration strategy? What all it takes to build a successful hybrid integration strategy?
What all it takes to build a successful hybrid integration strategy? Kellton Tech Solutions Ltd
 
Why and How of Upgrading to SAP Solution Manager 7.2?
Why and How of Upgrading to SAP Solution Manager 7.2?Why and How of Upgrading to SAP Solution Manager 7.2?
Why and How of Upgrading to SAP Solution Manager 7.2?Kellton Tech Solutions Ltd
 
IoT Implementation and Security Best Practices
IoT Implementation and Security Best PracticesIoT Implementation and Security Best Practices
IoT Implementation and Security Best PracticesKellton Tech Solutions Ltd
 
WHAT'S NEW IN MULE 4.X – NEW ENHANCEMENTS AND CAPABILITIES
WHAT'S NEW IN MULE 4.X – NEW ENHANCEMENTS AND CAPABILITIESWHAT'S NEW IN MULE 4.X – NEW ENHANCEMENTS AND CAPABILITIES
WHAT'S NEW IN MULE 4.X – NEW ENHANCEMENTS AND CAPABILITIESKellton Tech Solutions Ltd
 

Mehr von Kellton Tech Solutions Ltd (20)

Understanding how Hybrid Integration and API Reference Architecture enables C...
Understanding how Hybrid Integration and API Reference Architecture enables C...Understanding how Hybrid Integration and API Reference Architecture enables C...
Understanding how Hybrid Integration and API Reference Architecture enables C...
 
How Blockchain & Cryptocurrencies Redefining Financial Instruments in Finance
How Blockchain & Cryptocurrencies Redefining Financial Instruments in Finance How Blockchain & Cryptocurrencies Redefining Financial Instruments in Finance
How Blockchain & Cryptocurrencies Redefining Financial Instruments in Finance
 
Learn how to make your IoT pilot projects and POCs successful
Learn how to make your IoT pilot projects and POCs successfulLearn how to make your IoT pilot projects and POCs successful
Learn how to make your IoT pilot projects and POCs successful
 
Intelligent automation surpasses RPA to accelerate performance
Intelligent automation surpasses RPA to accelerate performance Intelligent automation surpasses RPA to accelerate performance
Intelligent automation surpasses RPA to accelerate performance
 
Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide Transition to SAP S/4HANA System Conversion: A step-by-step guide
Transition to SAP S/4HANA System Conversion: A step-by-step guide
 
Learn how APIs Complements Hybrid Integration Strategies
Learn how APIs Complements Hybrid Integration StrategiesLearn how APIs Complements Hybrid Integration Strategies
Learn how APIs Complements Hybrid Integration Strategies
 
SAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA ImplementationSAP Activate Methodology for S/4HANA Implementation
SAP Activate Methodology for S/4HANA Implementation
 
Boomi Molecule Migration to the Cloud: Top 5 Strategies Revealed
Boomi Molecule Migration to the Cloud: Top 5 Strategies RevealedBoomi Molecule Migration to the Cloud: Top 5 Strategies Revealed
Boomi Molecule Migration to the Cloud: Top 5 Strategies Revealed
 
What’s Mule 4.3? How Does Anytime RTF Help? Our insights explain.
What’s Mule 4.3? How Does Anytime RTF Help? Our insights explain. What’s Mule 4.3? How Does Anytime RTF Help? Our insights explain.
What’s Mule 4.3? How Does Anytime RTF Help? Our insights explain.
 
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
DevOps Automation and Maturity using FlexDeploy, webMethods demo: Kellton Web...
 
webMethods 10.5 and webMethods.io Integration: Everything You Must Know
webMethods 10.5 and webMethods.io Integration: Everything You Must KnowwebMethods 10.5 and webMethods.io Integration: Everything You Must Know
webMethods 10.5 and webMethods.io Integration: Everything You Must Know
 
Digital Transformation and COVID-19: What Enterprises Can Do
Digital Transformation and COVID-19: What Enterprises Can DoDigital Transformation and COVID-19: What Enterprises Can Do
Digital Transformation and COVID-19: What Enterprises Can Do
 
Business Continuity and Disaster Recovery from Economic Impacts of COVID-19
Business Continuity and Disaster Recovery from Economic Impacts of COVID-19Business Continuity and Disaster Recovery from Economic Impacts of COVID-19
Business Continuity and Disaster Recovery from Economic Impacts of COVID-19
 
What all it takes to build a successful hybrid integration strategy?
What all it takes to build a successful hybrid integration strategy? What all it takes to build a successful hybrid integration strategy?
What all it takes to build a successful hybrid integration strategy?
 
Building IoT Solutions 101
Building IoT Solutions 101Building IoT Solutions 101
Building IoT Solutions 101
 
Making iot deliver business value v4
Making iot deliver business value v4Making iot deliver business value v4
Making iot deliver business value v4
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first Strategy
 
Why and How of Upgrading to SAP Solution Manager 7.2?
Why and How of Upgrading to SAP Solution Manager 7.2?Why and How of Upgrading to SAP Solution Manager 7.2?
Why and How of Upgrading to SAP Solution Manager 7.2?
 
IoT Implementation and Security Best Practices
IoT Implementation and Security Best PracticesIoT Implementation and Security Best Practices
IoT Implementation and Security Best Practices
 
WHAT'S NEW IN MULE 4.X – NEW ENHANCEMENTS AND CAPABILITIES
WHAT'S NEW IN MULE 4.X – NEW ENHANCEMENTS AND CAPABILITIESWHAT'S NEW IN MULE 4.X – NEW ENHANCEMENTS AND CAPABILITIES
WHAT'S NEW IN MULE 4.X – NEW ENHANCEMENTS AND CAPABILITIES
 

Kürzlich hochgeladen

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Kürzlich hochgeladen (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

API Security with OAuth2.0.

  • 1. Kellton Tech Solutions, Inc. Presented By: Siva Subrahmanyam Sr. Integration Consultant API Security : Using OAuth2 Framework
  • 2. Our Values: • Incorporated • New management takes over led by Niranjan Chintam and Krishna Chintam • $ 10 MN • Acquired and merged Tekriti Software Private Limited, a software services company focusing on web/open source • Acquired SKAN DbyDx Software Private Limited, a mobility solutions company • $ 40 MN • Acquired Supremesoft Global Inc., and eVantage Solutions Inc., US based IT consulting companies • Acquired Vivos Professional Services LLC, a USA based focusing on life- sciences & healthcare space • 21st in Deloitte Technology fast 50 India 2014 • Selected among the ’20 Most Promising Travel & Hospitality Solution Providers’ and ‘Top 20 Enterprise Mobility Companies in India by CIO Review • $ 100 MN Run Rate. • Acquired ProSoft Technology Group Inc., a US based ERP, EAI Solutions company. • KLGAME was nominated in the finals of HYSEA Annual Summit and Awards 2015. • Acquired Bokanyi Group, leading US based cloud and analytics service provider. Our Mission: Our Vision: Offering infinite possibilities with technology To be “the trusted partner” of our clients Innovation Ownership Trust Speed Meritocracy Accountability Customer Centricity Milestones: FY 1993 FY 2009 FY 2013 FY 2015 FY 2017 About Kellton Tech Infinite Possibilities with Technology
  • 3. Thought Leaders in Technology Adoption: As an early entrant in IoT and SMAC, we provide innovative transformation solutions to the clients leveraging cloud ERP solutions, digital business platforms, and digital systems integration Focused on Design Thinking: We understand the importance of digital customer experience and operational excellence and explore infinite possibilities with the technology to deliver desired business outcomes. Disciplined and Experienced Team: We hire the best talent, leverage the best practices from design, development and implementation of systems of record, differentiation, engagement and insight. We Are: We Do: Digital Transformation BU Digital Connected Enterprise BU Enterprise Solutions (SAP) BU Systems of Engagement New apps built leveraging design thinking that provide next competitive advantage now and in the future. Systems of Differentiation Business Processes and Orchestration layers that provide competitive advantage. Systems of Record Standardized functions and processes across the organisation that provide predictability, consistency and optimization. KLGAMETM Who we are
  • 4. Millions: Software we have developed is being used by millions of people worldwide. 600: We have partnered with more than 600 innovative clients (39 Fortune 1000) in Healthcare, Retail, Insurance, Media, Software and Technology industries. 2 Million: We perform more than 2 Million hours of engineering work for our clients every year. 1100+ People: Headquartered in Princeton, NJ we have global delivery centers across US, UK, and India Our Numbers
  • 5. Partial Customers by Industry OthersFinancials Services Energy Utilities ManufacturingRetail
  • 6. Digital Transformation and Enterprise Architecture Strategy – Advisory Services API / SOA / ESB Core Application Integration – API/SOA Strategy, Governance and COE BPM Solutions with Business Workflows, Rules, Analytics and Dashboards Distributed In-Memory Data Solutions for High Throughput and Low Latency Applications Real-time and Streaming Analytics Solutions in IoT and Big Data Applications SaaS Integration, Cloud Enablement and Hybrid Infrastructure Services Infrastructure Modernization, Continuous Integration / Dev-Ops Services and AMS Core Services Portfolio
  • 9. Industry Solutions and Domain Expertise  Banking and Finance  Treasury Services – Payment and Forex Gateways  SWIFT Integration  Business Process modeling and Optimization in o Loan Origination o Account Opening o Risk and Regulatory  Transportation and Logistics  Fleet Management and Real-time On-Board Application services  B2B and Vendor Managed Inventory Solutions  Retail and Manufacturing  ERP Integration  Omni Channel Services Architecture  PoS and eCommerce Integration  Energy and Utilities  Energy Trading and Power Scheduling  RTO Integration and Market Participation  Smart Grid Integration and enablement
  • 10.  API - Introduction • API, API Strategy, API Economy etc.  API Security Fundamentals. • HTTP Basic Authentication • Digest access Authentication, etc. • Token based Authentication  OAuth2.0 Framework – Deep Dive  OAuth1.0a versus Oauth2.0 – Differences.  OAuth2.0 Framework - Pros and Cons.  Software AG webMethods – OAuth2.0 Demo  Q & A  Upcoming Webinars Today’s Agenda
  • 13. API Security Fundamentals HTTP Security Mechanisms: Basic Authentication: Client: basic-credentials = "Basic" SP basic-cookie basic-cookie = base64encode(username+":"+password) Cons: • Attacker can obtain user's plain text password • The username and password are sent with every request • The server must know user's password in plain text • If intercepted, requests can be reproduced on the future • Vulnerable to Man-in-the-middle Attacks.
  • 14. API Security Fundamentals, Contd... Digestive Authentication: The client sends a hashed form of the password to the server. Although, the password cannot be captured over HTTP, it may be possible to replay requests using the hashed password. HA1=MD5(username:realm:password) HA2=MD5(method:digestURI) response=MD5(HA1:nonce:HA2) Cons: • Vulnerable to Man-In-The-Middle attacks in some cases. • Many of the security options are optional, which makes it less secure. • Difficult to design and implement. • Limitations when working with certain cryptic modules such as FIPS.
  • 15. API Security Fundamentals, Contd... Token Based Authentication: What is a • Token • Bearer Token • Holder-Of-Key Token (HOK) Using a bearer token does not require a bearer to prove possession of cryptographic key material (proof-of-possession), whereas, HOK does. Advantages: • Extra security • Stateless and scalable servers • Pass authentication to other applications (Delegated Access) • Fine-grained access control (Scopes) • Expiry & Revoke Access
  • 16. OAuth2.0 Framework – Deep Dive OAuth Stands for Open Authorization (Token based authorization scheme) Facilitates Delegated Authorization. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
  • 17. OAuth2.0 Framework – Deep Dive, Contd… OAuth Roles: Resource Owner: An entity capable of granting access to a protected resource. When the resource owner is a person, it is referred to as an end-user. Resource Server: The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens. Client: An application making protected resource requests on behalf of the resource owner and with its authorization. Authorization Server: The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization.
  • 18. OAuth2.0 Framework – Deep Dive, Contd… User / Resource Owner Browser / Client App Resource Server Auth Server 1. User uses his app 2. Client Requests Authorization for User 2. Authorization request redirected to Resource Owner by Authorization Server 3. Resource Owner Grants Authorization by logging into Server & And Approving Authorization Request. 4. Authorization Server sends Authorization Code 5. Client passes Auth Code and Requests for Access token 6. Authorization Server sends Access Token & Refresh token 7. Client passes Access token and invokes Rest API OAuth2.0Workflow 8. Protected Data / resource is sent by Resource Server API
  • 19. OAuth2.0 Framework – Deep Dive, Contd… User / Resource Owner Browser / Client App Resource Server Auth Server 5. Client passes Expired Access token 6. Resource Server sends Invalid Token Error 7. Client passes Refresh token to Authorization Server OAuth2.0Workflow RefreshingAccessToken 8. Resource Server sends New Access Token & Optional Refresh token 9. Client passes Access token and invokes Rest API 10. Protected Data / resource is sent by Resource Server API
  • 20. OAuth2.0 Grant Types OAuth2.0 Framework provides different options by various Grant Types such as, • Authorization code grant o Used for Confidential Clients such as server based clients. • Implicit Grant o Used for Public Clients such as browser based clients. • Resource owner credentials grant o Used when Client has access to User’s credentials. • Client credentials grant. o Used when the registered client wants to obtain token for itself. • Refresh token grant. o Used to refresh expired access tokens, by passing refresh tokens.
  • 21. OAuth1.0a versus OAuth2.0 Differences S.No. OAuth1.0a OAuth2.0 1 Doesn’t need HTTPS Communication. Demands HTTPS Communication 2 Requires Digital Signatures to sign OAuth request messages Doesn’t need Digital Signatures and relies on SSL/TLS. 3 Client app signs all OAuth requests to Auth Server with its unique “consumer secret.” Client application includes “client secret” with every request. 2 More Secure because of the Digital signatures for OAuth Communication as well. Relatively Less Secure than OAuth1.0a, as they are centered around bearer tokens. 3 Less Flexible & More Complex to Design and Develop. Easier for 3rd Party Developers to Implement. 5 OAuth 1.0 only handled web browser based implementations. OAuth 2.0 considers non-web clients as well.
  • 22. OAuth2.0 Framework - Pros and Cons OAuth2.0 Advantages: 1. Various roles defined in this framework allows better separation of duties. Eg: Handling resource requests and handling user authorization can be decoupled in OAuth 2.0. 2. Provided for greater flexibility and options by various Grant Types. 3. It lets users choose the actions the calling application can access. This serves as a limit to what third parties can do with user information. 4. Concept of Refresh tokens was introduced. 5. Easy for 3rd party clients to develop and design. 6. Supports non-browser Implementations, and hence more widely used by all major companies. OAuth2.0 Disadvantages: 1. Bearer tokens Centric., makes it relatively less secure than OAuth1.0 2. Not backward compatible with OAuth1.0
  • 23. Demo  Walk through of the o OAuth2.0 Configuration in SoftwareAG webMethods Integration Server. o OAuth2.0 Authorization work flow using Browser & SOAP UI Clients. o OAuth2.0 Implementation – Server Client & Resource Server Code. Kellton Tech Solutions Inc. 3 Independence Way, Princeton, NJ 08540
  • 24. Demo OAuth Support in Software AG webMethods: Built-in Services: 1. pub.oauth:authorize  Initiates an authorization request from a client application to the authorization server. 2. pub.oauth:getAccessToken  Requests an access token from the authorization server. 3. pub.oauth:refreshAccessToken  Requests a fresh token from the authorization server. 4. pub.client.oauth:executeRequest  To access protected resources on a resource server using an existing Open Authentication (OAuth) access token Kellton Tech Solutions Inc. 3 Independence Way, Princeton, NJ 08540
  • 25. Kellton Tech Solutions Inc. 3 Independence Way, Princeton, NJ 08540
  • 26. Upcoming Webinars Kellton Tech Solutions Inc. 3 Independence Way, Princeton, NJ 08540 Date Topic Presenter 31st Jan 2017 Software AG Integration Cloud Ankit Malhotra