SlideShare ist ein Scribd-Unternehmen logo

Apache con@home 2021_sha

Als PPTX, PDF herunterladen
Hitachi, Ltd. OSS Solution Center.
Hitachi, Ltd. OSS Solution Center.

Presentation slides for ApacheCon@Home 2021. - Video: https://youtu.be/0vjGuctHtks - Event page: https://apachecon.com/acah2021/

Technologie
1 von 29
© Hitachi, Ltd. 2021. All rights reserved. A high-security API management infrastructure using Apache Camel ApacheCon@Home 2021 Hitachi, Ltd. OSS Solution Center 09/21/2021 Yang Xie
© Hitachi, Ltd. 2021. All rights reserved. 1. API management infrastructure using Camel and Keycloak 2. Drawbacks of security 3. Security enhancement with Keycloak Contents 1 4. Conclusion
2 © Hitachi, Ltd. 2021. All rights reserved. 1. API management infrastructure using Camel and Keycloak
3 © Hitachi, Ltd. 2021. All rights reserved. 1-1 API management infrastructure using Camel and Keycloak  Apache Camel (hereinafter called “Camel“), that is known as a tool of integrating heterogeneous systems, also can be used as an API gateway.  By adding Keycloak as an OAuth 2.0 authorization server, we can create an API management infrastructure providing the following functions as the picture shows such as reverse proxy and token issuance/management. API Management Infrastructure JDBC FTP API Server REST(HTTP) REST(HTTP) Mash-up Protocol Conversion Reverse Proxy API Gateway (Camel) Flow Control API Server API Server API Server API Server Access Token REST(HTTP) REST(HTTP) Token Issuance &Management Prometheus&Grafana Authorization Server (Keycloak) Application Access Token Token request Metrics API Documentation
4 © Hitachi, Ltd. 2021. All rights reserved. 1-2 What is Keycloak?  Keycloak is an identity and access management OSS whose community is managed by Red Hat.  It can be used as an OAuth 2.0 authorization server. API Server Keycloak Single Sign-On using the most popular standards (Including OAuth 2.0 authorization server) Social Login (Identity Brokering) Identity management and authentication OpenID Connect SAML LDAP Active Directory RDB
5 © Hitachi, Ltd. 2021. All rights reserved. 2. Drawbacks of security
6 © Hitachi, Ltd. 2021. All rights reserved. 2-1 Drawbacks of security  Although the API management infrastructure can protect itself by using token issuance/management, there are also three drawbacks of its security as the picture shows. All drawbacks will cause API abuse. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Application Access Token Access Token Drawback 1: Only do minimal validations for access token (such as signature and expiration time) Drawback 3: No prevention for access token stealing Drawback 2: No management of user’s access
7 © Hitachi, Ltd. 2021. All rights reserved. 2-2 Drawback of only do minimal validations for access token  An access token can be invalidated before its expiration time.  Therefore, if API management infrastructure only does minimal validations such as signature and expiration time, invalid access tokens within their expiration time hasn’t been reached will be considered to be valid, and attackers can use them to access the API. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Invalid Access Token within its expiration time Lucky! I can use an invalid access token to access the API. 200 (OK)
8 © Hitachi, Ltd. 2021. All rights reserved. 2-3 Drawback of no API access management  With no management of API access, anyone can access the API with full authority. You only can request the API used for reading data. But I’ve already overwritten a part of data by an API used for writing data… API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Access Token 200 (OK)
9 © Hitachi, Ltd. 2021. All rights reserved. 2-4 Drawback of no access token stealing prevention  With no prevention for access token stealing, attackers can use the stolen access token to access the API. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Access Token Access Token I can use the stolen access token to access the API. 200 (OK)
10 © Hitachi, Ltd. 2021. All rights reserved. 3. Security enhancement with Keycloak
11 © Hitachi, Ltd. 2021. All rights reserved. 3-2 Security enhancement with Keycloak  OAuth 2.0 and its related standards defined three mechanisms that can be used for overcoming the drawbacks. They are token introspection, scope check and OAuth MTLS, and all of them are supported by Keycloak.  With the support of Keycloak, we can implement the mechanisms by developing Camel application. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Application Access Token Access Token Enhancement for Drawback 3: OAuth MTLS Enhancement for Drawback 1: Token Introspection Enhancement for Drawback 2: Scope Check
12 © Hitachi, Ltd. 2021. All rights reserved. 3-3 Token introspection  Token introspection is a mechanism for validating access token by requesting the token introspection endpoint on authorization server. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) API Server Access Token 2. Validate the access token (=Token introspection) 3. Forward the API request only if access token is valid. Otherwise, deny the request with 401 HTTP status code 1. API request with the access token issued by Keycloak Application
13 © Hitachi, Ltd. 2021. All rights reserved. 3-4 Support of token introspection in Keycloak  Keycloak provides a token introspection endpoint to receive the token introspection request.  After receiving the token introspection request, Keycloak inspects the access token with several steps including validate the session linked with the access token.  Session is a data structure used in Keycloak for storing user’s login information. Access token is generated from session and every access token is linked with one session. Access token and the linked session have the same value of their validities. Therefore, if the linked session is validated to invalid, the access token also will be validated to invalid even if its expiration time hasn’t been reached.  After introspecting the access token, Keycloak returns a token introspection response in JSON format. Authorization Server (Keycloak) Token Introspection Endpoint Access Token Receive token introspection request Return a token introspection response Session Keycloak introspects access token by validating its signature, issuer, expiration time, issued at and linked session
14 © Hitachi, Ltd. 2021. All rights reserved. 3-5 Development of token introspection in Camel  To implement token introspection, we can use HTTP4 component provided by Camel to send the token introspection request and receive the token introspection response.  Component is used for communicating with external system. Among them, HTTP4 component is used for communicating with external system by using HTTP protocol. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) API Server Access Token Application HTTP4 Token Introspection Endpoint Access Token
15 © Hitachi, Ltd. 2021. All rights reserved. 3-6 Effect of token introspection As a result of implementing token introspection, the API request with an invalid access token within its expiration time will be denied with a 401 HTTP status code. That is meaning the drawback 1 is overcome. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server A response with 401 HTTP status code is returned when I use an invalid access token within its expiration time. Enhancement for Drawback 1: Token Introspection 401 (Unauthorized) Invalid Access Token within its expiration time
16 © Hitachi, Ltd. 2021. All rights reserved. 3-7 Scope check  Scope is a mechanism for limiting an application’s access to API. The granted scopes to the application is included in the access token.  Checking of scope can be used for managing API access. If the required scope for API request is not included in the scopes linked with access token, the request will be denied. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) API Server Access Token 3. Forward the API request if required scope exists. Otherwise, deny the request with 403 HTTP status code 1. API request with the access token Application 2. Check the scopes linked with access token
17 © Hitachi, Ltd. 2021. All rights reserved. 3-8 Support of scope in Keycloak  Keycloak can bring the scope that required for API into the access token when issues access token. Authorization Server (Keycloak) Application Access Token One or more scopes can be requested by specifying them in request parameter For example, specify “scope=read” in request parameter The scopes requested will be included in access token issued by Keycloak Example: … { "iss": "https://example.hitachi.com/", "aud": "https://app1.hitachi.com/", "sub": “jdoe", "scope": “read", "iat": 1458785796, "exp": 1458872196 } Read scope is included in the access token
18 © Hitachi, Ltd. 2021. All rights reserved. 3-9 Development of scope check in Camel  To implement scope check, we can use processor provided by Camel.  Processor is used for treating the message that flowing in Camel. Camel is providing lots kind of processors by default. You can also customize a processor by implement the processor interface. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) API Server Access Token Application Processor Message Access Token … { "iss": "https://example.hitachi.com/", … "scope": “read", … } Extract scopes from access token and check if the required scopes are included
19 © Hitachi, Ltd. 2021. All rights reserved. 3-10 Effect of scope check  As a result of implementing token introspection, the API request without granted authority (scope) will be denied with a 403 HTTP status code. That is meaning the drawback 2 is overcome. You only can request the API that used for reading data. A response with 403 HTTP status code is returned when I request the API used for writing data. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Access Token 403 (Forbidden) Enhancement for Drawback 2: Scope Check
20 © Hitachi, Ltd. 2021. All rights reserved. 3-11 OAuth MTLS  OAuth MTLS is a mechanism for preventing token stealing attacks. It uses client certificate to confirm if the access token is granted to the OAuth client that makes the API request. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) Application API Server 3. API request with access token (Present client certificate) 5. Forward the API request if client certificates are matched. Otherwise, deny the request with 403 HTTP status code 4. Compare the hash value of the client certificate with the hash included in access token 1. Token request (Present client certificate) 2. Issue an access token with a hash of the client certificate Access Token Access Token
21 © Hitachi, Ltd. 2021. All rights reserved. 3-12 Support of OAuth MTLS in Keycloak  Keycloak can calculate the hash value of client certificate and bring it into the access token when issues access token. Authorization Server (Keycloak) Application Access Token Request the access token with application’s client certificate The hash of client certificate will be included in access token as a member called x5t#S256 Example: … { "iss": "https://example.hitachi.com", "aud": "https://app1.hitachi.com" "sub": “jdoe", "iat": 1458785796, "exp": 1458872196, "cnf":{ "x5t#S256": "bwcK0esc3ACC3DB2Y5_lESsXE8o9ltc05O89jdN-dg2" } }
22 © Hitachi, Ltd. 2021. All rights reserved. 3-13 Development of OAuth MTLS in Camel  To implement OAuth MTLS, we also can use processor provided by Camel. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) Application API Server Access Token Processor Message Access Token { … "cnf":{ "x5t#S256": "bwcK0esc3ACC3DB2Y5_lESsXE8o9ltc05O89jdN-dg2" } … } Calculate the hash value of client certificate and compare it with the x5t#S256 value extract from access token
23 © Hitachi, Ltd. 2021. All rights reserved. 3-14 Effect of OAuth MTLS  As a result of implementing OAuth MTLS, the API request with a stolen token will be denied with a 403 HTTP status code. That is meaning the drawback 3 is overcome. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Access Token Access Token A response with 403 HTTP status code is returned when I use a stolen access token to request the API. 403 (Forbidden)
24 © Hitachi, Ltd. 2021. All rights reserved. 4. Conclusion
25 © Hitachi, Ltd. 2021. All rights reserved. 4-1 Conclusion  Camel and Keycloak can perform API management infrastructure.  Although the API management infrastructure (Camel + Keycloak) can protect itself by using token issuance/management, there are also three drawbacks of its security.  With the enhancement with Keycloak, Camel can be developed to overcome the drawbacks.
26 © Hitachi, Ltd. 2021. All rights reserved. Trademarks  Red Hat is a registered trademark of Red Hat, Inc. in the United States and other countries. ​  Apache and Camel are registered trademarks or trademarks of The Apache Software Foundation in the United States and other countries.  OpenID is a trademark or registered trademark of OpenID Foundation in the United States and other countries.​  GitHub and the GitHub logo are trademarks or registered trademarks of GitHub, Inc. in the United States and other countries.  Twitter and the Twitter logo are trademarks or registered trademarks of Twitter, Inc. or its affiliates.  Facebook and the Facebook logo are trademarks or registered trademarks of Facebook, Inc.  Other brand names and product names used in this material are trademarks, registered trademarks, or trade names of their respective holders.
© Hitachi, Ltd. 2021. All rights reserved. Yang Xie 09/21/2021 Hitachi, Ltd. OSS Solution Center END A high-security API management infrastructure using Apache Camel 27
Apache con@home 2021_sha

Empfohlen

Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Hitachi, Ltd. OSS Solution Center.
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
Secure Webservices
Secure WebservicesSecure Webservices
Secure WebservicesMatthias Käppler
 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...Hitachi, Ltd. OSS Solution Center.
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 

Empfohlen

Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Lightweight Zero-trust Network Implementation and Transition with Keycloak an...
Lightweight Zero-trust Network Implementation and Transition with Keycloak an...Hitachi, Ltd. OSS Solution Center.
 
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...
Consideration on Holder-of-Key Bound Token < from Financial-grade API (FAPI) ...Hitachi, Ltd. OSS Solution Center.
 
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Hitachi, Ltd. OSS Solution Center.
 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
Secure Webservices
Secure WebservicesSecure Webservices
Secure WebservicesMatthias Käppler
 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...Hitachi, Ltd. OSS Solution Center.
 
Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ... Implementing security requirements for banking API system using Open Source ...
Implementing security requirements for banking API system using Open Source ...Yuichi Nakamura
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
Authlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyAuthlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyTatsuo Kudo
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On WSO2
 
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachClient Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachTatsuo Kudo
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedEugene Siow
 
Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful APIMuhammad Zbeedat
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CloudIDSummit
 
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Tatsuo Kudo
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz
 
APIs_ An Introduction.pptx
APIs_ An Introduction.pptxAPIs_ An Introduction.pptx
APIs_ An Introduction.pptxAkashThorat25
 
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileHitachi, Ltd. OSS Solution Center.
 

Weitere ähnliche Inhalte

Was ist angesagt?

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCloudIDSummit
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
Authlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyAuthlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyTatsuo Kudo
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkNov Matake
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2scotttomilson
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDGasperi Jerome
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On WSO2
 
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachClient Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachTatsuo Kudo
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedEugene Siow
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CloudIDSummit
 
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Tatsuo Kudo
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz
 

Was ist angesagt? (20)

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
 
Authlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API EconomyAuthlete: API Authorization Enabler for API Economy
Authlete: API Authorization Enabler for API Economy
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
 
OpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
 
CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2CIS 2012 - Going Mobile with PingFederate and OAuth 2
CIS 2012 - Going Mobile with PingFederate and OAuth 2
 
Single Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenIDSingle Sign On with OAuth and OpenID
Single Sign On with OAuth and OpenID
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
 
Enterprise Single Sign On
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
 
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachClient Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
 
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA
 
OpenID Connect 1.0 Explained
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
 
Securing RESTful API
Securing RESTful APISecuring RESTful API
Securing RESTful API
 
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
 
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
 
The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
 

Ähnlich wie Apache con@home 2021_sha

APIs_ An Introduction.pptx
APIs_ An Introduction.pptxAPIs_ An Introduction.pptx
APIs_ An Introduction.pptxAkashThorat25
 
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileHitachi, Ltd. OSS Solution Center.
 
APIdays Paris 2019 - What are protected and secured by security requirements ...
APIdays Paris 2019 - What are protected and secured by security requirements ...APIdays Paris 2019 - What are protected and secured by security requirements ...
APIdays Paris 2019 - What are protected and secured by security requirements ...apidays
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Hitachi, Ltd. OSS Solution Center.
 
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays
 
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0Krishna-Kumar
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Dejan Glozic
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater Apigee | Google Cloud
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...Hitachi, Ltd. OSS Solution Center.
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)cdanger
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
 
OAuth2 Authorization Server Under the Hood
OAuth2 Authorization Server Under the HoodOAuth2 Authorization Server Under the Hood
OAuth2 Authorization Server Under the HoodLohika_Odessa_TechTalks
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop Apigee | Google Cloud
 
Guide of authentication and authorization for cloud native applications with ...
Guide of authentication and authorization for cloud native applications with ...Guide of authentication and authorization for cloud native applications with ...
Guide of authentication and authorization for cloud native applications with ...Hitachi, Ltd. OSS Solution Center.
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakHitachi, Ltd. OSS Solution Center.
 

Ähnlich wie Apache con@home 2021_sha (20)

APIs_ An Introduction.pptx
APIs_ An Introduction.pptxAPIs_ An Introduction.pptx
APIs_ An Introduction.pptx
 
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
 
APIdays Paris 2019 - What are protected and secured by security requirements ...
APIdays Paris 2019 - What are protected and secured by security requirements ...APIdays Paris 2019 - What are protected and secured by security requirements ...
APIdays Paris 2019 - What are protected and secured by security requirements ...
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
 
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
 
Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...
 
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachi
 
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
CCICI CIP 1.0 Testbed - Security access implementation and reference - v1.0
 
Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017Authentication in microservice systems - fsto 2017
Authentication in microservice systems - fsto 2017
 
WEB API Gateway
WEB API GatewayWEB API Gateway
WEB API Gateway
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
 
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
FI-WARE OAUTH-XACML-based API Access Control - Overview (Part 1)
 
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...
 
OAuth2 Authorization Server Under the Hood
OAuth2 Authorization Server Under the HoodOAuth2 Authorization Server Under the Hood
OAuth2 Authorization Server Under the Hood
 
Api security
Api security Api security
Api security
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
 
Guide of authentication and authorization for cloud native applications with ...
Guide of authentication and authorization for cloud native applications with ...Guide of authentication and authorization for cloud native applications with ...
Guide of authentication and authorization for cloud native applications with ...
 
Challenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with KeycloakChallenge to Implementing "Scalable" Authorization with Keycloak
Challenge to Implementing "Scalable" Authorization with Keycloak
 

Mehr von Hitachi, Ltd. OSS Solution Center.

KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩みKeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩みHitachi, Ltd. OSS Solution Center.
 
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...Hitachi, Ltd. OSS Solution Center.
 
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可Hitachi, Ltd. OSS Solution Center.
 
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Hitachi, Ltd. OSS Solution Center.
 
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するKeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するHitachi, Ltd. OSS Solution Center.
 
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~Hitachi, Ltd. OSS Solution Center.
 
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~Hitachi, Ltd. OSS Solution Center.
 
CloudNative Days Spring 2021 Online: Apache CamelおよびKeycloakを用いたAPI管理基盤の実現
CloudNative Days Spring 2021 Online: Apache CamelおよびKeycloakを用いたAPI管理基盤の実現CloudNative Days Spring 2021 Online: Apache CamelおよびKeycloakを用いたAPI管理基盤の実現
CloudNative Days Spring 2021 Online: Apache CamelおよびKeycloakを用いたAPI管理基盤の実現Hitachi, Ltd. OSS Solution Center.
 

Mehr von Hitachi, Ltd. OSS Solution Center. (20)

KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩みKeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
KeycloakのCNCF incubating project入りまでのアップストリーム活動の歩み
 
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
KubeCon NA 2023 Recap: Challenge to Implementing “Scalable” Authorization wit...
 
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
パスキーでリードする: NGINXとKeycloakによる効率的な認証・認可
 
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
Keycloakの全体像: 基本概念、ユースケース、そして最新の開発動向
 
NGINXでの認可について考える
NGINXでの認可について考えるNGINXでの認可について考える
NGINXでの認可について考える
 
Security Considerations for API Gateway Aggregation
Security Considerations for API Gateway AggregationSecurity Considerations for API Gateway Aggregation
Security Considerations for API Gateway Aggregation
 
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開するKeycloakでFAPIに対応した高セキュリティなAPIを公開する
KeycloakでFAPIに対応した高セキュリティなAPIを公開する
 
IDガバナンス&管理の基礎
IDガバナンス&管理の基礎IDガバナンス&管理の基礎
IDガバナンス&管理の基礎
 
Keycloakのステップアップ認証について
Keycloakのステップアップ認証についてKeycloakのステップアップ認証について
Keycloakのステップアップ認証について
 
NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話NGINXをBFF (Backend for Frontend)として利用した話
NGINXをBFF (Backend for Frontend)として利用した話
 
KeycloakでAPI認可に入門する
KeycloakでAPI認可に入門するKeycloakでAPI認可に入門する
KeycloakでAPI認可に入門する
 
Node-RED Installer, Standalone Installer using Electron
Node-RED Installer, Standalone Installer using ElectronNode-RED Installer, Standalone Installer using Electron
Node-RED Installer, Standalone Installer using Electron
 
Hacktoberfest 概要、Node-REDプロジェクト貢献手順
Hacktoberfest 概要、Node-REDプロジェクト貢献手順Hacktoberfest 概要、Node-REDプロジェクト貢献手順
Hacktoberfest 概要、Node-REDプロジェクト貢献手順
 
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
最近のKeycloakのご紹介 ~クライアントポリシーとFAPI~
 
Node-RED v2.0新機能紹介
Node-RED v2.0新機能紹介Node-RED v2.0新機能紹介
Node-RED v2.0新機能紹介
 
Node-REDからREST APIに接続
Node-REDからREST APIに接続Node-REDからREST APIに接続
Node-REDからREST APIに接続
 
Node-RED v1.3新機能紹介
Node-RED v1.3新機能紹介Node-RED v1.3新機能紹介
Node-RED v1.3新機能紹介
 
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
社会のコードを、書き換えよう~エンジニア起点のNew Normalな働き方~
 
CloudNative Days Spring 2021 Online: Apache CamelおよびKeycloakを用いたAPI管理基盤の実現
CloudNative Days Spring 2021 Online: Apache CamelおよびKeycloakを用いたAPI管理基盤の実現CloudNative Days Spring 2021 Online: Apache CamelおよびKeycloakを用いたAPI管理基盤の実現
CloudNative Days Spring 2021 Online: Apache CamelおよびKeycloakを用いたAPI管理基盤の実現
 
CSS2020 Client Policies on keycloak
CSS2020 Client Policies on keycloak CSS2020 Client Policies on keycloak
CSS2020 Client Policies on keycloak
 

Kürzlich hochgeladen

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Kürzlich hochgeladen (20)

Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Apache con@home 2021_sha

  • 1. © Hitachi, Ltd. 2021. All rights reserved. A high-security API management infrastructure using Apache Camel ApacheCon@Home 2021 Hitachi, Ltd. OSS Solution Center 09/21/2021 Yang Xie
  • 2. © Hitachi, Ltd. 2021. All rights reserved. 1. API management infrastructure using Camel and Keycloak 2. Drawbacks of security 3. Security enhancement with Keycloak Contents 1 4. Conclusion
  • 3. 2 © Hitachi, Ltd. 2021. All rights reserved. 1. API management infrastructure using Camel and Keycloak
  • 4. 3 © Hitachi, Ltd. 2021. All rights reserved. 1-1 API management infrastructure using Camel and Keycloak  Apache Camel (hereinafter called “Camel“), that is known as a tool of integrating heterogeneous systems, also can be used as an API gateway.  By adding Keycloak as an OAuth 2.0 authorization server, we can create an API management infrastructure providing the following functions as the picture shows such as reverse proxy and token issuance/management. API Management Infrastructure JDBC FTP API Server REST(HTTP) REST(HTTP) Mash-up Protocol Conversion Reverse Proxy API Gateway (Camel) Flow Control API Server API Server API Server API Server Access Token REST(HTTP) REST(HTTP) Token Issuance &Management Prometheus&Grafana Authorization Server (Keycloak) Application Access Token Token request Metrics API Documentation
  • 5. 4 © Hitachi, Ltd. 2021. All rights reserved. 1-2 What is Keycloak?  Keycloak is an identity and access management OSS whose community is managed by Red Hat.  It can be used as an OAuth 2.0 authorization server. API Server Keycloak Single Sign-On using the most popular standards (Including OAuth 2.0 authorization server) Social Login (Identity Brokering) Identity management and authentication OpenID Connect SAML LDAP Active Directory RDB
  • 6. 5 © Hitachi, Ltd. 2021. All rights reserved. 2. Drawbacks of security
  • 7. 6 © Hitachi, Ltd. 2021. All rights reserved. 2-1 Drawbacks of security  Although the API management infrastructure can protect itself by using token issuance/management, there are also three drawbacks of its security as the picture shows. All drawbacks will cause API abuse. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Application Access Token Access Token Drawback 1: Only do minimal validations for access token (such as signature and expiration time) Drawback 3: No prevention for access token stealing Drawback 2: No management of user’s access
  • 8. 7 © Hitachi, Ltd. 2021. All rights reserved. 2-2 Drawback of only do minimal validations for access token  An access token can be invalidated before its expiration time.  Therefore, if API management infrastructure only does minimal validations such as signature and expiration time, invalid access tokens within their expiration time hasn’t been reached will be considered to be valid, and attackers can use them to access the API. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Invalid Access Token within its expiration time Lucky! I can use an invalid access token to access the API. 200 (OK)
  • 9. 8 © Hitachi, Ltd. 2021. All rights reserved. 2-3 Drawback of no API access management  With no management of API access, anyone can access the API with full authority. You only can request the API used for reading data. But I’ve already overwritten a part of data by an API used for writing data… API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Access Token 200 (OK)
  • 10. 9 © Hitachi, Ltd. 2021. All rights reserved. 2-4 Drawback of no access token stealing prevention  With no prevention for access token stealing, attackers can use the stolen access token to access the API. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Access Token Access Token I can use the stolen access token to access the API. 200 (OK)
  • 11. 10 © Hitachi, Ltd. 2021. All rights reserved. 3. Security enhancement with Keycloak
  • 12. 11 © Hitachi, Ltd. 2021. All rights reserved. 3-2 Security enhancement with Keycloak  OAuth 2.0 and its related standards defined three mechanisms that can be used for overcoming the drawbacks. They are token introspection, scope check and OAuth MTLS, and all of them are supported by Keycloak.  With the support of Keycloak, we can implement the mechanisms by developing Camel application. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Application Access Token Access Token Enhancement for Drawback 3: OAuth MTLS Enhancement for Drawback 1: Token Introspection Enhancement for Drawback 2: Scope Check
  • 13. 12 © Hitachi, Ltd. 2021. All rights reserved. 3-3 Token introspection  Token introspection is a mechanism for validating access token by requesting the token introspection endpoint on authorization server. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) API Server Access Token 2. Validate the access token (=Token introspection) 3. Forward the API request only if access token is valid. Otherwise, deny the request with 401 HTTP status code 1. API request with the access token issued by Keycloak Application
  • 14. 13 © Hitachi, Ltd. 2021. All rights reserved. 3-4 Support of token introspection in Keycloak  Keycloak provides a token introspection endpoint to receive the token introspection request.  After receiving the token introspection request, Keycloak inspects the access token with several steps including validate the session linked with the access token.  Session is a data structure used in Keycloak for storing user’s login information. Access token is generated from session and every access token is linked with one session. Access token and the linked session have the same value of their validities. Therefore, if the linked session is validated to invalid, the access token also will be validated to invalid even if its expiration time hasn’t been reached.  After introspecting the access token, Keycloak returns a token introspection response in JSON format. Authorization Server (Keycloak) Token Introspection Endpoint Access Token Receive token introspection request Return a token introspection response Session Keycloak introspects access token by validating its signature, issuer, expiration time, issued at and linked session
  • 15. 14 © Hitachi, Ltd. 2021. All rights reserved. 3-5 Development of token introspection in Camel  To implement token introspection, we can use HTTP4 component provided by Camel to send the token introspection request and receive the token introspection response.  Component is used for communicating with external system. Among them, HTTP4 component is used for communicating with external system by using HTTP protocol. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) API Server Access Token Application HTTP4 Token Introspection Endpoint Access Token
  • 16. 15 © Hitachi, Ltd. 2021. All rights reserved. 3-6 Effect of token introspection As a result of implementing token introspection, the API request with an invalid access token within its expiration time will be denied with a 401 HTTP status code. That is meaning the drawback 1 is overcome. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server A response with 401 HTTP status code is returned when I use an invalid access token within its expiration time. Enhancement for Drawback 1: Token Introspection 401 (Unauthorized) Invalid Access Token within its expiration time
  • 17. 16 © Hitachi, Ltd. 2021. All rights reserved. 3-7 Scope check  Scope is a mechanism for limiting an application’s access to API. The granted scopes to the application is included in the access token.  Checking of scope can be used for managing API access. If the required scope for API request is not included in the scopes linked with access token, the request will be denied. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) API Server Access Token 3. Forward the API request if required scope exists. Otherwise, deny the request with 403 HTTP status code 1. API request with the access token Application 2. Check the scopes linked with access token
  • 18. 17 © Hitachi, Ltd. 2021. All rights reserved. 3-8 Support of scope in Keycloak  Keycloak can bring the scope that required for API into the access token when issues access token. Authorization Server (Keycloak) Application Access Token One or more scopes can be requested by specifying them in request parameter For example, specify “scope=read” in request parameter The scopes requested will be included in access token issued by Keycloak Example: … { "iss": "https://example.hitachi.com/", "aud": "https://app1.hitachi.com/", "sub": “jdoe", "scope": “read", "iat": 1458785796, "exp": 1458872196 } Read scope is included in the access token
  • 19. 18 © Hitachi, Ltd. 2021. All rights reserved. 3-9 Development of scope check in Camel  To implement scope check, we can use processor provided by Camel.  Processor is used for treating the message that flowing in Camel. Camel is providing lots kind of processors by default. You can also customize a processor by implement the processor interface. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) API Server Access Token Application Processor Message Access Token … { "iss": "https://example.hitachi.com/", … "scope": “read", … } Extract scopes from access token and check if the required scopes are included
  • 20. 19 © Hitachi, Ltd. 2021. All rights reserved. 3-10 Effect of scope check  As a result of implementing token introspection, the API request without granted authority (scope) will be denied with a 403 HTTP status code. That is meaning the drawback 2 is overcome. You only can request the API that used for reading data. A response with 403 HTTP status code is returned when I request the API used for writing data. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Access Token 403 (Forbidden) Enhancement for Drawback 2: Scope Check
  • 21. 20 © Hitachi, Ltd. 2021. All rights reserved. 3-11 OAuth MTLS  OAuth MTLS is a mechanism for preventing token stealing attacks. It uses client certificate to confirm if the access token is granted to the OAuth client that makes the API request. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) Application API Server 3. API request with access token (Present client certificate) 5. Forward the API request if client certificates are matched. Otherwise, deny the request with 403 HTTP status code 4. Compare the hash value of the client certificate with the hash included in access token 1. Token request (Present client certificate) 2. Issue an access token with a hash of the client certificate Access Token Access Token
  • 22. 21 © Hitachi, Ltd. 2021. All rights reserved. 3-12 Support of OAuth MTLS in Keycloak  Keycloak can calculate the hash value of client certificate and bring it into the access token when issues access token. Authorization Server (Keycloak) Application Access Token Request the access token with application’s client certificate The hash of client certificate will be included in access token as a member called x5t#S256 Example: … { "iss": "https://example.hitachi.com", "aud": "https://app1.hitachi.com" "sub": “jdoe", "iat": 1458785796, "exp": 1458872196, "cnf":{ "x5t#S256": "bwcK0esc3ACC3DB2Y5_lESsXE8o9ltc05O89jdN-dg2" } }
  • 23. 22 © Hitachi, Ltd. 2021. All rights reserved. 3-13 Development of OAuth MTLS in Camel  To implement OAuth MTLS, we also can use processor provided by Camel. API Management Infrastructure Authorization Server (Keycloak) API Gateway (Camel) Application API Server Access Token Processor Message Access Token { … "cnf":{ "x5t#S256": "bwcK0esc3ACC3DB2Y5_lESsXE8o9ltc05O89jdN-dg2" } … } Calculate the hash value of client certificate and compare it with the x5t#S256 value extract from access token
  • 24. 23 © Hitachi, Ltd. 2021. All rights reserved. 3-14 Effect of OAuth MTLS  As a result of implementing OAuth MTLS, the API request with a stolen token will be denied with a 403 HTTP status code. That is meaning the drawback 3 is overcome. API Management Infrastructure API Gateway (Camel) Authorization Server (Keycloak) API Server Access Token Access Token A response with 403 HTTP status code is returned when I use a stolen access token to request the API. 403 (Forbidden)
  • 25. 24 © Hitachi, Ltd. 2021. All rights reserved. 4. Conclusion
  • 26. 25 © Hitachi, Ltd. 2021. All rights reserved. 4-1 Conclusion  Camel and Keycloak can perform API management infrastructure.  Although the API management infrastructure (Camel + Keycloak) can protect itself by using token issuance/management, there are also three drawbacks of its security.  With the enhancement with Keycloak, Camel can be developed to overcome the drawbacks.
  • 27. 26 © Hitachi, Ltd. 2021. All rights reserved. Trademarks  Red Hat is a registered trademark of Red Hat, Inc. in the United States and other countries. ​  Apache and Camel are registered trademarks or trademarks of The Apache Software Foundation in the United States and other countries.  OpenID is a trademark or registered trademark of OpenID Foundation in the United States and other countries.​  GitHub and the GitHub logo are trademarks or registered trademarks of GitHub, Inc. in the United States and other countries.  Twitter and the Twitter logo are trademarks or registered trademarks of Twitter, Inc. or its affiliates.  Facebook and the Facebook logo are trademarks or registered trademarks of Facebook, Inc.  Other brand names and product names used in this material are trademarks, registered trademarks, or trade names of their respective holders.
  • 28. © Hitachi, Ltd. 2021. All rights reserved. Yang Xie 09/21/2021 Hitachi, Ltd. OSS Solution Center END A high-security API management infrastructure using Apache Camel 27