SlideShare ist ein Scribd-Unternehmen logo

[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for your API in 2021

WSO2
WSO2

Modern enterprises are increasingly adopting APIs, exceeding all predictions. With more businesses investing in microservices and the increased consumption of cloud APIs, you need to secure beyond just a handful of well-known APIs. You will need to secure a higher number of internal and external endpoints. Security itself is a broad area and authentication and authorization is a key element in API security. Vendors implement a number of seemingly similar standards and patterns, making it very difficult for consumers to settle on the best option for securing APIs. The sheer number of options can be very confusing. At the same time, technology stack and industry practices are under a rapid transformation, browsers are enforcing different restrictions, new privacy regulations are in place, and more. That makes the authentication and authorization best practices you relied on a few years ago obsolete now. These slides we will discuss: - What is new and what is old in OAuth 2.0 - Mitigate security exploits by understanding the OAuth 2.0 threat landscape - Pick security standards and protocols to match business needs - Federated identities to expand business APIs beyond the corporate firewall - User strong authentication and authorization for API access - Adaptive and risk-based access control for API

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
Authentication and Authorization Best Practices for Your API in 2021 June 16, 2021 isharak@wso2.com Director of Engineering, IAM @ WSO2 Ishara Karunarathna
2 The Agenda ● High-level API security architecture ● Authentication and authorization for API access ● Implementing authentication and authorization best practices ○ Demo using WSO2 Identity Server
API Security Architecture
25,000-Foot View of API Security Architecture 4
Closer View of API Security Architecture 5
Recommended OAuth 2.0 Flows for API Access 6 Grant Type Web App Native App SPA Services Device Authorization Code X Authorization Code with PKCE X X Client Credentials X X Implicit Flow X* Password Grant X* Device Authorization Grant X JWT and SAML Grant (RFC7523) X OAuth MTLS (RFC8705) X X Token Exchange (RFC8693) X X
Authentication and Authorization for API Access
8 Over 8.4B records exposed during the first quarter of 2020 Whopping 273% increase compared to Q1 2019 Approximately 70% due to unauthorized access to systems or services Due to the COVID-19 pandemic, millions of employees around the world switched to remote working, and many businesses were forced to adopt digitalization within a short time frame. Attackers thrived during this period because companies skipped some of the long-held security practices in the rush to adopt the new normal. 2020 2020 Q1 Data Breach QuickView Report - Risk Based Security
9 IAM should not be the weakest link in the system
End-User Identity Management Digital identities can be everywhere. Managing them is a primary concern. ● Different user Stores ● Different user types ● Different user schemas ● Different user management workflows 10
11 Authentication Verifying that a person is who they say they are.
Authentication ‘Passwords’ are Not Secure! ● Around 60% of people reuse passwords across multiple sites regularly. ● 13% of people use the same password for all accounts and devices. ● 48% of workers use the same password in both their personal and work accounts. ● 80% of data breaches in 2019 were caused by password compromise. Authentication must be a focal point when protecting your APIs. 12
Strong Authentication Authenticating users by challenging them with multiple authentication factors, e.g., password, SMS, and fingerprint. ● Multi-factor authentication (MFA) ⦿ Knowledge ⦾ Something you know ⦾ Password, pin, secret ⦿ Possession ⦾ Something you have ⦾ Phone, token, badge, smart card ⦿ Inherence ⦾ Something you are ⦾ Fingerprint, facial feature, voice
14 User is not static, so is their authentication ● Authentication needs to be more dynamic and responsive ● Context sensitivity is important ● Security is key, but it should be balanced with convenience
Adaptive Authentication ● Provides high security without impacting usability. ● Select the right authentication factors depending on a user’s risk profile and tendencies. 15
Demo time
Federated API Access 17 Attract developer community Acquisitions and mergers Hassle-free API access
Federated API Access 18
Identity Federation 19
Demo time
21 Authorization Verifying whether the user is permitted to access a specific resource or function.
Authorization ● OAuth 2.0 scopes limit an application's access to a user's resources. ● Authorization server-level and resource-level scope validation. Upcoming, ● Rich Authorization Requests (draft) ● Incremental Authorization (draft) 22
Fine-grained Scope Validation Rule and Policy-Based scope validation: ● XACML ● Open Policy Agent (OPA) 23
Question Time! 24
wso2.com Thanks!

Empfohlen

Which ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWhich ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWSO2
 
APIdays Paris 2019 - API Platform Architecture: What to know before going ope...
APIdays Paris 2019 - API Platform Architecture: What to know before going ope...APIdays Paris 2019 - API Platform Architecture: What to know before going ope...
APIdays Paris 2019 - API Platform Architecture: What to know before going ope...apidays
 
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays
 
Best Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingBest Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingWSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]WSO2
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...WSO2
 
Identity Hub’s Role in Social Logins
Identity Hub’s Role in Social LoginsIdentity Hub’s Role in Social Logins
Identity Hub’s Role in Social LoginsWSO2
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureWSO2
 

Empfohlen

Which ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWhich ap is which business models_ a real-world guide for banks in sri lanka
Which ap is which business models_ a real-world guide for banks in sri lankaWSO2
 
APIdays Paris 2019 - API Platform Architecture: What to know before going ope...
APIdays Paris 2019 - API Platform Architecture: What to know before going ope...APIdays Paris 2019 - API Platform Architecture: What to know before going ope...
APIdays Paris 2019 - API Platform Architecture: What to know before going ope...apidays
 
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...
apidays LIVE New York 2021 - Managing the usage of Asynchronous APIs: What do...apidays
 
Best Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingBest Practices for Productizing APIs with API Management and Automated Testing
Best Practices for Productizing APIs with API Management and Automated TestingWSO2
 
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0 [ANZ]WSO2
 
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...WSO2
 
Identity Hub’s Role in Social Logins
Identity Hub’s Role in Social LoginsIdentity Hub’s Role in Social Logins
Identity Hub’s Role in Social LoginsWSO2
 
An Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureAn Entry Point to Impactful Open Banking Architecture
An Entry Point to Impactful Open Banking ArchitectureWSO2
 
API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for MicroservicesWSO2
 
API Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architectureAPI Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architectureWSO2
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with dockerDocker, Inc.
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyWSO2
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
 
Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​WSO2
 
WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9WSO2
 
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in SecondsWSO2
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...WSO2
 
[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture
[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture
[WSO2 Integration Summit Singapore 2019] API-driven Microservice ArchitectureWSO2
 
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply ChainWSO2
 
Open Banking and PSD2: Are your APIs ready for external testing?
Open Banking and PSD2: Are your APIs ready for external testing?Open Banking and PSD2: Are your APIs ready for external testing?
Open Banking and PSD2: Are your APIs ready for external testing?WSO2
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays
 
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...WSO2
 
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...WSO2
 
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays
 
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2
 
[WSO2 Summit Sydney 2019] API-Driven World
[WSO2 Summit Sydney 2019] API-Driven World[WSO2 Summit Sydney 2019] API-Driven World
[WSO2 Summit Sydney 2019] API-Driven WorldWSO2
 
Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock
 

Weitere ähnliche Inhalte

Was ist angesagt?

API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for MicroservicesWSO2
 
API Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architectureAPI Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architectureWSO2
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with dockerDocker, Inc.
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyWSO2
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
 
Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​WSO2
 
WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9WSO2
 
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in SecondsWSO2
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...WSO2
 
[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture
[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture
[WSO2 Integration Summit Singapore 2019] API-driven Microservice ArchitectureWSO2
 
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply ChainWSO2
 
Open Banking and PSD2: Are your APIs ready for external testing?
Open Banking and PSD2: Are your APIs ready for external testing?Open Banking and PSD2: Are your APIs ready for external testing?
Open Banking and PSD2: Are your APIs ready for external testing?WSO2
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays
 
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...WSO2
 
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...WSO2
 
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays
 
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2
 
[WSO2 Summit Sydney 2019] API-Driven World
[WSO2 Summit Sydney 2019] API-Driven World[WSO2 Summit Sydney 2019] API-Driven World
[WSO2 Summit Sydney 2019] API-Driven WorldWSO2
 

Was ist angesagt? (20)

API-first Integration for Microservices
API-first Integration for MicroservicesAPI-first Integration for Microservices
API-first Integration for Microservices
 
API Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architectureAPI Driven Applications - An ecosystem architecture
API Driven Applications - An ecosystem architecture
 
Message based microservices architectures driven with docker
Message based microservices architectures driven with dockerMessage based microservices architectures driven with docker
Message based microservices architectures driven with docker
 
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...
 
Role of API Management in an API led Digital Economy
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital Economy
 
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...
 
Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​Identity Federation Patterns with WSO2 Identity Server​
Identity Federation Patterns with WSO2 Identity Server​
 
WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9WSO2 Product Release Webinar - WSO2 API Manager 1.9
WSO2 Product Release Webinar - WSO2 API Manager 1.9
 
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
[apidays LIVE HONK KONG] - OAS to Managed API in Seconds
 
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
[APIdays Singapore 2019] Managing the API lifecycle with Open Source Technolo...
 
[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture
[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture
[WSO2 Integration Summit Singapore 2019] API-driven Microservice Architecture
 
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain
[WSO2 Summit Americas 2020] CIAM and Securing the Integrated API Supply Chain
 
Open Banking and PSD2: Are your APIs ready for external testing?
Open Banking and PSD2: Are your APIs ready for external testing?Open Banking and PSD2: Are your APIs ready for external testing?
Open Banking and PSD2: Are your APIs ready for external testing?
 
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
 
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...
[WSO2 Integration Summit Singapore 2019] Achieving Predictable Success in Dig...
 
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...Integrating Healthcare Applications with EMR Systems and Databases and Transf...
Integrating Healthcare Applications with EMR Systems and Databases and Transf...
 
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
apidays LIVE Singapore 2021 - A cloud-native approach to open banking in acti...
 
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...
 
[WSO2 Summit Sydney 2019] API-Driven World
[WSO2 Summit Sydney 2019] API-Driven World[WSO2 Summit Sydney 2019] API-Driven World
[WSO2 Summit Sydney 2019] API-Driven World
 

Ähnlich wie [APIdays INTERFACE 2021] Authentication and Authorization Best Practices for your API in 2021

Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreindragantiSaiHiranma
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseThe ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseForgeRock
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxArchana833240
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...apidays
 
Mobile Solutions and Market Trends
Mobile Solutions and Market TrendsMobile Solutions and Market Trends
Mobile Solutions and Market TrendsForgeRock
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to SolusSolus
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...Sagara Gunathunga
 
Mobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityMobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityCA Technologies
 
Ping Identity: Corporate Overview Financial Services
Ping Identity: Corporate Overview Financial ServicesPing Identity: Corporate Overview Financial Services
Ping Identity: Corporate Overview Financial ServicesBenjamin Canner
 
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...WSO2
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and GuidelinesWSO2
 
Identity Verification API The Cornerstone of Digital Trust.docx
Identity Verification API The Cornerstone of Digital Trust.docxIdentity Verification API The Cornerstone of Digital Trust.docx
Identity Verification API The Cornerstone of Digital Trust.docxrpacpc
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 
A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...
A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...
A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...ijiert bestjournal
 
Intelligent authentication Identity tech talks
Intelligent authentication Identity tech talksIntelligent authentication Identity tech talks
Intelligent authentication Identity tech talksLeonard Moustacchis
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationSylvain Maret
 

Ähnlich wie [APIdays INTERFACE 2021] Authentication and Authorization Best Practices for your API in 2021 (20)

Going beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much moreGoing beyond MFA(Multi-factor authentication)-Future demands much more
Going beyond MFA(Multi-factor authentication)-Future demands much more
 
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User ExperienceForgeRock and Trusona - Simplifying the Multi-factor User Experience
ForgeRock and Trusona - Simplifying the Multi-factor User Experience
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseThe ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
 
E-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptxE-Lock AdaptAuth.pptx
E-Lock AdaptAuth.pptx
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
 
Mobile Solutions and Market Trends
Mobile Solutions and Market TrendsMobile Solutions and Market Trends
Mobile Solutions and Market Trends
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to Solus
 
SolusDeck
SolusDeckSolusDeck
SolusDeck
 
kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...kicking your enterprise security up a notch with adaptive authentication sa...
kicking your enterprise security up a notch with adaptive authentication sa...
 
Mobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App SecurityMobile Payment Security with CA Rapid App Security
Mobile Payment Security with CA Rapid App Security
 
Ping Identity: Corporate Overview Financial Services
Ping Identity: Corporate Overview Financial ServicesPing Identity: Corporate Overview Financial Services
Ping Identity: Corporate Overview Financial Services
 
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive A...
 
API Security Best Practices and Guidelines
API Security Best Practices and GuidelinesAPI Security Best Practices and Guidelines
API Security Best Practices and Guidelines
 
How To Fix The Most Critical API Security Risks.pdf
How To Fix The Most Critical API Security Risks.pdfHow To Fix The Most Critical API Security Risks.pdf
How To Fix The Most Critical API Security Risks.pdf
 
Identity Verification API The Cornerstone of Digital Trust.docx
Identity Verification API The Cornerstone of Digital Trust.docxIdentity Verification API The Cornerstone of Digital Trust.docx
Identity Verification API The Cornerstone of Digital Trust.docx
 
IRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET- Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure Authentication
 
A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...
A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...
A MOBILE BASED ANTI-PHISHING AUTHENTICATION SCHEME USING CHALLENGE-RESPONSE A...
 
Intelligent authentication Identity tech talks
Intelligent authentication Identity tech talksIntelligent authentication Identity tech talks
Intelligent authentication Identity tech talks
 
Authentication and strong authentication for Web Application
Authentication and strong authentication for Web ApplicationAuthentication and strong authentication for Web Application
Authentication and strong authentication for Web Application
 

Mehr von WSO2

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaWSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 

Mehr von WSO2 (20)

Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and ApplicationsWSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
WSO2CON 2024 - Architecting AI in the Enterprise: APIs and Applications
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
WSO2CON 2024 - Not Just Microservices: Rightsize Your Services!
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 

Kürzlich hochgeladen

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

Kürzlich hochgeladen (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

[APIdays INTERFACE 2021] Authentication and Authorization Best Practices for your API in 2021

  • 1. Authentication and Authorization Best Practices for Your API in 2021 June 16, 2021 isharak@wso2.com Director of Engineering, IAM @ WSO2 Ishara Karunarathna
  • 2. 2 The Agenda ● High-level API security architecture ● Authentication and authorization for API access ● Implementing authentication and authorization best practices ○ Demo using WSO2 Identity Server
  • 4. 25,000-Foot View of API Security Architecture 4
  • 5. Closer View of API Security Architecture 5
  • 6. Recommended OAuth 2.0 Flows for API Access 6 Grant Type Web App Native App SPA Services Device Authorization Code X Authorization Code with PKCE X X Client Credentials X X Implicit Flow X* Password Grant X* Device Authorization Grant X JWT and SAML Grant (RFC7523) X OAuth MTLS (RFC8705) X X Token Exchange (RFC8693) X X
  • 8. 8 Over 8.4B records exposed during the first quarter of 2020 Whopping 273% increase compared to Q1 2019 Approximately 70% due to unauthorized access to systems or services Due to the COVID-19 pandemic, millions of employees around the world switched to remote working, and many businesses were forced to adopt digitalization within a short time frame. Attackers thrived during this period because companies skipped some of the long-held security practices in the rush to adopt the new normal. 2020 2020 Q1 Data Breach QuickView Report - Risk Based Security
  • 9. 9 IAM should not be the weakest link in the system
  • 10. End-User Identity Management Digital identities can be everywhere. Managing them is a primary concern. ● Different user Stores ● Different user types ● Different user schemas ● Different user management workflows 10
  • 11. 11 Authentication Verifying that a person is who they say they are.
  • 12. Authentication ‘Passwords’ are Not Secure! ● Around 60% of people reuse passwords across multiple sites regularly. ● 13% of people use the same password for all accounts and devices. ● 48% of workers use the same password in both their personal and work accounts. ● 80% of data breaches in 2019 were caused by password compromise. Authentication must be a focal point when protecting your APIs. 12
  • 13. Strong Authentication Authenticating users by challenging them with multiple authentication factors, e.g., password, SMS, and fingerprint. ● Multi-factor authentication (MFA) ⦿ Knowledge ⦾ Something you know ⦾ Password, pin, secret ⦿ Possession ⦾ Something you have ⦾ Phone, token, badge, smart card ⦿ Inherence ⦾ Something you are ⦾ Fingerprint, facial feature, voice
  • 14. 14 User is not static, so is their authentication ● Authentication needs to be more dynamic and responsive ● Context sensitivity is important ● Security is key, but it should be balanced with convenience
  • 15. Adaptive Authentication ● Provides high security without impacting usability. ● Select the right authentication factors depending on a user’s risk profile and tendencies. 15
  • 17. Federated API Access 17 Attract developer community Acquisitions and mergers Hassle-free API access
  • 21. 21 Authorization Verifying whether the user is permitted to access a specific resource or function.
  • 22. Authorization ● OAuth 2.0 scopes limit an application's access to a user's resources. ● Authorization server-level and resource-level scope validation. Upcoming, ● Rich Authorization Requests (draft) ● Incremental Authorization (draft) 22
  • 23. Fine-grained Scope Validation Rule and Policy-Based scope validation: ● XACML ● Open Policy Agent (OPA) 23