SlideShare una empresa de Scribd logo

API Security: Does My Business Need OAuth?

Descargar como PPTX, PDF
Akana
Akana

This document discusses the need for APIs and OAuth in enabling app development while maintaining security. As cloud computing and mobile devices increase, more apps are being created, and APIs allow businesses to participate in this ecosystem. However, traditional security models can hinder rapid app development and adoption. OAuth provides a solution by allowing secure authorization without storing credentials, with only necessary permissions granted on an opt-in basis. An example is given of a trucking company using OAuth to securely enable third party apps to access vehicle and load data. The document promotes SOA Software's OAuth server product as a way to create an open developer platform while maintaining security.

TecnologíaEmpresariales
1 de 21
API Security Does My Business Need OAuth? Copyright © 2001-2012 SOA Software, Inc. All Rights Reserved. All content subject to confidentiality agreement between SOA Software and Customer.
A Look Ahead Two significant forces are changing the face of business:
The Effect of Cloud • Cloud has lowered the barrier for App developers and startups • The number of mobile devices now exceeds the number of PCs • The number of connected devices (Internet of Things) will exceed the number of mobile devices by 2020
Mobile Apps • Apple Store has over 775,000 apps • Google Play Store currently offers over 800,000 and is predicted to be the first store to reach the 1 million apps mark by June 2012 • BlackBerry 10 has 100,000 apps • Windows Phone Store has 130,000 apps • According to ABI Research, 56 billion apps will be downloaded in 2013
Why do I need an API? • Accelerate adoption through new channels/devices to reach: – Partners – App Developers – Employees (BYOD) • Extend/embed your brand • Create stickiness
Why do I need an API?
Platforms Support Innovation
Apps are Intermediaries
Platform Success • Speed of App Development – More Apps – More iteration – More collaboration • Speed of App Adoption – Simple Trust
Speedy App Development • Decouple your business processes from the App development process. • Do not bog things down with traditional security models – Imagine just the legal agreements – Storing user credentials is too daunting – both for App developers and App users
Speedy App Adoption • Businesses contain sensitive information and enable sensitive transactions • For high speed App adoption, Customers need to trust them
Platform Security • You need a way to remove the friction that security introduces into the equation • You need to allow Apps to participate in a secure relationship: – Opt in ‘Just in Time’ – Without storing credentials – With only the required permissions – With the ability to Opt out
The Result • App developers can build without friction • Businesses don’t need to limit their ecosystem Its up to the customer
An OAuth Example • A manufacturer, Trux, produces very advanced , highly automated equipment to trucking companies
An OAuth Example • Trux collects a great deal of confidential information about the semi and his/her loads – – – – – Personal data Equipment data Satellite tracking data Service, mechanical information Load types, delivery info
An OAuth Example • Trux would like to create an open platform for App development – Apps to be deployed on the semis – Apps to be sold to the trucking companies – Apps to be sold to the drivers
An OAuth Example • For example, an App developer wants to build an App called SafeTrucking that helps the driver determine the risk of a route based on his: – – – – Load Crime stats Equipment Route
An OAuth Example 1. Driver downloads the SafeTrucking App and opens it 2. Driver is directed to Trux, whom he trusts, to log in with their credentials 3. They are presented with a screen asking if the SafeTrucking App can retrieve the required data from Trux 4. If confirmed, Trux issues a token to SafeTrucking that they can use to retrieve the data securely 5. The driver can view the permissions granted, optout, or increase the permission scope
Do you need an OAuth Server? • Are you trying to create an open platform for App development? If so, you need one
SOA Software’s OAuth Server • Integration with most common enterprise identity systems including LDAP, AD, CA SiteMinder, Oracle Access Manager, IBM TAM, RSA ClearTrust and more • Comprehensive support for the OpenID, OAuth 1.0a and OAuth 2.0 specifications along with a wide array of other authentication and authorization specifications • Fully brandable • Built-in grant management • Integrated with our Developer Community and API Gateway for rapid deployment
Thanks… Alistair Farquharson, CTO, SOA Software ajf@soa.com www.soa.com @afarqu @SOASoftwareInc

Recomendados

Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API Security
Akana
 
The Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API Security
Distil Networks
 
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementBuilding better security for your API platform using Azure API Management
Building better security for your API platform using Azure API Management
Eldert Grootenboer
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
Apigee | Google Cloud
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led ConnectivityMuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
satyasekhar123
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
Apigee | Google Cloud
 

Recomendados

Deconstructing API Security
Deconstructing API SecurityDeconstructing API Security
Deconstructing API Security
Akana
 
The Inconvenient Truth About API Security
The Inconvenient Truth About API SecurityThe Inconvenient Truth About API Security
The Inconvenient Truth About API Security
Distil Networks
 
Building better security for your API platform using Azure API Management
Building better security for your API platform using Azure API ManagementBuilding better security for your API platform using Azure API Management
Building better security for your API platform using Azure API Management
Eldert Grootenboer
 
Data-driven API Security
Data-driven API SecurityData-driven API Security
Data-driven API Security
Apigee | Google Cloud
 
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
 
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led ConnectivityMuleSoft Meetup Dubai Anypoint security with api-led Connectivity
MuleSoft Meetup Dubai Anypoint security with api-led Connectivity
satyasekhar123
 
Security as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO PerspectiveSecurity as an Enabler for the Digital World - CISO Perspective
Security as an Enabler for the Digital World - CISO Perspective
Apigee | Google Cloud
 
Data-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive ThreatsData-driven Security: Protect APIs from Adaptive Threats
Data-driven Security: Protect APIs from Adaptive Threats
Apigee | Google Cloud
 
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the Web
Akana
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays
 
E-Signature Basics and Innovation
E-Signature Basics and InnovationE-Signature Basics and Innovation
E-Signature Basics and Innovation
eSignLive by VASCO
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to Know
CloudIDSummit
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
CA API Management
 
CIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and HacksCIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and Hacks
CloudIDSummit
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
Apigee | Google Cloud
 
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond OauthProtecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
Apigee | Google Cloud
 
Jumping Ahead with {enterprise:apis}
Jumping Ahead with {enterprise:apis}Jumping Ahead with {enterprise:apis}
Jumping Ahead with {enterprise:apis}
Sachin Agarwal
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoft
akshay yeluru
 
A Peek Into The Future of Mobile-Enabled Health Care
A Peek Into The Future of Mobile-Enabled Health CareA Peek Into The Future of Mobile-Enabled Health Care
A Peek Into The Future of Mobile-Enabled Health Care
Akana
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
Akana
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
Akana
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
MuleSoft
 
My Presentation at IBM CIO Startup Connect, 2015
My Presentation at IBM CIO Startup Connect, 2015My Presentation at IBM CIO Startup Connect, 2015
My Presentation at IBM CIO Startup Connect, 2015
Deepak (Deeps) Panigrahy
 
API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?
Akana
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
Jack Carnes
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
Perficient, Inc.
 
Oauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted appsOauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted apps
James Tramel
 

Más contenido relacionado

La actualidad más candente

Jumping Ahead with {enterprise:apis}
Jumping Ahead with {enterprise:apis}Jumping Ahead with {enterprise:apis}
Jumping Ahead with {enterprise:apis}
Sachin Agarwal
 
A Peek Into The Future of Mobile-Enabled Health Care
A Peek Into The Future of Mobile-Enabled Health CareA Peek Into The Future of Mobile-Enabled Health Care
A Peek Into The Future of Mobile-Enabled Health Care
Akana
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
Akana
 

La actualidad más candente (18)

API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against HacksAPI Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
 
Unified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the WebUnified Security for Mobile, APIs and the Web
Unified Security for Mobile, APIs and the Web
 
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
apidays LIVE India - 10 steps to secure your API by Pabitra Kumar Sahoo, Qual...
 
E-Signature Basics and Innovation
E-Signature Basics and InnovationE-Signature Basics and Innovation
E-Signature Basics and Innovation
 
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to KnowPingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to Know
 
Managing Identities in the World of APIs
Managing Identities in the World of APIsManaging Identities in the World of APIs
Managing Identities in the World of APIs
 
API Security and OAuth for the Enterprise
API Security and OAuth for the EnterpriseAPI Security and OAuth for the Enterprise
API Security and OAuth for the Enterprise
 
CIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and HacksCIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and Hacks
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
 
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond OauthProtecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
 
Jumping Ahead with {enterprise:apis}
Jumping Ahead with {enterprise:apis}Jumping Ahead with {enterprise:apis}
Jumping Ahead with {enterprise:apis}
 
Security in mulesoft
Security in mulesoftSecurity in mulesoft
Security in mulesoft
 
A Peek Into The Future of Mobile-Enabled Health Care
A Peek Into The Future of Mobile-Enabled Health CareA Peek Into The Future of Mobile-Enabled Health Care
A Peek Into The Future of Mobile-Enabled Health Care
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
 
Best Practices for API Security
Best Practices for API SecurityBest Practices for API Security
Best Practices for API Security
 
My Presentation at IBM CIO Startup Connect, 2015
My Presentation at IBM CIO Startup Connect, 2015My Presentation at IBM CIO Startup Connect, 2015
My Presentation at IBM CIO Startup Connect, 2015
 

Similar a API Security: Does My Business Need OAuth?

API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?
Akana
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
Sumana Mehta
 
School of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud ComSchool of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud Com
TaunyaCoffman887
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
Akana
 

Similar a API Security: Does My Business Need OAuth? (20)

API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
 
Oauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted appsOauth and SharePoint 2013 Provider Hosted apps
Oauth and SharePoint 2013 Provider Hosted apps
 
Mobile Enterprise Application Platform
Mobile Enterprise Application PlatformMobile Enterprise Application Platform
Mobile Enterprise Application Platform
 
OAuth
OAuthOAuth
OAuth
 
VMworld Europe 2014: Preview the Latest Release from AirWatch
VMworld Europe 2014: Preview the Latest Release from AirWatchVMworld Europe 2014: Preview the Latest Release from AirWatch
VMworld Europe 2014: Preview the Latest Release from AirWatch
 
Understanding Cloud Computing & How Global Trade Management Solutions Work in...
Understanding Cloud Computing & How Global Trade Management Solutions Work in...Understanding Cloud Computing & How Global Trade Management Solutions Work in...
Understanding Cloud Computing & How Global Trade Management Solutions Work in...
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Con8823 access management for the internet of things-final
Con8823 access management for the internet of things-finalCon8823 access management for the internet of things-final
Con8823 access management for the internet of things-final
 
Oracle Access Management - Customer presentation
Oracle Access Management - Customer presentation Oracle Access Management - Customer presentation
Oracle Access Management - Customer presentation
 
School of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud ComSchool of Computer & Information SciencesITS-532 Cloud Com
School of Computer & Information SciencesITS-532 Cloud Com
 
Entertainment case study - Scalable and secure cloud delivery framework speed...
Entertainment case study - Scalable and secure cloud delivery framework speed...Entertainment case study - Scalable and secure cloud delivery framework speed...
Entertainment case study - Scalable and secure cloud delivery framework speed...
 
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
 
Emerging Technologies: Heroku for ISVs (October 13, 2014)
Emerging Technologies: Heroku for ISVs (October 13, 2014)Emerging Technologies: Heroku for ISVs (October 13, 2014)
Emerging Technologies: Heroku for ISVs (October 13, 2014)
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
Driving Enterprise Architecture Redesign: Cloud-Native Platforms, APIs, and D...
 
A Complete Guide on Cloud-based Application Development
A Complete Guide on Cloud-based Application DevelopmentA Complete Guide on Cloud-based Application Development
A Complete Guide on Cloud-based Application Development
 
The Datacenter API
The Datacenter APIThe Datacenter API
The Datacenter API
 
Dronahq one app platform 7.0
Dronahq one app platform 7.0Dronahq one app platform 7.0
Dronahq one app platform 7.0
 

Más de Akana

Powering Internal API Communities
Powering Internal API CommunitiesPowering Internal API Communities
Powering Internal API Communities
Akana
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
Akana
 
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT EnterpriseThe API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
Akana
 
Using APIs for better Business Partnerships
Using APIs for better Business PartnershipsUsing APIs for better Business Partnerships
Using APIs for better Business Partnerships
Akana
 

Más de Akana (20)

API Description Languages: Which is the Right One for Me?
API Description Languages: Which is the Right One for Me?API Description Languages: Which is the Right One for Me?
API Description Languages: Which is the Right One for Me?
 
Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration? Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration?
 
Delivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIsDelivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIs
 
Manage Your Mesh
Manage Your MeshManage Your Mesh
Manage Your Mesh
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital Business
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101
 
API Description Languages
API Description LanguagesAPI Description Languages
API Description Languages
 
Powering Internal API Communities
Powering Internal API CommunitiesPowering Internal API Communities
Powering Internal API Communities
 
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
 
Enterprise API Adoption Patterns
Enterprise API Adoption PatternsEnterprise API Adoption Patterns
Enterprise API Adoption Patterns
 
Realizing SOA and API Convergence
Realizing SOA and API ConvergenceRealizing SOA and API Convergence
Realizing SOA and API Convergence
 
Intermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and DemoIntermediary for Microsoft: Product Overview and Demo
Intermediary for Microsoft: Product Overview and Demo
 
Driving Business Partner Adoption with APIs
Driving Business Partner Adoption with APIsDriving Business Partner Adoption with APIs
Driving Business Partner Adoption with APIs
 
Jumping Ahead with Enterprise APIs
Jumping Ahead with Enterprise APIsJumping Ahead with Enterprise APIs
Jumping Ahead with Enterprise APIs
 
Turbo Charge DataPower to Reach Your SOA Goals
Turbo Charge DataPower to Reach Your SOA Goals Turbo Charge DataPower to Reach Your SOA Goals
Turbo Charge DataPower to Reach Your SOA Goals
 
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT EnterpriseThe API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
 
Using APIs
Using APIsUsing APIs
Using APIs
 
Using APIs for better Business Partnerships
Using APIs for better Business PartnershipsUsing APIs for better Business Partnerships
Using APIs for better Business Partnerships
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Último (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

API Security: Does My Business Need OAuth?

  • 1. API Security Does My Business Need OAuth? Copyright © 2001-2012 SOA Software, Inc. All Rights Reserved. All content subject to confidentiality agreement between SOA Software and Customer.
  • 2. A Look Ahead Two significant forces are changing the face of business:
  • 3. The Effect of Cloud • Cloud has lowered the barrier for App developers and startups • The number of mobile devices now exceeds the number of PCs • The number of connected devices (Internet of Things) will exceed the number of mobile devices by 2020
  • 4. Mobile Apps • Apple Store has over 775,000 apps • Google Play Store currently offers over 800,000 and is predicted to be the first store to reach the 1 million apps mark by June 2012 • BlackBerry 10 has 100,000 apps • Windows Phone Store has 130,000 apps • According to ABI Research, 56 billion apps will be downloaded in 2013
  • 5. Why do I need an API? • Accelerate adoption through new channels/devices to reach: – Partners – App Developers – Employees (BYOD) • Extend/embed your brand • Create stickiness
  • 6. Why do I need an API?
  • 9. Platform Success • Speed of App Development – More Apps – More iteration – More collaboration • Speed of App Adoption – Simple Trust
  • 10. Speedy App Development • Decouple your business processes from the App development process. • Do not bog things down with traditional security models – Imagine just the legal agreements – Storing user credentials is too daunting – both for App developers and App users
  • 11. Speedy App Adoption • Businesses contain sensitive information and enable sensitive transactions • For high speed App adoption, Customers need to trust them
  • 12. Platform Security • You need a way to remove the friction that security introduces into the equation • You need to allow Apps to participate in a secure relationship: – Opt in ‘Just in Time’ – Without storing credentials – With only the required permissions – With the ability to Opt out
  • 13. The Result • App developers can build without friction • Businesses don’t need to limit their ecosystem Its up to the customer
  • 14. An OAuth Example • A manufacturer, Trux, produces very advanced , highly automated equipment to trucking companies
  • 15. An OAuth Example • Trux collects a great deal of confidential information about the semi and his/her loads – – – – – Personal data Equipment data Satellite tracking data Service, mechanical information Load types, delivery info
  • 16. An OAuth Example • Trux would like to create an open platform for App development – Apps to be deployed on the semis – Apps to be sold to the trucking companies – Apps to be sold to the drivers
  • 17. An OAuth Example • For example, an App developer wants to build an App called SafeTrucking that helps the driver determine the risk of a route based on his: – – – – Load Crime stats Equipment Route
  • 18. An OAuth Example 1. Driver downloads the SafeTrucking App and opens it 2. Driver is directed to Trux, whom he trusts, to log in with their credentials 3. They are presented with a screen asking if the SafeTrucking App can retrieve the required data from Trux 4. If confirmed, Trux issues a token to SafeTrucking that they can use to retrieve the data securely 5. The driver can view the permissions granted, optout, or increase the permission scope
  • 19. Do you need an OAuth Server? • Are you trying to create an open platform for App development? If so, you need one
  • 20. SOA Software’s OAuth Server • Integration with most common enterprise identity systems including LDAP, AD, CA SiteMinder, Oracle Access Manager, IBM TAM, RSA ClearTrust and more • Comprehensive support for the OpenID, OAuth 1.0a and OAuth 2.0 specifications along with a wide array of other authentication and authorization specifications • Fully brandable • Built-in grant management • Integrated with our Developer Community and API Gateway for rapid deployment
  • 21. Thanks… Alistair Farquharson, CTO, SOA Software ajf@soa.com www.soa.com @afarqu @SOASoftwareInc