SlideShare una empresa de Scribd logo

Kondo-ing API Authorization

Descargar como PPTX, PDF
Nordic APIs
Nordic APIs

API transactions are subjected to many authorization decisions at many different layers. User identities, application scopes, attributes, roles, data privacy, user consent, contracts… Tidy up your decision-making responsibilities across your stack. This presentation will discuss the benefits and tradeoffs of decoupling authorization from service implementation.

Tecnología
1 de 20
Kondo-ing API Authorization Remy Lyle OCT 2019 1 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.
HI! I’M REMY Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.2 • Global Tech Enablement Team @ Ping Identity • Denver, CO, USA • Convinced that APIs are the next frontier for identity and security • Marie Kondo is a personal hero
MARIE KONDO  Tidying Expert, Bestselling Author, Netflix Hit Show Star  NYTimes Best Selling Book, The Life Changing Magic of Tidying Up  “Does it spark joy?” Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.3
BUT… FOR API AUTHORIZATIONS? 4 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved. https://www.wsj.com/articles/kondo-ing-a- guru-of-organizing-becomes-a-verb- 11547745648
ANATOMY OF AN API Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.5 JSON GET /getData
ANATOMY OF AN API Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.6 JSON GET /getData Scopes Identity Attributes Privacy Preferences User Consents Data Regulations Zero Trust
AND HOW MANY DO YOU HAVE? Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.7 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.7
FOUR DATA OBSTACLES Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.8 1. Data is detailed and complex. 2. It’s everywhere and accessed many ways. 3. Multiple stakeholders, moving targets and ever-changing landscape of data security policies and regulation 4. Data transactions are subjected to different layers of authorization decisions
THIS IS A REAL PROBLEM  OWASP Top API Security Top 10 Risk Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.9 https://www.owasp.org/index.php/OWASP_API_Security_Project
WITH REAL-LIFE CONSEQUENCES  In 2018, a research fellow with Mozilla Foundation scraped nearly 208 million transactions on peer-to-peer payment app Venmo revealing purchase profiles of its users  In June 2019, another 7 million transactions were scraped using the company’s developer API over six months Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.10 Sources: https://www.darkreading.com/application-security/apis-get-their-own-top-10-security-list/d/d-id/1335786 https://22-8miles.com/public-by-default/ https://www.wired.com/story/i-scraped-millions-of-venmo-payments-your-data-is-at-risk/
WHO IS RESPONSIBLE? Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.11 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.11 DEVELOPERS? CLIENTS? X X
ENTER IN … A TIDYING LAYER Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.12 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.12
WHAT IF TIDYING WAS APPLIED Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.13 Scopes Identity Attr Privacy Preferences User Consents Data Regulations Zero Trust Business Defined Policies DEVELOPERS CLIENTS
WHAT IF YOU COULD PULL FROM ANY SOURCE Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved. 14 Scopes Identity Attr Privacy Preferences User Consents Data Regulations Zero Trust DBs Directory Other APIs Any state Any attribute Any authz data source
WHAT IF THE ARCHITECTS COULD WRITE THE POLICIES Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.15 Business-Derived Policies
WHAT IF ACCESS CONTROLS WERE APPLIED Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.16 Allow? Block? Filter? Obfuscate? CLIENTS FirstName LastName AccountNumber Balance FirstName LastName AccountNumber Balance OR …
DECOUPLING AUTHZ FROM IMPLEMENTATION Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.17 API Layer that enforces fine grained access control
DECOUPLING AUTHZ FROM IMPLEMENTATION Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.18 Marie Kondo API Layer Driver/Obstacle Benefits (How it Helps) 1. Fine-grained authorization policy engine Diff layers of authz decisions Remove developers from managing authz at the individual API level, and remove clients from filtering data themselves at the individual API level Reduce top API security risk Centralize authorization decisions, regardless of authorization data sources, and re- use authorization policies across multiple APIs Privacy Preferences & Consents Policies can enable delegated consent to data access & preference lookups and enforce data access decision based on customers’ wishes. Consumer Data Regulations Policies can enforce compliance with new and changing consumer data protection legislation; sometimes requiring consents. Zero Trust Set up micro-segments of data, even down to the data attribute, to enable least privilege access for sensitive data. Securing APIs Check and enforce policies and customer consents for data being accessed by a third party through a customer data API. Data is detailed Enables granular, attribute-by-attribute access control capabilities 2. GUI Trust Framework Data is everywhere Real-time connections to policy attributes anywhere (e.g. risk scores) [All Drivers] Need for ABAC & dynamic authorization Policies Many stakeholders Externalizes authorization to users for collaborative policy design Reconciling reqs Lifts burden on developers, no need to reconcile or write code
Does your API authorization model spark joy? 19 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.
PINGIDENTITY.COM 20 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.

Recomendados

Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic MetadataNordic APIs
 
Next Generation API Management & Microservices Service Mesh
Next Generation API Management & Microservices Service MeshNext Generation API Management & Microservices Service Mesh
Next Generation API Management & Microservices Service MeshNordic APIs
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your APISmartBear
 
Is Your API Being Abused – And Would You Even Notice If It Was?
Is Your API Being Abused – And Would You Even Notice If It Was?Is Your API Being Abused – And Would You Even Notice If It Was?
Is Your API Being Abused – And Would You Even Notice If It Was?Nordic APIs
 
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays
 
apidays LIVE Paris - Driving innovation through External APIs without putting...
apidays LIVE Paris - Driving innovation through External APIs without putting...apidays LIVE Paris - Driving innovation through External APIs without putting...
apidays LIVE Paris - Driving innovation through External APIs without putting...apidays
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityApigee | Google Cloud
 

Recomendados

Mining API Traffic Metadata
Mining API Traffic MetadataMining API Traffic Metadata
Mining API Traffic MetadataNordic APIs
 
Next Generation API Management & Microservices Service Mesh
Next Generation API Management & Microservices Service MeshNext Generation API Management & Microservices Service Mesh
Next Generation API Management & Microservices Service MeshNordic APIs
 
Test and Protect Your API
Test and Protect Your APITest and Protect Your API
Test and Protect Your APISmartBear
 
Is Your API Being Abused – And Would You Even Notice If It Was?
Is Your API Being Abused – And Would You Even Notice If It Was?Is Your API Being Abused – And Would You Even Notice If It Was?
Is Your API Being Abused – And Would You Even Notice If It Was?Nordic APIs
 
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...
apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays
 
apidays LIVE Paris - Driving innovation through External APIs without putting...
apidays LIVE Paris - Driving innovation through External APIs without putting...apidays LIVE Paris - Driving innovation through External APIs without putting...
apidays LIVE Paris - Driving innovation through External APIs without putting...apidays
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityApigee | Google Cloud
 
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...WSO2
 
Bigger, Better Business With OAuth
Bigger, Better Business With OAuthBigger, Better Business With OAuth
Bigger, Better Business With OAuthApigee | Google Cloud
 
APIs for... Your Mom
APIs for... Your MomAPIs for... Your Mom
APIs for... Your MomCarlo Longino
 
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!Apigee | Google Cloud
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...Apigee | Google Cloud
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays
 
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays
 
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays
 
apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays
 
Hacker vs AI
Hacker vs AI Hacker vs AI
Hacker vs AI Nordic APIs
 
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...apidays
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product DemoApigee | Google Cloud
 
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...WSO2
 

Más contenido relacionado

La actualidad más candente

[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...WSO2
 
APIs for... Your Mom
APIs for... Your MomAPIs for... Your Mom
APIs for... Your MomCarlo Longino
 
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!Apigee | Google Cloud
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...Apigee | Google Cloud
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays
 
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays
 
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays
 
apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays
 
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...apidays
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays
 
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays
 

La actualidad más candente (20)

[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
[WSO2 Integration Summit London 2019] Identity and Access Management in an AP...
 
Bigger, Better Business With OAuth
Bigger, Better Business With OAuthBigger, Better Business With OAuth
Bigger, Better Business With OAuth
 
APIs for... Your Mom
APIs for... Your MomAPIs for... Your Mom
APIs for... Your Mom
 
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)
 
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...
Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...
 
Managing Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices WorldManaging Sensitive Information in an API and Microservices World
Managing Sensitive Information in an API and Microservices World
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
 
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...
 
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
 
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
apidays LIVE LONDON - Protecting financial-grade APIs - Getting the right API...
 
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...
 
apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays LIVE New York 2021 - API design is where culture and tech meet each o...
apidays LIVE New York 2021 - API design is where culture and tech meet each o...
 
Hacker vs AI
Hacker vs AI Hacker vs AI
Hacker vs AI
 
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...
apidays LIVE London 2021 - Confessions of a Product Geek by Rosemary Missier,...
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ngapidays LIVE Hong Kong - The Business of APIs by Jed Ng
apidays LIVE Hong Kong - The Business of APIs by Jed Ng
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product Demo
 
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wilde
 

Similar a Kondo-ing API Authorization

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...WSO2
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用Amazon Web Services
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintNowSecure
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication ForgeRock
 
Find IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterFind IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterGhostery, Inc.
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
The Super Broken Story of the True Digital Identity
The Super Broken Story of the True Digital IdentityThe Super Broken Story of the True Digital Identity
The Super Broken Story of the True Digital IdentityManah Khalil
 
Blockchain + AI + Big Data Technology Integration Demo
Blockchain + AI + Big Data Technology Integration DemoBlockchain + AI + Big Data Technology Integration Demo
Blockchain + AI + Big Data Technology Integration DemoAlex G. Lee, Ph.D. Esq. CLP
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationRogue Wave Software
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationFIDO Alliance
 
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva... Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...Amazon Web Services
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationFIDO Alliance
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Alliance
 

Similar a Kondo-ing API Authorization (20)

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用
 
Building a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing BlueprintBuilding a Mobile App Pen Testing Blueprint
Building a Mobile App Pen Testing Blueprint
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication Identity Live Sydney: Intelligent Authentication
Identity Live Sydney: Intelligent Authentication
 
Find IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site FasterFind IT & Marketing’s Common Ground: Make Your Site Faster
Find IT & Marketing’s Common Ground: Make Your Site Faster
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
The Super Broken Story of the True Digital Identity
The Super Broken Story of the True Digital IdentityThe Super Broken Story of the True Digital Identity
The Super Broken Story of the True Digital Identity
 
Blockchain + AI + Big Data Technology Integration Demo
Blockchain + AI + Big Data Technology Integration DemoBlockchain + AI + Big Data Technology Integration Demo
Blockchain + AI + Big Data Technology Integration Demo
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
 
Disrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformationDisrupt or be disrupted – Using secure APIs to drive digital transformation
Disrupt or be disrupted – Using secure APIs to drive digital transformation
 
Introduction to FIDO Biometric Authentication
Introduction to FIDO Biometric AuthenticationIntroduction to FIDO Biometric Authentication
Introduction to FIDO Biometric Authentication
 
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva... Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
Breaking the Ice: How Broadridge is Helping Customers Transform Cold Archiva...
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO Authentication and GDPR
FIDO Authentication and GDPRFIDO Authentication and GDPR
FIDO Authentication and GDPR
 

Más de Nordic APIs

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...Nordic APIs
 
The Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureThe Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureNordic APIs
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
 
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Nordic APIs
 
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...Nordic APIs
 
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLAPI Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLNordic APIs
 
API Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogAPI Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogNordic APIs
 
Productizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifProductizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifNordic APIs
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosNordic APIs
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioNordic APIs
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...Nordic APIs
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Nordic APIs
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Nordic APIs
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyNordic APIs
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Nordic APIs
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsNordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerNordic APIs
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...Nordic APIs
 
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...Nordic APIs
 

Más de Nordic APIs (20)

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
 
The Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureThe Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at Apiture
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
 
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
 
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
 
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLAPI Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
 
API Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogAPI Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, Graylog
 
Productizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifProductizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, Moseif
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.io
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
 
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
 

Último

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 

Último (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Kondo-ing API Authorization

  • 1. Kondo-ing API Authorization Remy Lyle OCT 2019 1 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 2. HI! I’M REMY Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.2 • Global Tech Enablement Team @ Ping Identity • Denver, CO, USA • Convinced that APIs are the next frontier for identity and security • Marie Kondo is a personal hero
  • 3. MARIE KONDO  Tidying Expert, Bestselling Author, Netflix Hit Show Star  NYTimes Best Selling Book, The Life Changing Magic of Tidying Up  “Does it spark joy?” Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.3
  • 4. BUT… FOR API AUTHORIZATIONS? 4 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved. https://www.wsj.com/articles/kondo-ing-a- guru-of-organizing-becomes-a-verb- 11547745648
  • 5. ANATOMY OF AN API Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.5 JSON GET /getData
  • 6. ANATOMY OF AN API Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.6 JSON GET /getData Scopes Identity Attributes Privacy Preferences User Consents Data Regulations Zero Trust
  • 7. AND HOW MANY DO YOU HAVE? Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.7 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.7
  • 8. FOUR DATA OBSTACLES Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.8 1. Data is detailed and complex. 2. It’s everywhere and accessed many ways. 3. Multiple stakeholders, moving targets and ever-changing landscape of data security policies and regulation 4. Data transactions are subjected to different layers of authorization decisions
  • 9. THIS IS A REAL PROBLEM  OWASP Top API Security Top 10 Risk Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.9 https://www.owasp.org/index.php/OWASP_API_Security_Project
  • 10. WITH REAL-LIFE CONSEQUENCES  In 2018, a research fellow with Mozilla Foundation scraped nearly 208 million transactions on peer-to-peer payment app Venmo revealing purchase profiles of its users  In June 2019, another 7 million transactions were scraped using the company’s developer API over six months Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.10 Sources: https://www.darkreading.com/application-security/apis-get-their-own-top-10-security-list/d/d-id/1335786 https://22-8miles.com/public-by-default/ https://www.wired.com/story/i-scraped-millions-of-venmo-payments-your-data-is-at-risk/
  • 11. WHO IS RESPONSIBLE? Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.11 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.11 DEVELOPERS? CLIENTS? X X
  • 12. ENTER IN … A TIDYING LAYER Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.12 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.12
  • 13. WHAT IF TIDYING WAS APPLIED Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.13 Scopes Identity Attr Privacy Preferences User Consents Data Regulations Zero Trust Business Defined Policies DEVELOPERS CLIENTS
  • 14. WHAT IF YOU COULD PULL FROM ANY SOURCE Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved. 14 Scopes Identity Attr Privacy Preferences User Consents Data Regulations Zero Trust DBs Directory Other APIs Any state Any attribute Any authz data source
  • 15. WHAT IF THE ARCHITECTS COULD WRITE THE POLICIES Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.15 Business-Derived Policies
  • 16. WHAT IF ACCESS CONTROLS WERE APPLIED Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.16 Allow? Block? Filter? Obfuscate? CLIENTS FirstName LastName AccountNumber Balance FirstName LastName AccountNumber Balance OR …
  • 17. DECOUPLING AUTHZ FROM IMPLEMENTATION Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.17 API Layer that enforces fine grained access control
  • 18. DECOUPLING AUTHZ FROM IMPLEMENTATION Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.18 Marie Kondo API Layer Driver/Obstacle Benefits (How it Helps) 1. Fine-grained authorization policy engine Diff layers of authz decisions Remove developers from managing authz at the individual API level, and remove clients from filtering data themselves at the individual API level Reduce top API security risk Centralize authorization decisions, regardless of authorization data sources, and re- use authorization policies across multiple APIs Privacy Preferences & Consents Policies can enable delegated consent to data access & preference lookups and enforce data access decision based on customers’ wishes. Consumer Data Regulations Policies can enforce compliance with new and changing consumer data protection legislation; sometimes requiring consents. Zero Trust Set up micro-segments of data, even down to the data attribute, to enable least privilege access for sensitive data. Securing APIs Check and enforce policies and customer consents for data being accessed by a third party through a customer data API. Data is detailed Enables granular, attribute-by-attribute access control capabilities 2. GUI Trust Framework Data is everywhere Real-time connections to policy attributes anywhere (e.g. risk scores) [All Drivers] Need for ABAC & dynamic authorization Policies Many stakeholders Externalizes authorization to users for collaborative policy design Reconciling reqs Lifts burden on developers, no need to reconcile or write code
  • 19. Does your API authorization model spark joy? 19 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.
  • 20. PINGIDENTITY.COM 20 Confidential | Do not distribute — Copyright ©2019 Ping Identity Corporation. All rights reserved.