Authlete: API Authorization Enabler for API Economy

Tatsuo Kudo
Tatsuo KudoDigital Identity Professional at Authlete
Authlete API Authorization Enabler for API Economy Tatsuo Kudo Authlete, Inc.
2 Key Indicators of Growth in API Economy Source: ProgrammableWeb (https://www.programmableweb.com/news/financial-apis-continue-to-see-big-growth/research/2020/08/26), Postman (https://blog.postman.com/api-growth-rate/)
3 API Ecosystem is Multi-Layered and Specialized API Client API Client API Client API Client API Provider API Provider API Provider API API API Backend Provider Backend Provider API API
Authlete is Specialized to “API Authorization” API Provider API Client 4 API Provider API Client API Provider API Client Backend Provider API API API Backend Provider API API API Client API
5 • It is how End Users grant what access of API Providers to which API Clients • OAuth 2.0 is the industry standard What is API Authorization? End User API Provider API Client API Request Using “Access Token” User Authentication & Access Grant Starting Authorization Process
DPoP 6 • ”There’re a lot of (complicated) standards for that!” Implementing API Authorization is not Easy ‘12 ‘13 ‘14 ‘15 ‘16 ‘17 ‘18 ‘19 ’20+ RFC6750 RFC6749 RFC7636 RFC6819 Security BCP OIDCDiscovery RFC7592 RFC8414 OIDC Core Session Mgmt RFC8252 FAPI1 FAPI2 JARM CIBA RFC8628 RAR PAR IDA RFC7009 RFC7662 Multiple Response Type Enc. Practice Form Post Response Mode RFC7523 RFC7591 RFC8707 FAPI-CIBA RFC8705
7 Offloading API Authorization to Authlete Mobile Apps & Websites Fintechs Partners OAuth 2.0 & OpenID Connect Protocol Operations Access Token Life Cycle Management API Authorization & ID Federation Open Financial APIs KYC Information Sharing Identity Assurance Financial- grade API OAuth 2.0 & OpenID Connect API Providers Providing the Latest Industry-standard APIs No Vendor Lock-in for Designing UX Offloading the Hardest Part of OAuth 2.0 & OpenID Connect Deployment
8 Proven by Customers and Awards Financial PersonalData Integration Partners HR Entertainment Healthcare Rakuten Bank Awards Education Media
9 • Seven Bank – Background and challenges • They needed advanced API authorization capabilities for new open banking APIs – Solution and Benefit • They integrated Authlete with their Azure-based service in just 3 months • Authlete has brought flexibility to adopt Financial-grade API in future Authlete Enables Open Banking APIs https://www.isid.co.jp/news/release/2018/0919.html Azure PaaS API Management Web Apps Jobs Push Notification Hub App Services HTTPS/JSON Online Banking System Ledger System Other Banks SOAP/SFTP on cloud
10 About Us Name Authlete, Inc. Location FINOLAB, Otemachi Bldg 4F, Otemachi 16-1 Chiyoda-ku, Tokyo 100-0004 Japan Representative Takahiko Kawasaki, Representative Director / Co-Founder Business Activities Planning, development and operation of Authlete BaaS (Backend as a Service) Consulting service related to Authlete BaaS Capital 223 Million Japanese Yen Date Founded September 18, 2015 Tokyo Office UK Office
Thank You www.authlete.com
1 de 11

Authlete: API Authorization Enabler for API Economy

Descargar para leer sin conexión
Software

Prepared for Tokyo-London Financial Seminar 2021 https://www.authlete.com/news/20210212_tokyo_london_financial_serminar/

Tatsuo Kudo
Tatsuo KudoDigital Identity Professional at Authlete

Recomendados

Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ... por
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...
Authorization Architecture Patterns: How to Avoid Pitfalls in #OAuth / #OIDC ...Tatsuo Kudo
5.1K vistas35 diapositivas
Client Initiated Backchannel Authentication (CIBA) and Authlete’s Approach por
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachClient Initiated Backchannel Authentication (CIBA) and Authlete’s Approach
Client Initiated Backchannel Authentication (CIBA) and Authlete’s ApproachTatsuo Kudo
238 vistas11 diapositivas
Trends in Banking APIs por
Trends in Banking APIsTrends in Banking APIs
Trends in Banking APIsTatsuo Kudo
1.1K vistas20 diapositivas
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021 por
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021
In-house OAuth/OIDC Infrastructure as a Competitive Advantage #eic2021Tatsuo Kudo
650 vistas13 diapositivas
APIエコノミー時代の認証・認可 por
APIエコノミー時代の認証・認可APIエコノミー時代の認証・認可
APIエコノミー時代の認証・認可Tatsuo Kudo
2.6K vistas53 diapositivas
銀行APIのトレンド #fapisum por
銀行APIのトレンド #fapisum銀行APIのトレンド #fapisum
銀行APIのトレンド #fapisumTatsuo Kudo
3.6K vistas20 diapositivas

Más contenido relacionado

La actualidad más candente

RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It! por
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!Mike Schwartz
1.7K vistas44 diapositivas
OpenID Connect Explained por
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect ExplainedVladimir Dzhuvinov
11.3K vistas31 diapositivas
OpenID Connect and Single Sign-On for Beginners por
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for BeginnersSalesforce Developers
22.7K vistas30 diapositivas
OpenID Connect: The new standard for connecting to your Customers, Partners, ... por
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...Salesforce Developers
12.1K vistas41 diapositivas
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile por
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileHitachi, Ltd. OSS Solution Center.
1.4K vistas37 diapositivas
Connected Identity : The Role of the Identity Bus por
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity BusPrabath Siriwardena
1.6K vistas47 diapositivas

La actualidad más candente(20)

RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It! por Mike Schwartz
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!
Mike Schwartz1.7K vistas
OpenID Connect Explained por Vladimir Dzhuvinov
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov11.3K vistas
OpenID Connect and Single Sign-On for Beginners por Salesforce Developers
OpenID Connect and Single Sign-On for BeginnersOpenID Connect and Single Sign-On for Beginners
OpenID Connect and Single Sign-On for Beginners
Salesforce Developers22.7K vistas
OpenID Connect: The new standard for connecting to your Customers, Partners, ... por Salesforce Developers
OpenID Connect: The new standard for connecting to your Customers, Partners, ...OpenID Connect: The new standard for connecting to your Customers, Partners, ...
OpenID Connect: The new standard for connecting to your Customers, Partners, ...
Salesforce Developers12.1K vistas
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile por Hitachi, Ltd. OSS Solution Center.
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
Hitachi, Ltd. OSS Solution Center.1.4K vistas
Connected Identity : The Role of the Identity Bus por Prabath Siriwardena
Connected Identity : The Role of the Identity BusConnected Identity : The Role of the Identity Bus
Connected Identity : The Role of the Identity Bus
Prabath Siriwardena1.6K vistas
Overall pictures of Identity provider mix-up attack patterns and trade-offs b... por Hitachi, Ltd. OSS Solution Center.
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Overall pictures of Identity provider mix-up attack patterns and trade-offs b...
Hitachi, Ltd. OSS Solution Center.202 vistas
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect por CloudIDSummit
CIS14: Consolidating Authorization for API and Web SSO using OpenID ConnectCIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
CloudIDSummit1.1K vistas
Enterprise Single Sign On por WSO2
Enterprise Single Sign On Enterprise Single Sign On
Enterprise Single Sign On
WSO24.1K vistas
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or... por Brian Campbell
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
Brian Campbell62.2K vistas
W3C Web Authentication - #idcon vol.24 por Nov Matake
W3C Web Authentication - #idcon vol.24W3C Web Authentication - #idcon vol.24
W3C Web Authentication - #idcon vol.24
Nov Matake1.6K vistas
FIDO2 Specifications Overview por FIDO Alliance
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
FIDO Alliance1.4K vistas
OpenID Connect 1.0 Explained por Eugene Siow
OpenID Connect 1.0 ExplainedOpenID Connect 1.0 Explained
OpenID Connect 1.0 Explained
Eugene Siow1.1K vistas
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk por Nov Matake
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tkOAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk
Nov Matake12K vistas
Sign in with Apple por Nov Matake
Sign in with Apple Sign in with Apple
Sign in with Apple
Nov Matake3.5K vistas
The Client is not always right! How to secure OAuth authentication from your... por Mike Schwartz
The Client is not always right! How to secure OAuth authentication from your...The Client is not always right! How to secure OAuth authentication from your...
The Client is not always right! How to secure OAuth authentication from your...
Mike Schwartz2K vistas
Technical Considerations for Deploying FIDO Authentication por FIDO Alliance
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
FIDO Alliance1.3K vistas
Identiverse - Microservices Security por Bertrand Carlier
Identiverse - Microservices SecurityIdentiverse - Microservices Security
Identiverse - Microservices Security
Bertrand Carlier1.7K vistas
OpenID Connect 101 @ OpenID TechNight vol.11 por Nov Matake
OpenID Connect 101 @ OpenID TechNight vol.11OpenID Connect 101 @ OpenID TechNight vol.11
OpenID Connect 101 @ OpenID TechNight vol.11
Nov Matake10.4K vistas
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016 por Nov Matake
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
OPTiM StoreにおけるSCIM & OIDC活用事例 - ID&IT 2016
Nov Matake1.3K vistas

Similar a Authlete: API Authorization Enabler for API Economy

How to Build, Manage, and Promote APIs por
How to Build, Manage, and Promote APIsHow to Build, Manage, and Promote APIs
How to Build, Manage, and Promote APIsWSO2
1.8K vistas25 diapositivas
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ... por
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays
1.2K vistas14 diapositivas
Gravitee API Management - Ahmet AYDIN por
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDINkloia
346 vistas27 diapositivas
2013 02-apache conna-api-manager-asanka por
2013 02-apache conna-api-manager-asanka2013 02-apache conna-api-manager-asanka
2013 02-apache conna-api-manager-asankaWSO2
570 vistas38 diapositivas
Open Banking & Open Insurance por
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open InsuranceAmazon Web Services
1.7K vistas24 diapositivas
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu... por
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...apidays
32 vistas34 diapositivas

Similar a Authlete: API Authorization Enabler for API Economy(20)

How to Build, Manage, and Promote APIs por WSO2
How to Build, Manage, and Promote APIsHow to Build, Manage, and Promote APIs
How to Build, Manage, and Promote APIs
WSO21.8K vistas
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ... por apidays
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays1.2K vistas
Gravitee API Management - Ahmet AYDIN por kloia
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN
kloia346 vistas
2013 02-apache conna-api-manager-asanka por WSO2
2013 02-apache conna-api-manager-asanka2013 02-apache conna-api-manager-asanka
2013 02-apache conna-api-manager-asanka
WSO2570 vistas
Open Banking & Open Insurance por Amazon Web Services
Open Banking & Open InsuranceOpen Banking & Open Insurance
Open Banking & Open Insurance
Amazon Web Services1.7K vistas
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu... por apidays
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
APIsecure 2023 - Security Considerations for API Gateway Aggregation, Yoshiyu...
apidays32 vistas
Security Considerations for API Gateway Aggregation por Hitachi, Ltd. OSS Solution Center.
Security Considerations for API Gateway AggregationSecurity Considerations for API Gateway Aggregation
Security Considerations for API Gateway Aggregation
Hitachi, Ltd. OSS Solution Center.66 vistas
Role of API Management in an API led Digital Economy por WSO2
Role of API Management in an API led Digital EconomyRole of API Management in an API led Digital Economy
Role of API Management in an API led Digital Economy
WSO2249 vistas
APIs and Beyond por WSO2
APIs and BeyondAPIs and Beyond
APIs and Beyond
WSO21.8K vistas
Manage your ap is securely and easily ibm apim 4.0 por sflynn073
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn0731.4K vistas
Wso2 Api Manager por Walaa Hamdy Assy
Wso2 Api ManagerWso2 Api Manager
Wso2 Api Manager
Walaa Hamdy Assy139 vistas
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers... por Priyanka Aash
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...
Priyanka Aash400 vistas
[WSO2Con Asia 2018] Managing API Integrations with WSO2 API Manager por WSO2
[WSO2Con Asia 2018] Managing API Integrations with WSO2 API Manager[WSO2Con Asia 2018] Managing API Integrations with WSO2 API Manager
[WSO2Con Asia 2018] Managing API Integrations with WSO2 API Manager
WSO2445 vistas
Api management introduction and product overview v1.0 2014.08.28 por floridawusergroup
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28
floridawusergroup913 vistas
WEB API Gateway por Kumaresh Chandra Baruri
WEB API GatewayWEB API Gateway
WEB API Gateway
Kumaresh Chandra Baruri315 vistas
#APIOps- Agile API Development powered by API Connect por pramodvallanur
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect
pramodvallanur1.5K vistas
API, Integration, and SOA Convergence por Kasun Indrasiri
API, Integration, and SOA ConvergenceAPI, Integration, and SOA Convergence
API, Integration, and SOA Convergence
Kasun Indrasiri2.8K vistas
Architecting an Enterprise API Management Strategy por WSO2
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
WSO218.1K vistas
API Management Building Blocks and Business value por WSO2
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
WSO22.2K vistas
Gravitee.io por Knoldus Inc.
Gravitee.ioGravitee.io
Gravitee.io
Knoldus Inc.483 vistas

Más de Tatsuo Kudo

Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」 por
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Tatsuo Kudo
258 vistas22 diapositivas
金融APIセキュリティの動向・事例と今後の方向性 por
金融APIセキュリティの動向・事例と今後の方向性金融APIセキュリティの動向・事例と今後の方向性
金融APIセキュリティの動向・事例と今後の方向性Tatsuo Kudo
481 vistas44 diapositivas
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday por
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizdayTatsuo Kudo
803 vistas33 diapositivas
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete por
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteいまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteTatsuo Kudo
1.9K vistas71 diapositivas
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside por
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_insideAuthlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_insideTatsuo Kudo
1.9K vistas33 diapositivas
Financial-grade API Hands-on with Authlete por
Financial-grade API Hands-on with AuthleteFinancial-grade API Hands-on with Authlete
Financial-grade API Hands-on with AuthleteTatsuo Kudo
499 vistas29 diapositivas

Más de Tatsuo Kudo(20)

Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」 por Tatsuo Kudo
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Apigee の FAPI & CIBA 対応を実現する「Authlete (オースリート)」
Tatsuo Kudo258 vistas
金融APIセキュリティの動向・事例と今後の方向性 por Tatsuo Kudo
金融APIセキュリティの動向・事例と今後の方向性金融APIセキュリティの動向・事例と今後の方向性
金融APIセキュリティの動向・事例と今後の方向性
Tatsuo Kudo481 vistas
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday por Tatsuo Kudo
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
銀行 API における OAuth 2.0 / FAPI の動向 #openid #bizday
Tatsuo Kudo803 vistas
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete por Tatsuo Kudo
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authleteいまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
いまどきの OAuth / OpenID Connect (OIDC) 一挙おさらい (2020 年 2 月) #authlete
Tatsuo Kudo1.9K vistas
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside por Tatsuo Kudo
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_insideAuthlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Authlete: セキュアな金融 API 基盤の実現と Google Cloud の活用 #gc_inside
Tatsuo Kudo1.9K vistas
Financial-grade API Hands-on with Authlete por Tatsuo Kudo
Financial-grade API Hands-on with AuthleteFinancial-grade API Hands-on with Authlete
Financial-grade API Hands-on with Authlete
Tatsuo Kudo499 vistas
英国オープンバンキング技術仕様の概要 por Tatsuo Kudo
英国オープンバンキング技術仕様の概要英国オープンバンキング技術仕様の概要
英国オープンバンキング技術仕様の概要
Tatsuo Kudo2.5K vistas
オープン API と Authlete のソリューション por Tatsuo Kudo
オープン API と Authlete のソリューションオープン API と Authlete のソリューション
オープン API と Authlete のソリューション
Tatsuo Kudo1.6K vistas
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション por Tatsuo Kudo
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューションOAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
OAuth / OpenID Connect (OIDC) の最新動向と Authlete のソリューション
Tatsuo Kudo3.6K vistas
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat... por Tatsuo Kudo
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
FAPI (Financial-grade API) and CIBA (Client Initiated Backchannel Authenticat...
Tatsuo Kudo8.6K vistas
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019 por Tatsuo Kudo
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
#OAuth Security Workshop 2019 Recap @ #Authlete Partner Meetup Spring 2019
Tatsuo Kudo2.6K vistas
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth... por Tatsuo Kudo
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
CIBA (Client Initiated Backchannel Authentication) の可能性 #authlete #api #oauth...
Tatsuo Kudo6.6K vistas
Japan/UK Open Banking and APIs Summit 2018 TOI por Tatsuo Kudo
Japan/UK Open Banking and APIs Summit 2018 TOIJapan/UK Open Banking and APIs Summit 2018 TOI
Japan/UK Open Banking and APIs Summit 2018 TOI
Tatsuo Kudo1.1K vistas
アイデンティティ (ID) 技術の最新動向とこれから por Tatsuo Kudo
アイデンティティ (ID) 技術の最新動向とこれからアイデンティティ (ID) 技術の最新動向とこれから
アイデンティティ (ID) 技術の最新動向とこれから
Tatsuo Kudo8.5K vistas
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws por Tatsuo Kudo
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawawsOAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
OAuth / OpenID Connectを中心とするAPIセキュリティについて #yuzawaws
Tatsuo Kudo13.4K vistas
OAuth Security Workshop 2017 #osw17 por Tatsuo Kudo
OAuth Security Workshop 2017 #osw17OAuth Security Workshop 2017 #osw17
OAuth Security Workshop 2017 #osw17
Tatsuo Kudo2.1K vistas
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api por Tatsuo Kudo
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
「金融API向けOAuth」にみるOAuthプロファイリングの実際 #secjaws #finsecjaws01 #oauth #oidc #api
Tatsuo Kudo3.1K vistas
APIdays Australia 2017 TOI #APIdaysAU por Tatsuo Kudo
APIdays Australia 2017 TOI #APIdaysAUAPIdays Australia 2017 TOI #APIdaysAU
APIdays Australia 2017 TOI #APIdaysAU
Tatsuo Kudo972 vistas
利用者本位のAPI提供に向けたアイデンティティ (ID) 標準仕様の動向 por Tatsuo Kudo
利用者本位のAPI提供に向けたアイデンティティ (ID) 標準仕様の動向利用者本位のAPI提供に向けたアイデンティティ (ID) 標準仕様の動向
利用者本位のAPI提供に向けたアイデンティティ (ID) 標準仕様の動向
Tatsuo Kudo2.4K vistas
認証技術、デジタルアイデンティティ技術の最新動向 por Tatsuo Kudo
認証技術、デジタルアイデンティティ技術の最新動向認証技術、デジタルアイデンティティ技術の最新動向
認証技術、デジタルアイデンティティ技術の最新動向
Tatsuo Kudo10.8K vistas

Último

Introduction to Maven por
Introduction to MavenIntroduction to Maven
Introduction to MavenJohn Valentino
6 vistas10 diapositivas
Quality Engineer: A Day in the Life por
Quality Engineer: A Day in the LifeQuality Engineer: A Day in the Life
Quality Engineer: A Day in the LifeJohn Valentino
7 vistas18 diapositivas
Ports-and-Adapters Architecture for Embedded HMI por
Ports-and-Adapters Architecture for Embedded HMIPorts-and-Adapters Architecture for Embedded HMI
Ports-and-Adapters Architecture for Embedded HMIBurkhard Stubert
33 vistas19 diapositivas
Automated Testing of Microsoft Power BI Reports por
Automated Testing of Microsoft Power BI ReportsAutomated Testing of Microsoft Power BI Reports
Automated Testing of Microsoft Power BI ReportsRTTS
10 vistas20 diapositivas
predicting-m3-devopsconMunich-2023-v2.pptx por
predicting-m3-devopsconMunich-2023-v2.pptxpredicting-m3-devopsconMunich-2023-v2.pptx
predicting-m3-devopsconMunich-2023-v2.pptxTier1 app
12 vistas33 diapositivas
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation por
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook AutomationDRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook AutomationHCLSoftware
6 vistas8 diapositivas

Último(20)

Introduction to Maven por John Valentino
Introduction to MavenIntroduction to Maven
Introduction to Maven
John Valentino6 vistas
Quality Engineer: A Day in the Life por John Valentino
Quality Engineer: A Day in the LifeQuality Engineer: A Day in the Life
Quality Engineer: A Day in the Life
John Valentino7 vistas
Ports-and-Adapters Architecture for Embedded HMI por Burkhard Stubert
Ports-and-Adapters Architecture for Embedded HMIPorts-and-Adapters Architecture for Embedded HMI
Ports-and-Adapters Architecture for Embedded HMI
Burkhard Stubert33 vistas
Automated Testing of Microsoft Power BI Reports por RTTS
Automated Testing of Microsoft Power BI ReportsAutomated Testing of Microsoft Power BI Reports
Automated Testing of Microsoft Power BI Reports
RTTS10 vistas
predicting-m3-devopsconMunich-2023-v2.pptx por Tier1 app
predicting-m3-devopsconMunich-2023-v2.pptxpredicting-m3-devopsconMunich-2023-v2.pptx
predicting-m3-devopsconMunich-2023-v2.pptx
Tier1 app12 vistas
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation por HCLSoftware
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook AutomationDRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
DRYiCE™ iAutomate: AI-enhanced Intelligent Runbook Automation
HCLSoftware6 vistas
How to build dyanmic dashboards and ensure they always work por Wiiisdom
How to build dyanmic dashboards and ensure they always workHow to build dyanmic dashboards and ensure they always work
How to build dyanmic dashboards and ensure they always work
Wiiisdom14 vistas
Generic or specific? Making sensible software design decisions por Bert Jan Schrijver
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
Bert Jan Schrijver7 vistas
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated... por TomHalpin9
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
Dev-HRE-Ops - Addressing the _Last Mile DevOps Challenge_ in Highly Regulated...
TomHalpin96 vistas
How To Make Your Plans Suck Less — Maarten Dalmijn at the 57th Hands-on Agile... por Stefan Wolpers
How To Make Your Plans Suck Less — Maarten Dalmijn at the 57th Hands-on Agile...How To Make Your Plans Suck Less — Maarten Dalmijn at the 57th Hands-on Agile...
How To Make Your Plans Suck Less — Maarten Dalmijn at the 57th Hands-on Agile...
Stefan Wolpers42 vistas
.NET Deserialization Attacks por Dharmalingam Ganesan
.NET Deserialization Attacks.NET Deserialization Attacks
.NET Deserialization Attacks
Dharmalingam Ganesan5 vistas
Bootstrapping vs Venture Capital.pptx por Zeljko Svedic
Bootstrapping vs Venture Capital.pptxBootstrapping vs Venture Capital.pptx
Bootstrapping vs Venture Capital.pptx
Zeljko Svedic15 vistas
Using Qt under LGPL-3.0 por Burkhard Stubert
Using Qt under LGPL-3.0Using Qt under LGPL-3.0
Using Qt under LGPL-3.0
Burkhard Stubert13 vistas
Electronic AWB - Electronic Air Waybill por Freightoscope
Electronic AWB - Electronic Air Waybill Electronic AWB - Electronic Air Waybill
Electronic AWB - Electronic Air Waybill
Freightoscope 5 vistas
The Era of Large Language Models.pptx por AbdulVahedShaik
The Era of Large Language Models.pptxThe Era of Large Language Models.pptx
The Era of Large Language Models.pptx
AbdulVahedShaik7 vistas
360 graden fabriek por info33492
360 graden fabriek360 graden fabriek
360 graden fabriek
info33492165 vistas
AI and Ml presentation .pptx por FayazAli87
AI and Ml presentation .pptxAI and Ml presentation .pptx
AI and Ml presentation .pptx
FayazAli8714 vistas
Understanding HTML terminology por artembondar5
Understanding HTML terminologyUnderstanding HTML terminology
Understanding HTML terminology
artembondar57 vistas
What is API por artembondar5
What is APIWhat is API
What is API
artembondar513 vistas
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium... por Lisi Hocke
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Team Transformation Tactics for Holistic Testing and Quality (Japan Symposium...
Lisi Hocke35 vistas

Authlete: API Authorization Enabler for API Economy

  • 1. Authlete API Authorization Enabler for API Economy Tatsuo Kudo Authlete, Inc.
  • 2. 2 Key Indicators of Growth in API Economy Source: ProgrammableWeb (https://www.programmableweb.com/news/financial-apis-continue-to-see-big-growth/research/2020/08/26), Postman (https://blog.postman.com/api-growth-rate/)
  • 3. 3 API Ecosystem is Multi-Layered and Specialized API Client API Client API Client API Client API Provider API Provider API Provider API API API Backend Provider Backend Provider API API
  • 4. Authlete is Specialized to “API Authorization” API Provider API Client 4 API Provider API Client API Provider API Client Backend Provider API API API Backend Provider API API API Client API
  • 5. 5 • It is how End Users grant what access of API Providers to which API Clients • OAuth 2.0 is the industry standard What is API Authorization? End User API Provider API Client API Request Using “Access Token” User Authentication & Access Grant Starting Authorization Process
  • 6. DPoP 6 • ”There’re a lot of (complicated) standards for that!” Implementing API Authorization is not Easy ‘12 ‘13 ‘14 ‘15 ‘16 ‘17 ‘18 ‘19 ’20+ RFC6750 RFC6749 RFC7636 RFC6819 Security BCP OIDCDiscovery RFC7592 RFC8414 OIDC Core Session Mgmt RFC8252 FAPI1 FAPI2 JARM CIBA RFC8628 RAR PAR IDA RFC7009 RFC7662 Multiple Response Type Enc. Practice Form Post Response Mode RFC7523 RFC7591 RFC8707 FAPI-CIBA RFC8705
  • 7. 7 Offloading API Authorization to Authlete Mobile Apps & Websites Fintechs Partners OAuth 2.0 & OpenID Connect Protocol Operations Access Token Life Cycle Management API Authorization & ID Federation Open Financial APIs KYC Information Sharing Identity Assurance Financial- grade API OAuth 2.0 & OpenID Connect API Providers Providing the Latest Industry-standard APIs No Vendor Lock-in for Designing UX Offloading the Hardest Part of OAuth 2.0 & OpenID Connect Deployment
  • 8. 8 Proven by Customers and Awards Financial PersonalData Integration Partners HR Entertainment Healthcare Rakuten Bank Awards Education Media
  • 9. 9 • Seven Bank – Background and challenges • They needed advanced API authorization capabilities for new open banking APIs – Solution and Benefit • They integrated Authlete with their Azure-based service in just 3 months • Authlete has brought flexibility to adopt Financial-grade API in future Authlete Enables Open Banking APIs https://www.isid.co.jp/news/release/2018/0919.html Azure PaaS API Management Web Apps Jobs Push Notification Hub App Services HTTPS/JSON Online Banking System Ledger System Other Banks SOAP/SFTP on cloud
  • 10. 10 About Us Name Authlete, Inc. Location FINOLAB, Otemachi Bldg 4F, Otemachi 16-1 Chiyoda-ku, Tokyo 100-0004 Japan Representative Takahiko Kawasaki, Representative Director / Co-Founder Business Activities Planning, development and operation of Authlete BaaS (Backend as a Service) Consulting service related to Authlete BaaS Capital 223 Million Japanese Yen Date Founded September 18, 2015 Tokyo Office UK Office