The “I” in API is for Identity (Nordic APIS April 2014)

•

2 gostaram•1,877 visualizações

Software Tecnologia

pingidentity.com

THE “I” IN API IS FOR
IDENTITY
David Gorton
Senior Program Manager
Copyright © 2014 Ping Identity Corp. All rights reserved.
2

Identity is the Key
• Identity unlocks access to resources
– Web Resources
– APIs
• Identities are Everywhere and Expanding
Copyright © 2014 Ping Identity Corp. All rights reserved.
3

Enterprise APIs Are The Same…but Different
Copyright © 2014 Ping Identity Corp. All rights reserved.
4
Public
APIS
B2B
APIS

ü  Authen1ca1on

ü  Authoriza1on

ü  Audit

Re-Use Identities with Standards
• Increase
Adoption
• Reduce Risk
• Interoperability
• Flexibility
Copyright © 2014 Ping Identity Corp. All rights reserved.
5

Available API Identity Standards
• OAuth 2
(Authorization)
• SAML
(Authentication)
• OpenID Connect
(Both)
Copyright © 2014 Ping Identity Corp. All rights reserved.
6

OAuth 2 – Authorization
Written for API clients to
securely interact with APIs on
behalf of users
Copyright © 2014 Ping Identity Corp. All rights reserved.
7

OAuth 2 – Details
• “Authorization Server” runs the show
• Client Requests a Token with a Scope
–  User Authenticates
–  User Authorizes Client for a Scope
• Access token returned that represents a
scope for the authenticated user for use by
the client
Multiple flows (profiles) exist based on the trust
between the client, server, and user.
Copyright © 2014 Ping Identity Corp. All rights reserved.
8

OAuth In Action
Copyright © 2014 Ping Identity Corp. All rights reserved.
9
API
Client
OAuth
AuthZ
API
Resource

Request
Access

Token
with
Creden1als

Return
Access

Token

Request
Data

From
API

Validate
Access

Token

Return
API

Response

Return
Valida1on

Response

Request
Client

Scope
Authoriza1on

Grant
Client

Scope
Authoriza1on

SAML – Federation
Enable authentication &
federation across domains &
organizations
Copyright © 2014 Ping Identity Corp. All rights reserved.
10

SAML - Details
• Establish Trust Between Organizations
• Signed and Encrypted Tokens Transfer
Identity
Copyright © 2014 Ping Identity Corp. All rights reserved.
11

SAML + OAuth
• Authentication brokered by SAML
• SAML Token Exchanged for OAuth Access
Token
• Access Token used to access APIs
Copyright © 2014 Ping Identity Corp. All rights reserved.
12

SAML + OAuth In Action
Copyright © 2014 Ping Identity Corp. All rights reserved.
13
OAuth
Client

OAuth
AuthZ

&
Federa1on

API
Resource

Request
Access

Token

Redirect
to
OAuth

Server
with
SAML

Request
Data

From
API

Validate
Access

Token

Return
API

Response

Return
Valida1on

Response

Iden1ty
Provider

Redirect
to

Iden1ty
Provider

Request
to

Start
AuthN
Flow

Request
Access

Token
with
SAML

Return
Access

Token

OpenID Connect – The New Kid on the Block
Copyright © 2014 Ping Identity Corp. All rights reserved.
14
Connect

OpenID Connect
• OIDC Token contains
– Identity Token
– OAuth Access Token
• Trust Model for Federation
• Lower Maintenance
Copyright © 2014 Ping Identity Corp. All rights reserved.
15

OIDC In Action
Copyright © 2014 Ping Identity Corp. All rights reserved.
16
Mobile
OIDC
Server
API
Resource

Request
OIDC

Token

Return

OIDC
Token

Request
Data

From
API

Validate
OIDC

Token

Return
API

Response

Return
Valida1on

Response

Iden1ty
Provider

Redirect
to

Iden1ty
Provider

Request
to

Start
AuthN
Flow

Validate
OIDC

Token

Return

Valida1on
Response

Architecting API Identity
• Start with API & Client
Copyright © 2014 Ping Identity Corp. All rights reserved.
17
• Add OAuth 2.0
• Add SAML
• Or Use OpenID
Connect

What is the best option?
SAML
+
OAuth
2

+
Broad
Adop1on
of
SAML

-‐
More
complex

-‐
Requires
browser
interac1on

+
Uses
OAuth
Access
Tokens

Copyright © 2014 Ping Identity Corp. All rights reserved.
18
OpenID
Connect

-‐
Limited
Enterprise
Adop1on

+
One
Standard

+
Works
with
all
clients

+
Uses
OAuth
Access
Tokens

Ping Identity Solution
Copyright © 2014 Ping Identity Corp. All rights reserved.
19
ü  OAuth
2

ü  SAML

ü  OpenId
Connect

ü  Authoriza1on

ü  Audi1ng

?
Copyright © 2014 Ping Identity Corp. All rights reserved.
20

Mais conteúdo relacionado

Mais procurados

Launching a Successful and Secure API

Launching a Successful and Secure API

Launching a Successful and Secure API

APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile

Hitachi, Ltd. OSS Solution Center.

Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden. Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.

Open APIs - Risks and Rewards (Øredev 2013)

Open APIs - Risks and Rewards (Øredev 2013)

Open APIs - Risks and Rewards (Øredev 2013)

Who Cares About APIs? (NordicAPIS April 2014)

Who Cares About APIs? (NordicAPIS April 2014)

Who Cares About APIs? (NordicAPIS April 2014)

We know interactivity is the key to keep our user’s interest alive but we can’t reduce animation to UI anymore. Twitter, Waze, Slack… users are used to have real-time data in applications they love. But how can you turn your static API into a stream of data? When talking about data streaming, we often think about WebSockets. But have you ever heard of Server-Sent Events? In this tools-in-action we will compare both technologies to understand which one you should opt for depending on your usecase and I’ll show you how we have been even further by reducing the amount of data to transfer with JSON-Patch. And because real-time data is not only needed by web (and because it’s much more fun), I’ll show you how we can make drone dance on streamed APIs.

The end of polling : why and how to transform a REST API into a Data Streamin...

The end of polling : why and how to transform a REST API into a Data Streamin...

The end of polling : why and how to transform a REST API into a Data Streamin...

Importance of APIs in the Internet of Things

Importance of APIs in the Internet of Things

Importance of APIs in the Internet of Things

The Business Value for Internal APIs in the Enterprise

The Business Value for Internal APIs in the Enterprise

The Business Value for Internal APIs in the Enterprise

By now you’ve bought into the idea of using APIs to integrate cloud, mobile devices and the enterprise. But are building safe APIs? One insecure API can increase your organization’s risk profile exponentially. Securing APIs is not like securing the web—a point lost on many developers coming from a web-centric background. Learn what good practices to put in place and the common security anti-patterns you must avoid to ensure your company’s APIs are reliable, safe and secure. You will learn: • The top ways hackers exploit APIs in the wild • Common identity pitfalls and how to avoid them • Why OAuth scopes are essential to master • How to keep web developers from bringing bad habits with them

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

CA API Management

OAuth is more than an authentication protocol. A decade from now, OAuth will be viewed as the great enabler of new business models and wealth creation in the app economy. In this session we'll investigate why many business development ideas don't make it past the whiteboard and how OAuth changes that. We'll tickle our imaginations and explore what is possible in a world where crossing trust boundaries is done with lower risk, more control and higher security. We Will Discuss » - Blockers to Business Innovation - How OAuth Changes the Rules - Re-Imagining the Future of Business Development

Bigger, Better Business With OAuth

Bigger, Better Business With OAuth

Bigger, Better Business With OAuth

Apigee | Google Cloud

Enterprise API Adoption Patterns

Enterprise API Adoption Patterns

Enterprise API Adoption Patterns

I this presentation enterprises will get a practical overview of what they need to know when approaching APIs and technologies like OAuth. Mobile and Cloud initiatives are driving enterprises to expose data and applications to the outside world. Whether SOAP, REST or JSON, these APIs give enterprises an efficient way to open up information to services running in the Cloud and apps running on mobile devices like the iPad. However, securing and governing the lifecycle and operation of these APIs is not straightforward. It requires new approaches to access, protection and management. This invariably requires adoption of new technologies such as OAuth, which are not yet well understood.

API Security and OAuth for the Enterprise

API Security and OAuth for the Enterprise

API Security and OAuth for the Enterprise

CA API Management

Identity is ubiquitous. Regardless of the kind of applications you develop you will, at some point, almost certainly have to deal with identifying users of the app. Yet it's seldom a central part of the app’s value proposition and rarely a core competency for developers. Wouldn’t it be nice to outsource user authentication and free yourself from the liability and complexity of storing and managing passwords? OpenID Connect, just ratified earlier this year and backed by some big industry names, is emerging as the go to standard way to do exactly that. Connect allows you to easily and securely get an answer to the question: “What is the identity of the person currently using this browser or native app?” Unlike some of it’s predecessors, however, Connect has roots spanning the consumer, SaaS and enterprise space and is better suited to serve a diverse set of deployments. Come find out more about Connect in this talk from a seasoned veteran of the prestigious basement conference rooms at GlueCon.

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

Extend your legacy SOA/ESB infrastructure to Mobile & IoT This webinar recording provides a use-case driven discussion around appropriate use of existing middleware infrastructure as well as its shortcomings. It dives deep into how APIs can not only complement an ESB or SOA infrastructure but also fill existing gaps. Watch this webinar recording to learn about: - Strengths and weaknesses of your existing ESB/SOA infrastructure - Architecture strategy: extend and add value to legacy middleware with APIs - Integration / API use cases in Retail, Manufacturing and Telecom - The API360 approach to digital strategy

Api architectures for the modern enterprise

Api architectures for the modern enterprise

Api architectures for the modern enterprise

CA API Management

APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...

APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...

APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...

A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...

A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...

A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...

OAuth - Don’t Throw the Baby Out with the Bathwater

OAuth - Don’t Throw the Baby Out with the Bathwater

OAuth - Don’t Throw the Baby Out with the Bathwater

Apigee | Google Cloud

The enterprise has learned from the consumer API movement and recognized the value of creating developer communities to drive the adoption and productive use of APIs. Building an API community internally, however, requires a different approach from what has worked in the consumer space. Business objectives for APIs and measurements of success tend to be different for internal APIs. Security and access controls are not the same, of course, and back-end systems tend to be quite a lot more complex in the enterprise than they are in public-facing API situations. This webinar explores the challenges and best practices inherent in building an internal API community that serves an enterprise’s business and technological goals.

Powering Internal API Communities

Powering Internal API Communities

Powering Internal API Communities

This is a session given by Guillaume Laforge at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden. Description: Web APIs are and more often specified with API definition languages like Swagger (now named Open API Spec), as it can help you generate nice interactive documentation, server skeletons, and client SDKs, mocks, and more, making it simpler to get started both producing and consuming an API. In this session, Guillaume will demonstrate how to define a Web API with Swagger / Open API Spec, and scale it using Cloud Endpoints, on the Google Cloud Platform.

Scale a Swagger based Web API (Guillaume Laforge)

Scale a Swagger based Web API (Guillaume Laforge)

Scale a Swagger based Web API (Guillaume Laforge)

Moving beyond conventional single sign-on to seamless cross-device access with APIs People are carrying more devices every day – with the average being 2.9 per person. Meanwhile, multitasking has gone into overdrive, as users quickly move from laptop to phone to tablet, expecting a seamless experience when accessing their favorite apps. And this expectation is not just limited to leisure and personal use – it extends to business applications. Security has broken this seamless workflow and inhibited the mobile “stickiness” businesses are striving to achieve. This webinar with Scott Morrison and Leif Bildoy of CA Technologies will demonstrate how the right combination of identity functionality and secure APIs can help your organization to overcome these challenges and enable the multi-device universe. You Will Learn • What challenges must be overcome when supporting multiple mobile app types • How SSO is evolving past mobile app access to device access • Why the right implementation of identity and APIs will create consumer stickiness • How the Internet of Things (IoT) is creating new business opportunities

Enabling the Multi-Device Universe

Enabling the Multi-Device Universe

Enabling the Multi-Device Universe

CA API Management

Platform for Secure Digital Business

Platform for Secure Digital Business

Platform for Secure Digital Business

Mais procurados (20)

Launching a Successful and Secure API

Launching a Successful and Secure API

Launching a Successful and Secure API

APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile

Open APIs - Risks and Rewards (Øredev 2013)

Open APIs - Risks and Rewards (Øredev 2013)

Open APIs - Risks and Rewards (Øredev 2013)

Who Cares About APIs? (NordicAPIS April 2014)

Who Cares About APIs? (NordicAPIS April 2014)

Who Cares About APIs? (NordicAPIS April 2014)

The end of polling : why and how to transform a REST API into a Data Streamin...

The end of polling : why and how to transform a REST API into a Data Streamin...

The end of polling : why and how to transform a REST API into a Data Streamin...

Importance of APIs in the Internet of Things

Importance of APIs in the Internet of Things

Importance of APIs in the Internet of Things

The Business Value for Internal APIs in the Enterprise

The Business Value for Internal APIs in the Enterprise

The Business Value for Internal APIs in the Enterprise

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

Bigger, Better Business With OAuth

Bigger, Better Business With OAuth

Bigger, Better Business With OAuth

Enterprise API Adoption Patterns

Enterprise API Adoption Patterns

Enterprise API Adoption Patterns

API Security and OAuth for the Enterprise

API Security and OAuth for the Enterprise

API Security and OAuth for the Enterprise

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...

Api architectures for the modern enterprise

Api architectures for the modern enterprise

Api architectures for the modern enterprise

APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...

APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...

APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...

A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...

A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...

A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...

OAuth - Don’t Throw the Baby Out with the Bathwater

OAuth - Don’t Throw the Baby Out with the Bathwater

OAuth - Don’t Throw the Baby Out with the Bathwater

Powering Internal API Communities

Powering Internal API Communities

Powering Internal API Communities

Scale a Swagger based Web API (Guillaume Laforge)

Scale a Swagger based Web API (Guillaume Laforge)

Scale a Swagger based Web API (Guillaume Laforge)

Enabling the Multi-Device Universe

Enabling the Multi-Device Universe

Enabling the Multi-Device Universe

Platform for Secure Digital Business

Platform for Secure Digital Business

Platform for Secure Digital Business

Destaque

Authorization for Internet of Things using OAuth 2.0

Authorization for Internet of Things using OAuth 2.0

Authorization for Internet of Things using OAuth 2.0

Hannes Tschofenig

A bit of geography

A bit of geography

A bit of geography

Ania Pawłowska

Ко Дню работника культуры Росси подготовлена электронная выставка «Законодательство по вопросам культуры». Данный продукт предназначен для информирования работников культуры о законодательстве по вопросам культуры федерального и регионального значения.

Законодательство по вопросам культуры. Электронная выставка.

Законодательство по вопросам культуры. Электронная выставка.

Законодательство по вопросам культуры. Электронная выставка.

CAVALLS

revistapompeufabra

Cce2013.heg.ne.mh2.tekstverbanden

Cce2013.heg.ne.mh2.tekstverbanden

Cce2013.heg.ne.mh2.tekstverbanden

Export a Video With Your Own Logo

Diigo for research

Diigo for research

Diigo for research

ResearchSleuths

Tics de la educacion

Tics de la educacion

Tics de la educacion

criselizabeth30

Fundamentals of-copywriting

Fundamentals of-copywriting

Fundamentals of-copywriting

Laberinto Q igualdad

Laberinto Q igualdad

Laberinto Q igualdad

Catalina Rodríguez Pérez

NBTC: Getting Sales Incentive Compensation right

NBTC: Getting Sales Incentive Compensation right

NBTC: Getting Sales Incentive Compensation right

Blow The Self-Sealing Bubble agile2015

Blow The Self-Sealing Bubble agile2015

Blow The Self-Sealing Bubble agile2015

Kassimaal jaan alexander

Kassimaal jaan alexander

Kassimaal jaan alexander

Destaque (13)

Authorization for Internet of Things using OAuth 2.0

Authorization for Internet of Things using OAuth 2.0

Authorization for Internet of Things using OAuth 2.0

A bit of geography

A bit of geography

A bit of geography

Законодательство по вопросам культуры. Электронная выставка.

Законодательство по вопросам культуры. Электронная выставка.

Законодательство по вопросам культуры. Электронная выставка.

CAVALLS

Cce2013.heg.ne.mh2.tekstverbanden

Cce2013.heg.ne.mh2.tekstverbanden

Cce2013.heg.ne.mh2.tekstverbanden

Export a Video With Your Own Logo

Diigo for research

Diigo for research

Diigo for research

Tics de la educacion

Tics de la educacion

Tics de la educacion

Fundamentals of-copywriting

Fundamentals of-copywriting

Fundamentals of-copywriting

Laberinto Q igualdad

Laberinto Q igualdad

Laberinto Q igualdad

NBTC: Getting Sales Incentive Compensation right

NBTC: Getting Sales Incentive Compensation right

NBTC: Getting Sales Incentive Compensation right

Blow The Self-Sealing Bubble agile2015

Blow The Self-Sealing Bubble agile2015

Blow The Self-Sealing Bubble agile2015

Kassimaal jaan alexander

Kassimaal jaan alexander

Kassimaal jaan alexander

Semelhante a The “I” in API is for Identity (Nordic APIS April 2014)

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

John Bradley, Ping Identity, gave this presentation at the AllSeen Alliance's Partner Programme at Mobile World Congress 2015. About Ping Identity: Ping Identity provides next-generation identity security solutions. With more than 1,200 enterprise customers worldwide, including half of the Fortune 100, Ping Identity delivers professional-grade identity security solutions that meet the needs of organizations managing workforce, customer, and partner identities. Identity at Internet scale is a concept that will be required as the industry builds services that encompass billions of connected devices and identities.

Identity for IoT: An Authentication Framework for the IoT

Identity for IoT: An Authentication Framework for the IoT

Identity for IoT: An Authentication Framework for the IoT

AllSeen Alliance

Managing Identities in the World of APIs

Managing Identities in the World of APIs

Managing Identities in the World of APIs

Apigee | Google Cloud

OAuth 2.0 (RFC 6749/50) is a delegated authorization framework that makes requesting access for and authenticating as a client to an API as easy as getting a token and using a token. This session will explore the different OAuth flows in the spec as will as discuss extensions such as the JWT assertion flow and SAML bearer extension, and will also discuss security mitigations needed to use the protocol safely.

CIS 2015 Extreme OAuth - Paul Meyer

CIS 2015 Extreme OAuth - Paul Meyer

CIS 2015 Extreme OAuth - Paul Meyer

Want to configure SSO for your users or improve your utilization of Ping’s services and take advantage of the latest features that Ping Identity has available in our PingFederate and PingOne products? Come learn about improvements in how PingFederate and PingOne work together both in the initial setup phase and the configuration of SSO applications. Come and discover new provisioning capabilities including support for additional applications and an expanded use of SCIM. Additionally, find out about new API enablement functionality of PingOne that focuses on Employee SSO which can be used to automate the setting up of a customer’s connection to PingOne as well as a customer’s application configurations. And more.

CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe

CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe

CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe

Entreprises are deploying more applications to workers phones and tablets. These applications are currently all using separate authentications to establish user identity and authorization. This session will look at how the Native Application profile of OpenID Connect creates a local token broker on the device to centralize authentication for multiple enterprise and SaaS applications on a device. This can be used to increase security by enabling additional authentication factors and a enhanced view of device posture, as well as increasing usability, bu reducing the number of unnecessary authentications that interrupt the users work flow every day.

CIS 2015 Extreme OpenID Connect - John Bradley

CIS 2015 Extreme OpenID Connect - John Bradley

CIS 2015 Extreme OpenID Connect - John Bradley

Understanding the oAuth2 flows can be challenging. At some point we have probably interacted with one, most of us struggle with how they work, and often times they leaves us very confused. Whether you are on the frontend or backend, understanding oAuth2 can take your skills to the next level. Learn how to secure your APIs through the oAuth2 flows using express. We will dive into the different oAuth flows, the use of scopes, and validating Json Web Tokens (JWT). Each step along the way will be illustrated with code examples using express. Finally, we will touch on the challenges with integration testing and local development.

Securing APIs with oAuth2

Securing APIs with oAuth2

Securing APIs with oAuth2

Michae Blakeney

CIS14: PingOne IDaaS: What You Need to Know

CIS14: PingOne IDaaS: What You Need to Know

CIS14: PingOne IDaaS: What You Need to Know

PingOne IDaaS: What You Need to Know

PingOne IDaaS: What You Need to Know

PingOne IDaaS: What You Need to Know

John Bradley, Senior Technical Architect, Ping Identity OAuth 2.0 is the future of API Security, allowing software clients to request and use access tokens to access necessary APIs rather than caching and replaying usernames and passwords on every API fetch. John Bradley will explain the OAuth 2.0 protocol from top to bottom. Response types, authorization codes, front-channel vs. back-channel architecture decisions, security considerations and best practices will all be discussed. If you want to really understand OAuth, this session will dig deep.

CIS13: Introduction to OAuth 2.0

CIS13: Introduction to OAuth 2.0

CIS13: Introduction to OAuth 2.0

CIS 2015 Mobile SSO

CIS 2015 Mobile SSO

CIS 2015 Mobile SSO

Guests, contractors and employees are expected to connect wide variety of devices to your Wi-Fi, wired and VPN networks. Thankfully you can use Aruba ClearPass to define the right set of policies from a centralized system and extend them to many geographical locations. Join this session to discuss role based policies, device inventory management, mobile device onboarding, NAC for wired & wireless access and more To learn more, visit us at http://www.arubanetworks.com/wlan. Join the discussion at https://community.arubanetworks.com

Defining Advanced AAA Policies for Access Networks

Defining Advanced AAA Policies for Access Networks

Defining Advanced AAA Policies for Access Networks

Aruba, a Hewlett Packard Enterprise company

Advanced Access Management with Aruba ClearPass #AirheadsConf Italy

Advanced Access Management with Aruba ClearPass #AirheadsConf Italy

Advanced Access Management with Aruba ClearPass #AirheadsConf Italy

Aruba, a Hewlett Packard Enterprise company

Traditional security models no longer suffice in the new digital and API driven economy. APIs expose corporate data in very deliberate and thoughtful ways, but, as with any technology that involves enterprise data, security should always be a prime concern. How do you keep your customers' digital experiences as secure as your backend data and services? OAuth is an API authorization protocol that enables apps to access information on behalf of users without requiring them to divulge their usernames and passwords.

API Security with OAuth2.0.

API Security with OAuth2.0.

API Security with OAuth2.0.

Kellton Tech Solutions Ltd

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

API Gateway - OFM Canberra October 2014

API Gateway - OFM Canberra October 2014

API Gateway - OFM Canberra October 2014

Auth proxy pattern on Kubernetes

Auth proxy pattern on Kubernetes

Auth proxy pattern on Kubernetes

Michał Wcisło

Intro to OAuth2 and OpenID Connect

Intro to OAuth2 and OpenID Connect

Intro to OAuth2 and OpenID Connect

API security is always a major consideration, but most API developers feel like they are not equipped with the skills necessary to properly secure an API. In this presentation, we will talk about how some common API gateway security mechanisms can work effectively to secure a MuleSoft API. We will start with key concepts of API security such as zero trust, OAuth 2.0, and access control. Then, we will demonstrate a secure method to protect your APIs using OAuth 2.0 and token introspection to achieve access control on a MuleSoft API. The solution will demonstrate how to use the combination of MuleSoft security policies and a powerful identity provider in PingFederate by Ping Identity to achieve API security on MuleSoft APIs. No API security session is complete without discussing different methods of API security and lessons learned from working through the demo so we will close with discussing various options that can be used to achieve similar results for API security and what the benefits or downfalls are of each option.

Securing ap is oauth and fine grained access control

Securing ap is oauth and fine grained access control

Securing ap is oauth and fine grained access control

AaronLieberman5

Semelhante a The “I” in API is for Identity (Nordic APIS April 2014) (20)

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect

Identity for IoT: An Authentication Framework for the IoT

Identity for IoT: An Authentication Framework for the IoT

Identity for IoT: An Authentication Framework for the IoT

Managing Identities in the World of APIs

Managing Identities in the World of APIs

Managing Identities in the World of APIs

CIS 2015 Extreme OAuth - Paul Meyer

CIS 2015 Extreme OAuth - Paul Meyer

CIS 2015 Extreme OAuth - Paul Meyer

CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe

CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe

CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe

CIS 2015 Extreme OpenID Connect - John Bradley

CIS 2015 Extreme OpenID Connect - John Bradley

CIS 2015 Extreme OpenID Connect - John Bradley

Securing APIs with oAuth2

Securing APIs with oAuth2

Securing APIs with oAuth2

CIS14: PingOne IDaaS: What You Need to Know

CIS14: PingOne IDaaS: What You Need to Know

CIS14: PingOne IDaaS: What You Need to Know

PingOne IDaaS: What You Need to Know

PingOne IDaaS: What You Need to Know

PingOne IDaaS: What You Need to Know

CIS13: Introduction to OAuth 2.0

CIS13: Introduction to OAuth 2.0

CIS13: Introduction to OAuth 2.0

CIS 2015 Mobile SSO

CIS 2015 Mobile SSO

CIS 2015 Mobile SSO

Defining Advanced AAA Policies for Access Networks

Defining Advanced AAA Policies for Access Networks

Defining Advanced AAA Policies for Access Networks

Advanced Access Management with Aruba ClearPass #AirheadsConf Italy

Advanced Access Management with Aruba ClearPass #AirheadsConf Italy

Advanced Access Management with Aruba ClearPass #AirheadsConf Italy

API Security with OAuth2.0.

API Security with OAuth2.0.

API Security with OAuth2.0.

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

CIS 2015- SSO for Mobile and Web Apps- Ashish Jain

API Gateway - OFM Canberra October 2014

API Gateway - OFM Canberra October 2014

API Gateway - OFM Canberra October 2014

Auth proxy pattern on Kubernetes

Auth proxy pattern on Kubernetes

Auth proxy pattern on Kubernetes

Intro to OAuth2 and OpenID Connect

Intro to OAuth2 and OpenID Connect

Intro to OAuth2 and OpenID Connect

Securing ap is oauth and fine grained access control

Securing ap is oauth and fine grained access control

Securing ap is oauth and fine grained access control

Mais de Nordic APIs

A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned! This presentation will cover topics like: – How does it work? What does it mean to “train” a bot on your docs? – Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team? – The trade-offs around building your own vs. buying a 3rd party solution – Some decisions around the underlying tech – How to build a decent “conversational mode” so you can ask follow-up questions – How you evaluate the quality of a chatbot, and some surprises we ecountered along the way – What do you do when things go wrong? – Security considerations And much more! Actually, probably not that much more. That already sounds like a lot.

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13. Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind. A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.

The Art of API Design, by David Biesack at Apiture

The Art of API Design, by David Biesack at Apiture

The Art of API Design, by David Biesack at Apiture

A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13. Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13. Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools. Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss: 1. The platform team model - team topologies and key roles for developing internal API platforms 2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs 3. Applying a "platform as a product" mindset to measure and communicate platform success 4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13. Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach. Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies. Key topics include: - The current challenges in API governance and how federated management addresses these. - The principles and architecture of Federated API Management, distinguishing it from traditional models. - Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses. - Strategies for implementing Federated API Management, focusing on best practices for seamless integration. - The future outlook of API governance, anticipating emerging trends and technologies.

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13. Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13. Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.

API Discovery from Crawl to Run - Rob Dickinson, Graylog

API Discovery from Crawl to Run - Rob Dickinson, Graylog

API Discovery from Crawl to Run - Rob Dickinson, Graylog

A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13. Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.

Productizing and Monetizing APIs - Derric Gilling, Moseif

Productizing and Monetizing APIs - Derric Gilling, Moseif

Productizing and Monetizing APIs - Derric Gilling, Moseif

A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13. Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis. In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows: - Easily « boosting » any product feature with Generative AI - Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model - Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13. Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs. 1. Overview of Large Language Models (LLMs) APIs 2. Understanding LLM Vulnerabilities: - Prompt Injections - Sensitive Data Leakage - Inadequate Sandboxing - Insecure Plugin Design - Model Denial of Service - Unauthorized Code Execution - Input attacks - Poisoning attacks 3. Best practices to secure LLM APIs from data breaches I will explain all the above using real life examples.

Security of LLM APIs by Ankita Gupta, Akto.io

Security of LLM APIs by Ankita Gupta, Akto.io

Security of LLM APIs by Ankita Gupta, Akto.io

A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13. Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13. Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward? Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management? I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13. Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13. Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13. Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13. Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13. Session Description: GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13. Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13. Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

Mais de Nordic APIs (20)

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...

The Art of API Design, by David Biesack at Apiture

The Art of API Design, by David Biesack at Apiture

The Art of API Design, by David Biesack at Apiture

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL

API Discovery from Crawl to Run - Rob Dickinson, Graylog

API Discovery from Crawl to Run - Rob Dickinson, Graylog

API Discovery from Crawl to Run - Rob Dickinson, Graylog

Productizing and Monetizing APIs - Derric Gilling, Moseif

Productizing and Monetizing APIs - Derric Gilling, Moseif

Productizing and Monetizing APIs - Derric Gilling, Moseif

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios

Security of LLM APIs by Ankita Gupta, Akto.io

Security of LLM APIs by Ankita Gupta, Akto.io

Security of LLM APIs by Ankita Gupta, Akto.io

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Reigniting the API Description Wars with TypeSpec and the Next Generation of...

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

GenAI: Producing and Consuming APIs by Paul Dumas, Gartner

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...

Último

%in Midrand+277-882-255-28 abortion pills for sale in midrand

%in Midrand+277-882-255-28 abortion pills for sale in midrand

%in Midrand+277-882-255-28 abortion pills for sale in midrand

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Microsoft AI Transformation Partner Playbook.pdf

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

8257 interfacing 2 in microprocessor for btech students

8257 interfacing 2 in microprocessor for btech students

8257 interfacing 2 in microprocessor for btech students

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal. Attraction Spells

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

Craft an AI & Machine Learning Pitch with our Editable Professional PowerPoint Template. Ignite your AI & Machine Learning pitch with our cutting-edge PowerPoint template tailored for the industry. Perfect for AI conferences, investor presentations, sales pitches to tech-focused companies, training sessions, and educational programs. - 20+ editable slides: Get a variety of options to choose from for your presentation. - Time-saving solution: Download, replace text/images with a few clicks. - User-friendly customization: Easy to use and personalize. - Modern and attractive design: Captivating visuals, sleek layout. - Tailored to your requirements: Fully alterable for customization. - Well-organized slides: Complete control over content. - Thematic specificity: Reflects healthcare industry with relevant graphics. - Showcase your business idea: Communicate value proposition effectively.

AI & Machine Learning Presentation Template

AI & Machine Learning Presentation Template

AI & Machine Learning Presentation Template

Presentation.STUDIO

This presentation covers the following topics: What is logging? The purpose of logging: Debugging The purpose of logging: Security The purpose of logging: Stats & analytics Traditional logging Traditional logging: Advantages Traditional logging: Disadvantages The solution: Large-scale logging Large-scale logging: Core principles Large-scale logging: Solution types Large-scale logging: Cloud vs on-prem Large-scale logging: Operational complexity Large-scale logging: Security Large-scale logging: Costs Large-scale logging: On-prem comparison - Elasticsearch - Grafana Loki - VictoriaLogs On-prem comparison: Setup and operation On-prem comparison: Costs On-prem comparison: Full-text search support On-prem comparison: How to efficiently query 100TB of logs? On-prem comparison: Integration with CLI tools VictoriaLogs for large-scale logging VictoriaLogs demo instance - Ingestion rate: 3600 messages / minute - The number of log messages: 1.1 billion - Uncompressed log messages’ size: 1.5TB - Compressed log messages’ size: 23GB - Compression ratio: 47x - Memory usage: 150MB VictoriaLogs CLI integration demo - Which errors have occurred in all the apps during the last hour? - How many errors have occurred during the last hour? - Which apps generated the most of errors during the last hour? - The number of per-minute errors for the last 10 minutes - Status codes for the last hour - Non-200 status codes for the last week - Top client IPs for the last 4 weeks with 404 and 500 response status codes - Per-month stats for the given IP across all the logs Large-scale logging solution MUST provide excellent CLI integration VictoriaLogs: (temporary) drawbacks VictoriaLogs: Recap - Easy to setup and operate - The lowest RAM usage and disk space usage (up to 30x less than Elasticsearch and Grafana Loki) - Fast full-text search - Excellent integration with traditional command-line tools for log analysis - Accepts logs from popular log shippers (Filebeat, Fluentbit, Logstash, Vector, Promtail, Grafana Agent) - Open source and free to use!

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

VictoriaMetrics

Data spaces in distributed environments should be allowed to evolve in agile ways providing data space owners with large flexibility about which data they store. Agility and heterogeneity, however, jeopardize data exchanges because representations may build on varying ontologies and data consumers may not rely on the semantic correctness of their queries in the context of semantically heterogeneous, evolving data spaces. Graph data spaces are one example of a powerful model for representing and querying data whose semantics may change over time. To assert and enforce conditions on individual graph data spaces, shape languages (e.g SHACL) have been developed. We investigate the question of how querying and programming can be guarded by reasoning over SHACL constraints in a distributed setting and we sketch a picture of how a future landscape based on semantically heterogeneous data spaces might look like.

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Modeling languages are generally applied for developing systems and software – both internally, with domain-specific languages, and with standardized languages targeting a general purpose and a wide audience. Way too often these languages are weakly created and defined leading to poor quality: Language definitions tend to contain errors and inconsistencies; notations do not recognize the communication and problem-solving needs of humans; standardization organizations push exchange formats that do not fully work and offer certificates that do not measure mastery of the language. We describe common problems in language development and point them out with examples from known cases. To overcome these problems, we suggest several solutions to improve language development, including using modeling languages specifically designed to define modeling languages, continuous testing and prototyping, and keeping language users in the loop.

What Goes Wrong with Language Definitions and How to Improve the Situation

What Goes Wrong with Language Definitions and How to Improve the Situation

What Goes Wrong with Language Definitions and How to Improve the Situation

Juha-Pekka Tolvanen

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

In today's dynamic e-commerce landscape, the payment gateway emerges as a linchpin, ensuring smooth and secure transactions between buyers and sellers. In this discourse, we delve into the meticulous process of devising test cases tailored for scrutinizing payment gateways. Crafting precise test cases for payment gateways is a quintessential responsibility for testers operating within the service industry. This article meticulously explores pivotal scenarios integral to how to test payment gateways, coupled with essential guidelines for drafting effective test cases.

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

kalichargn70th171

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

The title is not connected to what is inside

The title is not connected to what is inside

The title is not connected to what is inside

shinachiaurasa2

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

Bert Jan Schrijver

WSO2CON2024 - It's time to go Platformless

WSO2CON2024 - It's time to go Platformless

WSO2CON2024 - It's time to go Platformless

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

Último (20)

%in Midrand+277-882-255-28 abortion pills for sale in midrand

%in Midrand+277-882-255-28 abortion pills for sale in midrand

%in Midrand+277-882-255-28 abortion pills for sale in midrand

Microsoft AI Transformation Partner Playbook.pdf

Microsoft AI Transformation Partner Playbook.pdf

Microsoft AI Transformation Partner Playbook.pdf

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...

8257 interfacing 2 in microprocessor for btech students

8257 interfacing 2 in microprocessor for btech students

8257 interfacing 2 in microprocessor for btech students

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...

AI & Machine Learning Presentation Template

AI & Machine Learning Presentation Template

AI & Machine Learning Presentation Template

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

What Goes Wrong with Language Definitions and How to Improve the Situation

What Goes Wrong with Language Definitions and How to Improve the Situation

What Goes Wrong with Language Definitions and How to Improve the Situation

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

%in Benoni+277-882-255-28 abortion pills for sale in Benoni

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...

The title is not connected to what is inside

The title is not connected to what is inside

The title is not connected to what is inside

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...

WSO2CON2024 - It's time to go Platformless

WSO2CON2024 - It's time to go Platformless

WSO2CON2024 - It's time to go Platformless

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

The “I” in API is for Identity (Nordic APIS April 2014)

1. pingidentity.com

2. THE “I” IN API IS FOR IDENTITY David Gorton Senior Program Manager Copyright © 2014 Ping Identity Corp. All rights reserved. 2

3. Identity is the Key • Identity unlocks access to resources – Web Resources – APIs • Identities are Everywhere and Expanding Copyright © 2014 Ping Identity Corp. All rights reserved. 3

4. Enterprise APIs Are The Same…but Different Copyright © 2014 Ping Identity Corp. All rights reserved. 4 Public APIS B2B APIS ü  Authen1ca1on ü  Authoriza1on ü  Audit

5. Re-Use Identities with Standards • Increase Adoption • Reduce Risk • Interoperability • Flexibility Copyright © 2014 Ping Identity Corp. All rights reserved. 5

6. Available API Identity Standards • OAuth 2 (Authorization) • SAML (Authentication) • OpenID Connect (Both) Copyright © 2014 Ping Identity Corp. All rights reserved. 6

7. OAuth 2 – Authorization Written for API clients to securely interact with APIs on behalf of users Copyright © 2014 Ping Identity Corp. All rights reserved. 7

8. OAuth 2 – Details • “Authorization Server” runs the show • Client Requests a Token with a Scope –  User Authenticates –  User Authorizes Client for a Scope • Access token returned that represents a scope for the authenticated user for use by the client Multiple flows (profiles) exist based on the trust between the client, server, and user. Copyright © 2014 Ping Identity Corp. All rights reserved. 8

9. OAuth In Action Copyright © 2014 Ping Identity Corp. All rights reserved. 9 API Client OAuth AuthZ API Resource Request Access Token with Creden1als Return Access Token Request Data From API Validate Access Token Return API Response Return Valida1on Response Request Client Scope Authoriza1on Grant Client Scope Authoriza1on

10. SAML – Federation Enable authentication & federation across domains & organizations Copyright © 2014 Ping Identity Corp. All rights reserved. 10

11. SAML - Details • Establish Trust Between Organizations • Signed and Encrypted Tokens Transfer Identity Copyright © 2014 Ping Identity Corp. All rights reserved. 11

12. SAML + OAuth • Authentication brokered by SAML • SAML Token Exchanged for OAuth Access Token • Access Token used to access APIs Copyright © 2014 Ping Identity Corp. All rights reserved. 12

13. SAML + OAuth In Action Copyright © 2014 Ping Identity Corp. All rights reserved. 13 OAuth Client OAuth AuthZ & Federa1on API Resource Request Access Token Redirect to OAuth Server with SAML Request Data From API Validate Access Token Return API Response Return Valida1on Response Iden1ty Provider Redirect to Iden1ty Provider Request to Start AuthN Flow Request Access Token with SAML Return Access Token

14. OpenID Connect – The New Kid on the Block Copyright © 2014 Ping Identity Corp. All rights reserved. 14 Connect

15. OpenID Connect • OIDC Token contains – Identity Token – OAuth Access Token • Trust Model for Federation • Lower Maintenance Copyright © 2014 Ping Identity Corp. All rights reserved. 15

16. OIDC In Action Copyright © 2014 Ping Identity Corp. All rights reserved. 16 Mobile OIDC Server API Resource Request OIDC Token Return OIDC Token Request Data From API Validate OIDC Token Return API Response Return Valida1on Response Iden1ty Provider Redirect to Iden1ty Provider Request to Start AuthN Flow Validate OIDC Token Return Valida1on Response

17. Architecting API Identity • Start with API & Client Copyright © 2014 Ping Identity Corp. All rights reserved. 17 • Add OAuth 2.0 • Add SAML • Or Use OpenID Connect

18. What is the best option? SAML + OAuth 2 + Broad Adop1on of SAML -‐ More complex -‐ Requires browser interac1on + Uses OAuth Access Tokens Copyright © 2014 Ping Identity Corp. All rights reserved. 18 OpenID Connect -‐ Limited Enterprise Adop1on + One Standard + Works with all clients + Uses OAuth Access Tokens

19. Ping Identity Solution Copyright © 2014 Ping Identity Corp. All rights reserved. 19 ü  OAuth 2 ü  SAML ü  OpenId Connect ü  Authoriza1on ü  Audi1ng

20. ? Copyright © 2014 Ping Identity Corp. All rights reserved. 20