Soumettre la recherche
Mettre en ligne
Unified Security for Mobile, APIs and the Web
•
Télécharger en tant que PPTX, PDF
•
0 j'aime
•
300 vues
Akana
Suivre
Affichage du diaporama
Signaler
Partager
Affichage du diaporama
Signaler
Partager
1 sur 15
Télécharger maintenant
Recommandé
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
CIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and Hacks
CloudIDSummit
The Inconvenient Truth About API Security
The Inconvenient Truth About API Security
Distil Networks
Deconstructing API Security
Deconstructing API Security
Akana
Security in mulesoft
Security in mulesoft
akshay yeluru
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
Paulo Eduardo Sibalde
Security components in mule esb
Security components in mule esb
himajareddys
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
CA API Management
Recommandé
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
CIS14: Protecting Your APIs from Threats and Hacks
CIS14: Protecting Your APIs from Threats and Hacks
CloudIDSummit
The Inconvenient Truth About API Security
The Inconvenient Truth About API Security
Distil Networks
Deconstructing API Security
Deconstructing API Security
Akana
Security in mulesoft
Security in mulesoft
akshay yeluru
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
Paulo Eduardo Sibalde
Security components in mule esb
Security components in mule esb
himajareddys
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration ...
CA API Management
12 palo alto app-id concept
12 palo alto app-id concept
Mostafa El Lathy
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
Apigee | Google Cloud
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile Apps
Apigee | Google Cloud
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
ClearPass Overview
ClearPass Overview
JoAnna Cheshire
Is live chat safe?
Is live chat safe?
Shubhangi Swami
Best Practices for API Security
Best Practices for API Security
MuleSoft
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to Know
CloudIDSummit
Are APIs and SOA Converging?
Are APIs and SOA Converging?
Akana
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
OracleIDM
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud Security
Will Tran
API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?
Akana
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
Akana
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
Managing Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
CIS14: PingAccess in Action
CIS14: PingAccess in Action
CloudIDSummit
Blog on Walmart and Action
Blog on Walmart and Action
Dick Manuel
Fulvia oddo il manoscritto di giotto 2009
Fulvia oddo il manoscritto di giotto 2009
Federico Renzi
Les salons
Les salons
Emeric Fauquembergue
Aménagement d'espace boutique baccarat-
Aménagement d'espace boutique baccarat-
Emeric Fauquembergue
Catalogue herome mars 2012
Catalogue herome mars 2012
heromemaroc
Contenu connexe
Tendances
12 palo alto app-id concept
12 palo alto app-id concept
Mostafa El Lathy
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
Apigee | Google Cloud
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile Apps
Apigee | Google Cloud
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
ClearPass Overview
ClearPass Overview
JoAnna Cheshire
Is live chat safe?
Is live chat safe?
Shubhangi Swami
Best Practices for API Security
Best Practices for API Security
MuleSoft
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to Know
CloudIDSummit
Are APIs and SOA Converging?
Are APIs and SOA Converging?
Akana
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
OracleIDM
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
CA Technologies
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud Security
Will Tran
API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?
Akana
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
Akana
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
Apigee | Google Cloud
Managing Identities in the World of APIs
Managing Identities in the World of APIs
Apigee | Google Cloud
CIS14: PingAccess in Action
CIS14: PingAccess in Action
CloudIDSummit
Tendances
(17)
12 palo alto app-id concept
12 palo alto app-id concept
Protecting APIs from Mobile Threats- Beyond Oauth
Protecting APIs from Mobile Threats- Beyond Oauth
DevOps & Apps - Building and Operating Successful Mobile Apps
DevOps & Apps - Building and Operating Successful Mobile Apps
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API Security
ClearPass Overview
ClearPass Overview
Is live chat safe?
Is live chat safe?
Best Practices for API Security
Best Practices for API Security
PingOne IDaaS: What You Need to Know
PingOne IDaaS: What You Need to Know
Are APIs and SOA Converging?
Are APIs and SOA Converging?
Con8817 api management - enable your infrastructure for secure mobile and c...
Con8817 api management - enable your infrastructure for secure mobile and c...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Securing Microservices with Spring Cloud Security
Securing Microservices with Spring Cloud Security
API Security: Does My Business Need OAuth?
API Security: Does My Business Need OAuth?
Confronting API Security in the Brave New Open Banking Era
Confronting API Security in the Brave New Open Banking Era
OAuth - Don’t Throw the Baby Out with the Bathwater
OAuth - Don’t Throw the Baby Out with the Bathwater
Managing Identities in the World of APIs
Managing Identities in the World of APIs
CIS14: PingAccess in Action
CIS14: PingAccess in Action
En vedette
Blog on Walmart and Action
Blog on Walmart and Action
Dick Manuel
Fulvia oddo il manoscritto di giotto 2009
Fulvia oddo il manoscritto di giotto 2009
Federico Renzi
Les salons
Les salons
Emeric Fauquembergue
Aménagement d'espace boutique baccarat-
Aménagement d'espace boutique baccarat-
Emeric Fauquembergue
Catalogue herome mars 2012
Catalogue herome mars 2012
heromemaroc
Are APIs and SOA Converging?
Are APIs and SOA Converging?
Akana
Conférence participative avec Patrick McNamara - 23 octobre 2013
Conférence participative avec Patrick McNamara - 23 octobre 2013
lmargherita
Padrins lectors
Padrins lectors
GTV Escola Garbí
Catalogue herôme 2014
Catalogue herôme 2014
heromemaroc
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Akana
En vedette
(10)
Blog on Walmart and Action
Blog on Walmart and Action
Fulvia oddo il manoscritto di giotto 2009
Fulvia oddo il manoscritto di giotto 2009
Les salons
Les salons
Aménagement d'espace boutique baccarat-
Aménagement d'espace boutique baccarat-
Catalogue herome mars 2012
Catalogue herome mars 2012
Are APIs and SOA Converging?
Are APIs and SOA Converging?
Conférence participative avec Patrick McNamara - 23 octobre 2013
Conférence participative avec Patrick McNamara - 23 octobre 2013
Padrins lectors
Padrins lectors
Catalogue herôme 2014
Catalogue herôme 2014
API Security: Securing Digital Channels and Mobile Apps Against Hacks
API Security: Securing Digital Channels and Mobile Apps Against Hacks
Similaire à Unified Security for Mobile, APIs and the Web
The Datacenter API
The Datacenter API
Akana
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
Akana
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
Akana
The Datacenter API
The Datacenter API
Akana
APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?
Akana
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
Akana
API and SOA: Two sides of the same coin
API and SOA: Two sides of the same coin
Sachin Agarwal
Safenet Authentication Service, SAS
Safenet Authentication Service, SAS
robbuddingh
Enterprise API Adoption Patterns
Enterprise API Adoption Patterns
Akana
Enterprise API Adoption Patterns
Enterprise API Adoption Patterns
Akana
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
CloudIDSummit
Securing ap is oauth and fine grained access control
Securing ap is oauth and fine grained access control
AaronLieberman5
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
CA API Management
D@W REST security
D@W REST security
Gaurav Sharma
CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CloudIDSummit
Secure Coding: SSL, SOAP, and REST
Secure Coding: SSL, SOAP, and REST
Salesforce Developers
Building A Business-Facing Mobile Developer Community
Building A Business-Facing Mobile Developer Community
ProgrammableWeb
XO _Hosted Security Product Overview__v.21 (1)
XO _Hosted Security Product Overview__v.21 (1)
Pasquale Tursi
MultiValue Gets SaaS-y
MultiValue Gets SaaS-y
Rocket Software
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
ForgeRock
Similaire à Unified Security for Mobile, APIs and the Web
(20)
The Datacenter API
The Datacenter API
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
The Datacenter API
The Datacenter API
APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
API and SOA: Two sides of the same coin
API and SOA: Two sides of the same coin
Safenet Authentication Service, SAS
Safenet Authentication Service, SAS
Enterprise API Adoption Patterns
Enterprise API Adoption Patterns
Enterprise API Adoption Patterns
Enterprise API Adoption Patterns
CIS13: Introduction to OAuth 2.0
CIS13: Introduction to OAuth 2.0
Securing ap is oauth and fine grained access control
Securing ap is oauth and fine grained access control
Mobile SSO: Give App Users a Break from Typing Passwords
Mobile SSO: Give App Users a Break from Typing Passwords
D@W REST security
D@W REST security
CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
CIS13: Mobile Single Sign-On: Extending SSO Out to the Client
Secure Coding: SSL, SOAP, and REST
Secure Coding: SSL, SOAP, and REST
Building A Business-Facing Mobile Developer Community
Building A Business-Facing Mobile Developer Community
XO _Hosted Security Product Overview__v.21 (1)
XO _Hosted Security Product Overview__v.21 (1)
MultiValue Gets SaaS-y
MultiValue Gets SaaS-y
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
Plus de Akana
The Latest in API Orchestration, Mediation, and Integration
The Latest in API Orchestration, Mediation, and Integration
Akana
Eat Your Microservices Elephant One Bite at a Time
Eat Your Microservices Elephant One Bite at a Time
Akana
API Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform Overview
Akana
API Economy - The Making of a Digital Business
API Economy - The Making of a Digital Business
Akana
Extracting Insights from your API Programs
Extracting Insights from your API Programs
Akana
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of Microservices
Akana
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
Akana
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and Akana
Akana
Digital Healthcare – Realizing Interoperability with APIs
Digital Healthcare – Realizing Interoperability with APIs
Akana
Driving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design Approach
Akana
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Akana
Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?
Akana
Microservices: Why Should Businesses Care?
Microservices: Why Should Businesses Care?
Akana
Using APIs
Using APIs
Akana
Turbo-Charge DataPower to Reach Your SOA Goals
Turbo-Charge DataPower to Reach Your SOA Goals
Akana
The Science of APIs in a Mobile World:Security, Control and Quality
The Science of APIs in a Mobile World:Security, Control and Quality
Akana
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
Akana
Realizing SOA and API Convergence for IBM DataPower Customers
Realizing SOA and API Convergence for IBM DataPower Customers
Akana
Rapid Mobile App to API Integration
Rapid Mobile App to API Integration
Akana
Powering Internal API Communities
Powering Internal API Communities
Akana
Plus de Akana
(20)
The Latest in API Orchestration, Mediation, and Integration
The Latest in API Orchestration, Mediation, and Integration
Eat Your Microservices Elephant One Bite at a Time
Eat Your Microservices Elephant One Bite at a Time
API Design Essentials - Akana Platform Overview
API Design Essentials - Akana Platform Overview
API Economy - The Making of a Digital Business
API Economy - The Making of a Digital Business
Extracting Insights from your API Programs
Extracting Insights from your API Programs
API Adoption Patterns in Banking & The Promise of Microservices
API Adoption Patterns in Banking & The Promise of Microservices
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
Realizing Hybrid Cloud: Using IBM Bluemix, APIs, and DataPower
Architecting Mobile Solutions Using Microsoft Azure and Akana
Architecting Mobile Solutions Using Microsoft Azure and Akana
Digital Healthcare – Realizing Interoperability with APIs
Digital Healthcare – Realizing Interoperability with APIs
Driving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design Approach
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Securing Your APIs against the Recent Vulnerabilities in SSLv2/SSLv3
Making Sense of Hypermedia APIs – Hype or Reality?
Making Sense of Hypermedia APIs – Hype or Reality?
Microservices: Why Should Businesses Care?
Microservices: Why Should Businesses Care?
Using APIs
Using APIs
Turbo-Charge DataPower to Reach Your SOA Goals
Turbo-Charge DataPower to Reach Your SOA Goals
The Science of APIs in a Mobile World:Security, Control and Quality
The Science of APIs in a Mobile World:Security, Control and Quality
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
The API Economy is Here: Facebook, Twitter, Netflix and Your IT Enterprise
Realizing SOA and API Convergence for IBM DataPower Customers
Realizing SOA and API Convergence for IBM DataPower Customers
Rapid Mobile App to API Integration
Rapid Mobile App to API Integration
Powering Internal API Communities
Powering Internal API Communities
Unified Security for Mobile, APIs and the Web
1.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Unified Security Mobile, Web and APIs
2.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. The Security Landscape • Authentication, Authorization, SSO • Licensing • Quota Management • Protection • Role of Policy Au/Az/SSO Licensing Quota Management Protection
3.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Authentication/Authorization/SSO • Confusing array of standards: – OAuth – SAML – OpenID – SCIM • A variety of App types – Desktop – Mobile – Web • Enterprise SSO and its set of legacy systems
4.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Use Cases • Enterprise support for public credentials – Tiered service • Providing APIs for Web applications • Enabling a new API digital channels using OAuth. Perhaps in conjunction with: – SAML – OpenID • Extending/modernizing Enterprise SSO via: – OpenID Connect – SAML
5.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Combining SAML and OAuth 1. Try to get OAuth Token 2. Redirect with SAML Authentication Request 3. Log the user in, create the SAML assertion and redirect again 4. Verify SAML token and issue OAuth token 5. App makes call to API 6. Gateway validates OAuth token and performs fine grained authorization
6.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Licensing • You may want to enable a business model based on different: – Operations or resources – Levels of service • The licenses control: – OAuth Authorization Scopes – Document visibility – Quota policies
7.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Licensing - Flow Validate OAuth Token Authorize API Call Determine License Licenses provides QoS policies
8.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Quota Management • You probably want different licenses with different levels of service • The levels of service are: – Throughput – Bandwidth consumed over time – Concurrency – Availability • Apps could either be cut-off or events generated when quotas are exceeded. Events can be used for overage billing
9.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Protection • Denial of Service • Injection Attacks • XSS • Viruses
10.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. The Role of Policy Lower cost and risk: • Separate functional and non- functional • Decouple changing standards from your implementation • Provide multiple options depending on the channel • Mediate
11.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. The Role of Policy • An API is exposed externally that has a security policy of: – OAuth with SAML2 • Internally, the security policy is: – WSS/SAML • The system can use these declarative policies to automatically convert the OAuth token inbound to the WSS/SAML token that is required by downstream services
12.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. SOA Software’s API Platform
13.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. API Platform • Measure the impact of your programsAnalytics • Build your developer and partner ecosystem Developer Engagement • Secure and protect your systemsGateway Services • Simplify and speed up development Service Integration • Build the right services & APIs the right way Lifecycle Management
14.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. In the Cloud or On-Premise
15.
Copyright © 2001-2013
SOA Software, Inc. All Rights Reserved. Thanks… Alistair Farquharson, CTO, SOA Software www.soa.com @afarqu @SOASoftwareInc
Télécharger maintenant