apidays LIVE Helsinki & North 2022_Financial-Grade Security for APIs

•

0 j'aime•217 vues

apidays LIVE Helsinki & North: API Ecosystems - Connecting Physical and Digital March 16 & 17, 2022 Financial-Grade Security for APIs Michał Trojanowski, Product Marketing Engineer at Curity AB

Technologie

Financial-Grade Security for APIs
Michał Trojanowski
Product Marketing Engineer @ Curity
@mz_trojan

• Why “ﬁnancial-grade”?
• mTLS
•Sender-constrained access tokens
• PAR
•JARM
Agenda

Financial-grade APIs
Finance Medical Sensitive data

Financial-grade APIs
•PSD2
•UK Open Banking
•Open Banking Brazil
•etc.
•FAPI group speciﬁcations
•other proﬁles

2022 SERIES OF EVENT
New York
JULY
(HYBRID)
Australia
SEPTEMBER
(HYBRID)
Singapore
APRIL
(VIRTUAL)
Helsinki & North
MARCH
(VIRTUAL)
Paris
DECEMBER
(HYBRID)
London
OCTOBER
(HYBRID)
Hong Kong
AUGUST
(VIRTUAL)
JUNE (VIRTUAL)
India
MAY
(VIRTUAL)
APRIL (VIRTUAL)
Dubai & Middle East
JUNE
(VIRTUAL)
Check out our API Conferences here
Wa nt t o t a lk a t one of our conference?
Apply t o spea k here

Sender-constrained tokens
Bearer tokens
Sender-constrained tokens /
Proof-of-Possession tokens

Bearer tokens
Client 2
API
API
Gateway
Client 1

Proof-of-Possession tokens
Client 2
API
API
Gateway
Client 1
Client 3

Proof-of-Possession for JWTs
• Standard deﬁned in RFC 7800.
• Adds a “cnf” (conﬁrmation) claim to the token, which enables
the recipient to verify the caller.

PoP JWTs with “cnf” claim
Client
API
API
Gateway
Authorization
Server
public key
private key
+ proof of
{
“cnf”: {
“kid”: “1234”
}
}
+ proof of

Pushed Authorization Requests
•Standard deﬁned in RFC 9126.
•Provides means for conﬁdential and integrity-protected
authorization requests.

HTTP 400
Standard OAuth Authorization Requests
GET /authorize?client_id=abc&scopes=read%20write
HTTP 302
Location: /cb?code=123
Is that a legitimate client?
Are the parameters OK?
Can these end up in the browser logs?
Client Authorization
Server

Pushed Authorization Requests
POST /authorize/par
Authorization: Basic 0JjQlNCYOtCd0JDQpdCj0Jkh
client_id=abc&scopes=read%20write
request_id: 1234
GET /authorize?request_id=1234
Client Authorization
Server

Pushed Authorization Requests
• The client is authenticated before the authorization request.
• Authorization request parameters can’t be tampered with.
• Request parameters do not traverse through unsecure transport.
• URL limitations are no longer a concern.
• Ability to ease on redirect URI restrictions.

JWT Secured Authorization Response Mode
•Draft speciﬁcation from the OpenID Foundation.
•Protects against attacks on the authorization code response.

Standard Response
GET /authorize?client_id=abc&scopes=read%20write…
HTTP 302
Location: https://example.com/cb?code=abcdef&state=1234
Was it issued by the correct Authorization Server?
Does this code belong to this state?
Client Authorization
Server

$JWT Secured Response GET /authorize?client_id=abc&scopes=read%20write… HTTP 302 Location: https://example.com/cb?response=eyJhbGciOiJSUzN… decode & verify { iss: https://idsvr.example.com , code: “abcdef”, state: “12345”, … } Client Authorization Server$

JWT Secured Authorization Response Mode
• Supports all the usual response modes:
• query.jwt
• fragment.jwt
• form_post.jwt
• jwt

JWT Secured Authorization Response Mode
•The code response is integrity-protected.
•Response parameters strongly coupled (mitigates replay attacks).
•Protection from mix-up attacks (ability to verify iss claim).

Key Takeways
• Don’t discard “ﬁnancial-grade” topics only because you’re not
dealing with ﬁnance.
• Remember sender-constrained access tokens if stealing the token
is what troubles you.
• Give PAR and JARM a try if you’re concerned with some attack
vectors against authorization requests and responses.

Thank You!
curity.io
developer.curity.io
@curityio
info@curity.io

Contenu connexe

Similaire à apidays LIVE Helsinki & North 2022_Financial-Grade Security for APIs

OpenID for Verifiable Credentials @ IIW 36

Torsten Lodderstedt

OpenID for SSI

Torsten Lodderstedt

OpenID 4 Verifiable Credentials + HAIP (Update)

Torsten Lodderstedt

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs Businesses today are rapidly moving from being service enabled to being API enabled. Moving into the world of APIs brings together its own set of complexities and challenges that are tough to tackle. API security, performance, scalability, monitoring and notifications are key areas to be focusing your engineering efforts on. The WSO2 Carbon platform is a complete open source enterprise middleware platform which includes products catering to your various different enterprise needs. This talk will focus on leveraging the extensive feature set and extensible nature of the WSO2 platform to secure, monitor and monetize your APIs. It will also touch upon some of WSO2’s experiences with customers in building API ecosystems that suit modern day enterprises. Presenter: Nuwan Dias Technical Lead, WSO2

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs

WSO2

OAuth and OpenID Connect for PSD2 and Third-Party Access

Nordic APIs

However, the scaffolding is emerging for a historic disruption of our current financial infrastructure. DeFi, or decentralized finance, seeks to build and combine opensource financial building blocks into sophisticated products with minimized friction and maximized value to users utilizing blockchain technology. Given it costs no more to provide services to a customer with $100 or $100 million in assets, we believe that DeFi will replace all meaningful centralized financial infrastructure in the future. This is a technology of inclusion whereby anyone can pay the flat fee to use and benefit from the innovations of DeFi

Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...

VijayBhosale49

Microservices security - jpmc tech fest 2018

MOnCloud

Aplicando controles de segurança em API’s, por Erick Tedeschi

iMasters

Applying Security Controls on REST APIs

Erick Belluci Tedeschi

Session 3 - i4Trust components for Identity Management and Access Control i4T...

FIWARE

OAuth 2.0 (RFC 6749/50) is a delegated authorization framework that makes requesting access for and authenticating as a client to an API as easy as getting a token and using a token. This session will explore the different OAuth flows in the spec as will as discuss extensions such as the JWT assertion flow and SAML bearer extension, and will also discuss security mitigations needed to use the protocol safely.

CIS 2015 Extreme OAuth - Paul Meyer

CloudIDSummit

Novell Access Manager provides many different levels of authentication beyond a simple user name and password. In this session, you will learn about its more advanced methods of authentication—from emerging standard like OpenID and CardSpace to tokens and certificates. Attendees will also see a demonstration of FreeRADIUS and the Vasco Digipass with Novell eDirectory, the Vasco NMAS method and an Access Manager plug-in that provides SSO to Web applications that expect a static password.

Exploring Advanced Authentication Methods in Novell Access Manager

Novell

This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!

i4Trust IAM Components

FIWARE

Saxo Bank is on a growth journey and Kafka is a critical component to that success. Securing our financial event streams is a top priority for us and initially we started with an on-prem Kafka cluster secured with (the de-facto) Kerberos. However, as we modernize and scale, the demands of hybrid cloud, multiple domains, polyglot computing and Data Mesh require us to also modernize our approach to security. In this talk, we will describe how we took the default (non-production ready) Kafka OAuth implementation and productionized it to work with Kafka in Azure Cloud, including the Kafka stack and clients. By enabling both Kerberos and OAuth running on-prem and in the cloud, we now plan to gracefully retire Kerberos from our estate.

How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...

HostedbyConfluent

Dr. Omar Ali Alibrahim - Ssl talk

promediakw

Introduction to Self Sovereign Identity

Heather Vescent

OAuth is not an API or a service: it is an open standard for authorization and any developer can implement it. OAuth is a standard that applications can use to provide client applications with “secure delegated access”. OAuth works over HTTP and authorizes Devices, APIs, Servers and Applications with access tokens rather than credentials, which we will go over in depth below. OpenID Connect (OIDC) is built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the user and, as well as to obtain their basic profile information. This session covers how OAuth/OIDC works, when to use them, and frameworks/services that simplify authentication. Blog post: https://developer.okta.com/blog/2017/06/21/what-the-heck-is-oauth

What the Heck is OAuth and OpenID Connect? Connect.Tech 2017

Matt Raible

https://www.hackmiami.com/hmc5-speakers-day-2 OAuth is one of the most popular authorization frameworks in use today. All major platforms such as Google, Facebook, Box etc support it and you are probably thinking of implementi ng OAuth for your product/platform.We are not debating the popularity of the protocol or the limitations that come with it. We are here to help you implement it securely. When you use OAuth, there are three pieces - The Platform , the Application (using the platform) and the User (of the application). We will go over the common flaws we have seen in applications built on a OAuth platform which can lead to complete account takeover, how they can be a security engineer's nightmare, and how to fix them. We will go over security controls that the platform can put in place to help mitigate security vulnerabilities. We will also cover how bad design decisions, if chained with otherwise lower risk vulnerabilities can result in gaping holes in your OAuth implementation. You will leave this session with a deep understanding of how OAuth implementation should be secured both for a platform and in an application and things to test for during a security evaluation of OAuth implementations.

Oauth Nightmares Abstract OAuth Nightmares

Nino Ho

APIC/DataPower security

Shiu-Fun Poon

The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome. In this deck, we discuss: - The need for API/Microservices Security - The importance of delegating security enforcement to an API Gateway - API Authentication and Authorization methodologies - OAuth2 - The de-facto standard of API Authentication - Protection against cyber attacks and anomalies - Security aspects to consider when designing Single Page Applications (SPAs) Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/

API Security In Cloud Native Era

WSO2

Similaire à apidays LIVE Helsinki & North 2022_Financial-Grade Security for APIs (20)

OpenID for Verifiable Credentials @ IIW 36

OpenID for SSI

OpenID 4 Verifiable Credentials + HAIP (Update)

WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs

OAuth and OpenID Connect for PSD2 and Third-Party Access

Despite both sides having different benefits and tradeoffs, DeFi and CeFi are...

Microservices security - jpmc tech fest 2018

Aplicando controles de segurança em API’s, por Erick Tedeschi

Applying Security Controls on REST APIs

Session 3 - i4Trust components for Identity Management and Access Control i4T...

CIS 2015 Extreme OAuth - Paul Meyer

Exploring Advanced Authentication Methods in Novell Access Manager

i4Trust IAM Components

How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...

Dr. Omar Ali Alibrahim - Ssl talk

Introduction to Self Sovereign Identity

What the Heck is OAuth and OpenID Connect? Connect.Tech 2017

Oauth Nightmares Abstract OAuth Nightmares

APIC/DataPower security

API Security In Cloud Native Era

Plus de apidays

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

The secrets to Graph success, from inception to general availability Leah Hurwich Adler, Associate Director | Technical Strategist | Team Leader | Culture Builder | Skilled Communicator Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...

apidays

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

API Discovery - From Crawl to Run Rob Dickinson, VP of Engineering - Graylog Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...

apidays

Building with the Planet in Mind: Accelerating Green Software Delivery using SustainAgility Sandeep Joshi, Managing Director - Massivue Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...

apidays

Connecting Cross Border Commerce with Payments Gundeep Singh Malik, Product Head for Treasury Services & Payments, Singapore & ASEAN - JPMorgan Chase & Co. Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...

apidays

Privacy Enhancing Technologies for AI Mark Choo, Head, Federated Learning - AI Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...

apidays

Blending AI and IoT for Smarter Health Matthew Chua, Assistant Professor, Biomedical Informatives - National University of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...

apidays

OpenTelemetry for API Monitoring Danielle Kayumbi, Software Engineer - Capgemini Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...

apidays

Connecting Product and Engineering Teams with Testing API Tatiana Shepeleva, Staff QA Engineer - StashAway Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...

apidays

The Growing Carbon Footprint of Digitalization and How to Control it Faiz Mulla, Sustainability Software Technical Product Leader - IBM Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...

apidays

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

API Monitoring x SRE (Site Reliability Engineering) Ryan Ashneil, Software Engineer - Government Technology Agency of Singapore Eugene Wong, Senior DevOps Engineer - Government Technology Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...

apidays

A nuanced approach on AI costs and benefits for the environment Joanna Reijgersberg-Siew, Senior Director, Data & AI - Avanade Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...

apidays

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

How APIs drive business at BNP Paribas Quy-Doan Do, APAC Head of Data Services (Client Lines) and APAC Head of Digital Transformation and Innovation - BNP Paribas' Securities Services Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...

apidays

Plus de apidays (20)