SlideShare une entreprise Scribd logo

OAuth: The Next Big Thing in Security

Télécharger en tant que PPTX, PDF
Apigee | Google Cloud
Apigee | Google Cloud
TechnologieBusiness
1  sur  83
OAuth: The Next Big Thing in Security groups.google.com/group/api-craft Sam Ramji @sramji Apigee sramji@apigee.com +1-510-913-6495
THE PLATFORM IMPERATIVE
Every market in history has had intermediaries
Business Intermediaries Customers
These intermediaries connect buyers and sellers by knowing what both want and creating convenient ways to transact
Apps are the new intermediaries.
Business Apps Customers
They occupy many niches already and continue to multiply
App Store Growth 2008-2011 600 12 500 10 Apps Available Thousands Total App Downloads 400 8 Billions 300 6 200 4 100 2 0 0 Data from Wikipedia
As do devices.
Mary Meeker Kleiner Perkins
Companies cannot build for all these niches as each one requires distinct expertise in design and development, and there are too many niches.
As Marc Andreessen observed recently
“ In short, software is eating the world. We are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy. Marc Andreessen
Evans, Hagiu, and Schmalensee explored this deeply in 2006
And Annabelle Gawer has formalized the solution
The platform business model.
PLATFORMS ARE OPEN
As we’ve learned from digital natives like
open platforms grow the fastest.
Visualization by Apigee
In the API era of competition, speed is crucial because critical mass leads rapidly to market dominance.
[Ecosystem Competition] Kishore S. Swaminathan, Chief Scientist, Accenture
Open platforms mean that apps can be built by developers quickly without formal commitment to joint research, joint development, and joint marketing.
Open platforms decouple partners from the platform provider’s business cycles.
This reduces the cost of innovation, enabling many more experiments to be made more quickly, increasing the chance of a major improvement to the platform business, its customers, and its intermediaries.
This is low-friction innovation.
OPEN DOES NOT MEAN SECURE
This takes us to the stakes required for a digital business in the API era.
For an intermediary to connect a buyer and seller, there must be trust.
The intermediary must be trustworthy, and the transaction must be trustworthy.
In modern businesses, buyers (users) have accounts with sellers (providers) which are filled with data as well as transaction privileges.
For the system to function well, buyers must be able to fire their intermediary without breaking their relationship with the seller.
With apps as the intermediary, new dynamics exist on top of the historical foundation.
Apps are new. They are often short-lived. Their business model depends on building a high volume of users. They must have some way to attain their first transaction and be proven or else improved.
And this way must align with the loose coupling philosophy at the heart of an open platform otherwise we’ve just secured our way back into old-fashioned closed businesses and killed our platform opportunity.
“ 20th Century IT was about raising barriers to entry for competitors. 21st Century IT is about lowering barriers to participation. James Governor Redmonk
So how do you build a trustworthy system in an open world?
It takes an open security architecture.
INTRODUCING OAUTH
It’s a free and open protocol built on licenses from the Open Web Foundation and it’s the right choice for securing open platforms.
The Valet Key Metaphor
Eran Hammer-Lahav compares the OAuth model to a valet key. This is an apt metaphor.
A Valet Key for Open Platforms
The heart of OAuth is an authorization token with limited rights which the user can revoke at any time should they become suspicious or dissatisfied with the app they’re using to access your business.
When the token is first granted the business shows the user what rights the app is asking for
and this negotiation is invisible to the app.
A perfect design for bootstrapping trust.
Just Enough Permission
An app should have just enough permission to do the things the user wants it to.
OAuth allows for granular access to the user’s account. The current alternative is all or none Give the app your username and password – which gives the app access to everything about you.
In OAuth, permissions can be gracefully upgraded as well. If the user tries to do something in an app and they haven’t authorized the corresponding permission, the business can give the users the option to add that permission, using the bootstrapping sequence used to grant the token in the first place.
Just Enough Responsibility
App developers are not security experts.
A developer’s job is to make software that does what it is supposed to do. A security expert’s job is to make sure software never does what it is not supposed to do.
App developers DO NOT WANT the responsibility of holding a user’s secret information. Usernames and passwords, Credit card and banking information, Lifetime history of everyone you’ve emailed These are heavy secrets and require heavy security.
The right place for these is within your own business, secured by your own experts and your own infrastructure investments.
Decoupling partners from these challenges keeps security consistent with the open platform potential for low-friction innovation.
THE OAUTH IMPERATIVE
The most popular intermediaries are connecting buyers with several complementary sellers at the same time
That increases their value to the buyer but also multiplies the difficulty and risk of security
If one app holds secrets for many businesses that app becomes the highest-risk part of the system.
As more businesses follow the platform imperative and add APIs
there is an imperative for the healthy growth of the market through the new intermediaries.
The imperative is to make it easy for developers to build great apps that can delight users and grow businesses.
The imperative is for businesses to standardize on OAuth.
“We have our own version of OAuth”
“We invented something that’s kind of like OAuth”
The imperative is to make it easy for developers to build great apps that can delight users and grow businesses.
The imperative is for businesses to standardize on OAuth.
No developers were harmed in the production of this presentation.
THANK YOU Questions and ideas to: @sramji sramji@apigee.com +1-510-913-6495 groups.google.com/group/api-craft

Recommandé

Amundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsAmundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsSam Ramji
 
Bigger, Better Business With OAuth
Bigger, Better Business With OAuthBigger, Better Business With OAuth
Bigger, Better Business With OAuthApigee | Google Cloud
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Progress in the API Economy - April 2014
Progress in the API Economy - April 2014Progress in the API Economy - April 2014
Progress in the API Economy - April 20143scale
 
6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your Business6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your BusinessFabernovel
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014CA API Management
 

Recommandé

Amundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsAmundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsSam Ramji
 
Bigger, Better Business With OAuth
Bigger, Better Business With OAuthBigger, Better Business With OAuth
Bigger, Better Business With OAuthApigee | Google Cloud
 
Enabling the Multi-Device Universe
Enabling the Multi-Device UniverseEnabling the Multi-Device Universe
Enabling the Multi-Device UniverseCA API Management
 
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...
Balancing Security & Developer Enablement in Enterprise Mobility - Jaime Ryan...CA API Management
 
Progress in the API Economy - April 2014
Progress in the API Economy - April 2014Progress in the API Economy - April 2014
Progress in the API Economy - April 20143scale
 
6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your Business6 Reasons Why APIs Are Reshaping Your Business
6 Reasons Why APIs Are Reshaping Your BusinessFabernovel
 
How to Choose the Right API Management Solution
How to Choose the Right API Management SolutionHow to Choose the Right API Management Solution
How to Choose the Right API Management SolutionCA API Management
 
APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014APIs: State of the Union - Ross Garrett @ AppsWorld 2014
APIs: State of the Union - Ross Garrett @ AppsWorld 2014CA API Management
 
The API Economy: API Provider Perspective / European Identity Summit 2012
The API Economy: API Provider Perspective / European Identity Summit 2012The API Economy: API Provider Perspective / European Identity Summit 2012
The API Economy: API Provider Perspective / European Identity Summit 20123scale
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
Api for dummies
Api for dummies Api for dummies
Api for dummies Patrick Bouillaud
 
APIs for biz dev 2.0 - Which business model?
APIs for biz dev 2.0 - Which business model?APIs for biz dev 2.0 - Which business model?
APIs for biz dev 2.0 - Which business model?3scale
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
APIs: the Glue of Cloud Computing
APIs: the Glue of Cloud ComputingAPIs: the Glue of Cloud Computing
APIs: the Glue of Cloud Computing3scale
 
Becoming the Uncarrier: T-Mobile's Digital Journey
Becoming the Uncarrier: T-Mobile's Digital JourneyBecoming the Uncarrier: T-Mobile's Digital Journey
Becoming the Uncarrier: T-Mobile's Digital JourneyApigee | Google Cloud
 
5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer AppsCA API Management
 
Using PaaS to run APIs and Microservices in Production
Using PaaS to run APIs and Microservices in ProductionUsing PaaS to run APIs and Microservices in Production
Using PaaS to run APIs and Microservices in ProductionApigee | Google Cloud
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
ProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research ReportProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research ReportProgrammableWeb
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practiceSanjay Roy
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)Apigee | Google Cloud
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
WSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API StrategyWSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API StrategyWSO2
 
Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love CA API Management
 
Amundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsAmundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsApigee | Google Cloud
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second EditionApigee | Google Cloud
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Functional Imperative
 

Contenu connexe

Tendances

The API Economy: API Provider Perspective / European Identity Summit 2012
The API Economy: API Provider Perspective / European Identity Summit 2012The API Economy: API Provider Perspective / European Identity Summit 2012
The API Economy: API Provider Perspective / European Identity Summit 20123scale
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterpriseCA API Management
 
APIs for biz dev 2.0 - Which business model?
APIs for biz dev 2.0 - Which business model?APIs for biz dev 2.0 - Which business model?
APIs for biz dev 2.0 - Which business model?3scale
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...CA API Management
 
APIs: the Glue of Cloud Computing
APIs: the Glue of Cloud ComputingAPIs: the Glue of Cloud Computing
APIs: the Glue of Cloud Computing3scale
 
Becoming the Uncarrier: T-Mobile's Digital Journey
Becoming the Uncarrier: T-Mobile's Digital JourneyBecoming the Uncarrier: T-Mobile's Digital Journey
Becoming the Uncarrier: T-Mobile's Digital JourneyApigee | Google Cloud
 
5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer AppsCA API Management
 
Using PaaS to run APIs and Microservices in Production
Using PaaS to run APIs and Microservices in ProductionUsing PaaS to run APIs and Microservices in Production
Using PaaS to run APIs and Microservices in ProductionApigee | Google Cloud
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...CA API Management
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
ProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research ReportProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research ReportProgrammableWeb
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...CA API Management
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practiceSanjay Roy
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIsCA API Management
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)Apigee | Google Cloud
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinCA API Management
 
WSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API StrategyWSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API StrategyWSO2
 
Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love CA API Management
 

Tendances (19)

The API Economy: API Provider Perspective / European Identity Summit 2012
The API Economy: API Provider Perspective / European Identity Summit 2012The API Economy: API Provider Perspective / European Identity Summit 2012
The API Economy: API Provider Perspective / European Identity Summit 2012
 
Api architectures for the modern enterprise
Api architectures for the modern enterpriseApi architectures for the modern enterprise
Api architectures for the modern enterprise
 
Api for dummies
Api for dummies Api for dummies
Api for dummies
 
APIs for biz dev 2.0 - Which business model?
APIs for biz dev 2.0 - Which business model?APIs for biz dev 2.0 - Which business model?
APIs for biz dev 2.0 - Which business model?
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
 
APIs: the Glue of Cloud Computing
APIs: the Glue of Cloud ComputingAPIs: the Glue of Cloud Computing
APIs: the Glue of Cloud Computing
 
Becoming the Uncarrier: T-Mobile's Digital Journey
Becoming the Uncarrier: T-Mobile's Digital JourneyBecoming the Uncarrier: T-Mobile's Digital Journey
Becoming the Uncarrier: T-Mobile's Digital Journey
 
5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps5 Steps for End-to-End Mobile Security with Consumer Apps
5 Steps for End-to-End Mobile Security with Consumer Apps
 
Using PaaS to run APIs and Microservices in Production
Using PaaS to run APIs and Microservices in ProductionUsing PaaS to run APIs and Microservices in Production
Using PaaS to run APIs and Microservices in Production
 
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
API360 – A How-To Guide for Enterprise APIs - Learn how to position your ente...
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy Presentation
 
ProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research ReportProgrammableWeb's eSignature API Research Report
ProgrammableWeb's eSignature API Research Report
 
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
Drones, Phones & Pwns the Promise & Dangers of IoT APIs: Use APIs to Securely...
 
Enterprise API deployment best practice
Enterprise API deployment best practiceEnterprise API deployment best practice
Enterprise API deployment best practice
 
Mastering Digital Channels with APIs
Mastering Digital Channels with APIsMastering Digital Channels with APIs
Mastering Digital Channels with APIs
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)
 
Adapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & WinAdapting to Digital Change: Use APIs to Delight Customers & Win
Adapting to Digital Change: Use APIs to Delight Customers & Win
 
WSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API StrategyWSO2Con EU 2015: Towards a Winning API Strategy
WSO2Con EU 2015: Towards a Winning API Strategy
 
Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love Be My API How to Implement an API Strategy Everyone will Love
Be My API How to Implement an API Strategy Everyone will Love
 

En vedette

Amundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsAmundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsApigee | Google Cloud
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Functional Imperative
 
Opensource Authentication and Authorization
Opensource Authentication and AuthorizationOpensource Authentication and Authorization
Opensource Authentication and AuthorizationConFoo
 
Introduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedIntroduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Justin Richer
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big PictureApigee | Google Cloud
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authenticationleahculver
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An IntroductionSteve Ivy
 

En vedette (12)

Amundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIsAmundsen's Dogs, Information Halos, and APIs
Amundsen's Dogs, Information Halos, and APIs
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second Edition
 
Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0Intro to API Security with Oauth 2.0
Intro to API Security with Oauth 2.0
 
Opensource Authentication and Authorization
Opensource Authentication and AuthorizationOpensource Authentication and Authorization
Opensource Authentication and Authorization
 
Introduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learnedIntroduction to OAuth 2.0 - the technology you need but never really learned
Introduction to OAuth 2.0 - the technology you need but never really learned
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 
Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2Mit 2014 introduction to open id connect and o-auth 2
Mit 2014 introduction to open id connect and o-auth 2
 
OAuth for your API - The Big Picture
OAuth for your API - The Big PictureOAuth for your API - The Big Picture
OAuth for your API - The Big Picture
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authentication
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
Openid & Oauth: An Introduction
Openid & Oauth: An IntroductionOpenid & Oauth: An Introduction
Openid & Oauth: An Introduction
 

Similaire à OAuth: The Next Big Thing in Security

Era of APIs: Why do we need an API Strategy
Era of APIs: Why do we need an API StrategyEra of APIs: Why do we need an API Strategy
Era of APIs: Why do we need an API StrategyBala Iyer
 
OAuth big picture
OAuth big pictureOAuth big picture
OAuth big pictureMin Li
 
Ibm white paper_harnessing_ap_is_and_platforms_0
Ibm white paper_harnessing_ap_is_and_platforms_0Ibm white paper_harnessing_ap_is_and_platforms_0
Ibm white paper_harnessing_ap_is_and_platforms_0Diego Alberto Tamayo
 
MetaCert pitch deck
MetaCert pitch deckMetaCert pitch deck
MetaCert pitch deckTech in Asia
 
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)Paul Walsh
 
Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast) Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast) Apigee | Google Cloud
 
How to Create a Successful E-Commerce App Like Amazon: A Step by Step Guide
How to Create a Successful E-Commerce App Like Amazon: A Step by Step GuideHow to Create a Successful E-Commerce App Like Amazon: A Step by Step Guide
How to Create a Successful E-Commerce App Like Amazon: A Step by Step GuideSparx IT Solutions Pvt Ltd
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - EbookWaveMaker, Inc.
 
Top Mobile App Trends Changing Technology and Evolution of Customer's Expecta...
Top Mobile App Trends Changing Technology and Evolution of Customer's Expecta...Top Mobile App Trends Changing Technology and Evolution of Customer's Expecta...
Top Mobile App Trends Changing Technology and Evolution of Customer's Expecta...Hepto Software Company
 
Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?Bala Iyer
 
Whitepaper: DEVELOPER ENGAGEMENT SOLUTION KEY TO SUCCESS OF YOUR PLATFORM - H...
Whitepaper: DEVELOPER ENGAGEMENT SOLUTION KEY TO SUCCESS OF YOUR PLATFORM - H...Whitepaper: DEVELOPER ENGAGEMENT SOLUTION KEY TO SUCCESS OF YOUR PLATFORM - H...
Whitepaper: DEVELOPER ENGAGEMENT SOLUTION KEY TO SUCCESS OF YOUR PLATFORM - H...Happiest Minds Technologies
 
Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28floridawusergroup
 
Lead User Innovation at Salesforce.com
Lead User Innovation at Salesforce.comLead User Innovation at Salesforce.com
Lead User Innovation at Salesforce.comGarrett Dodge
 
How to Win in the New API Economy
How to Win in the New API EconomyHow to Win in the New API Economy
How to Win in the New API EconomySachi Sawamura
 
APIs and Beyond - Open Distribution Platforms
APIs and Beyond - Open Distribution PlatformsAPIs and Beyond - Open Distribution Platforms
APIs and Beyond - Open Distribution PlatformsMartin Tantow
 
Building Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of CollaborationBuilding Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of CollaborationWSO2
 
10 Innovation areas that are Reshaping app development
10 Innovation areas that are Reshaping app development10 Innovation areas that are Reshaping app development
10 Innovation areas that are Reshaping app developmentDynamics Square
 
Salesforce.com Partner Meetup - New York -10/18/12
Salesforce.com Partner Meetup - New York -10/18/12 Salesforce.com Partner Meetup - New York -10/18/12
Salesforce.com Partner Meetup - New York -10/18/12 Salesforce Partners
 

Similaire à OAuth: The Next Big Thing in Security (20)

3Scale
3Scale3Scale
3Scale
 
Era of APIs: Why do we need an API Strategy
Era of APIs: Why do we need an API StrategyEra of APIs: Why do we need an API Strategy
Era of APIs: Why do we need an API Strategy
 
OAuth big picture
OAuth big pictureOAuth big picture
OAuth big picture
 
Ibm white paper_harnessing_ap_is_and_platforms_0
Ibm white paper_harnessing_ap_is_and_platforms_0Ibm white paper_harnessing_ap_is_and_platforms_0
Ibm white paper_harnessing_ap_is_and_platforms_0
 
Oauth ebook-2012-02
Oauth ebook-2012-02Oauth ebook-2012-02
Oauth ebook-2012-02
 
MetaCert pitch deck
MetaCert pitch deckMetaCert pitch deck
MetaCert pitch deck
 
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
MetaCert Investor Pitch Deck That Secured $1.2M in Seed Capital (Unedited)
 
Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast) Telco Innovation with APIs - Need for speed (Webcast)
Telco Innovation with APIs - Need for speed (Webcast)
 
How to Create a Successful E-Commerce App Like Amazon: A Step by Step Guide
How to Create a Successful E-Commerce App Like Amazon: A Step by Step GuideHow to Create a Successful E-Commerce App Like Amazon: A Step by Step Guide
How to Create a Successful E-Commerce App Like Amazon: A Step by Step Guide
 
Low Code Platforms - Ebook
Low Code Platforms - EbookLow Code Platforms - Ebook
Low Code Platforms - Ebook
 
Top Mobile App Trends Changing Technology and Evolution of Customer's Expecta...
Top Mobile App Trends Changing Technology and Evolution of Customer's Expecta...Top Mobile App Trends Changing Technology and Evolution of Customer's Expecta...
Top Mobile App Trends Changing Technology and Evolution of Customer's Expecta...
 
Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?Era of APIs: Why do we need an API strategy?
Era of APIs: Why do we need an API strategy?
 
Whitepaper: DEVELOPER ENGAGEMENT SOLUTION KEY TO SUCCESS OF YOUR PLATFORM - H...
Whitepaper: DEVELOPER ENGAGEMENT SOLUTION KEY TO SUCCESS OF YOUR PLATFORM - H...Whitepaper: DEVELOPER ENGAGEMENT SOLUTION KEY TO SUCCESS OF YOUR PLATFORM - H...
Whitepaper: DEVELOPER ENGAGEMENT SOLUTION KEY TO SUCCESS OF YOUR PLATFORM - H...
 
Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28
 
Lead User Innovation at Salesforce.com
Lead User Innovation at Salesforce.comLead User Innovation at Salesforce.com
Lead User Innovation at Salesforce.com
 
How to Win in the New API Economy
How to Win in the New API EconomyHow to Win in the New API Economy
How to Win in the New API Economy
 
APIs and Beyond - Open Distribution Platforms
APIs and Beyond - Open Distribution PlatformsAPIs and Beyond - Open Distribution Platforms
APIs and Beyond - Open Distribution Platforms
 
Building Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of CollaborationBuilding Sustainable Ecosystems: The Economics of Collaboration
Building Sustainable Ecosystems: The Economics of Collaboration
 
10 Innovation areas that are Reshaping app development
10 Innovation areas that are Reshaping app development10 Innovation areas that are Reshaping app development
10 Innovation areas that are Reshaping app development
 
Salesforce.com Partner Meetup - New York -10/18/12
Salesforce.com Partner Meetup - New York -10/18/12 Salesforce.com Partner Meetup - New York -10/18/12
Salesforce.com Partner Meetup - New York -10/18/12
 

Plus de Apigee | Google Cloud

Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Apigee | Google Cloud
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldApigee | Google Cloud
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Apigee | Google Cloud
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketApigee | Google Cloud
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsApigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorApigee | Google Cloud
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailApigee | Google Cloud
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranApigee | Google Cloud
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!Apigee | Google Cloud
 

Plus de Apigee | Google Cloud (20)

How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
 

Dernier

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Dernier (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

OAuth: The Next Big Thing in Security

  • 1. OAuth: The Next Big Thing in Security groups.google.com/group/api-craft Sam Ramji @sramji Apigee sramji@apigee.com +1-510-913-6495
  • 3. Every market in history has had intermediaries
  • 4. Business Intermediaries Customers
  • 5. These intermediaries connect buyers and sellers by knowing what both want and creating convenient ways to transact
  • 6. Apps are the new intermediaries.
  • 7. Business Apps Customers
  • 8. They occupy many niches already and continue to multiply
  • 9. App Store Growth 2008-2011 600 12 500 10 Apps Available Thousands Total App Downloads 400 8 Billions 300 6 200 4 100 2 0 0 Data from Wikipedia
  • 12. Companies cannot build for all these niches as each one requires distinct expertise in design and development, and there are too many niches.
  • 13. As Marc Andreessen observed recently
  • 14. In short, software is eating the world. We are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy. Marc Andreessen
  • 15. Evans, Hagiu, and Schmalensee explored this deeply in 2006
  • 16.
  • 17. And Annabelle Gawer has formalized the solution
  • 18.
  • 21. As we’ve learned from digital natives like
  • 22.
  • 23. open platforms grow the fastest.
  • 25. In the API era of competition, speed is crucial because critical mass leads rapidly to market dominance.
  • 26. [Ecosystem Competition] Kishore S. Swaminathan, Chief Scientist, Accenture
  • 27. Open platforms mean that apps can be built by developers quickly without formal commitment to joint research, joint development, and joint marketing.
  • 28. Open platforms decouple partners from the platform provider’s business cycles.
  • 29. This reduces the cost of innovation, enabling many more experiments to be made more quickly, increasing the chance of a major improvement to the platform business, its customers, and its intermediaries.
  • 30. This is low-friction innovation.
  • 32. This takes us to the stakes required for a digital business in the API era.
  • 33. For an intermediary to connect a buyer and seller, there must be trust.
  • 34. The intermediary must be trustworthy, and the transaction must be trustworthy.
  • 35. In modern businesses, buyers (users) have accounts with sellers (providers) which are filled with data as well as transaction privileges.
  • 36. For the system to function well, buyers must be able to fire their intermediary without breaking their relationship with the seller.
  • 37. With apps as the intermediary, new dynamics exist on top of the historical foundation.
  • 38. Apps are new. They are often short-lived. Their business model depends on building a high volume of users. They must have some way to attain their first transaction and be proven or else improved.
  • 39. And this way must align with the loose coupling philosophy at the heart of an open platform otherwise we’ve just secured our way back into old-fashioned closed businesses and killed our platform opportunity.
  • 40. 20th Century IT was about raising barriers to entry for competitors. 21st Century IT is about lowering barriers to participation. James Governor Redmonk
  • 41. So how do you build a trustworthy system in an open world?
  • 42. It takes an open security architecture.
  • 44.
  • 45. It’s a free and open protocol built on licenses from the Open Web Foundation and it’s the right choice for securing open platforms.
  • 46. The Valet Key Metaphor
  • 47. Eran Hammer-Lahav compares the OAuth model to a valet key. This is an apt metaphor.
  • 48.
  • 49.
  • 50.
  • 51. A Valet Key for Open Platforms
  • 52. The heart of OAuth is an authorization token with limited rights which the user can revoke at any time should they become suspicious or dissatisfied with the app they’re using to access your business.
  • 53. When the token is first granted the business shows the user what rights the app is asking for
  • 54.
  • 55. and this negotiation is invisible to the app.
  • 56. A perfect design for bootstrapping trust.
  • 58. An app should have just enough permission to do the things the user wants it to.
  • 59.
  • 60. OAuth allows for granular access to the user’s account. The current alternative is all or none Give the app your username and password – which gives the app access to everything about you.
  • 61. In OAuth, permissions can be gracefully upgraded as well. If the user tries to do something in an app and they haven’t authorized the corresponding permission, the business can give the users the option to add that permission, using the bootstrapping sequence used to grant the token in the first place.
  • 63. App developers are not security experts.
  • 64. A developer’s job is to make software that does what it is supposed to do. A security expert’s job is to make sure software never does what it is not supposed to do.
  • 65. App developers DO NOT WANT the responsibility of holding a user’s secret information. Usernames and passwords, Credit card and banking information, Lifetime history of everyone you’ve emailed These are heavy secrets and require heavy security.
  • 66. The right place for these is within your own business, secured by your own experts and your own infrastructure investments.
  • 67. Decoupling partners from these challenges keeps security consistent with the open platform potential for low-friction innovation.
  • 69. The most popular intermediaries are connecting buyers with several complementary sellers at the same time
  • 70.
  • 71.
  • 72. That increases their value to the buyer but also multiplies the difficulty and risk of security
  • 73. If one app holds secrets for many businesses that app becomes the highest-risk part of the system.
  • 74. As more businesses follow the platform imperative and add APIs
  • 75. there is an imperative for the healthy growth of the market through the new intermediaries.
  • 76. The imperative is to make it easy for developers to build great apps that can delight users and grow businesses.
  • 77. The imperative is for businesses to standardize on OAuth.
  • 78. “We have our own version of OAuth”
  • 79. “We invented something that’s kind of like OAuth”
  • 80. The imperative is to make it easy for developers to build great apps that can delight users and grow businesses.
  • 81. The imperative is for businesses to standardize on OAuth.
  • 82. No developers were harmed in the production of this presentation.
  • 83. THANK YOU Questions and ideas to: @sramji sramji@apigee.com +1-510-913-6495 groups.google.com/group/api-craft

Notes de l'éditeur

  1. Invisible Engines
  2. http://www.istockphoto.com/stock-photo-15802228-young-man-in-hoodie-smiling.php?st=6167408