Control access to your APIs, and you can charge for them. Large companies see API access management system at scale as a competitive advantage and a way to lock in customers. Think about Google docs: it only works if both parties have an account at Google.
Sxsw 2015 how api access control = monetization + freedom
1. Control access to your APIs, and you can charge for them. Large companies see web
access management system at scale as a competitive advantage and a way to lock in
customers. Think about Google docs: it only works if both parties have an account at
Google.
2. But the greatness of the Internet was not achieved by the offering of one domain. If
each device and cloud service has proprietary security controls, people will have no way
to effectively manage their personal digital infrastructure. Luckily, standards have
emerged thanks to a simple but flexible JSON/REST framework called OAuth2, and the
“OpenID Connect” and “User Managed Access” profiles of it.
This talk will provide a history of access management and a deep dive into the
concepts, patterns, and tools to enable mobile and API developers to put new OAuth2
standards to use today. It will provide specific examples and workflows to bring
OAuth2 to life to help organizations understand how they can hook into the API
economy.
Questions
Not a specific solution to any one problem, OAuth2 provides a framework that
application developers can use to solve a number of security challenges. Two important
profiles of OAuth2 have emerged to solve the most basic security challenges–how to
identify a person, and how to manage to which API’s a person should have access.
Where do profiles of OAuth2, like OpenID Connect, and the User Managed ldap single
sign on, and what existing open source tools exist to put them to work?
3. How can standards for API security enable inter-operability, and level the playing field
for start-ups.
Centralization of all fine grain security policies is impossible. What types of policies
should be evaluated at the organizational level, and which policies should be
evaluated in an API?
What crypto keys need to be maintained for trust between the organization and
applications?
Who is behind OpenID Connect and UMA, and why will they get adoption in the
market?
Article resource:-http://www.blogster.com/thegluuserver/sxsw-2015-how-api-access-
control-monetization-freedom