API Security: Does My Business Need OAuth?
Upcoming SlideShare
Loading in...5
×
 

API Security: Does My Business Need OAuth?

on

  • 301 views

API development and usage is an increasingly crucial element of business growth. It's also extremely important to ensure that your APIs are secure. OAuth provides a comprehensive security mechanism to ...

API development and usage is an increasingly crucial element of business growth. It's also extremely important to ensure that your APIs are secure. OAuth provides a comprehensive security mechanism to secure your application data and allow for collaborative development and usage.

Statistics

Views

Total Views
301
Views on SlideShare
301
Embed Views
0

Actions

Likes
0
Downloads
8
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

API Security: Does My Business Need OAuth? API Security: Does My Business Need OAuth? Presentation Transcript

  • API Security Does My Business Need OAuth? Copyright © 2001-2012 SOA Software, Inc. All Rights Reserved. All content subject to confidentiality agreement between SOA Software and Customer.
  • A Look Ahead Two significant forces are changing the face of business:
  • The Effect of Cloud • Cloud has lowered the barrier for App developers and startups • The number of mobile devices now exceeds the number of PCs • The number of connected devices (Internet of Things) will exceed the number of mobile devices by 2020
  • Mobile Apps • Apple Store has over 775,000 apps • Google Play Store currently offers over 800,000 and is predicted to be the first store to reach the 1 million apps mark by June 2012 • BlackBerry 10 has 100,000 apps • Windows Phone Store has 130,000 apps • According to ABI Research, 56 billion apps will be downloaded in 2013
  • Why do I need an API? • Accelerate adoption through new channels/devices to reach: – Partners – App Developers – Employees (BYOD) • Extend/embed your brand • Create stickiness
  • Why do I need an API?
  • Platforms Support Innovation
  • Apps are Intermediaries
  • Platform Success • Speed of App Development – More Apps – More iteration – More collaboration • Speed of App Adoption – Simple Trust
  • Speedy App Development • Decouple your business processes from the App development process. • Do not bog things down with traditional security models – Imagine just the legal agreements – Storing user credentials is too daunting – both for App developers and App users
  • Speedy App Adoption • Businesses contain sensitive information and enable sensitive transactions • For high speed App adoption, Customers need to trust them
  • Platform Security • You need a way to remove the friction that security introduces into the equation • You need to allow Apps to participate in a secure relationship: – Opt in ‘Just in Time’ – Without storing credentials – With only the required permissions – With the ability to Opt out
  • The Result • App developers can build without friction • Businesses don’t need to limit their ecosystem Its up to the customer
  • An OAuth Example • A manufacturer, Trux, produces very advanced , highly automated equipment to trucking companies
  • An OAuth Example • Trux collects a great deal of confidential information about the semi and his/her loads – – – – – Personal data Equipment data Satellite tracking data Service, mechanical information Load types, delivery info
  • An OAuth Example • Trux would like to create an open platform for App development – Apps to be deployed on the semis – Apps to be sold to the trucking companies – Apps to be sold to the drivers
  • An OAuth Example • For example, an App developer wants to build an App called SafeTrucking that helps the driver determine the risk of a route based on his: – – – – Load Crime stats Equipment Route
  • An OAuth Example 1. Driver downloads the SafeTrucking App and opens it 2. Driver is directed to Trux, whom he trusts, to log in with their credentials 3. They are presented with a screen asking if the SafeTrucking App can retrieve the required data from Trux 4. If confirmed, Trux issues a token to SafeTrucking that they can use to retrieve the data securely 5. The driver can view the permissions granted, optout, or increase the permission scope
  • Do you need an OAuth Server? • Are you trying to create an open platform for App development? If so, you need one
  • SOA Software’s OAuth Server • Integration with most common enterprise identity systems including LDAP, AD, CA SiteMinder, Oracle Access Manager, IBM TAM, RSA ClearTrust and more • Comprehensive support for the OpenID, OAuth 1.0a and OAuth 2.0 specifications along with a wide array of other authentication and authorization specifications • Fully brandable • Built-in grant management • Integrated with our Developer Community and API Gateway for rapid deployment
  • Thanks… Alistair Farquharson, CTO, SOA Software ajf@soa.com www.soa.com @afarqu @SOASoftwareInc