Building on the Ashes of Past StandardsSecuring API Data ModelsJonathan LeBlancHead of Developer Evangelism (North America...
The Ultimate DecisionSecurity Usability
The Insecure, Unmanageable Start
Very Secure, Long to Implement
Two Currently Widely Used Specs
Fetching a CodePrepare the Redirect URIAuthorization Endpointclient_id response_type (code)scope redirect_urinonce stateBr...
Fetching the Access TokenFetch the Access TokenAccess Token Endpointclient_id code (query string)client_secret grant_typeH...
A few implementation differencesEndpointsScopes (dynamic / static)Using the Access Token in a request
How it’s Normally UsedAccess user detailsPush data throughuser social streams
But why?Access token as acontrol structureImprove ExistingProductsOur showcase:Seamless Checkout
A Few Code LinksOAuth2 & OpenID Connect Sampleshttps://github.com/jcleblanc/oauthhttps://github.com/paypal/paypal-accessLo...
http://bit.ly/securing_apisThank You! Questions?Jonathan LeBlancHead of Developer Evangelism (North America)Github: http:/...
Securing API data models
Securing API data models
Securing API data models
Securing API data models
Upcoming SlideShare
Loading in...5
×

Securing API data models

1,001

Published on

Security and Usability, two methodologies that have fought each other since the there was a login. As we have have progressed from a simple thought that even though something is painful developers will use it if it's secure, to an enlightened stage of good security and usability balance and judgement, we have seen the death of many specs and standards. Two open standards are leading the charge for this new auth age: OAuth 2 and OpenID Connect. In this talk we will explore the principles and standards behind API auth security, which will include: Using OAuth 2 and OpenID Connect as the entry point for secure API data auth - How those implementations have cannibalized previous standards to create something both secure and usable - How to practically use these standards.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,001
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
23
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • This is where REST and OAuth 2 come in
  • Securing API data models

    1. 1. Building on the Ashes of Past StandardsSecuring API Data ModelsJonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc
    2. 2. The Ultimate DecisionSecurity Usability
    3. 3. The Insecure, Unmanageable Start
    4. 4. Very Secure, Long to Implement
    5. 5. Two Currently Widely Used Specs
    6. 6. Fetching a CodePrepare the Redirect URIAuthorization Endpointclient_id response_type (code)scope redirect_urinonce stateBrowser RedirectRedirect URI
    7. 7. Fetching the Access TokenFetch the Access TokenAccess Token Endpointclient_id code (query string)client_secret grant_typeHTTP POSTAccess Token Endpoint
    8. 8. A few implementation differencesEndpointsScopes (dynamic / static)Using the Access Token in a request
    9. 9. How it’s Normally UsedAccess user detailsPush data throughuser social streams
    10. 10. But why?Access token as acontrol structureImprove ExistingProductsOur showcase:Seamless Checkout
    11. 11. A Few Code LinksOAuth2 & OpenID Connect Sampleshttps://github.com/jcleblanc/oauthhttps://github.com/paypal/paypal-accessLog in with PayPalhttp://bit.ly/loginwithpaypal
    12. 12. http://bit.ly/securing_apisThank You! Questions?Jonathan LeBlancHead of Developer Evangelism (North America)Github: http://github.com/jcleblancSlides: http://slideshare.net/jcleblancTwitter: @jcleblanc
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×