0
An OAuth-protected API Platform for Private, Partner &
Public Use
By Travis Spencer, CEO!
@travisspencer / @2botech
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech 2
Agenda
▪ Business benefits of APIs!
▪ Associated security...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech 3
6 Benefits of APIs
Business Benefits
of Private APIs
mode...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
▪ Not beginning with a clean slate!
▪ Existing data & syste...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Neo-security Requirements
5
▪ Identity & content must be co...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Modernize Organization
6
▪ Core business capabilities are d...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Neo-security Requirements
7
▪ Based on open, international ...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Manage Supply Chain
8
▪ Optimization of value across organi...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Neo-security Requirements
9
▪ Access control!
▪ Account pro...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
OAuth
10
▪ OAuth 2 is the new protocol of protocols!
▪ Used...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
OAuth Actors
11
1. Resource Owner (RO)!
2. Client!
3. Autho...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Scopes
12
▪ Like permissions!
▪ Scopes specify extent of to...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Usage of OAuth
13
Not for authentication
Not really for aut...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Usage of OAuth
14
For delegated access
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Ident-
ities
APIs
Entitle-
ments
Requirements Demand More
1...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
OpenID Connect
16
▪ Next generation federation
protocol !
▪...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
OpenID Connect + OAuth Example
17
OpenID
Provider
RP / Clie...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
JSON Identity Suite
The Neo-security Stack
18
OpenID Connec...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
The Neo-security Platform
19
SCIM
JSON
Identity Suite
OpenI...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Summary
20
▪ APIs offer many benefits!
▪ Security will impe...
Copyright 2014 Twobo Technologies AB @travisspencer / @2botech
Questions & Thanks
21
@2botech!
@travisspencer!
www.twobo.c...
An OAuth protected platform (Nordic APIS April 2014)
Upcoming SlideShare
Loading in...5
×

An OAuth protected platform (Nordic APIS April 2014)

655

Published on

Published in: Software, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
655
On Slideshare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "An OAuth protected platform (Nordic APIS April 2014)"

  1. 1. An OAuth-protected API Platform for Private, Partner & Public Use By Travis Spencer, CEO! @travisspencer / @2botech
  2. 2. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech 2 Agenda ▪ Business benefits of APIs! ▪ Associated security challenges! ▪ Requirements to overcome these obstacles ▪ Platform security architecture ! ▪ Delivers business benefits ! ▪ Overcome challenges! ▪ Meets specifications
  3. 3. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech 3 6 Benefits of APIs Business Benefits of Private APIs modernize organization start api strategy manage supply chain time-to- market internal communica- tion business inteligence analytics ▪ Post by Mark Boyd on Nordic APIs blog! ▪ Same benefits afforded by partner & public APIs! ▪ j.mp/1dpGCX6
  4. 4. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech ▪ Not beginning with a clean slate! ▪ Existing data & systems must be made available in new ways! ▪ Reuse & extend existing infrastructure! ▪ Bridge old & new technologies Starting an API Strategy 4
  5. 5. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Neo-security Requirements 5 ▪ Identity & content must be converted! ▪ Legacy systems must be concealed & abstracted! ▪ Work with all modes of service delivery! ▪ Secure all channels
  6. 6. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Modernize Organization 6 ▪ Core business capabilities are distilled 
 into reusable modules! ▪ Composed together like Legos! ▪ Security will prevent or allow composability LocBlocsLegos
  7. 7. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Neo-security Requirements 7 ▪ Based on open, international standards! ▪ COTS products must be limited to specialized roles! ▪ Apps & Web sites must not perform authentication & authorization
  8. 8. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Manage Supply Chain 8 ▪ Optimization of value across organizational boundaries ! ▪ Massive distribution ! ▪ Automation! ▪ Lack of robust security is a showstopper ! ▪ Users demand seamless access across apps! ▪ API client & end user must be identified! ▪ Rights must be applied to users from other organizations
  9. 9. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Neo-security Requirements 9 ▪ Access control! ▪ Account provisioning! ▪ Web Single Sign-on (SSO) & federation! ▪ Delegated access (a la OAuth)
  10. 10. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech OAuth 10 ▪ OAuth 2 is the new protocol of protocols! ▪ Used as the base of other specifications! ▪ OpenID Connect, UMA, etc.! ▪ Addresses some important requirements! ▪ Delegated access! ▪ No password sharing! ▪ Revocation of access!
  11. 11. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech OAuth Actors 11 1. Resource Owner (RO)! 2. Client! 3. Authorization Server (AS)! 4. Resource Server (RS) (i.e., API) Getatoken Delegate RSClient AS RO Use a token
  12. 12. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Scopes 12 ▪ Like permissions! ▪ Scopes specify extent of tokens’ usefulness! ▪ Listed on consent UI (if shown)! ▪ No standardized scopes
  13. 13. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Usage of OAuth 13 Not for authentication Not really for authorization Not for federation
  14. 14. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Usage of OAuth 14 For delegated access
  15. 15. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Ident- ities APIs Entitle- ments Requirements Demand More 15 ▪ Today’s use cases require more than just delegation! ▪ OAuth is important but insufficient
  16. 16. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech OpenID Connect 16 ▪ Next generation federation protocol ! ▪ Based on OAuth 2! ▪ Made for mobile! ▪ Not backward compatible ▪ Client & API receive tokens! ▪ Endpoint provided for client to get user data
  17. 17. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech OpenID Connect + OAuth Example 17 OpenID Provider RP / Client Browser Access code Redeem access code Access token & ID token Check audience restriction of ID token Request login, providing “openid” scope & user info scopes Get user info using access token Access tokens
  18. 18. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech JSON Identity Suite The Neo-security Stack 18 OpenID Connect SCIM OAuth XACML Provisioning Identities Federation Delegated Access Authorization
  19. 19. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech The Neo-security Platform 19 SCIM JSON Identity Suite OpenID Connect OAuth XACML Entitlement
 Management System Identity Management System API
 Management System
  20. 20. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Summary 20 ▪ APIs offer many benefits! ▪ Security will impede or enable these! ▪ Technology exists to protect your API! ▪ OAuth is not enough! ▪ Need the entire Neo-security Stack! ▪ The Neo-security Platform protects data & delivers benefits
  21. 21. Copyright 2014 Twobo Technologies AB @travisspencer / @2botech Questions & Thanks 21 @2botech! @travisspencer! www.twobo.com ?
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×