API Security
Does My Business
Need OAuth?

Copyright © 2001-2012 SOA Software, Inc. All Rights Reserved. All content subje...
A Look Ahead
Two significant forces are changing the face of
business:
The Effect of Cloud
• Cloud has lowered the barrier for App
developers and startups
• The number of mobile devices now exc...
Mobile Apps
• Apple Store has over 775,000
apps
• Google Play Store currently
offers over 800,000 and is
predicted to be t...
Why do I need an API?
• Accelerate adoption
through new
channels/devices to
reach:
– Partners
– App Developers
– Employees...
Why do I need an API?
Platforms Support Innovation
Apps are Intermediaries
Platform Success
• Speed of App Development
– More Apps
– More iteration
– More collaboration

• Speed of App Adoption
– S...
Speedy App Development
• Decouple your business processes from the
App development process.
• Do not bog things down with ...
Speedy App Adoption
• Businesses contain sensitive information
and enable sensitive transactions
• For high speed App adop...
Platform Security
• You need a way to remove the friction that
security introduces into the equation
• You need to allow A...
The Result
• App developers can build without friction
• Businesses don’t need to limit their
ecosystem

Its up to the cus...
An OAuth Example
• A manufacturer, Trux, produces very advanced ,
highly automated equipment to trucking
companies
An OAuth Example
• Trux collects a great deal of confidential
information about the semi and his/her loads
–
–
–
–
–

Pers...
An OAuth Example
• Trux would like to create an open platform for App
development
– Apps to be deployed on the semis
– App...
An OAuth Example
• For example, an App developer wants to build an
App called SafeTrucking that helps the driver
determine...
An OAuth Example
1. Driver downloads the SafeTrucking App and
opens it
2. Driver is directed to Trux, whom he trusts, to l...
Do you need an OAuth Server?
• Are you trying to create an open platform for App
development?
If so, you need one
SOA Software’s OAuth Server
• Integration with most common enterprise identity systems
including LDAP, AD, CA SiteMinder, ...
Thanks…
Alistair Farquharson, CTO, SOA Software
ajf@soa.com
www.soa.com
@afarqu
@SOASoftwareInc
Upcoming SlideShare
Loading in …5
×

API Security: Does My Business Need OAuth?

835 views

Published on

API development and usage is an increasingly crucial element of business growth. It's also extremely important to ensure that your APIs are secure. OAuth provides a comprehensive security mechanism to secure your application data and allow for collaborative development and usage.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
835
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

API Security: Does My Business Need OAuth?

  1. 1. API Security Does My Business Need OAuth? Copyright © 2001-2012 SOA Software, Inc. All Rights Reserved. All content subject to confidentiality agreement between SOA Software and Customer.
  2. 2. A Look Ahead Two significant forces are changing the face of business:
  3. 3. The Effect of Cloud • Cloud has lowered the barrier for App developers and startups • The number of mobile devices now exceeds the number of PCs • The number of connected devices (Internet of Things) will exceed the number of mobile devices by 2020
  4. 4. Mobile Apps • Apple Store has over 775,000 apps • Google Play Store currently offers over 800,000 and is predicted to be the first store to reach the 1 million apps mark by June 2012 • BlackBerry 10 has 100,000 apps • Windows Phone Store has 130,000 apps • According to ABI Research, 56 billion apps will be downloaded in 2013
  5. 5. Why do I need an API? • Accelerate adoption through new channels/devices to reach: – Partners – App Developers – Employees (BYOD) • Extend/embed your brand • Create stickiness
  6. 6. Why do I need an API?
  7. 7. Platforms Support Innovation
  8. 8. Apps are Intermediaries
  9. 9. Platform Success • Speed of App Development – More Apps – More iteration – More collaboration • Speed of App Adoption – Simple Trust
  10. 10. Speedy App Development • Decouple your business processes from the App development process. • Do not bog things down with traditional security models – Imagine just the legal agreements – Storing user credentials is too daunting – both for App developers and App users
  11. 11. Speedy App Adoption • Businesses contain sensitive information and enable sensitive transactions • For high speed App adoption, Customers need to trust them
  12. 12. Platform Security • You need a way to remove the friction that security introduces into the equation • You need to allow Apps to participate in a secure relationship: – Opt in ‘Just in Time’ – Without storing credentials – With only the required permissions – With the ability to Opt out
  13. 13. The Result • App developers can build without friction • Businesses don’t need to limit their ecosystem Its up to the customer
  14. 14. An OAuth Example • A manufacturer, Trux, produces very advanced , highly automated equipment to trucking companies
  15. 15. An OAuth Example • Trux collects a great deal of confidential information about the semi and his/her loads – – – – – Personal data Equipment data Satellite tracking data Service, mechanical information Load types, delivery info
  16. 16. An OAuth Example • Trux would like to create an open platform for App development – Apps to be deployed on the semis – Apps to be sold to the trucking companies – Apps to be sold to the drivers
  17. 17. An OAuth Example • For example, an App developer wants to build an App called SafeTrucking that helps the driver determine the risk of a route based on his: – – – – Load Crime stats Equipment Route
  18. 18. An OAuth Example 1. Driver downloads the SafeTrucking App and opens it 2. Driver is directed to Trux, whom he trusts, to log in with their credentials 3. They are presented with a screen asking if the SafeTrucking App can retrieve the required data from Trux 4. If confirmed, Trux issues a token to SafeTrucking that they can use to retrieve the data securely 5. The driver can view the permissions granted, optout, or increase the permission scope
  19. 19. Do you need an OAuth Server? • Are you trying to create an open platform for App development? If so, you need one
  20. 20. SOA Software’s OAuth Server • Integration with most common enterprise identity systems including LDAP, AD, CA SiteMinder, Oracle Access Manager, IBM TAM, RSA ClearTrust and more • Comprehensive support for the OpenID, OAuth 1.0a and OAuth 2.0 specifications along with a wide array of other authentication and authorization specifications • Fully brandable • Built-in grant management • Integrated with our Developer Community and API Gateway for rapid deployment
  21. 21. Thanks… Alistair Farquharson, CTO, SOA Software ajf@soa.com www.soa.com @afarqu @SOASoftwareInc

×