The document discusses JSON Web Tokens (JWT), JSON Web Signature (JWS), and JSON Web Encryption (JWE). It provides an overview of each specification and how they relate. It also describes how JWT can be used for authentication in Apigee Edge using custom Java callout policies to generate, parse, and verify JWT without additional coding. Examples of generating signed and encrypted JWT are shown using these callout policies.
6. Authentication and Authorization is hard.
Many systems do it poorly. (Do YOU provide 2FA ?)
JWT and OpenID Connect will help solve that problem.
You need to get JWT, now.
6
14. Apigee Edge includes standard policies for many
security tasks.
Oauth1.0a generation and verification,
Oauth2 generation and verification,
SAML generation and verification…
14
15. Apigee Edge does not yet include standard policies for
JWT, JWE, JWS
15
With that , it is time for introductions, This is Aashima Gupta , I lead the healthcare vertical for Apigee with focus on API and Analytics. In this role ,I closely working with marque clients inclding payers , providers and pharmas in helping them with digital health strategy acceleratio and also n in identifying transformative opportunities ( FHIR being one of them)
Prior to joining the firm ,I was leading the Digital Health Incubations at Kaiser and drove innovation around multitude of digital channels including launch of the Lifestyle integration platform and first public API for kaiser.
Vinit will talk to this slide. Move blocks around to fit.
Which big vendors are supporting this?
Facebook, Azure, Salesforce… (Verify)
Vinit will talk to this slide. Move blocks around to fit.
Which big vendors are supporting this?
Facebook, Azure, Salesforce… (Verify)
JWK – JSON Web Key - RFC 7517
JWA – JSON Web Algorithms – RFC 7518
JWK – JSON Web Key - RFC 7517
JWA – JSON Web Algorithms – RFC 7518