apidays LIVE Paris 2021 - Identification & Authentication for Individuals with API at eIDAS Substantial Security Level by Nicolas Bigand, Groupe La Poste
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Identification & Authentication for Individuals with API at eIDAS Substantial Security Level
Nicolas Bigand, CTO & COO at L'identité Numérique La Poste at Groupe La Poste
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Data privacy in the era of cloud native app
Guillaume Montard, Founder & CEO at Bearer
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
How password managers are built for Privacy and Security
Frederic Rivain, CTO at Dashlane
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
Levelling up database security by thinking in APIs
Lindsay Holmwood, Chief Product Officer at Cipherstash
INTERFACE, by apidays - Lessons learned from implementing our custom ‘Big Da...apidays
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
Lessons learned from implementing our custom ‘Big Data’ API DSL
David Wobrock, Senior Lead API Engineer at Botify
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Digital Identity Centric Approach to Accelerate HKMA OpenAPI Phase3/4 Compliance
Ajay Biyani, Regional Vice President, ASEAN at ForgeRock
Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger
Need your APIs to bring in revenue? Soon you may want to take credit card orders from customers on smartphones, tablets and other connected devices.
But first, make sure your customers and your business are protected. Know about industry regulations on data security, otherwise known as PCI DSS Compliance.
In this webinar, Brian Pagano and Scott Metzger from Apigee discuss how to get compliant and meet the requirements of PCI DSS when transacting via APIs.
apidays LIVE Paris 2021 - Data privacy in the era of cloud native app by Guil...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Data privacy in the era of cloud native app
Guillaume Montard, Founder & CEO at Bearer
apidays LIVE Paris 2021 - How password managers are built for Privacy and Sec...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
How password managers are built for Privacy and Security
Frederic Rivain, CTO at Dashlane
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
Levelling up database security by thinking in APIs
Lindsay Holmwood, Chief Product Officer at Cipherstash
INTERFACE, by apidays - Lessons learned from implementing our custom ‘Big Da...apidays
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
Lessons learned from implementing our custom ‘Big Data’ API DSL
David Wobrock, Senior Lead API Engineer at Botify
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Digital Identity Centric Approach to Accelerate HKMA OpenAPI Phase3/4 Compliance
Ajay Biyani, Regional Vice President, ASEAN at ForgeRock
Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger
Need your APIs to bring in revenue? Soon you may want to take credit card orders from customers on smartphones, tablets and other connected devices.
But first, make sure your customers and your business are protected. Know about industry regulations on data security, otherwise known as PCI DSS Compliance.
In this webinar, Brian Pagano and Scott Metzger from Apigee discuss how to get compliant and meet the requirements of PCI DSS when transacting via APIs.
apidays LIVE London 2021 - Are VRPs the killer open banking app? by Chris Mic...apidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
From Open Banking to Embedded finance : API driven Business-models
Are VRPs the killer open banking app?
Chris Michael, CEO at Ozone
apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...apidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
APIs in Finance: The Next Evolution
Open Insurance & Smart Contracts
Giovanni Lesna, Head of Enterprise at API3
apidays LIVE New York 2021 - Solving API security through holistic obervabili...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Solving API security through holistic obervability
Jean-Baptiste Aviat, AppSec Staff Engineer at Datadog
apidays LIVE New York 2021 - Top 10 API security threats every API team shoul...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Top 10 API security threats every API team should know
Derric Gilling, CEO at Moesif
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Microservice Authorization with Open Policy Agent
Tim Hinrichs, Co-Founder and CTO at Styra
Identity Live Paris 2017 | Monetising Digital Customer RelationshipsForgeRock
By Steve Ferris SVP Global Customer Success, ForgeRock, Alain Barbier Principal Customer Engineer, ForgeRock, Leonard Moustacchis Senior Customer Engineer, ForgeRock
You still need to protect employees in the digital age, but the real opportunity for digital transformation lies in using identity not just to protect employees, but to get to know, interact with, and connect to prospects and customers across any channel–whether cloud, social, mobile, or the Internet of Things (IoT).
Customer Identity Management requires going above and beyond a secure login. From a security perspective, you need continuous security that follows the user throughout their entire session.
And as customers share data, from demographics to preferences to buying habits, you can use it to create authentic, engaging customer experiences that lead to lasting customer relationships. Better yet, you can earn customer trust while meeting privacy regulations like GDPR, by giving customers control over who has access to their data and for how long.
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
API Management from a network Engineer's perspective : Use cases from the field
Priya Saxena, Cloud Engineer at Google
Banking is Now More Open: Open Banking UpdateMikeLeszcz
Update on Open Banking initiative by Chris Michael , Head of Technology, Open Banking. Chris presented this at the “OpenID/Open Banking Workshop: The Implications for the Banking Industry” in London on November 6, 2017.
Identity Federation Patterns with WSO2 Identity ServerWSO2
The rapid growth of organizations, ever changing company policies, mergers and acquisitions often lead to the need for complex identity solutions that require integration with multiple heterogeneous systems. This makes traditional centralized identity management systems no longer viable.
Identity federation is now adopted as a solution for such complex systems. It allows you to link multiple identities that belong to different trust domains by means of a common set of policies, practices and protocols.
Join Darshana and Omindu in this webinar as they explore
The challenges of introducing identity federation with use cases
How to leverage identity federation patterns to overcome these challenges
apidays LIVE London 2021 - Leveraging Webauthn for Payments by Chris Woodapidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
APIs in Finance: The Next Evolution
Leveraging Webauthn for Payments: Secure Payment Confirmation
Chris Wood, Freelance Architect & Developer
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Simplify Open Policy Agent with Styra DAS
Tim Hinrichs, Co-Founder & CTO at Styra
2015 Identity Summit - The Identity Broker as Driver for GrowthForgeRock
With Jens Sonnentrücker, Head of Identity Access Management & Governance, Swisscom
and
Benjamin Matei, Security Consultant for IAM, Swisscom
One of the most famous brands and by far the biggest telco provider in Switzerland, Swisscom takes a very pro-active approach to security and creating a trusting environment for its customers. Because Swisscom provides such a broad range of services – landline and mobile phone, mobile payments, cloud data hosting, health records storage and so much more – it required powerful Identity and Access Management (IAM) capabilities. The company’s security vision and overall goal was all about data protection, privacy and sharing, yet also to give subscribers the power to determine what to share, with whom and through the channel of their choice. To implement this vision, the company built out its own Swisscom Cloud architecture with an Identity Broker (IDB) component powered by ForgeRock technologies. By implementing a ForgeRock solution, Swisscom was able to reduce costs spent on administration and significantly upgrade ease of use for its customer base, while also increasing sharing options across service offerings.
WSO2 IoT:
Manage, integrate, secure, and analyze IoT and mobile devices and applications
WSO2 Device Cloud:
Hosted and managed by WSO2, Currently supports Android, iOS device management capabilities. Full set of WSO2 IoT Server functionalities will be supported by 2017 Q3
McKesson Case Study: Pharmacy Systems & AutomationForgeRock
Patrick Stromberg, Architect, Pharmacy Systems and Automation, McKesson
Alexey Shmelkin, CISSP, Senior Security Architect, Information Security
Architecture and Services, McKesson
Following a brief update on the usage of ForgeRock products within McKesson, this session will
provide an overview of the integration between EnterpriseRx, a pharmacy management system, and
ForgeRock products. We will cover the challenges specific to the business domain along with a look
at how we got here and where we’re going. The challenges are interesting in that they deal with a
large number of customers, a native (non-browser) client and limited information about end-users.
Self-sovereign identity (SSI) is a new identity model that gives the user control and ownership over her data.
To dive into what this means and the benefits it offers, Evernym's Andy Tobin gave a webinar on October 17, 2019 introducing the topic of self-sovereign identity and its role in transforming customer experiences and unlocking competitive advantage.
apidays LIVE London 2021 - Are VRPs the killer open banking app? by Chris Mic...apidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
From Open Banking to Embedded finance : API driven Business-models
Are VRPs the killer open banking app?
Chris Michael, CEO at Ozone
apidays LIVE London 2021 - Open Insurance & Smart Contracts by Giovanni Lesna...apidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
APIs in Finance: The Next Evolution
Open Insurance & Smart Contracts
Giovanni Lesna, Head of Enterprise at API3
apidays LIVE New York 2021 - Solving API security through holistic obervabili...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Solving API security through holistic obervability
Jean-Baptiste Aviat, AppSec Staff Engineer at Datadog
apidays LIVE New York 2021 - Top 10 API security threats every API team shoul...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Top 10 API security threats every API team should know
Derric Gilling, CEO at Moesif
apidays LIVE New York 2021 - Microservice Authorization with Open Policy Agen...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Microservice Authorization with Open Policy Agent
Tim Hinrichs, Co-Founder and CTO at Styra
Identity Live Paris 2017 | Monetising Digital Customer RelationshipsForgeRock
By Steve Ferris SVP Global Customer Success, ForgeRock, Alain Barbier Principal Customer Engineer, ForgeRock, Leonard Moustacchis Senior Customer Engineer, ForgeRock
You still need to protect employees in the digital age, but the real opportunity for digital transformation lies in using identity not just to protect employees, but to get to know, interact with, and connect to prospects and customers across any channel–whether cloud, social, mobile, or the Internet of Things (IoT).
Customer Identity Management requires going above and beyond a secure login. From a security perspective, you need continuous security that follows the user throughout their entire session.
And as customers share data, from demographics to preferences to buying habits, you can use it to create authentic, engaging customer experiences that lead to lasting customer relationships. Better yet, you can earn customer trust while meeting privacy regulations like GDPR, by giving customers control over who has access to their data and for how long.
apidays LIVE New York 2021 - API Management from a network Engineer's perspec...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
API Management from a network Engineer's perspective : Use cases from the field
Priya Saxena, Cloud Engineer at Google
Banking is Now More Open: Open Banking UpdateMikeLeszcz
Update on Open Banking initiative by Chris Michael , Head of Technology, Open Banking. Chris presented this at the “OpenID/Open Banking Workshop: The Implications for the Banking Industry” in London on November 6, 2017.
Identity Federation Patterns with WSO2 Identity ServerWSO2
The rapid growth of organizations, ever changing company policies, mergers and acquisitions often lead to the need for complex identity solutions that require integration with multiple heterogeneous systems. This makes traditional centralized identity management systems no longer viable.
Identity federation is now adopted as a solution for such complex systems. It allows you to link multiple identities that belong to different trust domains by means of a common set of policies, practices and protocols.
Join Darshana and Omindu in this webinar as they explore
The challenges of introducing identity federation with use cases
How to leverage identity federation patterns to overcome these challenges
apidays LIVE London 2021 - Leveraging Webauthn for Payments by Chris Woodapidays
apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset
October 27 & 28, 2021
APIs in Finance: The Next Evolution
Leveraging Webauthn for Payments: Secure Payment Confirmation
Chris Wood, Freelance Architect & Developer
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Simplify Open Policy Agent with Styra DAS
Tim Hinrichs, Co-Founder & CTO at Styra
2015 Identity Summit - The Identity Broker as Driver for GrowthForgeRock
With Jens Sonnentrücker, Head of Identity Access Management & Governance, Swisscom
and
Benjamin Matei, Security Consultant for IAM, Swisscom
One of the most famous brands and by far the biggest telco provider in Switzerland, Swisscom takes a very pro-active approach to security and creating a trusting environment for its customers. Because Swisscom provides such a broad range of services – landline and mobile phone, mobile payments, cloud data hosting, health records storage and so much more – it required powerful Identity and Access Management (IAM) capabilities. The company’s security vision and overall goal was all about data protection, privacy and sharing, yet also to give subscribers the power to determine what to share, with whom and through the channel of their choice. To implement this vision, the company built out its own Swisscom Cloud architecture with an Identity Broker (IDB) component powered by ForgeRock technologies. By implementing a ForgeRock solution, Swisscom was able to reduce costs spent on administration and significantly upgrade ease of use for its customer base, while also increasing sharing options across service offerings.
WSO2 IoT:
Manage, integrate, secure, and analyze IoT and mobile devices and applications
WSO2 Device Cloud:
Hosted and managed by WSO2, Currently supports Android, iOS device management capabilities. Full set of WSO2 IoT Server functionalities will be supported by 2017 Q3
McKesson Case Study: Pharmacy Systems & AutomationForgeRock
Patrick Stromberg, Architect, Pharmacy Systems and Automation, McKesson
Alexey Shmelkin, CISSP, Senior Security Architect, Information Security
Architecture and Services, McKesson
Following a brief update on the usage of ForgeRock products within McKesson, this session will
provide an overview of the integration between EnterpriseRx, a pharmacy management system, and
ForgeRock products. We will cover the challenges specific to the business domain along with a look
at how we got here and where we’re going. The challenges are interesting in that they deal with a
large number of customers, a native (non-browser) client and limited information about end-users.
Similar to apidays LIVE Paris 2021 - Identification & Authentication for Individuals with API at eIDAS Substantial Security Level by Nicolas Bigand, Groupe La Poste
Self-sovereign identity (SSI) is a new identity model that gives the user control and ownership over her data.
To dive into what this means and the benefits it offers, Evernym's Andy Tobin gave a webinar on October 17, 2019 introducing the topic of self-sovereign identity and its role in transforming customer experiences and unlocking competitive advantage.
The 10 most trusted authentication solution providers of 2021CIO Look Magazine
To understand the methodologies of the authentication world, CIO LOOK Featured a journey to find The 10 Most Trusted Authentication Solution Providers 2021.
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONPankaj Rane
Public Key Infrastructure is a widely deployed security technology for handling key distribution and validation in computer security. Despite PKI’s popularity as a security solution, Phishing and other Man-in-the-Middle related attacks are accomplished with ease throughout our computer networks. The major problems with PKI come down to trust, and largely, how much faith we must place in cryptographic keys alone to establish authenticity and identity.
In this paper, we look at a novel biometric solution that mitigates this problem at both the user and certificate authority levels. More importantly, we examine the trouble with the application of unprotected biometric features directly into PKI, and propose the integration of a secure, revocable biometric template protection technology that supports transactional key release. A detailed explanation of this new Biometric application is provided, including composition, enrollment, authentication, and revocation details. The Biometric provides a new paradigm for blending elements of physical and virtual security to address pesky network attacks that more conventional approaches have not been able to stop.
Mature Digital Trust Infrastructure - Are we there yet?sorenpeter
Presented at the European e-Identity Management Conference 2011 in Tallinn, Estonia:
Reflections on current Government approaches to Trust, federation and identity management. What needs to change as we move forward. We have come a long way with PKI, federation standards, trust frameworks, etc. but are we there yet? Where is there still work to be done and mindsets to be changed?
The Essence of Online ID Verification for Enhanced User Authentication.pdfIDMERIT IDMERIT
The significance of a robust identity verification process cannot be overstated while businesses are struggling to deal with online frauds & thefts. The online transactions are growing continuously, ensuring safe and trusted user authentication becomes a mandatory concern for businesses and service providers. One key solution that takes center stage in this endeavor is online ID verification.
https://www.idmerit.com/blog/the-essence-of-online-id-verification-for-enhanced-user-authentication/
eKYC provide cutting-edge digital identity verification services.
Our solution is a fast and secure way to verify the identity of your customers, and it can be integrated seamlessly into your business.
Here's a short list of our features:
✅ Digital identity verification.
✅ Liveness verification
✅ Biometric verification
✅ Easy digital onboarding
✅ OCR, MRZ
✅ ID & Selfie match
✅ PEP and Sanction check
✅ Crypto AML
✅ Multiple KYC profile
✅ Full integration support
✅ API, Web, iOS and Android SDK
✅ Support for more than 10,000 document types
✅ Customizable user flow and user interface
We are ready to help your business with reliability and security in the customer verification process. Feel free to ask questions and contact us for further information. Welcome to the world of secure electronic identification with TrustIDnow!
An Introduction to Authentication for ApplicationsUbisecure
This whitepaper is an ideal introduction on authentication categories and their suitability to different requirements. Recommended reading to anyone who wants to get more familiar with online authentication.
Webinar: Protect Your Customers, Protect Yourself Learn How to Take Precautio...i2Coalition
The Internet Infrastructure Coalition (i2Coalition) supports those who build the nuts and bolts of the Internet, and we treat it like the noble profession that it is. We believe the continued growth of the Internet is vital for growing an environment of innovation and seek to engage in ways to foster success of the Internet and Internet infrastructure industry. We seek to influence decision makers to weigh decisions on whether they are good or bad for the Internet economy and its foundational industries. In short, we seek to foster growth within the Internet infrastructure industry by driving others to harness the Internet’s full potential. To learn more about i2Coalition, visit www.i2Coalition.com.
Digital signatures, paving the way to a digital Europe_Arthur D Little_2014Market Engel SAS
Digital signature solutions are quickly replacing paper-based signatures and have the potential to dominate signature-related processes. The primary benefits of this technology include increased efficiency, lower costs and increased customer satisfaction. Processes that still require a handwritten signature slow down turnaround time, increase complexity in terms of archiving, and also raise environmental issues with regards to paper usage. Companies are therefore increasingly adopting digital signature solutions to address those challenges.
The financial services industry is the pioneer in the adoption and development of digital signature solutions, and we expect other industries, such as telecommunication, commerce, utilities, notaries and healthcare, to follow soon as the benefits of this new technology, namely increased efficiency, lower costs and increased customer satisfaction, are not restricted to any industry. While offering clear advantages, digital signature solutions still need to overcome some challenges, such as the need to adapt existing systems and processes to the new technology, concern about acceptance by business partners and the perceived high cost.
The European Union is currently finalizing regulation, which will increase the legal value of advanced electronic signatures and remote electronic signing services by offering the possibility to generate a qualified digital signature using a remote signing system. The regulation is expected to be enacted in early July 2014. This development is expected to serve as an example for other markets on how to approach digital signatures from a regulatory standpoint.
This report is based on Arthur D. Little’s survey of 50 market experts in Europe, as well as comprehensive secondary market research. In this report, we provide an overview of the digital signature technology, its current and potential market, as well as the benefits and challenges it brings. We also present examples of practical applications of digital signature solutions.
Identity Verification API The Cornerstone of Digital Trust.docxrpacpc
In the digital age, trust is the cornerstone upon which meaningful interactions and transactions are built. By leveraging the power of Identity Verification API, organizations can cultivate a trusted digital ecosystem wherein users feel confident in sharing their personal information and engaging in online activities.
Our team of expert volunteers have compiled an overview of the top KYC (Know Your Customer) and AML (Anti-Money Laundering) providers that cater to startups and small businesses. These providers offer robust solutions to help businesses comply with regulatory requirements, mitigate risk, and safeguard against financial crimes. Our overview includes the top providers based on their industry reputation, features, customer support, and affordability, making it easier for startups and small businesses to choose the right KYC AML solution to fit their needs.
Visit the following link for more information:
https://comparison.kycamlguide.com/
https://kycamlguide.com/
Similar to apidays LIVE Paris 2021 - Identification & Authentication for Individuals with API at eIDAS Substantial Security Level by Nicolas Bigand, Groupe La Poste (20)
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...apidays
Keynote 1: APIs ahoy, the case of Customer Booking APIs in Finnlines and Grimaldi Lines, ShortSea
Vesa Vähämaa, Head of Group IT, Software at Finnlines Plc
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...apidays
From Chaos to Calm: Navigating Emerging API Security Challenges
Eli Arkush, Principal Solutions Engineer, API Security at Akamai
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - What is next now that your organization created a (si...apidays
What is next now that your organization created a (significant) set of APIs?
Rogier van Boxtel, Director, Pre Sales Consulting - Axway
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...apidays
There’s no AI without API, but what does this mean for Security?
Timo Rüppell, VP of Product - FireTail.io
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...apidays
Sustainable IT and API Performance - How to Bring Them Together
Merja Kajava, Founder - Aavista Oy
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...apidays
Security Vulnerabilities in your APIs
Lukáš Ďurovský, Staff Software Engineer at Thermo Fisher Scientific
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...apidays
Data, API’s and Banks, with AI on top
Sergio Giraldo, IT Lead - ING
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...apidays
Data Ecosystems Driving the Green Transition
Olli Kilpeläinen, VP - Data Platform & Ecosystem at Betolar
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...apidays
Bridging the Gap Between Backend and Frontend API Testing with K6
Ayush Goyal, Senior Software Engineer - Grafana Labs
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaangoapidays
API Compliance by Design
Marjukka Niinioja, APItalista & Founding Partner - Osaango
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...apidays
ABLOY goes API economy – Transformation story
Hanna Sillanpää Head of Digital Solutions PU - Abloy
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuploapidays
The subtle art of API rate limiting
Josh Twist, Co-founder & CEO at Zuplo
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...apidays
ESTful API Patterns and Practices
Mike Amundsen, Author of "Design and Build Great APIs", API Strategist & Advisor at amundsen.com, Inc.
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adamsapidays
Putting AI into API Security
Corey Ball, Author and Sr. Manager Pentest at Moss Adams
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Prototype-first - A modern API development workflow b...apidays
Prototype-first - A modern API development workflow
Tom Akehurst, CTO and Co-Founder at WireMock
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...apidays
Post-Quantum API Security: Preparing your APIs for Q-day
Francois Lascelles, Distinguished Engineer at Broadcom and CTO at Layer7
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...apidays
Increase your productivity with no-code GraphQL mocking
Hugo Guerrero, Chief Software Architect, APIs & Integration Developer Advocate at Red Hat
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danoneapidays
Driving API & EDA Success: Comparing CoE & C4E Models for Organizational Enablement
Marcelo Caponi, Global Product Manager - API & Integration at Danone
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...apidays
Build a terrible API for people you hate
Jim Bennett, Principal Developer Advocate at liblab
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...apidays
API Secret Tokens Exposed: Insights from Analyzing 1 Million Domains
Tristan Kalos, Co-founder and CEO at Escape
Antoine Carossio, Co-Founder & CTO at Escape
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
apidays LIVE Paris 2021 - Identification & Authentication for Individuals with API at eIDAS Substantial Security Level by Nicolas Bigand, Groupe La Poste
2. 2
In ch a rg e of
• Research
• Architecture
• Development
• Security &Conformity
• Technicalsupport for
Customer &Business
Nicola s BIGAND
CTO & COO – L’Id e n tité Nu m é riq u e La P oste
Exp e rie n ce s
• 2 years at La Poste
• 15 Years at Thales in
cybersecurity: Develop &
Launch >10 high security
level products
3. = Digital proof of identity
How ca n you ve rify on lin e
th e id e n tity of n e w cu stom e rs?
Which problem do we solve ?
4. Ou r Se cu rity Le ve l = e IDAS Su b sta n tia l Le ve l of a ssu ra n ce
Our differentiation?
5. New York
JULY
Australia
SEPTEMBER
Singapore
APRIL
Helsinki & North
MARCH
Paris
DECEMBER
London
OCTOBER
Jakarta
FEBRUARY
Hong Kong
AUGUST
JUNE
India
MAY
Check out our API Conferences here
50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees,
300k+ online community
Want to talk at one of our conferences?
Apply to speak here
6. EU regulation on electronic identification and
trust services for electronic transactions
ANSSI, the French NationalSecurity Agency
has developed a certification and qualification
process for French companies
W h a t is e IDAS re g u la tio n ? How d oe s it a p p ly in Fra n ce ?
EIDAS fra m e s d ig ita l id e n titie s in Eu rop e ANSSI g u a ra n te e s th e se rvice s se cu rity in Fra n ce
L’Identité Numérique La Poste i s the only eIDAS substantial identity
qualified by ANSSI in France
7. Hig h
le ve l
Stronger security constraints:
• Physical Token
• Restricted access
• Smart IDcard
Low le ve l
Single factor : login&password
Su b sta n tia l
le ve l
Proof of Identity
&
2 factors authentication
e IDAS Se cu rity
EQUALto sovereign process
face-to-face
No guarantee of identity
EQUALto banking face-to-
face
Te ch n olog y
+
-
Se c u rit y
+
-
Us e r
e xp e rie n c e
e IDAS : 3 Le ve ls of Assu ra n ce
8. Hig h
le ve l
Sovereign uses
Ex: borders, administration
Low le ve l
Connection to
unregulated websites
Su b sta n tia l
le ve l
Ap p lica tion
Onboarding,
KYC,
Management acts
Advanced signature
….
Co ve rs m o s t b u s in e s s
id e n t ific a t io n n e e d s
e IDAS : 3 Le ve ls of Assu ra n ce
9. Public sector
Banking
Insurrance
Sharing economy
Gambling
E-commerce
Postal &deliveryservices
Health
And more…
Signature
Data sharing
Identification/Onboarding
&Authentication
Physicalaccess
Authorization
Ma n y se ctors n e e d a tru ste d id e n tifica tion solu tion
in p a rticu la r th ose su b je ct to strict or e volvin g
re g u la tory fra m e w orks
10. How d oe s L’Id e n tité Nu m é riq u e La P oste w ork?
IDENTITY VERIFICATION
AT SUBSTANTIAL LEVEL
At home Poste office Online
CERTIFIED PERSONAL DATA
A UNIVERSAL KEY
Substantial eIDAS
Qualified by ANSSI
Strong Authentication (DSP2)
STRONG AUTHENTICATION APP
Fo r Org a n iza t io n s Fo r Us e rs
A DIGITAL PROOF OF IDENTITY
Fo r b o t h
An easy and secure way to prove
your identity and access
hundreds of online services
11. Fo r Org a n iza t io n s Fo r Us e rs
Asingle IDand password to remember that
connect to multiple online services
Atime saving solution
Afraud and identity theft protection
Digital proof of identity compliant with
regulations
Strong authentication
Fraud and Identity Theft Protection
Certified identity data
Contact details verified
Productivitygains
Streamlined customer journey
Improved user experience
Th e b e n e fits
for you r com p a n y a n d cu stom e rs a re n u m e rou s
12. Exa m p le of on lin e su b scrip tion to a se rvice
AP P LICATION
Certaines données vont être
transm ises
Besoin d’
aide
CGU
Accessibilité
M
entions légales
Charte informatique et liberté
Gérer mes cookies
Continuer
Informations de profil
Informations de naissance
Informations de contacts
Vous pouvez annuler le partage de vos données à tout
moment, rendez vous sur la Charte informatique et liberté
Confirm ez sur l’application
+33 678 90 34 56 Modifier
Une action est enattente
Cliquez sur la notification ou ouvrezl’application
L’Identité Numérique.
Besoin d’
aide
CGU
Accessibilité
M
entions légales
Charte informatique et liberté
Gérer mes cookies
Identifiez-vous
pourvous connecter à FranceConnect
S’
identifier
+33 Numéro de mobile
J’
aichangé denuméro
Vousn’
avez pas encore d’
Identité Numérique ?
Découvrir L’Identité Numérique La Poste
Besoin d’
aide
CGU
Accessibilité
M
entions légales
Charte informatique et liberté
Gérer mes cookies
Identification
Button to click PIN Code Data sharing
consent
Data received
by website
YOUR W EBSITE YOUR W EBSITE
13. Ou r AP I stra te g y:
a solu tion b u ilt on m od e rn a n d se cu re sta n d a rd s
15. Securing OpenID Connect protocols (ANSSI guide)
Securing TLS exchanges (ANSSIguide)
Secure Mobile / backend communications: Solution with an ANSSICSPN
Perimeter security: Firewalls, Waf
Security by redundancy: Full localredundancy +redundancyof ISO27001Docaposte Datacenter
Regular audit &pentesting of APIby accredited auditor (PASSI)
Process MCO&MCS : Automatic securitysupervision ®ular patch management
Risk analysis type ebios and peer review for each evolutions of the system
Supervision done by a SOC and a NOC (with a dedicated SIEM)
Se c u rit y b y De s ig n
Se c u rit y d u rin g Life c yc le
AP I se cu rity
16. Online gambling
Banking
Health
Public sector
E-commerce
Parcelcollection
Electronic signature
Simpler registration process
Simpler online subscription process
Simpler patient registration process
Easier access to more than 1.000 online services via FranceConnect
Faster receiving process for registered electronic mail
Gain in productivity
Faster integration (less than a week)
Clie n t fe e d b a cks
17. A m ulti-business Group :
4 b u sin e ss lin e s + 23.0 0 0
clients
50 0 0
em ployees
80 0 m illion s
in revenue
ALL
data centers
in France
A fully public com pany
ParcelMail
Services
GeoPost
La Banque
Postale
Retailcustomers
and digital
business unit
24 9 0 0 0
em ployees
21,6 b illion
Item s delivered per
year worldwide
€ 31b illion
In consolidated revenue
(30% abroad)
17 0 0 0
Retail outlets
nationwide
L’Id e n tité Nu m é riq u e , a se rvice p rovid e d b y
th e Fre n ch p osta l se rvice com p a n y La P oste
a solu tion
d istrib u te d b y
DOCAP OSTE
18. 17
Docaposte
Contact
Thanks for your attention . Let’s keep in touch .
Nicolas BIGAND
Chief Technical Officer & COO
n icola s.b ig a n d @la p oste .fr
Antoine D’HEBRAIL
Marketing & Sales Director
a n toin e .d -h e b ra il@la p oste .fr
19. P. 18
The client
identifies himself
The client opens
his application
AtemporaryQR
code is generated
I am facing a human,
Iauthenticate myself and Ipresent my QRcode
so that the bank advisor can scan it
L’Id e n tité Nu m é riq u e La P oste is e q u iva le n t to
a n ID d ocu m e n t in th e p h ysica l w orld too
20. 1. L’Identité Numérique integration process
1.1. A service compliant with OpenID Connect standards
/authorize
/token
/userinfos
Signout
Service provider
Site
(Client)
Autorisation
code
Access_token
Id_token
Oauth2
• Client_id /
• client_secret
• Clé OKAPI
OKAPI
Ap i
Man ag e r
1
2
3
4
OpenID Connect
21. 1. L’Identité Numérique integration process
1.2 Four APIs to integrate L’Identité Numérique
Reply
Request
GET
/authorize
User login
1
POST/token
Récupération
des jetons
d’accès
2
GET
/ userinfo
Collecting access
tokens
3
POST
/signout
Userlogout
4
The client makesa call to theendpoint / authorize of the IN,
providing its client_id andits callback url asparameters.
The client makesa call tothis API todisconnect the user, by
providing set the user'saccess_token
The client makesa call tothis API toretrieve user data,
providing the user'saccess_token as aparameter
The client makesa call toretrieve the access_token and the
id_token, providing the authorization code received during
the 1strequest as aparameter.
After authenticating (1FA and 2FA), the user
is redirected to
the partner site (customer) via a 302 redirection. An
authorization code is provided as aparameter of the URL
• Access_token : authorization token linked to the user to
accessthe variousresources & APIs of L’identité
Numérique
• ID_token: signedtoken containing the user'sidentity data
in the form of a JWT (
Json WebToken).
Return ofuser identity data and other information (claims)
requested / authorized in the form of a json response
Code 204, the useris loggedout
22. 2. User data recovery
2.1.Two methods to recover data - JWT
TheOpendIDConnectprotocol offered by L’Identité Numériqueallowsthe partner to
retrieve the identity data of theauthenticated user in theform of aJson WebToken.
The J WTis a signed token which means:
• That the data transmitted has not beenmodified
• That the data has beentransmitted by L’Identité Numérique
Two signature algorithms available HS256and RS256
.
Once decoded using tools or libraries available on the internet, the identity data and user
information are exposed in the J SON payload, as well as the token metadata
The La Poste public keyto verify the signature of the J WTis available at this address:
• Sandbox: https://integration.compte.laposte.fr/key/public.pem
• Production: https://compte.laposte.fr/key/public.pem
User datawill bethoserequestedin theclaims duringthe first call to theendpoint/
authorize
JSON WEB TOKEN (JWT)
{
"sub": "5577832670193",
"email": "tests.reex10@yopmail.com",
"email_verified": true,
"acr": "eidas1",
"given_name
": "Claire Marie",
"family_name
": "Dupont",
birthplace": "075110",
"auth_time": 1568042343,
"iat": 1568042343,
"nbf": 1568042343,
"exp": 1568042943,
"jti": "gek6EJW
-fyVzgcaYGOHqWgJXmM0wx6mXjw",
"iss": "https://integration.compte.laposte.fr",
"at_hash": "noaccesstoken",
"aud": "FRANCECONNECT"
}
Extract
23. 2. User data recovery
2.2. Two methods to recover data – endpoint /userinfo
User datacanbe retrieved by API via a
specific endpoint: / userinfos .
Theyallow to be exposed in a J SONresponse, in exchange for the user's
access_token.
Aswith the JWT, theuser'sdata will bethoserequestedin the claimsduringthe
first call to theendpoint/ authorize
Endpoint / userinfo
{
"sub": "5577832670193",
"email": "tests.reex10@yopmail.com",
"email_verified": true,
"given_name
": "Claire Marie",
"family_name
": "Dupont",
"gender": "
female",
"birthdate": "1965
-12
-06",
"birthplace": "075110",
"acr": "eidas1",
"amr": [ "
pwd" ],
"birthcountry": "99100",
"auth_time": 1568078846,
"nonce": "0i1db90e32ji5b8b9cb1849acd069R854", "
iat": 1568078846,
"nbf": 1568078846,
"exp": 3136164858,
"jti": "d3oyaBnCM1Q14hqyNrCVZ
-8rQn3Qfw
-aNA", "
iss":
"https://integration.compte.laposte.fr",
"at_hash": "d4ytCrc3Ix3qbS_yRcohWA",
"aud": «PARTENAIRE«
}
Extract
24. 3. « Pivot » Identity data
Define the desired data : claims and scopes
Scope Définition
openid the technical identifier ( sub ) of the user in
OpenIDConnect format will be returned
gender The person's gender will be returned
birthdate The person's date of birth will be returned
birthplace The person's city of birth will be returned
given_name The person's first names will be returned ,
separated by a space
family_name The person's birth name will be returned
email the person's email address will be returned
phone the person's phone number will be returned
• User datais translated into the Oauth2languageby the claims.
Theseclaims canconstitute :
○ Theuser’s« pivot » identity data
○ Variousinformation about the user
○ Authentication context data
• At the start of the authentication sequence, whencalling GET to
/ authorize, the client mustspecify the claims they wish to
recover
• Thenumberand type of claimsrequested may be different in
the id_token and in the API
responsefrom the endpoint: /
userinfo
• Claimscanbe groupedinto scopes,here is the list :
25. New York
JULY
Australia
SEPTEMBER
Singapore
APRIL
Helsinki & North
MARCH
Paris
DECEMBER
London
OCTOBER
Jakarta
FEBRUARY
Hong Kong
AUGUST
JUNE
India
MAY
Check out our API Conferences here
50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees,
300k+ online community
Want to talk at one of our conferences?
Apply to speak here