INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
The Evolution of API Security for Client-Side Applications
Johann Dilantha Nallathamby, Head of Solutions Architecture for IAM at WSO2
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...apidays
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
The future of API Management in a hybrid, multi-cloud world
Shaun Clowes, SVP of Product at Mulesoft
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Simplify Open Policy Agent with Styra DAS
Tim Hinrichs, Co-Founder & CTO at Styra
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
Asynchronous and Broadcasting APIs using Kafka
Rohit Saxena, Software Development Consultant at Guardian Life
apidays LIVE India - The future of financial services is invisible by Bharat ...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
The future of financial services is invisible
Bharat Bhushan, Distinguished Engineer & CTO Financial Services at IBM
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
Levelling up database security by thinking in APIs
Lindsay Holmwood, Chief Product Officer at Cipherstash
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...apidays
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
The future of API Management in a hybrid, multi-cloud world
Shaun Clowes, SVP of Product at Mulesoft
apidays LIVE New York 2021 - Simplify Open Policy Agent with Styra DAS by Tim...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Simplify Open Policy Agent with Styra DAS
Tim Hinrichs, Co-Founder & CTO at Styra
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
Asynchronous and Broadcasting APIs using Kafka
Rohit Saxena, Software Development Consultant at Guardian Life
apidays LIVE India - The future of financial services is invisible by Bharat ...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
The future of financial services is invisible
Bharat Bhushan, Distinguished Engineer & CTO Financial Services at IBM
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
Levelling up database security by thinking in APIs
Lindsay Holmwood, Chief Product Officer at Cipherstash
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
Digital Trust Infrastructure - Key to digital transformation
Ramesh Narayanan, CTO at Modular Open Source Identity Platform (MOSIP)
This session is all about Gravitee.io that consists of two modules: Gravitee.io Access Management, which is responsible for providing Authentication and Authorization with help of OAuth2.0 and OpenID Connect, and Gravitee.io API Management, which is responsible for the management of APIs, by simply publishing and consuming the APIs.
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Digital Identity Centric Approach to Accelerate HKMA OpenAPI Phase3/4 Compliance
Ajay Biyani, Regional Vice President, ASEAN at ForgeRock
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs WSO2
APIs are the products of the 21st century. As we build out API systems, we find that we are constantly learning from product journeys. We propose a new kind of supply chain - the Integrated Supply Chain for APIs (ISCA) - which is needed by any organization looking to create and monetize API products, either directly or indirectly. Through these slides, it is outlined our vision of the ISCA, identify five key patterns for success, and give a blueprint for creating a digital business based on API products.
An Entry Point to Impactful Open Banking ArchitectureWSO2
Watch the on-demand webinar here: https://wso2.com/library/webinars/an-entry-point-to-impactful-open-banking-architecture/
Description:
Banks in Europe, the UK, and Australia have been hard at work prototyping new use cases and operating models that leverage open data and collaboration. In regions like Africa, Latin America, and South and Southeast Asia, we are seeing customer demand and shifting expectations drive increased adoption of open banking models, even where regulation doesn't explicitly require it. A growing number of fintechs and “challenger banks” have emerged seeking to capitalize on customers looking for easier and more intuitive financial experiences.
In this deck we’ll cover how you can make the most of these developments and invest in the long term. Discussion topics include:
Open banking fundamentals as relevant to systems design with reference to PSD2 specifications and the Australian Consumer Data Standards, along with related concepts from the GDPR regime.
Open banking reference architectures to create adaptable open APIs, open data, and open platforms for technical and business agility.
Leveraging internal capabilities and data to craft a competitive advantage.
Beyond open banking - Banking Product Design Canvas, the Banking 4.0: Digital Factory, and the SMB Capability Uplift.
Strong Customer Authentication - All Your Questions AnsweredWSO2
This deck will cover what is SCA, the regulatory requirements, the exemptions, SCA approaches, configuring default authenticators and customizing SCA based components.
Watch the Webinar On-Demand here - https://wso2.com/solutions/financial/open-banking/webinars/uk/
Which APIs? which business models - A real-world guide for African banks.WSO2
learn how banks of different sizes within the African financial services ecosystems can choose between different API-enabled business models to cut costs, streamline internal workflows and deliver better consumer experiences.
Digital transformation is the integration of digital technology into all areas of a business, fundamentally changing how you operate and deliver value to customers. It's also a cultural change that requires organizations to continually challenge the status quo, experiment, and get comfortable with failure.
It is essential that you integrate digital technology into all areas of business so that your business can be agile and adapts to changing circumstances. Microservices architecture gives you the agility required to build a digital business, while APIs are the enablers for turning a conventional business into a digital business. In this webinar, we will discuss how an enterprise can adopt an API-first approach for building a digital business leveraging microservices architecture.
We will explain and show the business benefits of:
- An API-first approach for building a digital business
- How microservices enables business agility
- Building and integrating your microservices
- Modernization of your legacy applications
- How to leverage the WSO2 API integration platform to build a digital business.
Watch the webinar on-demand here - https://wso2.com/library/webinars/api-first-integration-for-microservices/
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2
Healthcare interoperability is becoming a mandate and key differentiator as healthcare records become increasingly digitized. Patients’ electronic health records must be available, discoverable, understandable, and structured and secured to support interoperability, automated clinical decision making, and other machine-based processing actions.
In the U.S, the Centers for Medicare and Medicaid Services (CMS) has published the “Interoperability and Patient Access final rule (CMS-9115-F)” that mandates patient information availability in HL7 Fast Healthcare Interoperability Resources (FHIR®) interoperability format by January and July of 2021. Whilst FHIR® based interoperability is a mandate for U.S based healthcare insurance, healthcare providers and their stakeholders, these healthcare interoperability standards are applicable for all healthcare organizations globally.
WSO2 Open Healthcare is WSO2’s offering in the healthcare space which connects healthcare source systems in many formats including FHIR®, HL7, X12 and custom formats and translates, validates, and exposes them as US Core, Da Vinci, CARIN and FHIR international compliant FHIR APIs. The platform can be deployed on-premises or on the cloud/SaaS in VMs or containers. Our purpose built healthcare platform is built on our market leading API management, integration, and CIAM platforms to solve the most complex healthcare integration challenges.
We’re now focusing on a partner driven go-to-market plan and strategic implementation partners for our healthcare solution. As such, we’d like to partner with qualified system integrators and value added resellers in the healthcare space. We’ve organized a webinar on the basics of the requirement, details of the solution, and how partners can engage with us. We’re calling all partners and system integrators with a healthcare practice to come join us on this exciting journey.
Watch the on-demand webinar: https://wso2.com/library/webinars/wso2-open-healthcare-platform-targeting-the-u.s-cms-rule/
Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger
Need your APIs to bring in revenue? Soon you may want to take credit card orders from customers on smartphones, tablets and other connected devices.
But first, make sure your customers and your business are protected. Know about industry regulations on data security, otherwise known as PCI DSS Compliance.
In this webinar, Brian Pagano and Scott Metzger from Apigee discuss how to get compliant and meet the requirements of PCI DSS when transacting via APIs.
Integrating Healthcare Applications with EMR Systems and Databases and Transf...WSO2
Fast Healthcare Interoperability Resources (FHIR®) is a next-generation standard framework created by HL7 combining the best features of previous HL7 standards. FHIR® leverages the latest web standards and focuses on ease of implementability.
The WSO2 Healthcare Integration Platform gives you out-of-the-box support to seamlessly integrate with existing heterogeneous systems in an organization. It supports almost all standard integration protocols, making it possible to integrate with nearly any system. On top of all the integration capabilities, FHIR® accelerators have been introduced to implement APIs that adhere to FHIR® specifications with minimal development effort.
In this webinar, we will explore the key capabilities offered in WSO2 FHIR® accelerators and how to build a FHIR® compliant healthcare solution on top of existing systems/data-sources.
By attending, you will gain knowledge on how to use WSO2 FHIR® accelerators to implement a data transformation scenario.
During the webinar, we will:
Discuss existing healthcare-related systems and data transformation requirements.
Introduce the WSO2 Healthcare Integration Platform’s integration layer
Introduce WSO2 FHIR® accelerators
Look at how to implement FHIR® APIs using WSO2 FHIR® accelerators
Build a scenario that integrates with an existing healthcare system and expose as FHIR® APIs
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...WSO2
This deck explains how services, meshes, and API Management co-exist. We would also draw references to WSO2 API Manager and how it can be used with Isitio Service Mesh to manage APIs that are exposed for consumption.
This webinar will give an overview of the conventional login forms and currently more popular logins via social networks. Further, we will discuss adopting Social Logins in your applications and an Identity Hub’s role there to overcome any added overhead.
Watch the on-demand webinar here: https://wso2.com/library/webinars/identity-hubs-role-in-social-logins/
IBM API Connect is a Comprehensive API Solution. It is an integrated creation, runtime, management, and security foundation for enterprise grade API’s and Microservices to power modern digital applications.
In this webinar,
API Management Concepts
IBM API Connect overview and features
Kellton Tech’s API Strategy with IBM API Connect.
Technology: IBM API Connect 5.0
[WSO2Con EU 2018] Blockchain in the Business API Ecosystem - API Consumption ...WSO2
This presentation proves a general introduction to the API Economy, to the Blockchain network Alastria, and to the open source WSO2 API Manager. It also includes a demo on how to use API Manager for API consumption management and its integration with a Smart Contract deployed in blockchain for the automatic pricing of this consumption.
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays
December 14, 15 & 16, 2022
Securing APIs in Open Banking - FAPI and its implementation to OSS
Takashi Norimatsu, Senior Engineer at Hitachi, Ltd.
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays
apidays LIVE India 2021 - Connecting 1.3 billion digital innovators
May 20, 2021
Digital Trust Infrastructure - Key to digital transformation
Ramesh Narayanan, CTO at Modular Open Source Identity Platform (MOSIP)
This session is all about Gravitee.io that consists of two modules: Gravitee.io Access Management, which is responsible for providing Authentication and Authorization with help of OAuth2.0 and OpenID Connect, and Gravitee.io API Management, which is responsible for the management of APIs, by simply publishing and consuming the APIs.
apidays LIVE Hong Kong 2021 - Digital Identity Centric Approach to Accelerate...apidays
apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange
August 25 & 26, 2021
Digital Identity Centric Approach to Accelerate HKMA OpenAPI Phase3/4 Compliance
Ajay Biyani, Regional Vice President, ASEAN at ForgeRock
[apidays LIVE HONK KONG] - Building an Integrated Supply Chain for APIs WSO2
APIs are the products of the 21st century. As we build out API systems, we find that we are constantly learning from product journeys. We propose a new kind of supply chain - the Integrated Supply Chain for APIs (ISCA) - which is needed by any organization looking to create and monetize API products, either directly or indirectly. Through these slides, it is outlined our vision of the ISCA, identify five key patterns for success, and give a blueprint for creating a digital business based on API products.
An Entry Point to Impactful Open Banking ArchitectureWSO2
Watch the on-demand webinar here: https://wso2.com/library/webinars/an-entry-point-to-impactful-open-banking-architecture/
Description:
Banks in Europe, the UK, and Australia have been hard at work prototyping new use cases and operating models that leverage open data and collaboration. In regions like Africa, Latin America, and South and Southeast Asia, we are seeing customer demand and shifting expectations drive increased adoption of open banking models, even where regulation doesn't explicitly require it. A growing number of fintechs and “challenger banks” have emerged seeking to capitalize on customers looking for easier and more intuitive financial experiences.
In this deck we’ll cover how you can make the most of these developments and invest in the long term. Discussion topics include:
Open banking fundamentals as relevant to systems design with reference to PSD2 specifications and the Australian Consumer Data Standards, along with related concepts from the GDPR regime.
Open banking reference architectures to create adaptable open APIs, open data, and open platforms for technical and business agility.
Leveraging internal capabilities and data to craft a competitive advantage.
Beyond open banking - Banking Product Design Canvas, the Banking 4.0: Digital Factory, and the SMB Capability Uplift.
Strong Customer Authentication - All Your Questions AnsweredWSO2
This deck will cover what is SCA, the regulatory requirements, the exemptions, SCA approaches, configuring default authenticators and customizing SCA based components.
Watch the Webinar On-Demand here - https://wso2.com/solutions/financial/open-banking/webinars/uk/
Which APIs? which business models - A real-world guide for African banks.WSO2
learn how banks of different sizes within the African financial services ecosystems can choose between different API-enabled business models to cut costs, streamline internal workflows and deliver better consumer experiences.
Digital transformation is the integration of digital technology into all areas of a business, fundamentally changing how you operate and deliver value to customers. It's also a cultural change that requires organizations to continually challenge the status quo, experiment, and get comfortable with failure.
It is essential that you integrate digital technology into all areas of business so that your business can be agile and adapts to changing circumstances. Microservices architecture gives you the agility required to build a digital business, while APIs are the enablers for turning a conventional business into a digital business. In this webinar, we will discuss how an enterprise can adopt an API-first approach for building a digital business leveraging microservices architecture.
We will explain and show the business benefits of:
- An API-first approach for building a digital business
- How microservices enables business agility
- Building and integrating your microservices
- Modernization of your legacy applications
- How to leverage the WSO2 API integration platform to build a digital business.
Watch the webinar on-demand here - https://wso2.com/library/webinars/api-first-integration-for-microservices/
WSO2 Open Healthcare Platform - Healthcare Interoperability Targeting the U.S...WSO2
Healthcare interoperability is becoming a mandate and key differentiator as healthcare records become increasingly digitized. Patients’ electronic health records must be available, discoverable, understandable, and structured and secured to support interoperability, automated clinical decision making, and other machine-based processing actions.
In the U.S, the Centers for Medicare and Medicaid Services (CMS) has published the “Interoperability and Patient Access final rule (CMS-9115-F)” that mandates patient information availability in HL7 Fast Healthcare Interoperability Resources (FHIR®) interoperability format by January and July of 2021. Whilst FHIR® based interoperability is a mandate for U.S based healthcare insurance, healthcare providers and their stakeholders, these healthcare interoperability standards are applicable for all healthcare organizations globally.
WSO2 Open Healthcare is WSO2’s offering in the healthcare space which connects healthcare source systems in many formats including FHIR®, HL7, X12 and custom formats and translates, validates, and exposes them as US Core, Da Vinci, CARIN and FHIR international compliant FHIR APIs. The platform can be deployed on-premises or on the cloud/SaaS in VMs or containers. Our purpose built healthcare platform is built on our market leading API management, integration, and CIAM platforms to solve the most complex healthcare integration challenges.
We’re now focusing on a partner driven go-to-market plan and strategic implementation partners for our healthcare solution. As such, we’d like to partner with qualified system integrators and value added resellers in the healthcare space. We’ve organized a webinar on the basics of the requirement, details of the solution, and how partners can engage with us. We’re calling all partners and system integrators with a healthcare practice to come join us on this exciting journey.
Watch the on-demand webinar: https://wso2.com/library/webinars/wso2-open-healthcare-platform-targeting-the-u.s-cms-rule/
Part 7 in our series of API Best Practices Webinars - on PCI COmpliance - by @brianpagano and @scottmetzger
Need your APIs to bring in revenue? Soon you may want to take credit card orders from customers on smartphones, tablets and other connected devices.
But first, make sure your customers and your business are protected. Know about industry regulations on data security, otherwise known as PCI DSS Compliance.
In this webinar, Brian Pagano and Scott Metzger from Apigee discuss how to get compliant and meet the requirements of PCI DSS when transacting via APIs.
Integrating Healthcare Applications with EMR Systems and Databases and Transf...WSO2
Fast Healthcare Interoperability Resources (FHIR®) is a next-generation standard framework created by HL7 combining the best features of previous HL7 standards. FHIR® leverages the latest web standards and focuses on ease of implementability.
The WSO2 Healthcare Integration Platform gives you out-of-the-box support to seamlessly integrate with existing heterogeneous systems in an organization. It supports almost all standard integration protocols, making it possible to integrate with nearly any system. On top of all the integration capabilities, FHIR® accelerators have been introduced to implement APIs that adhere to FHIR® specifications with minimal development effort.
In this webinar, we will explore the key capabilities offered in WSO2 FHIR® accelerators and how to build a FHIR® compliant healthcare solution on top of existing systems/data-sources.
By attending, you will gain knowledge on how to use WSO2 FHIR® accelerators to implement a data transformation scenario.
During the webinar, we will:
Discuss existing healthcare-related systems and data transformation requirements.
Introduce the WSO2 Healthcare Integration Platform’s integration layer
Introduce WSO2 FHIR® accelerators
Look at how to implement FHIR® APIs using WSO2 FHIR® accelerators
Build a scenario that integrates with an existing healthcare system and expose as FHIR® APIs
[APIdays Singapore 2019] API Management in a Istio Service Mesh with WSO2 API...WSO2
This deck explains how services, meshes, and API Management co-exist. We would also draw references to WSO2 API Manager and how it can be used with Isitio Service Mesh to manage APIs that are exposed for consumption.
This webinar will give an overview of the conventional login forms and currently more popular logins via social networks. Further, we will discuss adopting Social Logins in your applications and an Identity Hub’s role there to overcome any added overhead.
Watch the on-demand webinar here: https://wso2.com/library/webinars/identity-hubs-role-in-social-logins/
IBM API Connect is a Comprehensive API Solution. It is an integrated creation, runtime, management, and security foundation for enterprise grade API’s and Microservices to power modern digital applications.
In this webinar,
API Management Concepts
IBM API Connect overview and features
Kellton Tech’s API Strategy with IBM API Connect.
Technology: IBM API Connect 5.0
[WSO2Con EU 2018] Blockchain in the Business API Ecosystem - API Consumption ...WSO2
This presentation proves a general introduction to the API Economy, to the Blockchain network Alastria, and to the open source WSO2 API Manager. It also includes a demo on how to use API Manager for API consumption management and its integration with a Smart Contract deployed in blockchain for the automatic pricing of this consumption.
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays
December 14, 15 & 16, 2022
Securing APIs in Open Banking - FAPI and its implementation to OSS
Takashi Norimatsu, Senior Engineer at Hitachi, Ltd.
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
My talk for the Dutch PHP Conference, explaining the point of oauth, the mechanics of oauth2 and the various flows, and a spot of oauth1 for completeness
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
Why Assertion-based Access Token is preferred to a Handle-based one?
Yoshiyuki Tabata, Software Engineer at Hitachi
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
SpringOne Platform 2016
Speaker: David Ferriera; Director, Cloud Technology, Forgerock
Microservices architecture elevates the challenges for Authentication and Authorization management. When a single frontend request can result in many backend microservices calls, it is important to balance security and performance. ForgeRock provides a standards-based blueprint that provides a flexible solution for making these choices while protecting your Cloud Foundry services end to end.
Profesia, Lynx Group, presenta la quinta puntata della serie di master class sulla tecnologia WSO2 di cui è Distributore esclusivo per l'Italia.
Il webinar, con la partecipazione straordinaria di WSO2, descrive come implementare nei client l'autorizzazione OAUTH2.
Scrivi a contact@profesia.it se stai pensando a una trasformazione digitale per evolvere verso un business agile
Introduction to the Globus Platform for DevelopersGlobus
We will provide a brief introduction to the Globus platform-as-a-service for developers, with emphasis on understanding the security model; and will demonstrate how to access Globus services via APIs for integration into custom research applications.
Traditional security models no longer suffice in the new digital and API driven economy. APIs expose corporate data in very deliberate and thoughtful ways, but, as with any technology that involves enterprise data, security should always be a prime concern. How do you keep your customers' digital experiences as secure as your backend data and services?
OAuth is an API authorization protocol that enables apps to access information on behalf of users without requiring them to divulge their usernames and passwords.
Analysts and leading industry surveys have found more and more banks, even in countries with an absence of open banking regulation, have prioritized implementing open banking to fast-track digital transformation and achieve business goals. This means, to stand out in the crowd in mature open banking ecosystems, and to secure a lasting competitive advantage as an early adopter in new markets, banks should select open banking technology that delivers advanced capabilities and scalability backed by a strong vision and industry-understanding.
In this release webinar, you will learn how WSO2 Open Banking 2.0 improves the way we help your developers and business teams create, quickly deploy, manage and monetize APIs that add real value for your internal teams, partners, and consumers. We will also help you understand how our technology can be best deployed as a part of a successful open banking strategy.
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
Learn about the basics of OAuth 2.0 and the different OAuth flows in this introductory video. Understand how OAuth works and the various authorization mechanisms involved.
Similar to INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nallathamby, WSO2 (20)
Apidays Helsinki 2024 - APIs ahoy, the case of Customer Booking APIs in Finn...apidays
Keynote 1: APIs ahoy, the case of Customer Booking APIs in Finnlines and Grimaldi Lines, ShortSea
Vesa Vähämaa, Head of Group IT, Software at Finnlines Plc
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - From Chaos to Calm- Navigating Emerging API Security...apidays
From Chaos to Calm: Navigating Emerging API Security Challenges
Eli Arkush, Principal Solutions Engineer, API Security at Akamai
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - What is next now that your organization created a (si...apidays
What is next now that your organization created a (significant) set of APIs?
Rogier van Boxtel, Director, Pre Sales Consulting - Axway
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - There’s no AI without API, but what does this mean fo...apidays
There’s no AI without API, but what does this mean for Security?
Timo Rüppell, VP of Product - FireTail.io
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Sustainable IT and API Performance - How to Bring The...apidays
Sustainable IT and API Performance - How to Bring Them Together
Merja Kajava, Founder - Aavista Oy
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Security Vulnerabilities in your APIs by Lukáš Ďurovs...apidays
Security Vulnerabilities in your APIs
Lukáš Ďurovský, Staff Software Engineer at Thermo Fisher Scientific
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Data, API’s and Banks, with AI on top by Sergio Giral...apidays
Data, API’s and Banks, with AI on top
Sergio Giraldo, IT Lead - ING
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Data Ecosystems Driving the Green Transition by Olli ...apidays
Data Ecosystems Driving the Green Transition
Olli Kilpeläinen, VP - Data Platform & Ecosystem at Betolar
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - Bridging the Gap Between Backend and Frontend API Tes...apidays
Bridging the Gap Between Backend and Frontend API Testing with K6
Ayush Goyal, Senior Software Engineer - Grafana Labs
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - API Compliance by Design by Marjukka Niinioja, Osaangoapidays
API Compliance by Design
Marjukka Niinioja, APItalista & Founding Partner - Osaango
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays Helsinki 2024 - ABLOY goes API economy – Transformation story by Hann...apidays
ABLOY goes API economy – Transformation story
Hanna Sillanpää Head of Digital Solutions PU - Abloy
Apidays Helsinki & North 2024 - Connecting Physical and Digital: Sustainable APIs for the Era of AI, Super and Quantum Computing (May 28 and 29, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - The subtle art of API rate limiting by Josh Twist, Zuploapidays
The subtle art of API rate limiting
Josh Twist, Co-founder & CEO at Zuplo
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - RESTful API Patterns and Practices by Mike Amundsen, ...apidays
ESTful API Patterns and Practices
Mike Amundsen, Author of "Design and Build Great APIs", API Strategist & Advisor at amundsen.com, Inc.
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Putting AI into API Security by Corey Ball, Moss Adamsapidays
Putting AI into API Security
Corey Ball, Author and Sr. Manager Pentest at Moss Adams
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Prototype-first - A modern API development workflow b...apidays
Prototype-first - A modern API development workflow
Tom Akehurst, CTO and Co-Founder at WireMock
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Post-Quantum API Security by Francois Lascelles, Broa...apidays
Post-Quantum API Security: Preparing your APIs for Q-day
Francois Lascelles, Distinguished Engineer at Broadcom and CTO at Layer7
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Increase your productivity with no-code GraphQL mocki...apidays
Increase your productivity with no-code GraphQL mocking
Hugo Guerrero, Chief Software Architect, APIs & Integration Developer Advocate at Red Hat
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Driving API & EDA Success by Marcelo Caponi, Danoneapidays
Driving API & EDA Success: Comparing CoE & C4E Models for Organizational Enablement
Marcelo Caponi, Global Product Manager - API & Integration at Danone
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - Build a terrible API for people you hate by Jim Benne...apidays
Build a terrible API for people you hate
Jim Bennett, Principal Developer Advocate at liblab
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Apidays New York 2024 - API Secret Tokens Exposed by Tristan Kalos and Antoin...apidays
API Secret Tokens Exposed: Insights from Analyzing 1 Million Domains
Tristan Kalos, Co-founder and CEO at Escape
Antoine Carossio, Co-Founder & CTO at Escape
Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024)
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3
INTERFACE, by apidays - The Evolution of API Security by Johann Dilantha Nallathamby, WSO2
1. The Evolution of API Security for
Client Side Applications
June 30, 2021
johann@wso2.com
Head of Solutions Architecture for IAM @ WSO2
Johann Dilantha Nallathamby
4. While Client-side Applications have existed before the introduction of OpenID
Connect and OAuth 2.0, the advent of OAuth 2.0 and OIDC definitely stirred up a
debate on the right way of performing authentication and API authorization for
Client-side Applications.
OpenID Connect has become the de-facto standard to authenticate users in Client-side
Applications and OAuth 2.0 has become the defacto standard to authorize API
invocations in Client-side Applications.
Client-side Applications can be classified as OAuth 2.0 Public Clients.
Client-side Applications & OAuth 2.0
4
5. 1. They cannot store the client secret completely securely on the client-side
2. They cannot store the access tokens completely securely on the client-side
OAuth 2.0 Public Clients
5
7. Threats due to Compromised Credentials/Tokens
7
Client Secret
● Illegal use of
client_credentials grant
flow
● Denial-of-service
attacks on the resource
server
● Impersonation of a
legitimate client
Access Token
● Illegal access of APIs
● Exhaustion of client’s
throttling quota
Refresh Token
● Illegal access of Token
endpoint using
refresh_token grant
flow without client
authentication
8. Mitigation Strategies
8
Client Secret
● Disable
client_credentials grant
flow
● Enforce Redirect URI
registration and strict
validation.
● Provision per-instance
client identifiers for
native applications
(RFC 7591)
● One-time-use client
identifiers / rolling
client identifiers.
Access Token
● One-time-use access
tokens / rolling access
tokens / access token
chaining.
● “Per-user per-client”
throttling limits.
● Heuristic algorithms to
detect token fraud.
Refresh Token
● One-time-use refresh
tokens / rolling refresh
tokens
13. Pros
● No hindrance to user experience due
to redirections
Cons
● Standard Single Sign-on experience
mostly not supported
● User passwords are handed to the
application
13
Pros & Cons of Back-channel Flows
14. Legacy Front-channel Client
14
● JavaScript applications
● Cookie-based API authorization
● Session data read from
⦿ DOM on boot when loading the
SPA
⦿ Backend API
⦿ Non “http-only” cookie
15. Legacy Front-channel Client
15
● Cookie-based API authorization
● Session data read from
⦿ DOM on boot when loading the
SPA
⦿ Backend API
17. 17
OAuth 2.0 Client Secret
OAuth 2.0 authorization servers MAY
issue client secrets to public clients
ONLY IF they are unique to each
installation of the application on a
specific device.
Redirect URIs MUST be registered and
verified against the redirect URI in the
authorization request.
18. Pros
● Single round trip (against 2 in
authorization code grant flow)
● Access token returned as a fragment URI
⦿ Doesn’t reach the backend server
component
Cons
● Access token returned as fragment URI
⦿ Visible in the URL address bar
⦿ Stored in the browser’s history
⦿ Browser Sync further increases the
attack surface
● Unverified JavaScript (browser extensions)
reading the access token
● Inadvertent logging of URL at proxy servers
or getting disclosed through referrer
headers
● Token interception attacks
● Access and Refresh tokens are visible by
inspecting the client-side storage
● No refresh tokens 18
Pros & Cons of Implicit Flow
19. Implicit Flow was created due to
an old limitation in the browser
Cross-Origin Resource Sharing
19
21. Pros
● All the disadvantages of implicit flow
are negated
● Short-lived and one-time use
authorization codes have reduced
attack surface
● Issues refresh tokens
Cons
● Two round trips (against 1 in implicit
grant flow)
● Access and Refresh tokens are visible by
inspecting the client-side storage
21
Pros & Cons of Authorization Code Flow
22. Pros
● Standard Single Sign-on experience is
mostly supported
● User password are handled only to the
IAM system
Cons
● Redirections hinder user experience
22
Pros & Cons of Front-Channel Flows
23. 23
Improving the Redirection Experience OAuth 2.0 Public Clients
JavaScript Parent/Child Windows or Modals
https://medium.com/@johann_nallathamby/user-experiences-for-iam-on-the-web-2d3
9aa49f388
Store Tokens in Key Chain using Biometrics
● The refresh token is encrypted and stored in the keychain
● Face ID or Touch ID as the default authentication options
to decrypt and retrieve the refresh token
● SMS-OTP as fallback option
24. 1. Thorough audits of source code, knowing exactly which third-party libraries are
being used in the application.
2. Have a strong Content Security Policy (CSP).
3. Most importantly be confident in your ability to build a secure the OAuth 2.0
Public Client.
Developer Challenges in OAuth 2.0 Public Clients
24
26. 26
Tokens Love Cookies
● Options to store Tokens in OAuth 2.0 public clients:
⦿ HTML5 Web Storage (localStorage and sessionStorage)
⦿ Cookies
● Cookies:
⦿ “httpOnly” - Built in protection against cross-site scripting
(XSS)
⦿ “Secure”
⦿ Support CORS
⦿ Vulnerable to CSRF
⦾ Synchronization Token pattern
⦾ Double-submit Cookie pattern
Cookies are preferred over HTML5 web storage with enough CSRF
protection ensured
27. Is storing Tokens in Cookies
sufficient protection?
● Vulnerable to CSRF
● Violates OAuth 2.0 Bearer Profile
27
29. 29
Stateful OAuth 2.0 + API Client Proxy
1. Redirect log-in
Request
2. Authorization Code
Grant Flow
3.Redirect log-in
response; session
cookie
3.API Proxy
Request 4. API call
API
Proxy
OAuth 2.0 Server
SPA
30. Pros
● The frontend client is oblivious to the
access token refreshing process.
● Eliminates the need for cross-origin
resource sharing (CORS)
Cons
● Scalability issues due to additional state
in the backend
● Addressing the scalability issue adds
more complexity to the solution
● Nota pure SPA architecture
30
Pros & Cons of Stateful OAuth 2.0 + API Client Proxy
31. 31
Stateless OAuth 2.0 + API Client Proxy
1. Redirect log-in
Request
2. Authorization Code
Grant Flow
3.Redirect log-in
response; cookie -
encrypted tokens
3.API Proxy
Request 4. API call
SPA OAuth 2.0 Server
API
Proxy
32. Pros
● Retains the same advantages as its
stateful counterpart
● No scalability issues as there is no
additional state introduced in the
backend side
● Cannot get hold of the plain-text
tokens and bypass the OAuth 2.0
proxy
Cons
● Still vulnerable to CSRF.
● Not a pure SPA architecture.
32
Pros & Cons of Stateless OAuth 2.0 + API Proxy
33. Pros
● Cannot get hold of the plain-text
tokens and bypass the OAuth 2.0
proxy
Cons
● Still vulnerable to CSRF.
● Not a pure SPA architecture.
33
Pros & Cons of Stateless OAuth 2.0 + API Proxy
34. 34
1. Redirect Authorization
Proxy Request
2. Authorization Code
Grant Flow
3.Redirect Authorization
Proxy Response; bearer
token + cookie
4.API Proxy
Request 5. API call
Inspired by “double-submit cookie”
Split Token Cookie
+
+
SPA
API
OAuth 2.0 Server
Reverse Proxy
35. JSON Web Token (JWT) as OAuth 2.0 Bearer Access Tokens
https://medium.com/@johann_nallathamby/json-web-tokens-jwt-as-oauth-2-0-bearer-a
ccess-tokens-89120c94c082
35
How to Split the OAuth 2.0 Access Token?
Cookie
Bearer Token
36. 36
1. Redirect Authorization
Proxy Request
2. Authorization Code
Grant Flow
3.Redirect Authorization
Proxy Response; bearer
token + cookie
4.API Proxy
Request 5. API call
Binding Token Cookie
Generate a “binding” token and include its hash form in the bearer token
+
+
SPA Reverse Proxy OAuth 2.0 Server
API
38. 38
1 OAuth 2.0 Token Binding
● Extends from Token Binding for
HTTP (RFC 8473)
● Suffered an important setback
when major vendors dropped
support for it
2 OAuth 2.0 Mutual-TLS Client
Authentication and Certificate-Bound
Access Tokens
● OAuth 2.0 Clients authenticate
using Mutual TLS
● Tokens bound to client
certificate
● More details to iron out
particularly in terms of browser
experience
3 OAuth 2.0 Demonstration of
Proof-of-Possession at the
Application Layer (DPoP)
● A client uses a DPoP proof JWT
to prove the possession of a
private key belonging to a
certain public key.
Standard Sender-constrained Token Patterns
39. 39
Sliding Sessions
Renew access tokens in SPAs without using refresh tokens or compromising user
experience.
1. Logged-in Session
2. Periodic requests until the
user is active in the SPA
3. Hidden iframe
5. Pass result to a callback
function of the parent window
4. OAuth 2.0 Authorization
Request; prompt=none
6. {Authorization code exchange}
OR {Sign-out and sign-in}
DECISION
41. The Evolution of OAuth 2.0 for Mobile Native Applications
41
Web View
● Embeddable browser
● Browser security sandbox is
inapplicable
● JavaScript can call system
APIs.
● No standard Single Sign-on
experience
Authorization Server Agent on
Mobile Device
● Single sign-on experience
● Manages API tokens
● Native Applications Single
Sign-On (NAPPS)
WebView Login
42. 42
RFC 8252 - OAuth 2.0 for
Native Apps
● Redirect through external
user-agents only
● App-claimed "https"
scheme redirect URIs
recommended.
● Use “state” parameter to
mitigate CSRF over
inter-app URI
communication channels.
● Web Controllers -
ASWebAuthenticationSes
sion, Custom Tabs
The Evolution of OAuth 2.0 for Mobile Native Applications
System Browser Login
46. Unfortunately, “bulletproof” security in Client-side
Applications DOES NOT EXIST!!
Protect against common types of attacks
Reduce the overall attack surface
The RIGHT solution for you depends on your application
requirements, BUT always consider moving away from a
browser storage design to a Backend-For-Frontend (BFF).
one,.