Given the popularity of APIs and microservice-based application development, it is no surprise that API security is also a topic of great interest. Many events centered around API security are emerging, and API World is one such conference that caught my interest. This year, API World invited Jonas Iggbom and I to speak on OAuth – specifically on its limitations when addressing security concerns – and how other standards can strengthen authorization.
While OAuth is the most common API security standard in use, it is not a one-size-fits-all proposition. In our session, we will illustrate where OAuth limitations can be addressed by adding in the complementary functionality of the Attribute Based Access Control (ABAC) standard. ABAC, OAuth and OpenID Connect standards can work together in meeting the broadest range of security requirements when sensitive or regulated data is accessed via APIs, providing a more comprehensive security formula than when using OAuth alone.
We will also explore the details of how these standards integrate, describe benefits of the approach, and will provide a live demonstration. If you are attending API World, do stop by our session and say hello.
Pro Talk: “API Security: When OAuth is Not Enough”
Tuesday, September 11th @ 10:00am | Workshop Room 4
“API Security: When OAuth is Not Enough” is part of the Business of APIs: API Strategy agenda track.
Join us and 3,000+ executives, engineers, and entrepreneurs in Silicon Valley for the world’s largest vendor-neutral API conference and expo.