Beyond OAuth: Securing APIs with Policies & ABAC

Måns Håkansson gave his presentation on securing APIs with policies and Attribute Based Access Control (ABAC) at this year’s KuppingerCole Cyber Access Summit / Cybersecurity Leadership Summit in Berlin on November 14th, 2018.

Attribute Based Access Control (ABAC), OAuth 2.0 and OpenID Connect (OIDC) are complementary standards that can be used individually or in concert to offer comprehensive access control for applications that are built using microservices and API approaches.

Key takeaways:

  • API security basics
  • Avoiding bad security practices
  • Overcoming OAuth limitations
  • Managing authorization as a microservice

 

Other Resources

Webinars
The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
Webinars
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.
Webinars
Taking an identity-centric approach to a modern security architecture
Federal agencies invest heavily in protecting data from external threat actors, but the insider threat problem requires a new approach to access control. While protecting data is paramount, that requirement must be balanced with the need to share certain information across a variety of use case scenarios within and across agencies/departments.