SXSW 2015: How API access control = monetization + freedom

1
SXSW 2015 How API access control monetization
freedom

• Control access to your APIs, and you can charge
  for them. Large companies see web access
  management system at scale as a competitive
  advantage and a way to lock in customers. Think
  about Google docs it only works if both parties
  have an account at Google.

2

• But the greatness of the Internet was not
  achieved by the offering of one domain. If each
  device and cloud service has proprietary security
  controls, people will have no way to effectively
  manage their personal digital infrastructure.
  Luckily, standards have emerged thanks to a
  simple but flexible JSON/REST framework called
  OAuth2, and the OpenID Connect and User
  Managed Access profiles of it.
•  
• This talk will provide a history of access
  management and a deep dive into the concepts,
  patterns, and tools to enable mobile and API
  developers to put new OAuth2 standards to use
  today. It will provide specific examples and
  workflows to bring OAuth2 to life to help
  organizations understand how they can hook into
  the API economy.
•  
• Questions
•  
• Not a specific solution to any one problem,
  OAuth2 provides a framework that application
  developers can use to solve a number of security
  challenges. Two important profiles of OAuth2 have
  emerged to solve the most basic security
  challengeshow to identify a person, and how to
  manage to which APIs a person should have
  access. Where do profiles of OAuth2, like OpenID
  Connect, and the User Managed ldap single sign
  on, and what existing open source tools exist to
  put them to work?

3

• How can standards for API security enable
  inter-operability, and level the playing field
  for start-ups.
•  
• Centralization of all fine grain security
  policies is impossible. What types of policies
  should be evaluated at the organizational level,
  and which policies should be evaluated in an API?
•  
• What crypto keys need to be maintained for trust
  between the organization and applications?
•  
• Who is behind OpenID Connect and UMA, and why
  will they get adoption in the market?
•  
• Article resource-http//www.blogster.com/thegluus
  erver/sxsw-2015-how-api-access-control-monetizatio
  n-freedom
•