API Security using Tokens in Ten steps
I have always yearned to share my knowledge and always on the look out to speak to external developers about my work at eBay and Identity/Security in general.
I spoke at multiple conferences this year — IndexConf, Silicon Valley Code Camp, API World and PRDC Deliver about API Security and how to “Build a strong token based API Security”
I have also written a detailed blog post on the same subject.
Quick Look
Many developers are well versed with domain based application development. However when it comes to security, there are very few who can ascertain to the credibility of their API and Identity assertion systems. This talk targets the uncertainty around the functioning and utility of tokens in an API security landscape. It addresses the basic needs of a token infrastructure and what would it take to build one. This talk aims to help developers embrace security and identity as part of their tool chain and remove the skepticism around building their own API security. The developers should be able to use this discussion as a launchpad for building their own API authentication systems. This is a unique talk as many companies closely guard the secret of how their token infrastructure functions. Being the lead architect for eBay Identity and having hand crafted the infrastructure which powers eBay’s entire API stack authentication, Senthilkumar is driving the vision for Identity architecture for the next generation of services and uniquely poised to help developers with the talk to understand the nuances of API security and token infrastructure. He will be providing references to OAuth RFC specifications, OWASP threats and how it is addressed etc.
Presentation
The slides used during the presentation is available at Speaker Deck
Some of the conferences were kind enough to record the presentations and make them available online.
Index Conference
Sample Code
Some of the sample code used for the demo in the presentation is available at github
Some of the twitter reactions and feedback has been really heart-warming.