API Security using Tokens in Ten steps
I have always yearned to share my knowledge and always on the look out to speak to external developers about my work at eBay and Identity/Security in general.
I have also written a detailed blog post on the same subject.
Building an API Token system from scratch
With the recent trend in microservices and service based architecture, APIs have taken a front seat for attacks of…
Many developers are well versed with domain based application development. However when it comes to security, there are very few who can ascertain to the credibility of their API and Identity assertion systems. This talk targets the uncertainty around the functioning and utility of tokens in an API security landscape. It addresses the basic needs of a token infrastructure and what would it take to build one. This talk aims to help developers embrace security and identity as part of their tool chain and remove the skepticism around building their own API security. The developers should be able to use this discussion as a launchpad for building their own API authentication systems. This is a unique talk as many companies closely guard the secret of how their token infrastructure functions. Being the lead architect for eBay Identity and having hand crafted the infrastructure which powers eBay’s entire API stack authentication, Senthilkumar is driving the vision for Identity architecture for the next generation of services and uniquely poised to help developers with the talk to understand the nuances of API security and token infrastructure. He will be providing references to OAuth RFC specifications, OWASP threats and how it is addressed etc.
The slides used during the presentation is available at Speaker Deck
Some of the conferences were kind enough to record the presentations and make them available online.
Some of the sample code used for the demo in the presentation is available at github
App Engine Getting Started with Java runtime. Contribute to sengopal/ebay-oauth-sample development by creating an…
Some of the twitter reactions and feedback has been really heart-warming.