02-28, 11:00–11:30 (UTC), Main Room
A real-world view of the existing patterns used for large scale API security setups using OAuth. Covering gateway patterns, inter-API communication patterns as well as integrations with entitlement management systems (ABAC/PBAC).
We have been deploying API security patterns over the past 13 years. These OAuth based patterns utilize token structures and formats to build secure token based architectures. With the emergence of workload identities it is important to understand and utilize the power that OAuth already provides.
This presentation will walk through the phantom token pattern, the split token pattern for CDN based systems, token propagation techniques in the API network, and commonly used integration techniques for how OAuth integrates with PBAC/ABAC systems in larger scale entitlement management systems.
The goal of this presentation is to make sure that future standards build on and consider existing techniques that may prove to solve problems existing already today.
Jacob Ideskog is an Identity Specialist and CTO at Curity. Most of his time is spent working with security solutions in the API-, Mobile and Web space. He has worked with both designing and implementing OAuth and OpenID Connect solutions for large enterprise deployments as well as small startup