ABAC, ReBAC, Zanzibar, ALFA… How and Why Should I Implement Authorization in My APIs?
Вставка
- Опубліковано 2 кві 2024
- A talk given by David Brossard from Axiomatics at the 2024 Austin API Summit in Austin, Texas.
So you’ve just built your cool new API and figured out the authentication part. You’re even using OAuth for access delegation, scopes, and claims. So, you’re good, right? Well what about fine-grained authorization? What about OWASP’s #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we’ll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.
Get the latest API insights straight to your inbox, subscribe to Nordic APIs newsletter: nordicapis.com/newsletter/ - Наука та технологія
