Advanced API Security Securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE
Advanced API Security is a complete reference to the next wave of challenges in enterprise security--securing public and private APIs. API adoption in both consumer and enterprises has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world....
| Autor principal: | |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Berkeley, CA :
Apress
2014.
|
| Edición: | 1st ed. 2014. |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009629468706719 |
Tabla de Contenidos:
- ""Contents at a Glance""; ""Contents""; ""About the Author""; ""About the Technical Reviewer""; ""Acknowledgments""; ""Introduction""; ""Chapter 1: Managed APIs""; ""The API Evolution""; ""API vs. Managed API""; ""API vs. Service""; ""Discovering and Describing APIs""; ""Managed APIs in Practice""; ""Twitter API""; ""Salesforce API""; ""Summary""; ""Chapter 2: Security by Design""; ""Design Challenges""; ""User Comfort""; ""Performance""; ""Weakest Link""; ""Defense in Depth""; ""Insider Attacks""; ""Security by Obscurity""; ""Design Principles""; ""Least Privilege""; ""Fail-Safe Defaults""
- ""Economy of Mechanism""""Complete Mediation""; ""Open Design""; ""Separation of Privilege""; ""Least Common Mechanism""; ""Psychological Acceptability""; ""Confidentiality, Integrity, Availability (CIA)""; ""Confidentiality""; ""Integrity""; ""Availability""; ""Security Controls""; ""Authentication""; ""Something You Know""; ""Something You Have""; ""Something You Are""; ""Authorization""; ""Discretionary Access Control (DAC) vs. Mandatory Access Control (MAC)""; ""Nonrepudiation""; ""Auditing""; ""Security Patterns""; ""Direct Authentication Pattern""; ""Managing Credentials""
- ""Biometric Authentication""""Sealed Green Zone Pattern""; ""Least Common Mechanism Pattern""; ""Brokered Authentication Pattern""; ""Policy-Based Access Control Pattern""; ""Threat Modeling""; ""Summary""; ""Chapter 3: HTTP Basic/Digest Authentication""; ""HTTP Basic Authentication""; ""HTTP Digest Authentication""; ""Summary""; ""Chapter 4: Mutual Authentication with TLS""; ""Evolution of TLS""; ""How TLS Works""; ""TLS Handshake""; ""Application Data Transfer""; ""Summary""; ""Chapter 5: Identity Delegation""; ""Direct Delegation vs. Brokered Delegation""
- ""Evolution of Identity Delegation""""Google ClientLogin""; ""Google AuthSub""; ""Flickr Authentication API""; ""Yahoo! Browser-Based Authentication (BBAuth)""; ""Summary""; ""Chapter 6: OAuth 1.0""; ""The Token Dance""; ""Temporary-Credential Request Phase""; ""Resource-Owner Authorization Phase""; ""Token-Credential Request Phase""; ""Invoking a Secured Business API with OAuth 1.0""; ""Demystifying oauth_signature""; ""Three-Legged OAuth vs. Two-Legged OAuth""; ""OAuth WRAP""; ""Summary""; ""Chapter 7: OAuth 2.0""; ""OAuth WRAP""; ""Client Account and Password Profile""
- ""Assertion Profile""""Username and Password Profile""; ""Web App Profile""; ""Rich App Profile""; ""Accessing a WRAP-Protected API""; ""WRAP to OAuth 2.0""; ""OAuth 2.0 Grant Types""; ""Authorization Code Grant Type""; ""Implicit Grant Type""; ""Resource Owner Password Credentials Grant Type""; ""Client Credentials Grant Type""; ""OAuth 2.0 Token Types""; ""OAuth 2.0 Bearer Token Profile""; ""OAuth 2.0 Client Types""; ""OAuth 2.0 and Facebook""; ""OAuth 2.0 and LinkedIn""; ""OAuth 2.0 and Salesforce""; ""OAuth 2.0 and Google""; ""Authentication vs. Authorization""; ""Summary""
- ""Chapter 8: OAuth 2.0 MAC Token Profile""
