Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Apidays Paris 2023 - Securing Microservice-base...

apidays
December 18, 2023

Apidays Paris 2023 - Securing Microservice-based APIs, Michal Trojanowski, Curity

Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies
December 6, 7 & 8, 2023

Securing Microservice-based APIs
Michal Trojanowski, Product Marketing Engineer at Curity

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays

December 18, 2023
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. - Identity Chaining across Trust Domains (https://datatracker.ietf.org/doc/draft-schwenkschuster-oauth-i dentity-chaining/) - Multi-token

    Container Data Structure (https://datatracker.ietf.org/doc/draft-richer-wimse-token-cont ainer/) Proposed Standards
  2. Key Takeaways • Merely implementing OAuth and using access tokens

    might not be a sufficient security measure for large APIs. • Remember that access tokens are not related to user sessions. • Limit the capabilities of a token: • use claims-based authorization • implement proper token sharing techniques