How does one go about securing APIs, microservices, and websites? One way to do this is by focusing on the identity — knowing who the caller is, and what the caller is allowed to do with your data. Too often, though, providers rely too heavily on user social identity, pairing it way too closely with the design of their APIs. Read more
The world is changing. What was once fought on battlefields with physical weapons is quickly transitioning online, with groups of individuals and even entire nations utilizing the internet to disrupt their enemies.
Just as with any conflict, there will be civilian casualties — whether it be civilian infrastructure or users weaponized as Distributed Denial of Service drones, the consequences of the coming virtual conflicts will be bad. Read more
We’re all accustomed to using usernames and passwords for hundreds of online accounts — but if not managed correctly, using passwords can become a major distraction, and a potential security vulnerability. The same is true in the API space. There’s nothing inherently wrong with usernames — you need those. Read more
In 2014, a working group reached consensus for v2.0 of SCIM — a simple yet powerful standard that more and more large digital organizations are beginning to adopt for cross-domain identity management. Just last month, the Internet took a leap forward in standardizing SCIM specifications, now officially published by the Internet Engineering Task Force as RFC7643 and RFC7644. Read more