The “I” in API is for Identity:Nordic Tour Highlights Travis Spencer April 28, 2014 [Editor’s note: This is a part of a series of blog posts summarizing the proceedings from the recent Nordic Tour.] It was great to have Ping Identity with us again this year, and we were really pleased to have David Gorton join us on the Nordic Tour. His talk picked up where mine left off, and really drove home the importance of digital identity in any API security strategy. His talk included some of the following highlights: Identity management and user authentication is like providing keys to unlock your house, but still lets you control where in the house your guests can go. In the enterprise, you need to leverage federation and authentication protocols to let users access your APIs. Alongside this, you also need a robust auditing framework in order to show compliance with any industry regulations and to demonstrate adherence to security standards. Using existing identity management standards, allows increased adoption, reduced risk, interoperability, and flexibility. Current identity and authentication standards are centred around using SAML with OAuth 2, however, OpenID Connect is becoming an emerging standard that is gaining a foothold – it is the preferred choice of Google, Salesforce, and others and provides high levels of security, while also minimizing future administrative weight, such as through improved processes. You can watch his entire talk on YouTube. His slides are available in the Nordic APIS SlideShare stream. Thanks again to David and Ping Identity for joining us on the tour and for helping make the Nordics programmable!