Global ‘Scope’ Enabling Zero Trust API Security

Himanshu Kumar Himanshu Kumar
T-Mobile USA

OAuth ‘scope’ has typically been a less used mechanism in achieving API Security. This has been primarily due to complexities involved in assigning Identity (what a given scope string mean) and managing it in a practical manner.

In this session we discuss practical design approach on how to assign scope that has global uniqueness in a decentralized multi domain API development environment – where teams develop APIs and swagger independently. Ideas on how to include compactly in token or alternate ways to make it available. Managing cascading scopes (based on API dependency on other APIs). How we can use the scope in all API layers (API Gateway and Micro Services components) to achieve zero trust security for API endpoints.


Austin API Summit 2020


May 6, 2020 11:00


Lone Star Ballroom E