Lean & Mean – Authorization for kick-ass APIs

Jonas Markström

So you’ve decided to go down the API path. You’re fitting your enterprise’s architecture with the best in REST services, micro services, and API gateways. You’ve convinced your management that opening up your most precious assets – your data – to the outside world will have considerable benefits. Just imagine: your partners, customers, and contractors will all be able to interact with your systems.

Now, of course, there is just this little nagging doubt in your head: did you code that service correctly? Are you positive only the right people have access to the relevant data? Did you thoroughly test that 10,000-line code that implements access control?
Of course you didn’t… Because you didn’t hard-code the authorization. You went for Attribute Based Access Control, the weapon of choice of API Ninjas. Right?

In this talk, we will cover the basics of externalizing authorization using ABAC and how it can be applied to your APIs:
– Secure API endpoints no matter the technology
– Control access to API functionality
– Control access to data: dynamic data masking
– Implement access control as centrally-managed policies
– Reuse the access control across other technologies in the stack.

Benefits include:
– Leaner APIs
– Slashed development time
– Faster time-to-market


The 2016 Platform Summit


October 26, 2016 14:00