2023 年 5 月 30 日（火） 〜 6 月 2 日（金）に米国ラスベガスにて開催される Identiverse 2023 に、Authlete 社はシルバースポンサーとして協賛いたします。
今年 14 回目となる Identiverse は、2,500 人以上のアイデンティティ・セキュリティの専門家が参加するカンファレンスです。4 日間にわたり、70 時間以上のコンテンツとネットワーキングの機会を提供します。
You often think service providers should build identity and API security infrastructure by themselves to have full control and flexibility so that it can fit into their business and technology stack. But it tends to be time consuming and costly due to lack of expertise to do so. Buying a heavy-weight solution is another considerable option, but it reluctantly leads dependency on the particular vendor of the solution, which may have redundant features and may not accommodate to customize in a cost-effective and timely manner.
In this session, we will discuss a third option to “buy and build” that can combine the best of both worlds and give you control by building from scratch, as well as minimize the time and resource by leveraging “Identity Components as a Service.
OAuth is a widely used authorization framework that enables third-party applications to access resources on behalf of a user. However, it has been historically difficult to meet very high security and interoperability requirements when using OAuth.
The presenters have worked much of the last five years to improve the state of OAuth and will discuss what’s happening in the field. There are challenges when trying to achieve high security and interoperability with OAuth 2: There are many potential threats, some of which were not part of the original OAuth threat model. Six years ago, the IETF OAuth working group started work on documenting security best practices document, most recently for OAuth 2.1. Meanwhile, the OpenID Foundation created FAPI1 and FAPI2 security profiles.
This presentation will help attendees understand best practices documents.We also will demonstrate how to achieve on-the-wire interoperability and security through the use of techniques like asymmetric client authentication and sender-constraining via DPoP and MTLS. Additionally, we’ll discus the benefits and potential disadvantages of each. We highlight the benefits for implementers and the role of conformance testing tools.
The open banking movement worldwide is now well over 5 years old. It has undoubtedly changed the world—exceeding expectations in some areas and, though many are reluctant to say it, fallen short in others. People around the world who have never heard the term “open banking” are finding that it has enabled new and better ways to go about their lives, some of which no one had predicted.
The presenters have worked on pretty much every aspect of open banking and will share a lighthearted retrospective on usage in different countries, attempting to answer the following questions: