platform security that will last for decades (travis spencer)
TRANSCRIPT
Platform Security that will Last for DecadesBuilding a secure future on a solid foundation
By Travis SpencerCEO, Twobo Technologies
Copyright © 2016 Twobo Technologies AB. All rights reserved
Copyright © 2013 Twobo Technologies AB. All rights reserved
Agenda
Glimpse into the crystal ball #1 impediment is identity Building on open standards Lasting API security architecture Impact of IoT
• Driver-less cards• More drones• Devices to heal & drug• Space tourism • 3D printing• Electronic voting• Crypto currencies
• Companies and industries will have disappeared
• Jobs lost & reinvented• Education system
reworked• Political & religious
changes
The World in 2030
@travisspencer / @2botechCopyright © 2016 Twobo Technologies AB. All rights reserved
Predictions are wild but count on more devices!
Copyright © 2016 Twobo Technologies AB. All rights reserved
We must know who we’re interacting with
Simple for people; hard for computers
Identity is Fundamental
Cloud & Fog
Social
Devices Big Data
Identity
@travisspencer / @2botechCopyright © 2016 Twobo Technologies AB. All rights reserved
The Neo-security Stack
JSON Identity Suite
OpenID Connect
SCIM
OAuth 2
ALFA
Provisioning
Identities
Federation
Delegated AccessAuthorization
Copyright © 2016 Twobo Technologies AB. All rights reserved
U2F & Web CryptoAuthentication
@travisspencer / @2botech
Build upon Proven Standards
API Management
System
Identity Management
System
Entitlement Management
System U2F &
Web Crypto
JSON Identity
SuiteOpenID
Connect OAuth ALFASCIM
Copyright © 2016 Twobo Technologies AB. All rights reserved @travisspencer / @2botech
Identity Management System answers the question,
“Who are you?”Copyright © 2016 Twobo Technologies AB. All rights reserved
OpenID Connect
SCIM
OAuth
Identity Management System
Security Token Service
Federation Service
User Management Service
Authentication Service
Copyright © 2016 Twobo Technologies AB. All rights reserved @travisspencer / @2botech
API Management System ensures you’re allowed to access
data
Copyright © 2016 Twobo Technologies AB. All rights reserved
OAuth
API Management System
API Integration Service
APIs & Web
Services
API Security Service
Copyright © 2016 Twobo Technologies AB. All rights reserved @travisspencer / @2botech
Architecturally Ready for Change
These two questions are fundamental Standards will evolve Products will change
Copyright © 2016 Twobo Technologies AB. All rights reserved @travisspencer / @2botech
Platform will be extended but not replaced
Internet-based Communication
Identity Management
System
Internet
Copyright © 2016 Twobo Technologies AB. All rights reserved @travisspencer / @2botech
HTTP 1.1 & 2
OAuth
JWT
IoT-based Communication
Identity Management
System
IoT
Copyright © 2016 Twobo Technologies AB. All rights reserved @travisspencer / @2botech
CoAP or HTTP 2
OAuth
CWT
Next Steps
Apply this architecture Identity the gaps Impact of platform on DBs & APIs
Pilot & deploy implementations Go live with HTTP 2 Research
Concise Binary Object Representation (CBOR) CBOR Web Tokens (CWT)
Copyright © 2014 Twobo Technologies AB. All rights reserved
Additional Resources
nordicapis.com/api-insights/security/ Videos
bit.ly/oauth-in-depth bit.ly/micro-services-security bit.ly/building-secure-api-video
OAuth whitepaper @ 2BO booth
Copyright © 2015 Twobo Technologies AB. All rights reserved
Summary
Future will be amazing, but identity will obstruct it Overcome & prepare by building on open standards Assemble into a future-proof API security platform
Copyright © 2016 Twobo Technologies AB. All rights reserved
Copyright © 2016 Twobo Technologies AB. All rights reserved