Modeling web services using the HTTP API approach has become pretty much the standard approach. This also means that these APIs must be ready for all the security scenarios around identity and access control. These range from simple username/password and service to service communication, over enterprise integration to token based authentication and delegated authorization. In addition we also have to deal with different client types likes native desktop or mobile clients, browser clients and classic web applications. Dominick shows you how this all comes together.