Modeling web services using the HTTP API approach has become pretty much the standard approach. This also means that these APIs must be ready for all the security scenarios around identity and access control. These range from simple username/password and service to service communication, over enterprise integration to token based authentication and delegated authorization. In addition we also have to deal with different client types likes native desktop or mobile clients, browser clients and classic web applications. Dominick shows you how this all comes together.
After a 3-year long struggle, the IETF finally released the OAuth2 specification(s). While all the big players (like Google, Microsoft and Facebook) are already using it, more and more people want to follow. But there is big confusion about what OAuth2 really is, what its uses cases are and which problems it can actually solve. At the same time, also the security experts out there don’t really agree if OAuth2 is a complete failure, or not - or something in between. Dominick walks you through OAuth2, its use cases and pitfalls.