Although OAuth is not for authentication (the "auth" is for authorization),
it usually presupposes that an authentication event has taken place. In the
case of the Axway API Gateway, you can use the internal use store for this
authentication, or you can use a third-party repository like LDAP. If you
want to switch to LDAP, you can simply choose a different authentication
repository under "Validate credentials against this repository" in the OAuth
2.0 policies in Policy Studio as shown below:
If you want to add a new authentication repository, you can find these under
"Authentication Repositories" in Policy Studio, as shown below:
Note that other options include CA SiteMinder, Oracle Access Manager, IBM
Tivoli Access Manager, and others.
Security for Internet of Things is a hot topic. Just last week, our partner
IC-Consult gave a talk about how BMW uses Secure APIs as a business enabler
for the Connected Car. And tomorrow, I'm excited to be part of a Google
Hangout discussion with Dan Blum and Jonathan Rodriguez about Security for
Internet of Things.
Today it seems everything is either already networked, or will be soon.
Methods originally used to hook up office printers are now being applied to
cars, wearable devices, building sensors and security systems and ... you
name it. As more devices are added, we find o... (more)
Readers of this blog might be interested in this Systems Integration
Solution Designer Job Posting from Three UK, located in Maidenhead which just
outside of London.
Skills listed include: TIBCO ActiveMatrix, Axway API Gateway, and Enterprise
Java, as well as knowledge of SOAP, web & RESTful services.
I'm presenting a webinar today at 2pm Eastern / 11am Pacific on "Enforcing
HIPAA Policy on Cloud Services". Covering services such as SalesForce and
Amazon, but also something we see a lot at Axway now: Sharepoint as a hosted
Still time to register - here's the link:
Kin Lane, the API Evangelist, has produced a list of the Ten API Commandments
for Providers. It's a very good list, including privacy, security, and
documentation. I encourage everyone to read it and comment.
What about the corresponding list for API Consumers? Although I don't want to
compare myself to a biblical figure (or indeed to Kin Lane :) ), here is my
crack at a list of API commandments for consumers:
1. Protect your API Keys. API Keys are often issued to developers through an
API Portal to use in their apps. These API Key allow developers to access
apps. Sometimes the key... (more)