6/21 | Backend App Protection w/ Adaptive AuthZ, OAuth Token Introspection & JWT | CIS 2017

Lukasz Radosz, Security Architect at Cloudentity.

Introduction of OAuth Token introspection endpoint allowed us to finally provide enhanced security for our resource servers and backend APIs. Capability to query the state of the token and verify it's meta data enables utilization of delegated authorization model in high security environments. In this presentation I would like to propose several ways of achieving even higher assurance level with addition of Adaptive Risk Based Authorization techniques in to OAuth Token Introspection endpoint. Presentation will include theoretical discussion as well as demonstration of example implementation.

• категория

  How-to & Style