Monday, July 29, 2019
API ( Application Programming Interface) Theory part exam as a Assignment
API ( Application Programming Interface) Theory part exam as a coursework - Assignment Example The protocol achieves this by granting third-party application access to protected content without providing the application with credentials. Oath protocol differs with the Open ID which is a federated authentication protocol (A How-to Guide to OAuth & API Security n.d). The traditional approach in client-server authentication model required a request to access protected resource on the server by the client. Authentication provided to the server through the credentials from the resource owner enabled the third party access resources. In other words, the resource owner had to share its credentials with the third party and this created several problems and limitations such as; The credentials for the resource owner like username and password had to stored by the third party for future use by the third-party Security lapses in password storage required that servers support password authentication Resource owners lacked protection from third-party applications due to unlimited access of resources Resource owners have to change third-partyââ¬â¢s password since they cannot revoke an individual third-party. This means that all third-parties fall prey due to revocation of an individual Any compromise of third-party application leads to compromise of end-userââ¬â¢s username and password. This leads to unlimited and misuse of protected data by that password. This breach in security is addressed by OAuth through an authorization layer and defining the role of the resource owner and the client (third-party). According to this protocol, the third party does not use the resource ownerââ¬â¢s credentials to access protected resources from the server but uses an access token. The access token denotes specific scope, lifetime, and other access attributes offered to the third-party clients through an authorization server and with approval from resource owner. The access token is used by the third-party to access the protected resources hosted by resource server. The thi rd-party APIs have a restricted use to service provided by HTTP as well as managing a handshake between applications. OAuth is a full API access control tool and security solution with a focus on API management such as user management, auditing, throttling, and threat detection. b. Give an assessment of the core issues surrounding identity and APIs APIs apply security approaches through identity, authentication, and authorization. Identification entails encryption of the person making an API request while authorization focuses on validating permission granted to API request users. Authentication confirms the API request users. API key is used to establish identity but not authentication of end users. Through the API key, organizations like Google maps and Yahoo can track their users and keep service volume under control. Identity service operations for API applies three types of service extensions. These are; OpenStack Identity Service Extension, HP Identity Service Extensions, and Rackspace Identity Service Extensions. The three service extensions apply the following Identity Service Concepts; User User is a digital representation of an end user, system, or service that uses API services like OpenStack cloud services. The identity validates the request made by the user claiming to make the call. The end users are facilitated by a log in and tokens to access resources with the option of a tenant provision or tenant ownership. Credentials Credentials refer to validation of data by
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.