Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Introduction to “Authlete”Your OAuth/OIDC Servers. Simpler Yet More Secure.
Authlete, Inc.
OAuth and OIDC are the Foundation for Open APIs
Credit cards
Stocks and pension
accounts
Account Information
Money Transfer
Credit Information
Managing multiple accounts
Money transfer using apps
Third Parties(e.g. Fintechs)
API Providers(e.g. Banks)
Users
Authorized access
by users
App XYZ
- Better CX
- New consumer
behavior
API Access
AuthorizationWho grants what API access to
which third party clients
OAuth 2.0
OIDC (OpenID
Connect)
• Service providers can’t follow the
standardization process
– A lot of new extensions and practices
are being created
• Poor API access authorization could
lead to security incidents
– Customers of the providers could
become victims
Difficulties in Adopting OAuth/OIDC Standards
Source: https://tools.ietf.org/wg/oauth/, https://openid.net/wg/fapi/
IDaaS“No deployment needed”
Offering limited general-purpose
features
IAM Software“Flexible customization”
Conflict with existing IdM / user
authN
API Gateways“Tightly integrated”
Lack of focus on API authZcapabilities
Problems in Traditional API Authorization Approaches
Difficult to optimize IDaaS for
your APIs and business
Non-negligible cost to migrate
the existing assets
Slow to support up-to-date API
security stds such as FAPI, eKYC
“Semi-hosted” Architecture
Providing All Features as APIs
The Leader in Supporting the
Latest OAuth/OIDC Standards
Authlete: A New Approach of “API Authorization Engine”
Authlete Fits in Any Form of Existing SystemsExposing Web APIs for OAuth/OIDC Processing and Token Management
API Infrastructure
Existing Systems
Authorization Server
Authorization
Decision Logic
User
Authentication
Consent
Management
Privilege
Management
Authlete
Au
tho
riza
tio
n
Back
en
d A
PIs
Tokens and
Config DB
Authorization and Token
Requests
API Requests
OAuth/OIDC Processing Requests
Externalizing Cumbersome
OAuth/OIDC Processing and
Token Management
Authorization Status
Check
Externalizing Access
Token Verification
Authorization
Frontend
API Servers / Gateways
/data /function /transaction /…
API Clients
Websites
Mobile
Devices
Networked
Devices
A Broad Range of Use CasesFrom Banks to Entertainments
Grand Prize IBM AwardGrand Prize
Minna No Ginko (TBD) *
Banking
Fintech
Personal Data Bank
Integrated Solution
IoT HR Entertainment
* In evaluation
Awards
SmartHROne of the Largest HR Management SaaS in Japan Has Been Utilizing Authlete For Years
“Quite a rich set of Web
APIs”
“High maintenance ability
for anyone from anywhere”
“Continuous adoption of
the latest standards is
trustworthy”Source: https://speakerdeck.com/mserizawa/smarthr-niokeru-authlete-falsehuo-yong