Many developers are well versed with domain based application development. However when it comes to security, there are very few who can ascertain to the credibility of their API and Identity assertion systems. This talk targets the uncertainty around the functioning and utility of tokens in an API security landscape. It addresses the basic needs of a token infrastructure and what would it take to build one. This talk aims to help developers embrace security and identity as part of their tool chain and remove the skepticism around building their own API security. The developers should be able to use this discussion as a launchpad for building their own API authentication systems. This is a unique talk as many companies closely guard the secret of how their token infrastructure functions.,Being the lead architect for eBay Identity and having hand crafted the infrastructure which powers eBay’s entire API stack authentication, Senthilkumar is driving the vision for Identity architecture for the next generation of services and uniquely poised to help developers with the talk to understand the nuances of API security and token infrastructure. He will be providing references to OAuth RFC specifications, OWASP threats and how it is addressed etc.
Experimental code to walk through for OAuth 2.0 description