Advanced API security : securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE /

Mostrar otras versiones (1)

This book will guide you you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. It will explain, in depth, securing APIs from traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it. This book will: provide a...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Siriwardena, Prabath (Autor)
Formato: Electrónico eBook
Idioma:Inglés
Publicado: [Berkeley, CA] : Apress, 2014.
Temas:
Application program interfaces (Computer software) > Security measures.
Computer security.
Interfaces de programmation d'applications > Sécurité > Mesures.
Sécurité informatique.
COMPUTERS > Security > General.
Computer security
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)

MARC

LEADER 00000cam a2200000Ii 4500
001 OR_ocn890133718
003 OCoLC
005 20231017213018.0
006 m o d
007 cr cnu|||unuuu
008 140908s2014 caua o 001 0 eng d
040 |a GW5XE  |b eng  |e rda  |e pn  |c GW5XE  |d YDXCP  |d COO  |d CAUOI  |d B24X7  |d OH1  |d IDEBK  |d E7B  |d EBLCP  |d UPM  |d UWO  |d OCLCF  |d OCLCQ  |d UMI  |d DEBBG  |d DEBSZ  |d Z5A  |d LIV  |d MERUC  |d ESU  |d OCLCQ  |d VT2  |d IOG  |d N$T  |d OCLCA  |d REB  |d VLB  |d CEF  |d DEHBZ  |d OCLCQ  |d INT  |d U3W  |d OCLCQ  |d WYU  |d YOU  |d OCLCQ  |d UAB  |d UKAHL  |d OCLCQ  |d DCT  |d ERF  |d OCLCQ  |d UK7LJ  |d ADU  |d AU@  |d OCLCO  |d OCLCQ  |d OCLCO 
019 |a 891398189  |a 892538670  |a 939555190  |a 1005784222  |a 1026428227  |a 1048144734  |a 1058375517  |a 1066416123  |a 1066422496  |a 1086467876  |a 1110954431  |a 1112522984  |a 1113431067  |a 1129352450  |a 1153053901 
020 |a 9781430268178  |q (electronic bk.) 
020 |a 1430268174  |q (electronic bk.) 
020 |z 1430268182 
020 |z 9781430268185 
024 7 |a 10.1007/978-1-4302-6817-8  |2 doi 
029 1 |a AU@  |b 000056013182 
029 1 |a CHNEW  |b 000890458 
029 1 |a CHVBK  |b 374491755 
029 1 |a DEBBG  |b BV042991256 
029 1 |a DEBBG  |b BV043617629 
029 1 |a DEBBG  |b BV043968934 
029 1 |a DEBSZ  |b 485794462 
029 1 |a GBVCP  |b 882753223 
029 1 |a AU@  |b 000067111192 
035 |a (OCoLC)890133718  |z (OCoLC)891398189  |z (OCoLC)892538670  |z (OCoLC)939555190  |z (OCoLC)1005784222  |z (OCoLC)1026428227  |z (OCoLC)1048144734  |z (OCoLC)1058375517  |z (OCoLC)1066416123  |z (OCoLC)1066422496  |z (OCoLC)1086467876  |z (OCoLC)1110954431  |z (OCoLC)1112522984  |z (OCoLC)1113431067  |z (OCoLC)1129352450  |z (OCoLC)1153053901 
037 |b Springer 
050 4 |a QA76.76.A63 
072 7 |a COM  |x 053000  |2 bisacsh 
072 7 |a UY  |2 bicssc 
082 0 4 |a 005.1  |2 23 
049 |a UAMI 
100 1 |a Siriwardena, Prabath,  |e author. 
245 1 0 |a Advanced API security :  |b securing APIs with OAuth 2.0, OpenID Connect, JWS, and JWE /  |c Prabath Siriwardena. 
264 1 |a [Berkeley, CA] :  |b Apress,  |c 2014. 
264 2 |a New York, NY :  |b Distributed to the Book trade worldwide by Springer,  |c [2014] 
264 4 |c ©2014 
300 |a 1 online resource (xiv, 233 pages) :  |b illustrations 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
347 |a text file  |b PDF  |2 rda 
588 0 |a Online resource; title from PDF title page (EBSCO, viewed November 30, 2017). 
500 |a Includes index. 
520 |a This book will guide you you through the maze of options and shares industry leading best practices in designing APIs for rock-solid security. It will explain, in depth, securing APIs from traditional HTTP Basic Authentication to OAuth 2.0 and the standards built around it. This book will: provide an in depth tutorial of most widely adopted security standards for API security; teach you how to compare and contrast different security standards/protocols to find out what suits your business needs the best; show you how to expand business APIs to partners and outsiders with Identity Federation; get hands-on experience in developing clients against Facebook, Twitter, and Salesforce APIs, as well as give you an understanding of mitigation security threats. --  |c Edited summary from book. 
505 0 0 |g Machine generated contents note:  |t API Evolution --  |t API vs. Managed API --  |t API vs. Service --  |t Discovering and Describing APIs --  |t Managed APIs in Practice --  |t Twitter API --  |t Salesforce API --  |t Summary --  |t Design Challenges --  |t User Comfort --  |t Design Principles --  |t Least Privilege --  |t Fail-Safe Defaults --  |t Economy of Mechanism --  |t Complete Mediation --  |t Open Design --  |t Separation of Privilege --  |t Least Common Mechanism --  |t Psychological Acceptability --  |t Confidentiality, Integrity, Availability (CIA) --  |t Confidentiality --  |t Integrity --  |t Availability --  |t Security Controls --  |t Authentication --  |t Authorization --  |t Nonrepudiation --  |t Auditing --  |t Security Patterns --  |t Direct Authentication Pattern --  |t Sealed Green Zone Pattern --  |t Least Common Mechanism Pattern --  |t Brokered Authentication Pattern --  |t Policy-Based Access Control Pattern --  |t Threat Modeling --  |t Summary --  |t HTTP Basic Authentication --  |t HTTP Digest Authentication --  |t Summary --  |t Evolution of TLS --  |t How TLS Works --  |t TLS Handshake --  |t Application Data Transfer --  |t Summary --  |t Direct Delegation vs. Brokered Delegation --  |t Evolution of Identity Delegation --  |t Google ClientLogin --  |t Google AuthSub --  |t Flickr Authentication API --  |t Yahoo! Browser-Based Authentication (BBAuth) --  |t Summary --  |t Token Dance --  |t Temporary-Credential Request Phase --  |t Resource-Owner Authorization Phase --  |t Token-Credential Request Phase --  |t Invoking a Secured Business API with OAuth 1.0 --  |t Demystifying oauth_signature --  |t Three-Legged OAuth vs. Two-Legged OAuth --  |t OAuth WRAP --  |t Summary --  |t OAuth WRAP --  |t Client Account and Password Profile --  |t Assertion Profile4 --  |t Username and Password Profile --  |t Web App Profile --  |t Rich App Profile --  |t Accessing a WRAP-Protected API --  |t WRAP to OAuth 2.0 --  |t OAuth 2.0 Grant Types --  |t Authorization Code Grant Type --  |t Implicit Grant Type --  |t Resource Owner Password Credentials Grant Type --  |t Client Credentials Grant Type --  |t OAuth 2.0 Token Types --  |t OAuth 2.0 Bearer Token Profile --  |t OAuth 2.0 Client Types --  |t OAuth 2.0 and Facebook --  |t OAuth 2.0 and LinkedIn --  |t OAuth 2.0 and Salesforce --  |t OAuth 2.0 and Google --  |t Authentication vs. Authorization --  |t Summary --  |t Bearer Token vs. MAC Token --  |t Obtaining a MAC Token --  |t Invoking an API Protected with the OAuth 2.0 MAC Token Profile --  |t Calculating the MAC --  |t MAC Validation by the Resource Server --  |t OAuth Grant Types and the MAC Token Profile --  |t OAuth 1.0 vs. OAuth 2.0 MAC Token Profile --  |t Summary --  |t Token Introspection Profile --  |t XACML and OAuth Token Introspection --  |t Chain Grant Type Profile --  |t Dynamic Client Registration Profile --  |t Token Revocation Profile --  |t Summary --  |t ProtectServe --  |t UMA and OAuth --  |t UMA Architecture --  |t UMA Phases --  |t UMA Phase 1: Protecting a Resource --  |t UMA Phase 2: Getting Authorization --  |t UMA Phase 3: Accessing the Protected Resource --  |t UMA APIs --  |t Protection API --  |t Authorization API --  |t Role of UMA in API Security --  |t Summary --  |t Enabling Federation --  |t Brokered Authentication --  |t SAML 2.0 Profile for OAuth: Client Authentication --  |t SAML 2.0 Profile for OAuth: Grant Type --  |t JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants --  |t Summary --  |t Brief History of OpenID Connect --  |t Understanding OpenID Connect --  |t Anatomy of the ID Token --  |t OpenID Connect Request --  |t Requesting User Attributes --  |t Grant Types for OpenID Connect --  |t Requesting Custom User Attributes --  |t OpenID Connect Discovery --  |t OpenID Connect Identity Provider Metadata --  |t OpenID Connect Dynamic Client Registration --  |t OpenID Connect for Securing APIs --  |t Summary --  |t JSON Web Token --  |t JOSE Working Group --  |t JSON Web Signature --  |t Signature Algorithms --  |t Serialization --  |t JSON Web Encryption --  |t Content Encryption vs. Key Wrapping --  |t Serialization --  |t Summary --  |t Direct Authentication with the Trusted Subsystem Pattern --  |t Single Sign-On with the Delegated Access Control Pattern --  |t Single Sign-On with the Integrated Windows Authentication Pattern --  |t Identity Proxy with the Delegated Access Control Pattern --  |t Delegated Access Control with the JSON Web Token Pattern --  |t Nonrepudiation with the JSON Web Signature Pattern --  |t Chained Access Delegation Pattern --  |t Trusted Master Access Delegation Pattern --  |t Resource Security Token Service (STS) with the Delegated Access Control Pattern --  |t Delegated Access Control with the Hidden Credentials Pattern --  |t Summary. 
546 |a English. 
590 |a O'Reilly  |b O'Reilly Online Learning: Academic/Public Library Edition 
650 0 |a Application program interfaces (Computer software)  |x Security measures. 
650 0 |a Computer security. 
650 6 |a Interfaces de programmation d'applications  |x Sécurité  |x Mesures. 
650 6 |a Sécurité informatique. 
650 7 |a COMPUTERS  |x Security  |x General.  |2 bisacsh 
650 7 |a Computer security  |2 fast 
776 0 8 |i Printed edition:  |z 9781430268185 
856 4 0 |u https://learning.oreilly.com/library/view/~/9781430268178/?ar  |z Texto completo (Requiere registro previo con correo institucional) 
938 |a Askews and Holts Library Services  |b ASKH  |n AH29395655 
938 |a Books 24x7  |b B247  |n bks00070706 
938 |a EBL - Ebook Library  |b EBLB  |n EBL1964732 
938 |a ebrary  |b EBRY  |n ebr10924345 
938 |a EBSCOhost  |b EBSC  |n 1173963 
938 |a ProQuest MyiLibrary Digital eBook Collection  |b IDEB  |n cis29747875 
938 |a YBP Library Services  |b YANK  |n 12058405 
994 |a 92  |b IZTAP 

Ejemplares similares