Thursday, May 16, 2019
API ( Application Programming Interface) Theory part exam as a Assignment
API ( Application Programming Interface) Theory part exam as a coursework - Assignment ExampleThe protocol achieves this by granting tercet- fellowship masking access to protected content without providing the application with credentials. Oath protocol differs with the Open ID which is a federated authentication protocol (A How-to Guide to OAuth & API Security n.d). The handed-down approach in client-server authentication model required a request to access protected option on the server by the client. Authentication provided to the server through the credentials from the pick owner enabled the third base party access resources. In other words, the resource owner had to share its credentials with the third party and this created several problems and limitations such as The credentials for the resource owner like substance abusername and password had to stored by the third party for future use by the third-party Security lapses in password storage required that servers fight do wn password authentication Resource owners lacked protection from third-party applications due to unlimited access of resources Resource owners have to turn third-partys password since they basenot revoke an individual third-party. This means that all third-parties fall prey due to annulment of an individual Any compromise of third-party application leads to compromise of hold on-users username and password. This leads to unlimited and misuse of protected selective information by that password. This breach in security is addressed by OAuth through an authorization layer and delimitate the role of the resource owner and the client (third-party). According to this protocol, the third party does not use the resource owners credentials to access protected resources from the server but uses an access typeish. The access token denotes specific scope, lifetime, and other access attributes offered to the third-party clients through an authorization server and with approval from resour ce owner. The access token is utilise by the third-party to access the protected resources hosted by resource server. The third-party genus Apis have a limit use to help provided by HTTP as well as managing a handshake between applications. OAuth is a full API access control tool and security solution with a focus on API oversight such as user management, auditing, throttling, and threat detection. b. Give an assessment of the core issues surrounding identity and APIs APIs apply security approaches through identity, authentication, and authorization. Identification entails encryption of the person making an API request go authorization focuses on validating permission granted to API request users. Authentication confirms the API request users. API key is used to establish identity but not authentication of end users. Through the API key, organizations like Google maps and Yahoo can track their users and keep assistant volume under control. Identity service operations for API a pplies three types of service extensions. These are OpenStack Identity Service Extension, HP Identity Service Extensions, and Rackspace Identity Service Extensions. The three service extensions apply the following Identity Service Concepts User User is a digital representation of an end user, system, or service that uses API services like OpenStack cloud services. The identity validates the request made by the user claiming to make the call. The end users are facilitated by a log in and tokens to access resources with the option of a tenant provision or tenant ownership. Credentials Credentials refer to validation of data by
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.