Index
A
Access delegation problem
Access token
access_token parameter
Additional authentication data (AAD)
Advanced encryption standard (AES)
Alert protocol
alias argument
Amazon Web Services (AWS)
Apache Directory Server (LDAP)
connections
connecting Apache Tomcat
organizational unit structure, creation
test connection
Application programming interface (API)
Amazon
Big Data
Business models
database implementations
definition
Facebook
governments
healthcare industry
IBM Watson technology
IoT
Java RMI
JDBC
kernel
lifecycle
management platform
marshalling/unmarshalling technique
Netflix
Open Bank
ProgrammableWeb
reasons
Salesforce
SOAP
swagger
Uber
UDDI
Walgreens
wearable industry
Auditing
Authenticated Encryption with Associated Data (AEAD)
Authentication
biometric-based
brute-force attack
certificates and smart card–based
identity provider
Authorization
access control list
DAC
MAC
Authorization API
Authorization API token (AAT)
Authorization code grant type
authorize endpoint
callback URL
lifetime
token endpoint
Availability, security triad
B
Base64 encoding
Bearer tokens
Brokered authentication
client applications
OAuth authorization server
OAuth principles
Brokered delegation
Browser-less apps
C
Certificate authority (CA)
Chained access delegation
API
end user
JWT access token
OAuth 2.0 Token Delegation profile
OpenID Connect
Chain grant type profile
authorization server
resource server
scope parameter
Change Cipher Spec protocol
Claim gathering
authorization policies
claim_redirect_uri
claim_token parameter
HTTP redirect
RPT
client_assertion_type
Client credentials grant type
client_id
Code interception attack
Complete mediation principle
Computer Security Institute (CSI)
Content Encryption Key (CEK)
Cross-Site Request Forgery (CSRF)
OAuth 2.0
attacker
authorization code
callback URL
PKCE
state parameter
target web site
victim
victim’s browser
cURL command
D
Database management systems (DBMSs)
Data breaches
Data Encryption Standard (DES)
Delegated access control
identity provider
JWT
no credentials
OAuth 2.0 MAC tokens
resource STS
Denial of service (DoS)
Design challenges
defense in depth
insider attacks
performance
security by obscurity
user experience
weakest links
Design principles
Direct authentication, trusted subsystem
Directvs.
brokered delegation
Direct encryption
Direct key agreement
Discretionary Access Control (DAC)
Distributed denial of service (DDoS)
Docker in Action
docker run command
Document type definition (DTD)
Domain Name Service (DNS)
Dynamic client registration
E
Economy of mechanism principle
encryptedkey parameter
Export ciphers
Exported keying material (EKM)
eXtensible Access Control Markup Language (XACML)
F
Facebook
Fail-safe defaults principle
Federation
access token
authorization code
identity management systems
Financial-grade API (FAPI)
Flickr
Fraud-detection patterns
G
Galois/Counter Mode (GCM)
GitHub
Google AuthSub
Google Docs
grant_type parameter
G Suite
H
Handshake protocol
Alert protocol
Certificate Verify message
Change Cipher Spec protocol
Cipher suites
Client Hello message
Client Key Exchange
premaster key
Server Change Cipher Spec
Server Hello message
Harvard Business Review (HBR)
Hash-based Message Authentication Code (HMAC)
Hash collision attack (HashDoS)
HMAC-SHA256
JSON payload
non-JSON payload
HTTP basic authentication
GitHub API, accessing
vs.
HTTP digest authentication
1.0 specification
Recipe API
HTTP digest authentication
client key elements
MD5-sess
1.0 specification
Recipe API
RFC 2617
server key elements, RFC 2617
WWW-Authenticate challenge
HTTP Request-Line
Hypertext Transfer Protocol (HTTP)
Hypervisor
I
iCloud password
Identity delegation model
evolution
Flickr
Google AuthSub
Google client login
history
OAuth
protocols
SlideShare, pre-2006
Twitter, pre-2006
Yahoo! BBAuth
Identity provider mix-up
attack
authorization server
callback URLs
grant type
IdP options
IETF draft specification
redirection
TLS
Identity theft resource center
Implicit grant type
Indirect delegation
Infrastructure as a service (IaaS)
Integrated development environment (IDE)
Integrated Windows Authentication (IWA)
Integrity
Inter-app communication
HTTPS URI scheme
loopback interface
private URI scheme
Internet of Things (IoT)
Internet Protocol (IP)
J
Java Database Connectivity (JDBC)
Java KeyStore (JKS)
JavaScript object signing and encryption (JOSE)
claims set
specification
header
parameters
signature
working groups
JSON Web Encryption (JWE)
JSON Web Signature (JWS)
compact serialization
SeeJWS compact serialization
JWS JSON serialization
SeeJWS JSON serialization
JSON Web Signature, nonrepudiation
JSON Web Token (JWT)
aud parameter
authorization server
exp parameter
MAC
nbf parameter
token validation
JWE compact serialization
ciphertext
initialization vector
JOSE header
JWE Encrypted Key
process of encryption
JWE JSON serialization
authentication tag
ciphertext
encryption process
initialization vector
per-recipient unprotected header
protected header
unprotected header
JWEvs.
JWS
JWS compact serialization
JOSE header
JWS payload
JWS signature
process of signing
JWS JSON serialization
building ingredients
payload
protected header
signature
unprotected header
JWT client authentication
application
OAuth authorization server
parameters
RFC 7523
JWT grant type
applications
assertion
grant_type
identity provider
OAuth 2.0, grant types
RFC 7521
scope parameter
JWT Secured Authorization Request (JAR)
K
Keep it simple, stupid (KISS) principle
Kerckhoffs’ principle
Key agreement, key wrapping
Key encryption
Key generation
Key wrapping
L
Least common mechanism
Lightweight directory access protocol (LDAP)
Linux Security Modules (LSM)
M
MD5 algorithm
Message Authentication Code (MAC)
Message Authentication Code (MAC) Token Profile
Microservices
business capabilities
componentization
decentralized governance
design for failure
infrastructure automation
products
smart endpoints
Microsoft Active Directory (AD)
Mobile Single Sign-On (SSO), login
direct credentials
system browser
WebView
Multifactor authentication
Mutual Transport Layer Security (mTLS)
N
National Security Agency (NSA)
Nested JWT
Netflix API
Nginx
Nonrepudiation
O
OAuth 1.0
oauth signature
building signature
business API invocation
PLAINTEXT method
temporary-credential request phase
token credential request phase
three-leggesvs.
two-legged oauth
token dance
business API, invoking
resource-owner authorization phase
temporary-credential request endpoint
token-credential request phase
OAuth 1.0vs.
OAuth 2.0
OAuth 2.0
access delegation problem
actors role
client types
confidential clients
public clients
MAC Token Profile
access token
audience parameter
vs
. Bearer token
cURL command
grant types
HMAC-SHA1
HMAC-SHA256
parameter
protected API invocation
HTTP Request-Line
resource server, validation
response_type value
refresh token
WRAP
SeeWeb resource authorization profiles (WRAP)
OAuth 2.0 device authorization grant
authorization request
authorization server
draft proposal
expires_in parameter
grant_type parameter
login flow
OAuth 2.0 Grant Typesvs.
OAuth WRAP Profiles
OAuth 2.0 MAC Token Profilevs.
OAuth 2.0
OAuth 2.0, native mobile app
access token
authorization
Client Registration profile
identity provider
inter-app
SeeInter-app communication
login flow
PKCE
URL scheme
OAuth 2.0 refresh tokens
OAuth 2.0 token validation
OAuth bearer token
Open design principle
OpenID connect
Amazon
API security
directed identity
dynamic client registration
flow chart representation
identity provider metadata
ID token
attributes
JWE
JWS
JWT
overview
protocol flow
relying party
request attributes
user attributes
WebFinger protocol
identity provider
rel parameter
resource parameter
Open policy agent (OPA)
Open redirector
attack
attack, prevention
query parameter
redirect_uri
OpenSSL on Docker
Optimal asymmetric encryption padding (OAEP) method
P, Q
@PathVariable
Perfect forward secrecy (PFS)
Personal financial management (PFM) application
Phishing attack
domain name
Facebook
Google Docs
G Suite
PLAINTEXT oauth_signature_method
Principle of psychological acceptability
Principle of separation of privilege states
Principles of least privilege
Profiles
chain grant type
dynamic client registration profile
token introspection
SeeToken introspection profile
token revocation
Proof key for code exchange (PKCE)
authorization code
code_challenge
code_verifier
defined
login flow
Proof of possession
Protection API
Protection API token (PAT)
ProtectServe protocol
Public Key Cryptography Standards (PKCS)
Pushed Authorization Requests (PAR)
R
Recipe API
Reference token
Referred token binding
Refresh grant type
Refresh token
Requesting party token (RPT)
@RequestMapping
Resource owner
Resource owner password credentials grant type
Resource security token service (STS)
@RestController
RFC 2617
RFC 7523
Role of APIs
Netflix
SOA
vs.
service
RPT endpoint
RSA-OAEP and AES
JSON payload
non-JSON payload
RSA-SHA256, JSON payload
S
SAML grant type
brokered authentication
OAuth Introspection specification
out of band
POST message
trust broker
SAML 2.0 client authentication
client_assertion parameter
client_assertion_type
SAML assertion
SAML 2.0 identity provider
scope
Sec-Token-Binding
Secure Sockets Layer (SSL)
Security assertion markup language (SAML)
Security assertion markup language (SAML) 2.0
Security token service (STS)
OAuth 2.0 authorization
setting up
testing
Zuul API Gateway
Self-contained token
Service-oriented architecture (SOA)
SFSafariViewController
Simple Web Token (SWT)
Single-page application (SPA)
Single Sign-On
delegated access control
IWA
Spring-boot-starter-actuator dependency
Spring initializer
Spring tool suite (STS)
SYN ACK packet
T
TCP ACK packet
TLS termination
Token-based authentication
Token binding
key generation phase
message
negotiation phase
OAuth 2.0 Authorization code/access token
OAuth 2.0 refresh tokens
phases
proof of possession phase
TLS
Token Binding Protocol specification (RFC 8471)
Token Binding TLS extension
token_endpoint_auth_method
Token exchange
IETF working group
JSON response
parameters
Token introspection profile
HTTP authentication
JSON response
validation
Token leakage/export
Token reuse
access token
OAuth 2.0 client application
OpenID Connect
resource server
security checks
SPA
Token revocation profile
Transmission control protocol (TCP)
Transport Layer Security (TLS)
Apache Tomcat
deploying order API
directory
Handshake
SeeHandshake protocol
microservices development framework
mutual authentication
Netscape communications
online resources
protecting order API
role
securing order API
spring boot
TCP
HTTP
IP functions
layers
SYN ACK packet
TCP packet
working
application data transfer
layers
Trinity of trouble
extensibility
system design
TLS
Trusted master access delegation
access token
centralized Active Directory
SSO
web applications
XACML
Trusted platform module (TPM)
U
UMA 1.0
architecture
phases
authorization, getting
resources, accessing
resources, protecting
UMA 2.0, bank use case
cURL command
introspection
OpenID Connect
PFM
RPT
UMA authorization server
Uniform resource name (URN)
Universal 2nd Factor (U2F)
Universal description, discovery, and integration (UDDI)
Unmanaged API
User-Managed Access (UMA)
APIs
authorization
protection
Protection API
authorization server
OAuth
bank accounts
defined
Google Doc
ProtectServe protocol
authorization manager
consumer
flow
service provider
steps
roles
UMA 2.0 Grant
V
Validity argument
Virtual private cloud (VPC)
W
Web application description language (WADL)
Web application firewall (WAF)
Web resource authorization profiles (WRAP)
autonomous client profiles
Assertion profile
client account profile
Password profile
grant types
authorization code
client credentials
implicit code
resource owner
protected resource
token types
Bearer token profile
MAC token profile
user delegation profiles
Rich APP profile
username and password profile
Web APP profile
Web services description language (WSDL)
Web services interoperability (WS-I)
WebView
WS-Trust
X
XACML
XML signature
Y
Yahoo! Browser–Based Authentication (BBAuth)
Z
Zero-trust network pattern
Zuul API gateway
cURL client
enable TLS
JWT
OAuth 2.0 token validation
run
STS over TLS
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.