Gluu Blog

Follow us:
Back to Blog

SXSW 2015: How API access control = monetization + freedom

Michael Schwartz August 12, 2014


Control access to your APIs, and you can charge for them. Large companies see API access management at scale as a competitive advantage and a way to lock in customers. Think about Google docs: it only works if both parties have an account at Google.

But the greatness of the Internet was not achieved by the offering of one domain. If each device and cloud service has proprietary security controls, people will have no way to effectively manage their personal digital infrastructure. Luckily, standards have emerged thanks to a simple but flexible JSON/REST framework called OAuth2, and the “OpenID Connect” and “User Managed Access” profiles of it.

This talk will provide a history of access management and a deep dive into the concepts, patterns, and tools to enable mobile and API developers to put new OAuth2 standards to use today. It will provide specific examples and workflows to bring OAuth2 to life to help organizations understand how they can hook into the API economy.


  • Not a specific solution to any one problem, OAuth2 provides a framework that application developers can use to solve a number of security challenges. Two important profiles of OAuth2 have emerged to solve the most basic security challenges–how to identify a person, and how to manage to which API’s a person should have access. Where do profiles of OAuth2, like OpenID Connect, and the User Managed Access (UMA) protocol fit in, and what existing open source tools exist to put them to work?
  • How can standards for API security enable inter-operability, and level the playing field for start-ups.
  • Centralization of all fine grain security policies is impossible. What types of policies should be evaluated at the organizational level, and which policies should be evaluated in an API?
  • What crypto keys need to be maintained for trust between the organization and applications?
  • Who is behind OpenID Connect and UMA, and why will they get adoption in the market?


Vote here


Be sure to subscibe to
our RSS Feed

Mike Schwartz

Mike has been an entrepreneur and identity specialist for more than two decades. He is the technical and business visionary behind Gluu. Mike is an application security expert and has been a featured speaker at RSA Conference, Gartner Catalyst, Cloud Identity Summity (now "Identiverse") and many other security conferences around the world.