Your browser knows a trick to prevent hackers from accessing your api’s using your session: the same-origin policy. It makes sure your api's can't be accessed by malicious websites. Let's say you're logged in on facebook.com and open another tab in your browser and access myhackedsite.com. Your browser shares sessions between tabs, so without the same-origin policy, myhackedsite.com could access all the api's from your facebook account using your session. Thank you same-origin policy for not letting myhackedsite.com post all kinds of things on my facebook account.
The European Identity & Cloud Conference 2017, taking place May 9 – 12, 2017 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany, is Europe’s leading event for Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), as well as Cloud Security.
Ever struggled to provide end-to-end security from your backend API's to your mobile apps? How to make them OAuth 2.0 compliant? Maybe you use an API Gateway like CA API Gateway or Apigee’s API Gateway or Akana. You may have noticed their primary focus isn't mobile. Maybe you don't have an API Gateway, but you have REST API’s that you partially want to open up to your customers. Your backend developers would like to reuse existing security protocols like basic auth while your app developers just want to focus on the functionality in the app.
I’ll explain in this blog how Onegini helps you solve this issue, so you can start opening up your backend to mobile users in weeks. And now with the Security Proxy 2.0 release, it will even go faster, because your API architecture can remain as is. But first, let's take a step back and see how the Security Proxy 1.0 worked.
Security Proxy 1.0, an introduction
feel free to skip if you are already familiar with our solution
The Onegini MSP takes care of OAuth 2.0 token management between mobile device and server through native mobile SDK's. The solution manages authentication through biometrics or PIN after which an backend API can be requested. A high level picture of this process is shown below (see our docs for a full component overview).
With just a few more weeks to go the preparations for the Mobile World Congress are in full effect. Denis, Jeroen, Vincent and Bas are gearing up for this action packed event and meetings have been scheduled. New demo's are being fine-tuned and tested, the team has started working out for the miles of walking and the hours of talking, comfortable and sensible shoes are Googled so all in all we feel confident we will have a successful MWC.
January 16, 2017, Woerden, The Netherlands Incentro and Onegini have announced they will be collaborating to provide their customers with a safer and smarter user experience for end users. The ‘My-Domain’ environment is being developed by Mendix and Xamarin application development with a Onegini log-in. Companies can therefore conveniently offer their customers flexibility and secure log-in capabilities.
Amazing, just before years end we received word that we are one of the 30 Coolest Tech companies in The Netherlands by theMETISfiles. We have been working tirelessly to create a product that benefits consumers, offering them a frictionless experience. But as with a lot of software tech products it is not tangible and thus hard to explain to people. We are very proud to be named a Cool Tech company!
CIOReview is a technology magazine that talks about the enterprise solutions that can redefine the business goals of enterprises tomorrow. It is the leading source that shares innovative enterprise solutions developed by established solution providers, upcoming hot enterprises and is a neutral source for technology decision makers.
Apigee a Google Cloud Platform company and Onegini will cover the security on API level and on mobile level to help you understand what to look for when opening up your data to the outside world and achieve real end-to-end security.
On November 24th we held our first client advisory board meeting. With a select group of customers we have discussed our roadmap and other relevant topics for the coming years. It was held at the exclusive Rembrandt Tower Boardroom with catering from Michelin star restaurant De Nederlanden.