High-Level API Security with Keycloak - FAPI Implementation and Conformance

Explore high-level API security using Keycloak in this sponsored session presented by Yuichi Nakamura from Hitachi, Ltd. Delve into the world of OAuth 2.0, the de-facto standard for securing APIs, and learn about its potential vulnerabilities when implemented incorrectly. Discover Financial Grade-API (FAPI), a robust security profile of OAuth 2.0 designed for APIs requiring enhanced protection, and its widespread adoption by banks globally. Gain insights into Keycloak, an open-source Identity and Access Management (IAM) server, and its implementation of high-level security features to meet FAPI requirements. Examine the ongoing efforts to maintain conformance with FAPI specifications and understand the importance of client policies, security profiles, and conformance tests in ensuring API security. This comprehensive presentation covers key topics such as API authorization, security enhancements, access tokens, and the role of the community in maintaining robust API security standards.

Introduction
Agenda
What is API
Authorization
Happy
Happy Overview
API Requirements
API Security
Security Enhancement
Access Token
Conformance Test
API Security Profile
Summary
Introduction of Client Policies
Security Profiles
Conformance Tests
Community