On September 24 – 26 Curity will attend the API Conference in Berlin, which we are proud sponsors of. During the conference you will be able to meet us in person at our booth and discuss API Security related questions.
On Tuesday September 25th (14:30 - 15:30) our CEO, Travis Spencer will give a deep dive talk about OAuth and OpenID Connect in Room: Saal A+B.
On October 22nd, Curity will be hosting two workshops at Nordic APIs 2018 Platform Summit. Later on October 23rd – 24th we will have three speakers from Curity presenting on different API security topics.
Curity will host one introductory workshop about OAuth and OpenID Connect where we in short will talk about: OAuth flows and Actors, OpenID Connect, Token Formats, Token handling, and Securing an API. We will also in parallel host another workshop on Advanced OAuth and OpenID Connect, where we will go through some of the more intricate aspects of the code and implicit flow, the hybrid flow, form response more, Proof Key for Code Exchange (PKCE or “pixie”), Proof-of-Possession / Holder of Key and much, much more. Attendees for the 2nd workshop are expected to have used or implemented these protocol before or to at least have attended a previous OAuth workshop.
More info and tickets for the introductory workshop are available here, and for the advanced workshop here. Info and registration for the main event on October 23rd – 24th can be found here.
Come and meet us next week at the API:World, the world’s largest API conference next week in San Jose, CA between September 10 and 12. Travis Spencer, CEO of Curity, will give a session on Advanced OAuth. Come and and discuss your API security challenges with us at booth #316.
On August 22nd, Curity will host a new Java Meetup together with Oracle, at their office on Söder Mälarstrand 29 in Stockholm.
The event is free but registration via meetup.com is required. We will serve light dinner and drinks from 5:30 pm, and later we will have three speakers presenting. Firstly, Matthew Gillard, Java and Clojure Programmer at Oracle, will talk about "Java and Serverless – A Match Made In Heaven". Matthew will share some ideas about why Java has not caught on so much with serverless fans and what the future holds. Claes Redestad, JVM Performance Engineer at Oracle will then continue on the same topic. Lastly, Renato Athaydes, Software Developer at Curity, will talk about "Running Java As A Native Application with GraalVM". Renato will talk about what GraalVM is, what is can be used for, and the new exciting possibilities it brings to the Java world.
This is our most featureful, documented, and performant release ever! 3.0 marks a tremendous step forward in terms of capabilities, standard-compliance, user experience, and functionality. One of the most exciting new features is support for authentication actions. These are additional steps that can be configured to run after a user logs in. They enable not only actions that were previously available, like account linking, but many new possibilities. They allow authentication to be completed only after the user takes some additional step, for example, accept new terms or register a new account. They can also be configured to run after SSO instead of login. The admin UI has been updated to allow these workflows to be configured in an intuitive manner using drag and drop visual elements. New actions can also be built using the SDK. Using authentication actions, account linking has been revamped, making it much simpler to configure. Additionally, new security measures, guides, and best practices are in place around linked accounts to ensure that it is used correctly.
Curity will be joining Nordic APIs event The Austin API Summit in Austin, Texas, on June 11-13th.
On June 11th Curity will host a half-day workshop “OAuth and OpenID Connect in Practice” in Austin. We will discuss why things are designed the way they are, how they should be deployed in a scalable fashion, and what it means to build an entire platform that uses these standards.
On the first day of the main event, June 12th, our CEO Travis Spencer will host an introductory session on OAuth and OpenID Connect where he will “cram as much about these two protocols as will fit into 20 minutes”. And on the second day of the conference Daniel Lindau, Solution Architect at Curity, will give a keynote talk on OAuth Assisted Token Flow for Single Page Applications. In this session, Daniel will show how OAuth can be integrated into Single Page Applications (SPAs) using the assisted token flow – a new OAuth message exchange pattern introduced at IETF 101.
Curity and Verisec, the company behind the mobile e-ID service Freja eID, enters into a technical partnership.
The Curity Identity Server makes it easier for companies and organizations with different databases, APIs and existing applications to make use of and integrate log in methods such as Freja eID. In turn, Freja eID and the service’s countrywide network for ID verification simplifies for organizations with thousands of users and complex services to make use of a secure login method. Additionally, end-users and organizations are free from the burden of forgotten passwords and all that it entails.
You may have heard about the new General Data Protection Regulation ("GDPR"), that comes into effect May 25, 2018. Our aim is to be as transparent as possible regarding how and why we process your personal data, and as such we have updated our Privacy Policy.
On April 11th – 13th Curity will be exhibiting at the API Conference which will be held at Business Design Centre in London. The CEO of Curity, Travis Spencer, will also be giving a talk: Secure Your APIs and Microservices Using OAuth & OpenID Connect.
Come by our booth and sign up to enter the lottery and you might go home with a Nintendo Switch!
At IETF 101 in London, we were presenting the recently suggested RFC to the OAuth working group that will allow developers to secure their SPA in a standardized way. Until now, there hasn’t been a way in OAuth for clients to request user authorization when using scripting languages such as JavaScript. The Assisted Token flow leverages HTML's iframe element, child windows, and the postMessage interface and is a way simpler approach compared to building your own solution based upon the with the implicit grant type flow. The proposed RFC is found here
On March 22nd, Curity will host a half-day workshop on OAuth and OpenID Connect at Nordic APIs and Copenhagen Fintech’s event APIs for Banking and FinTech, in Copenhagen. If you are architecting your APIs, or doing back-end development, then this workshop is for you – previous experience with the technologies is not required to participate.
After the workshop, the event continues with and afternoon full of sessions where, in example, Jacob Ideskog, Solution Architect at Curity, will talk about Third Party Provider Integration for Banking APIs.
Curity is the proud organizer behind the Stockholm Java User Group meetup. The next meetup will be hosted together with Computer Futures. The meetup, with the theme Patterns and Performance, will take place at 6 pm on February 20th, at SUP 46’s offices on Regeringsgatan 65 in Stockholm. The meetup is free and we will have three speakers presenting.
Klara Ward, Senior Software Engineer at Oracle, will talk about Java Flight Recorder – a low overhead profiling tool built into the Oracle JDK. Then, Jacob Ideskog, Solution Architect at Curity, will talk about Plug-ins with Dynamic Configuration and the small DSL with proxy pattern which Curity has developed. Jacob will demo how this works. Lastly, Renato Athaydes, Sofware Developer at iZettle, will talk about Modularization patterns: Java Modules vs. Microservices. Renato will discuss common patterns used to modularize Java applications, how microservices fit into the pattern, and the challenges and benefits of each different approach.
We are happy to be attending API Days in Paris on January 30th, where our CEO Travis Spencer will be holding a session on Secure Your APIs with Phantom Tokens.
In his session, Travis will be talking about how it is not sufficient to simply follow the standards to secure your APIs. How do you properly handle PII and other sensitive data inside JWTs and what about of devs depending on the data where changes to the token format breaks the app? The presentation will show how this is resolved using Phantom Tokens in the Curity Identity Server, still being 100% OAuth 2 compliant and benefiting from JWTs in the API backend protected by normal Reverse Proxy.
We are very happy to announce that the Curity Identity Server is now OpenID Connect certified by the OpenID Foundation. Curity is a strong proponent of organizations following the OpenID Connect standard and the for many reasons and we’re proud to pass all test required for certification. The working being done in the OpenID Foundation is in the benefit of the entire Internet community. The conformance profiles are: Basic OP, Implicit OP, Hybrid OP and Config OP.
