High-Level API Security with Keycloak - FAPI Implementation and Conformance

Explore high-level API security using Keycloak in this sponsored session presented by Yuichi Nakamura from Hitachi, Ltd. Delve into the world of OAuth 2.0, the de-facto standard for securing APIs, and learn about its potential vulnerabilities when implemented incorrectly. Discover Financial Grade-API (FAPI), a robust security profile of OAuth 2.0 designed for APIs requiring enhanced protection, and its widespread adoption by banks globally. Gain insights into Keycloak, an open-source Identity and Access Management (IAM) server, and its implementation of high-level security features to meet FAPI requirements. Examine the ongoing efforts to maintain conformance with FAPI specifications and understand the importance of client policies, security profiles, and conformance tests in ensuring API security. This comprehensive presentation covers key topics such as API authorization, security enhancements, access tokens, and the role of the community in maintaining robust API security standards.