Zero Trust Trends & Best Practice
Facebook Twitter LinkedIn

Credentialing-enabled Zero Trust Architecture for API Endpoint-Security

Combined Session
Thursday, May 11, 2023 16:10—16:30
Location: B 09

Traditional network security focuses on perimeter defenses, but many organisations, systems and processes no longer have a clearly defined network perimeter.

To protect a modern digital enterprise, companies need a comprehensive strategy for securely accessing their IT resources (e.g. applications, physical access control systems, portals, data resources, and devices) wherever they are located.

APIs in supply chains and cyber-physical systems (CPS) are proliferating exponentially across the technology landscape, creating a huge attack surface that security teams struggle to understand and defend.

Zero Trust Architecture (ZTA) refers to security concepts and threat models that no longer assume that actors, systems or services operating within the security perimeter are automatically trusted, but instead must verify everything and everyone who attempts to connect via an API to their systems resources before granting access.

Hence, ZTA is an important design philosophy to establish security mechanisms at the API layer of each individual IT resource for increasing API Endpoint Security in both, corporate infrastructures and open systems. Identity and authorization credentials as well as policies are a key enabler of securing the API endpoints.

These different ZTA approaches include:

1) ZTA Using Enhanced Identity Governance,
2) ZTA Using Micro-Segmentation, and
3) ZTA Using Network Infrastructure and Software Defined Perimeters.

Our presentation will demonstrate how Trust Frameworks and Identity Governance (1) are the foundational layer for a credentialing infrastructure. With this layer in place credentials can be used enable SW-defined perimeters (3).

We will provide in-depth insides how ecosystems solutions such as the Open Credentialing Initiative and Gaia-X are applying design patters using decentralized identity and verifiable credentials for (3).

Dr. Ignacio Alamillo-Domingo
Dr. Ignacio Alamillo-Domingo
Logalty Prueba por Interposicion SL
Ignacio is a Doctor in Law (UMU), with a PhD thesis related to the eIDAS Regulation, and holds a Degree in Law (UNED), a Diploma of Advanced Studies (UAB) and a Master in introduction to...
Matthias Buchhorn-Roth
Matthias Buchhorn-Roth
In Transition
I am an accomplished data ecosystem expert, specializing in the development of sovereign data collaboration solutions across various industries. As an active member of the Eclipse DataSpace...
Dr. Carsten Stöcker
Dr. Carsten Stöcker
Dr. Carsten Stöcker is co-founder and CEO of Spherity. Spherity is building decentralized digital identity management solutions to power the fourth industrial revolution.Carsten...


On-Demand Access
Re-live EIC 2023
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address