B2B, CIAM, OAuth 2
Combined Session
Wednesday, June 05, 2024 14:30—15:30
Location: A 03-04
Wednesday, June 05, 2024 14:30—15:30
Location: A 03-04
With the growing exposure of digital services and assets through application programming interfaces (APIs) and the emergence of the API Economy, entire business models are starting to be built around APIs. Increasingly, APIs are designed to be used externally as part of an organisation’s service delivery model.
The adoption of the OAuth protocol has allowed consumer-to-business (C2B) integrations to authorise access to APIs in a standardised way. However, business-to-business (B2B) integrations using OAuth are now rapidly growing, and as API ecosystems become more complex, there is an urgent need for further standardisation. Although OAuth supports direct B2B integration, there is no standard way to implement delegated B2B authorisation because OAuth delegation was primarily designed for C2B integration where the resource owner is an individual consumer.
There are use cases where, for an online business to provide services to their customers, they need authorised access to resources owned by the customer organisation at third-party resource providers.
In this session, we will explore how OAuth and its extensions, such as rich authorisation requests and token exchange grant types, can be used to allow a resource owner client to dynamically delegate access to its resources to another client using delegated B2B authorisation.
The presentation will cover the following topics:
- Business use case for B2B delegated authorisation
- Brief overview of the OAuth 2.0 protocol
- Proposed enhancements to the OAuth 2.0 standard to achieve interoperable B2B delegated authorisation
- Security considerations
The companies of the HTI Group combine innovative solutions and sustainable products in the fields of winter sports technology, urban mobility, material transport, snow and vegetation management, as well as renewable energies. As developers and manufacturers, the companies of HTI are drivers of innovation and are active worldwide. Their products and solutions need to perform reliably and safely in remote areas, often under extreme environments. Operational excellence is core to the value that they deliver to their business customers. Their customers operate in dynamic environments and experience surges in demand during peak seasons, making it crucial to have a resilient on-boarding/off-boarding process for business users to operate and manage their equipment safely and reliably. Join us in this session to learn how the HTI Group built a more reliable experience for thousands of business customers and partners – helping their customers minimize downtime; protecting their revenue; and building more trust with their end consumers.
In a world that's becoming increasingly interconnected, establishing trust within global networks is both a critical challenge and a foundational necessity for successful collaboration and secure data exchange. The emergence of Self-Sovereign Identity (SSI) and Decentralized Identifiers (DID) has introduced new paradigms for digital identity that empower individuals and organizations with greater control and privacy while also ensuring interoperability and trust at scale.
This talk delves into how SSI and DID can be leveraged to create a more secure and trustworthy framework for identity verification and management within global automotive network Catena-X. We will explore how these technologies facilitate seamless interactions by enabling legal entities to present verifiable credentials in a peer-to-peer manner without the need for a central authority.
