Daniel Szpisjak
The Web API Authentication guide, TLS Client Certificates
TLS mutual authentication doubles down on HTTPS. Using this scheme your clients’ identity is proved by presenting certificates and proving ownership of a private key. This is a very potent tool and also a tradeoff.
Daniel Szpisjak
Introducing The Glossary
The Glossary describes common security jargon, phrases, abbreviations , and concepts succinctly and in a way that makes sense to you.
Daniel Szpisjak
The Web API Authentication guide, Signature Schemes
HTTP signature schemes provide integrity and authenticity on the application layer. Using them increase security but also incurs complexity.
Daniel Szpisjak
The Web API Authentication guide, Bearer tokens
Lots of modern web application utilize bearer tokens. They are ideal for backend integration, but can also be used on the frontend.
Daniel Szpisjak
The Web API Authentication guide, Cookies
Cookies are the de-facto authentication between browser and server. For a good reason, they can provide full-blown session management with low complexity.
Daniel Szpisjak
The Web API Authentication guide, Digest Auth
HTTP Digest Authentication was designed to completely replace Basic Auth. It provides increased security at the cost of significant complexity…