Decentralized Identities Changes Everything, Even Your APIs
HTML-код
- Опубликовано: 14 дек 2024
- A talk given by Travis Spencer from Curity at the 2024 Austin API Summit in Austin, Texas.
In this talk Travis Spencer (CEO at Curity) will walk through the paradigm shift that is happening with the advent of decentralized identity. When we think about identity we tend to think about user accounts, available somewhere in the organization’s data sources. But how will this change when the identities are decentralized, and how do we make sure our APIs can make the right decisions about access?
----------
Get the latest API insights straight to your inbox, subscribe to Nordic APIs newsletter: nordicapis.com...
What happens when your wallet is stolen or breached? Aren't we back to the stolen passwords problem?
The presentation of credentials is - unlike passwords - based on asymmetric cryptography, which means a malicious actor cannot use the credentials without the credential owner's private key. In order to use a credential, the credential owner needs to unlock the private key, e.g. via a PIN or biometric. For security reasons, the credential owner should inform their credential issuers to revoke the credentials in case of a stolen or breached wallet. In other words, stolen wallets do not have the same security implications as stolen passwords. Typically