Abstract
During the period when Mike and Bruce were looking for position papers for this workshop, I was rather busy because of a court case some of you may have heard about, so I’m going to go over the slides that I gave at Roger Needham’s farewell do last month, with some extra material added. The subject is what API security teaches us in the wider world of protocols; so it’s about protocol analysis, composability, computation, and the effects in the real world.
How do we define a security protocol’s world? Well that’s changing: in the classic literature there are rules for dealing with information used to verify principals’ claims to identity, such as passwords, PINs, crypto keys and timestamps. Now it’s expanding to include other claims: such as claims to authorisation, or claims to creditworthiness, or claims to have a particular bank balance available for an electronic payment.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Anderson, R. (2005). What We Can Learn from API Security. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_35
Download citation
DOI: https://doi.org/10.1007/11542322_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28389-8
Online ISBN: 978-3-540-31836-1
eBook Packages: Computer ScienceComputer Science (R0)