Senthilkumar Gopal works at eBay as an Identity Architect who leads and oversees Identity Infrastructure products consisting of Identity Linking Platform, OAuth Specification and Secure Token Storage/Authentication systems as part of the Identity platform. As the technology leader for these products, he helps determine direction and recommend strategy for Identity Platform as a whole and Identity Infrastructure in particular. He contributes to technology initiatives, architecture and influences implementation to garner measurable business improvements. He leads a focused and highly motivated scrum team of engineers with no dedicated testers or product owner. He is an engineer at heart who loves coding, refactoring and debugging crazy problems. Thrown into the foray of managing a team, he has built a strong group which delivers high quality products, but greatly motivated to push their limits. He has presented many technical talk for internal audiences and this will be his just his second talk as a rookie speaker in the external world.
Many developers are well versed with domain based application development. However when it comes to security, there are very few who can ascertain to the credibility of their API and Identity assertion systems. This talk targets the uncertainty around the functioning and utility of tokens in an API security landscape. It addresses the basic needs of a token infrastructure and what would it take to build one. This talk aims to help developers embrace security and identity as part of their tool chain and remove the skepticism around building their own API security. The developers should be able to use this discussion as a launchpad for building their own API authentication systems. This is a unique talk as many companies closely guard the secret of how their token infrastructure functions.,Being the lead architect for eBay Identity and having hand crafted the infrastructure which powers eBay's entire API stack authentication, Senthilkumar is driving the vision for Identity architecture for the next generation of services and uniquely poised to help developers with the talk to understand the nuances of API security and token infrastructure. He will be providing references to OAuth RFC specifications, OWASP threats and how it is addressed etc.