Hi,
"
How secure would a network be or a software system be if an Open API is exposed to customers and third party members accessing it?"
Remember the TMForum Open-API's are only the "specifications", it is down to the API Gateway and the implementation behind it to decide on things like:
-
Security Termination: eg: SSL/TLS transport, certificates, handshakes etc
-
Authentication: Who are you/Am I sure you are who you say you are?
-
Authorization: Now I know who you are, am I going to let you do the thing that you want to ...and who you do it to?
etc. (non-repudiation, denial-of-service, spoofing...)
So just because an organisation offers up a (say) ProductOrder API, it does not necessarily follow that they will respond to your request without checking you out and ensuring that you have a billing relationship etc :-)
------------------------------
Stephen Harrop
Principal Integration Architect
Vodafone Group
------------------------------
Original Message:
Sent: 02-09-2017 10:06
From: Majid Farhan
Subject: Security of Open APIs
The dominant question which is on everyone’s mind and including mine is the Security aspect of the Open APIs. How secure would a network be or a software system be if an Open API is exposed to customers and third party members accessing it? Also, in addition my particular concern would be for organizations like TM Forum, With so many Open APIs in place, will there be a possibility of having standardization among the different Open API platforms?
------------------------------
Majid Farhan
Netcracker Technology
------------------------------