Those who have already read the latest ANVA magazine also read about ANVA Hub's API strategy. This new strategy fulfills ANVA's desire to exchange data in a simple way. At the same time, it takes the next step toward better data quality. That, of course, includes secure access by the right person and to the right data.
For ANVA's new strategy (the so-called API-first approach) to succeed, many technical steps were taken in recent months. The first step involved setting up authentication using the OpenID connect protocol. This allows an application or user, based on the rights granted, to access specific data from ANVA Hub. A very nice step toward meeting the need-to-know principle, meaning that users can only access data they really need. But how does that work in practice? We dive in and ask five questions to Thierry van Ekeren, Lead Architect at ANVA.
"The OpenID connect standard aligns best with the API strategy we have set out for the coming years," Thierry explains. He continues: "In addition, the usability is high, a lot higher even than other possible links. The standard is known and available to our customers. This makes it easy to implement for our customers' IT administrators as well. Moreover, it offers many standard integration options and is the market standard at the moment. It is easy to understand and widely applicable to all kinds of other programming languages."
"At the top for me is trustworthiness. Users need to have identified themselves as being the person they say they are. To make sure that only they access the information in question, authentication via OpenID is really a must. The ANVA Hub platform will soon contain a lot of sensitive information, to which we only want to give access to the people who have the rights to do so. I therefore see it as the prerequisite for giving users access to our platform," Thierry said.
He adds, "In addition, IT administrators at ANVA customers can also build applications that are underlain by ANVA Hub. That means they can log in without having to develop and run their own user management. This simultaneously prevents any security incidents because the technical structure and security have been well thought out in the background. Added to that, it also ensures fewer different passwords for applications that link to ANVA Hub. So the user can use her existing credentials to gain access."
Thierry: "Just logging in with a username and password, in my opinion, is still used too often and too much. I understand that that might be the fastest or easiest way for users, but I certainly don't think it's the safest way. So the key is to find a good balance between your investment and risk. In other words, a good balance between usability, how much money it costs and how much security it provides. Within OpenID connect, we think the balance is the most ideal. This is partly because the OpenID standard was designed by a whole community of professionals who have made this their job. So it is not designed by a company, but truly community driven".
"None" is a big word. Every method, including OpenID connect, has advantages and disadvantages. As ANVA, we have different needs in some places than are available within OpenID. That is the disadvantage of a standard. As a result, we will have to make choices, which means that not everything will go as we might have initially envisioned. In addition, the domain of OpenID and what happens within it is a rapidly changing domain. As an organization, this means we have a high(er) management burden that we have to continue to support. But then again, that keeps us on our toes doesn't it?", concludes Thierry.
