Secure APIs by using OAuth 2.0

This tutorial shows you how to implement OAuth 2.0 schemes that are available in IBM API Connect to secure an API.
IBM API Connect provides two implementation modes, each of which provide different OAuth 2.0 schemes:
Confidential mode. A Confidential mode is suitable when an application is capable of maintaining the secrecy of the client secret. Use confidential mode when an application is capable of maintaining the secrecy of the client secret. This is usually the case when an application runs in a browser and accesses its own server when obtaining OAuth access tokens. As such, these schemes make use of the client secret. In the Confidential mode, we have three OAuth schemes: Application, Password and Access code.

Public mode. A Public mode is suitable when an application is incapable of maintaining the secrecy of the client secret. This is usually the case when the application is native on a computer or mobile


Original URL: https://developer.ibm.com/tutorials/securing-apis-oauth2-api-connect/

Original article

A “Guest Editorial” (sort of)

If you receive this newsletter, that means you probably care about Free Law in America–or at the very least you’ve benefited enough from it in your personal or professional lives to become acquainted with us in a way that distinguishes you from our other 38 million annual users.  

This term, the United States Supreme Court will hear Georgia vs. Public.Resource.Org.  That link will take you to the case page on our Oyez Project website. 

State’s asserting copyright in their laws has been a problem since the dawn of online legal research–if not longer.  In 2011, Fastcase CEO Ed Walters penned a blog post for our Vox Populii blog he titled, “Tear Down This (Pay)Wall:  The End of Private Copyright in Public Statutes.”  

Since it turns out that posts on geeky blogs, now matter how well-reasoned and impassioned, tend not to bring about major structural changes in our legal system, Ed (now also known


Original URL: https://blog.law.cornell.edu/blog/2019/09/09/a-guest-editorial-sort-of/

Original article

Web scraping doesn’t violate anti-hacking law, appeals court rules

Enlarge / LinkedIn CEO Jeff Weiner. (credit: David Paul Morris/Bloomberg via Getty Images)
Scraping a public website without the approval of the website’s owner isn’t a violation of the Computer Fraud and Abuse Act, an appeals court ruled on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs.
HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ’s scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America’s main anti-hacking law.
This posed an existential threat to hiQ because the LinkedIn website is hiQ’s main source of data about clients’ employees. So hiQ sued LinkedIn, seeking not


Original URL: https://arstechnica.com/?p=1564309

Original article

Web Scraping Doesn’t Violate Anti-Hacking Law, Appeal Court Rules

An anonymous reader quotes a report from Ars Technica: Scraping a public website without the approval of the website’s owner isn’t a violation of the Computer Fraud and Abuse Act, an appeals court ruled on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs. HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ’s scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America’s main anti-hacking law.

This posed an existential threat to hiQ because the LinkedIn website is hiQ’s main source of data about clients’ employees. So hiQ sued LinkedIn, seeking not only a


Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/82QjaLJzTjU/web-scraping-doesnt-violate-anti-hacking-law-appeal-court-rules

Original article

The Anatomy of a Traffic Spike (Hurricane Edition)

One part of this job that never gets old is seeing traffic pop up in unexpected places: a seldom-accessed section of the US Code, an obscure regulation buried deep in the CFR, or an arcane Supreme Court case that’s somehow made its way into the public consciousness. And we learn a lot about how people interact with the law when current events drive people to our website. Most importantly, these moments make us feel good that we are contributing to the public discourse by making primary source materials easily available to the public, so that debate is informed by what the law actually says and not by what some pundit or Twitter troll claims it says. We watched a textbook example unfold just last week, and we thought it might be fun and informative to share the story with you in a series of images.

It all seems to have started


Original URL: https://blog.law.cornell.edu/blog/2019/09/09/the-anatomy-of-a-traffic-spike-hurricane-edition/

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: