|
Work item:
|
X.srapi-cc
|
|
Subject/title:
|
Security requirements of application programming interface (API) for cloud computing
|
|
Status:
|
Under study
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2026-02 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
China, China Telecom, China Unicom
|
|
Summary:
|
The widespread use of APIs expands potential targets for attacks, greatly affecting the management of network, service, and API security in cloud computing. Nowadays in cloud computing, APIs serve both as entry points for external applications and also facilitating internal interactions within applications. This results to a significant surge in API usage, ranging from standard to non-standard APIs, spanning across infrastructure and microservice layers. This rapid growth and expanded functionality undoubtedly escalate the security vulnerabilities associated with APIs in a cloud-native setting.
Therefore, it is crucial to establish a dedicated standard that addresses the security requirements for APIs in cloud computing.
This recommendation would primarily focus on specifying API security requirements, including authentication, authorization, data encryption, and error handling, etc. It provides a description of the security threats and requirements of application programming interface (API) and provides methods for security protection of application programming interface (API) for cloud computing.
The main goal of this standard would be to ensure that APIs, which serve as the cornerstone for application interaction in the cloud, are secured by default and offer robust defense mechanisms against potential attacks. This is particularly relevant for cloud native services that heavily rely on APIs to provide services and interact with other applications. The standard would help organizations significantly reduce the risk of APIs exploits, ensuring the integrity of their application services and instilling confidence in their users.
In conclusion, a focused standard for API security requirements in cloud computing is an essential step towards a secure digital future. It will offer a robust security framework to ensure that as APIs continue to evolve, they do so securely, protecting businesses and end-users alike, and fostering trust in cloud computing environment.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-10-04 18:00:02
|
|
Last update:
2023-10-04 18:01:32
|
|
