...
API security needs to be made an integral part of the API design process. Yet too often API designers' approach to security (including authentication, authorization, delegation and access control) has been ad hoc and perfunctory. There is as yet no comprehensive set of best practices nor have all of the has a comprehensive set of relevant standards been finalized.
Stakeholders, Influencers and Influences
The primary intended audience for these guidelines is the internal TIER initiative developer community. Second, but probably second only in terms of timeline, is the audience of integrators who will be using TIER-developed APIs in the course of their work. APIs and API clients have to have a shared model and toolset for API security to make progress in this area.
Still different Different audiences will need to be invited to engage on different aspects of this work. It will be important for team members to bring the perspective and represent the interests of at least the following stakeholder groups:
...