June 29th, 2012

Upcoming Webinar: How to Run a Successful Hackathon for Your Open APIs

Hackathon WebinarHackathons are exploding in popularity and open API publishers are quickly realizing the power these intensive programming sessions have to attract developers. For API publishers, hackathons represent one of the most powerful means for growing an API’s profile and engaging directly with talented developers.

On July 12, Layer 7 will be presenting a live webinar called How to Run a Successful Hackathon for Your Open APIs. This interactive one-hour session will give you the key knowledge you will need in order to use hackathons as a tool for engaging app developers and building a community around your open APIs.

For this webinar, we will be joined by leading API evangelist and author Kin Lane who will deliver real-world advice on how to organize hackathons that will truly contribute to the success of your API publishing program. Click here to get more information and to register for the webinar today.

June 26th, 2012

QCon New York 2012

QCon BannerLast week, Layer 7 was a sponsor at QCon New York, an exciting conference held in Brooklyn. This event dealt with the latest software development trends in several categories including mobile, cloud, big data, architecture and security. As noted in this article from the show, there was quite a bit of focus on the seismic shift in development from server-heavy applications to more agile development using client-focused technologies like HTML5 and JavaScript. These are better suited for mobile and Web use cases, allowing client-side manipulation of data.

However, these technologies are only half the story. The other half is the API that provides a method of interaction with the server. To provide a rich, functional interface, this API must be user-friendly for people and machines. It should be easy to develop against, with or without extensive documentation. And it should be able to represent both the current application state and the operations available to the client. These API design principles were discussed by Layer 7’s Principal API Architect, Mike Amundsen, in his fascinating talk on Wednesday.

QCon was yet another in a long line of analyst, enterprise and developer conferences to draw the same conclusions about the future of enterprise IT. It’s time to look at software development in a new way – and Layer 7 is helping enterprises get on board with these new technologies. Our recently-announced SecureSpan Mobile Access Gateway provides the middleware necessary to adapt internal information assets into secure, optimized APIs consumable by mobile devices for enterprise mobile enablement or BYOD.

June 22nd, 2012

Designing Flexible APIs – Live Tech Talk on June 26

Mike AmundsenEach and every Web or mobile developer has unique needs. APIs have to be flexible enough to meet these varying needs.

Mike Amundsen, Layer 7′s new Principal API Architect, is an in-demand thought leader who focuses on the subject of how to build flexible, adaptable APIs. We’re very excited that Mike will be discussing this issue as our special guest for the next Tech Talk Tuesday event on June 26 at 9am PDT.

He’ll be chatting with Director of Client Solutions Matt McLarty and taking questions live. It’s not a presentation or scripted in anyway. It’s simply a chance for you to have your questions on designing flexible APIs answered live.

So, what does it mean to design a flexible API? Here are a few things to consider:

  • Employing the USE methodology (Usable, Scalable, Evolvable)
  • When (and when NOT) to version your API
  • Supporting multiple formats (XML, JSON etc.)
  • Designing the message format
  • Planning for re-usability
  • The power of hypermedia as a design element

I’m looking forward to a great interactive Tech Talk with lots of questions and audience participation. It’s a great topic and we have a great speaker to go along with it.

Don’t forget to add the Tech Talk to your calendar.

On the day of the event, join on Livestream or Facebook:

Submit your questions:

Tweet using the tag #Layer7Live
Email techtalk@layer7.com
Check-in & Chat through Facebook

June 21st, 2012

Mobile-Friendly Federated Identity: Part 2 – OpenID Connect

 

The idea of delegating the authentication of a user to a third-party is ancient. At some point however, a clever (or maybe lazy) developer thought to leverage an OAuth handshake to achieve this. In the first part of this blog post, I pointed out winning patterns associated with the popular social login trend. In this second part, I suggest the use of specific standards to achieve the same for your identities.

OAuth was originally conceived as a protocol allowing an application to consume an API on behalf of a user. As part of an OAuth handshake, the API provider authenticates the user. The outcome of the handshake is the application getting an access token. This access token does not directly provide useful information for the application to identify the user. However, when the provider exposes an API that returns information about the user, the application can use this as a means to close the loop on the delegated authentication.

Step 1 – User is subjected to an OAuth handshake with provider knowing its identity

Step 2 – Application uses the access token to discover information about the user by calling an API

As a provider enabling an application to discover the identity of a user through such a sequence, you could define your own simple API. Luckily, an emerging standard covers such semantics: OpenID Connect. Currently a draft spec, OpenID Connect defines (among other things) a “user info” endpoint that takes an OAuth access token as its input and returns a simple JSON structure containing attributes about the user, authenticated as part of the OAuth handshake.

Request:
GET /userinfo?schema=openid HTTP/1.1
Host: server.example.com
Authorization: Bearer SlAV32hkKG

Response:
200 OK
content-type: application/json
{
“user_id”: “248289761001″,
“name”: “Jane Doe”,
“given_name”: “Jane”,
“family_name”: “Doe”,
“email”: “janedoe@example.com”,
“picture”: “http://example.com/janedoe.jpg”
}

In Layer 7′s SecureSpan Mobile Access Gateway OpenID Connect implementation, a generic user info endpoint is provided, which validates an incoming OAuth access token and returns user attributes for the user associated with said token. You can plug in your own identity attributes as part of this user info endpoint implementation. For example, if you are managing identities using an LDAP provider, you inject an LDAP query in the policy, as illustrated below.

To get the right LDAP record, the query is configured to take the variable ${session.subscriber_id} as its input. This variable is automatically set by the Layer 7 OAuth Toolkit as part of the OAuth access token validation. You could easily look up the appropriate identity attributes from a different source using, for example, a SQL query or even an API call – all the input necessary to discover these attributes is available to the manager.

Another aspect of OpenID Connect is the issuing of ID tokens during the OAuth handshake. This ID token is structured following the JSON Web Token specification (JWT), including JWS signatures. Layer 7’s OpenID Connect introduces the following assertions to issue and handle JWT-based ID tokens:

  • Generate ID Token
  • Decode ID Token

Note that, at the time of writing, OpenID Connect is a moving target and the specification is subject to change before finalization.

June 20th, 2012

Introducing the SecureSpan Mobile Access Gateway

Mobile AccessMobile is forcing enterprises to open up. With the advent of BYOD, tablet enablement of field organizations and mobile consumer initiatives, organizations need simple ways to expose internal information and services to mobile apps on the outside.

Traditional middleware isn’t optimized for mobile. It can’t handle the conversion to mobile protocols or performance optimization for mobile connections. It also fails to provide policy controls for governing how apps interact with corporate-owned resources inside the enterprise and cloud. As for managing identity and access, traditional middleware fails to provide a bridge from SSO, SAML and legacy identity systems to mobile-friendly frameworks like OAuth, OpenID Connect and Java Web Tokens. That is why Layer 7 is introducing the SecureSpan Mobile Access Gateway.

The SecureSpan Mobile Access Gateway builds on the API security and connectivity of Layer 7′s industry-leading family of Gateways for the hybrid enterprise, with new mobile-specific features like support for streaming protocols, notification services, geofencing and social proxy. The Mobile Access Gateway gives enterprises a fast, secure and reliable way to allow mobile developers and mobile apps access to internal information while insulating them from network, application and identity mismatches.

Some of the benefits include:

  • Identity: Extend enterprise LDAP & SSO to Mobile Access frameworks like OAuth, OpenID Connect and JSON Web Tokens
  • Security: Protect mobile REST and OData APIs against attack, build custom geofencing policies and proxy mobile streaming protocols like WebSockets and XMPP
  • Adaptation: Translate and orchestrate backend information services into mobile ready formats like JSON and REST
  • Optimization: Aggregate, pre-fetch and cache data retrieval calls for improved performance
  • Integration: Simplify integration with notification services and external cloud services

If you want to learn more or get a demonstration of the product, contact us at info@layer7.com.