August 17th, 2012

Building a Developer Ecosystem: Live Tech Talk, August 21 – 9am PDT | 12pm EDT

Alex Gaber Tech TalkOnce again, it’s time to get ready for Tech Talk Tuesday here at Layer 7. I’m getting excited about this latest one – Building a Developer Ecosystem – for a couple of reasons.

Firstly, I’m excited to be working with our new API Evangelist, Alex Gaber. He has a wealth of experience working with developer communities and he’s ready to answer questions and discuss strategies around developer community building. When it comes to this sort of thing,  Alex is the man. In fact, this weekend he’s onsite at Hack Denver, helping API publishers with their open APIs.

Secondly, I think it’s going to be a great chance for our API publishing audience to learn some really valuable lessons that may help them develop new business partnerships and revenue streams. And we’ll ride the momentum of our last Tech Talk, which had great attendance and – most importantly – excellent contributions from the audience.

Our aim with these Tech Talks is to create an informal channel for engaging with API experts in a live, interactive way. With that in mind, start thinking about any questions you might want to ask Alex, be sure to add Building a Developer Ecosystem to your calendar and join us on August 21 for another great Tech Talk.

On the day of the event, join on Livestream or Facebook:
»  livestream.com/layer7live
»  facebook.com/layer7

Tech Talk Tuesday: Building a Developer Ecosystem
Tuesday, August 21
9am PDT | 12pm EDT | 5pm BST

Submit your questions:
Tweet using the tag #Layer7Live
Email techtalk@layer7.com
Check-in & Chat through Facebook

August 16th, 2012

Layer 7 Comes to Gartner Catalyst in San Diego

Layer 7 Comes to Gartner CatalystAs a San Diego resident, I always love it when friends or relatives come for a visit because it gives me an opportunity to show off the great attractions that America’s Finest City has to offer. From the beaches to the parks to the World Famous San Diego Zoo, there is a multitude of great sights to see.

Next week, IT professionals and enterprise decision makers will descend on San Diego for the Gartner Catalyst Conference. While I hope they have the opportunity to see something of the city, there will be plenty of sights at the Manchester Grand Hyatt from Monday to Wednesday. Discussion topics will include building out a mobile strategy, creating a hybrid cloud infrastructure and making use of “big data”. And Layer 7 will be there in force.

Stop by our booth (#K24), have a drink with us at the reception or visit our zoo-themed hospitality suite in the Oxford room, on Wednesday night. You’ll be able to see our SecureSpan Mobile Access Gateway and the latest version of our API Portal in action, including fun demos of functionality for OAuth and streaming Web protocols.

To hear about a real-world application of our technology, come listen to Thomas Nienhaus of Lilly present on the topic of “Secure Data Access Through a Mobility Gateway” (at 4pm on Tuesday). You could also schedule some time with one of our experts, who will review your technology needs, match them with a Layer 7 solution and provide a live look at our products. We can even give you some hot tips on where to find the best fish tacos in town.

August 9th, 2012

OAuth World Tour

OAuth World TourSteve and I had another great Tech Talk in Vancouver this week, discussing the recent controversy around OAuth 2.0 and the state of the standard in general. A couple of questions that came up (thank you Michael and David, among others) were around the availability of libraries for iOS and Android platforms.

Although I’m not as familiar with Android, there definitely seems to be a lack of tooling for enabling OAuth 2.0 on iOS today. The lack of client-side libraries for standards-based access control on mobile devices generally could be problematic for API adoption in the enterprise, as mobile applications represent one of the main targets for enterprise APIs.

Facilitating OAuth on mobile applications is going to be central to my presentation at next week’s Chicago Mobile Meetup where I’ve been invited to speak. At the meetup, we’ll be describing client-side OAuth tooling patterns, exchanging our ideas about different approaches and discussing some code samples.

From there, I will be making my way to Australia for an API Management Breakfast Seminar in Melbourne, where I’ll be talking about API Management in general but also covering the latest in OAuth 2.0 solutions. Finally, I’ll be moving on to the Gartner AADI Summit in Sydney, where Layer 7 will be at booth S6.

August 8th, 2012

Solving Enterprise Mobile Access Challenges

Written by
 

In a recent blog post, I talked about how geofencing could be used in an enterprise setting to ensure compliance with local regulations or restrict an application’s functionality when a user is away from the office. Geofencing is a great piece of functionality, especially when dealing with mobile enablement/BYOD scenarios but no one feature can make a solution.

A true solution does more than just check boxes on a list of functional requirements. It addresses a real-world issue and provides the platform, the context – and yes, the features – necessary not just to solve a problem but also to give the enterprise additional value.  At Layer 7 Technologies, our customers count on us for solutions to their toughest challenges around security, identity, integration and governance of applications exposing data to partners, mobile devices, the cloud and the Web. That’s why I’m pleased to introduce our new solution brief for Mobile Access.

Many of our customers cater to consumers and have mobile initiatives (and public apps) geared toward the general population. But secure mobile enablement of an internal employee population is often even more important, as those employees need to interact with (and modify) corporate data that isn’t open to the public. Whether mobile devices are provided by the enterprise or are of the bring-your-own variety, the exposed apps and data need to be managed effectively.

Layer 7’s Mobile Access solutions focus on exposure of APIs to developers – public, partner or private – using the Layer 7 API Portal, and runtime enforcement of policies defined upon those APIs using the SecureSpan Mobile Access Gateway. While the products can certainly check a lot of those functional boxes – developer onboarding, API analytics, OAuth, geofencing, WebSockets support, caching, throttling and many more – the complete solution is what makes our customers successful.

This solution brief focuses on three customers – an airline, a health insurer and a telecom company – that use Layer 7 solutions to solve real problems. In each case, the business was able to see real value from the apps and APIs exposed to partners and employees. Take a look and see how these solutions can provide value to your enterprise.

Read the Layer 7 for Mobile Access solution brief

August 7th, 2012

Using WebSockets – Part 1: Minding the Gates

HTML 5 and WebSocketOne of the most exciting features introduced with HTML5 was support for WebSockets. The WebSocket protocol has been through a lot of churn over the last two years, with browser vendors desperately trying to keep pace with changes in the specification. Thankfully, the standard has now become stable enough to be utilized in enterprise projects.

The beauty the WebSocket protocol is that it lets an application seamlessly move from an HTTP/Web-based flow into a socket-based conversation and then back to a Web-based flow. In this way, it allows Web- and mobile-based applications to easily move from the traditional request-reply HTTP world into new forms of full-duplex, bi-directional communication.

We’ve seen a similar evolution in the past within the message-oriented middleware world. With the emergence of SOA and API, enterprises realized they needed new ways of moving data around and middleware technologies emerged that facilitated the movement of data in ways that were not possible with existing request-reply synchronous messaging infrastructures.

Traditionally, Web and mobile applications had to work hard in order to send or receive real-time data. Now, developers can use WebSocket to move data up and down the communication channel quickly and efficiently. This is like moving from an email client that requires you to constantly check for new mail to one that instantly alerts you when a new email arrives.

This style of communication will provide enormous benefits for applications that require messages to be passed quickly between the client and server.  Architects will have an easier time building applications with real-time messaging requirements, opening the door to some very intriguing solution designs.  Targeted notification systems, more-responsive UIs and even complex architectures such as massive grid networks built on top of the Web will be much easier to implement properly.

But, what’s missing from the WebSocket story is an effective way of minding the gates. The “black hat” guys already see WebSockets as representing a new attack surface, so organizations that are serious about providing reliable, scalable solutions will require some form of Gateway on the server side, to guard against security breaches.

To address WebSocket security, a Gateway must be able to enforce SSL handshakes, limit the number of connection requests, protect against payload injection attacks and enforce strong authentication methods – the same set of attack vectors that exist for SOAP/XML Web services and REST/JSON APIs.

That’s why I’m particularly excited about Layer 7′s recently-announced SecureSpan Mobile Access Gateway product. The Mobile Access Gateway extends Layer 7’s industry-leading technology for SOA and API in order to address mobile-specific concerns – and it includes a very secure WebSocket implementation.

In addition to the security benefits, the Gateway can be used to enrich or filter data in real-time. This opens the door to a new set of compelling use cases that includes data auditing, image watermarking and blacklist filtering – possibilities intriguing enough to stand on their own as justifications for implementing a WebSocket Gateway.

So, we’ve discussed what the WebSocket protocol is and why it’s so important to keep WebSockets secure. But how does all this fit into the exciting world of APIs that we’ve been focusing on in many of our recent blog posts? Our Principal API Architect Mike Admundsen will tackle this question next week, in our continuing series on this very important protocol.