Our Tech Talks strive to focus on the most interesting and relevant API Management topics for both developers and publishers. And as new and evolving protocols emerge, we want to provide a forum for developers and publishers alike to discuss these protocols in an open discussion forum. So with that in mind, our next Tech Talk will focus on OpenID Connect.

OpenID Connect is an emerging standard that adds federated authentication to OAuth 2.0-enabled systems. It’s a suite of lightweight specifications that provide a framework for identity interactions via RESTful APIs. And in its simplest deployment, OpenID Connect allows all types of clients including browser-based, mobile and javascript to request and receive information about identities and currently authenticated sessions.

So, it’s a relatively simple protocol that helps make authenticating complicated scenarios easier. And let’s be honest – simple and easy are always welcome when it comes to securing RESTful APIs. Authorization and authentication are now available using only one technology. This makes life easier for anyone looking to secure their APIs.

But of course, questions always arise when discussing the various implementation scenarios for OpenID Connect. That’s why we’re excited to welcome Senior Software Developer Sascha Preibisch as our special guest for our July 10 Tech Talk Tuesday. He will answer any OpenID Connect questions you may have – so get those questions ready and join us on July 10 at 9am PDT.

Here’s how to join the discussion:

Click here to get a reminder in your calendar.

On the day of the event, join on Livestream or Facebook:
»  livestream.com/layer7live
»  facebook.com/layer7

Tuesday, July 10 | 9am PDT | 12pm EDT | 5pm BST

Submit your questions:
Tweet using the tag #Layer7Live
Email techtalk@layer7.com
Check in & Chat through Facebook

Get your API analytics questions ready! Tech Talk is coming up tomorrow, Tuesday June 12 – it’s live it’s interactive and CTO Scott Morrison will be our guest. Tweet questions to #layer7live.

Add it to your calendar

If you publish an API, you need a way to measure and understand how that API functions. You need a way to manage it. You need a way to measure it. APIs are becoming an essential part of the Internet and more enterprises are opening up their APIs to third-party developers.

Of course, API security is always a concern but if you publish an API, you also need to measure how it functions – what metrics are you concerned with? Are there any API errors my application is seeing? How does my API usually perform and is that changing? Is it slowing down or are there latency issues caused by using a proxy?

Key metrics API publishers need to consider include: errors, performance, availability, latency and response time. And with the Layer 7 API Portal, these metrics can be graphed and filtered by user, developer and API.

So be sure to join us tomorrow at 9am PDT when Layer 7 CTO Scott Morrison will take live questions from the stream. It’s a great chance to have your API analytics questions answered.

How to Attend:

Just visit the Layer 7 Facebook page at 9am PDT on June 12 and click the Livestream icon.

Don’t have Facebook? Simply click here to watch directly through Livestream.

How to Submit Questions:

On Facebook

•    Click on the Livestream PLAY button to join the stream
•    Click the red “Check in & Chat” button to submit questions

On Twitter
•    Tweet questions with the hashtag #layer7live

Glue Conference, aka Gluecon, is such a refreshing event – filled with API and application developers, not a single suit in sight, demo pods, hackathons, spheros etc.

APIs are popping up everywhere and creating amazing integration possibilities. One of the coolest demos I saw at Gluecon was Ducksboard’s dashboard service, which lets you create your own monitoring dashboard using a library of widgets for existing social and Cloud providers. You can even create your own widget and have your own data pushed to it via an API endpoint created just for you, on the fly – so sexy!

Thanks to everybody who came to my presentation Making Sense of API Access Control. I hope this shed some light on how to leverage OAuth for controlling access to REST-based APIs. A lot of the new APIs I discovered this week could certainly use some help in that regard. API key authentication in HTTP basic without password has its limitations. The slides from Making Sense of API Access Control are embedded below.

The machine-to-machine (M2M) movement is having a broad impact across industries.  New business models are being powered by information distributed to and collected from smart meters in the utilities sector, connected vehicles in logistics, heart monitors in healthcare, RFID-tagged inventory in retail and digital signage in the media. M2M creates a vast “Internet of things” comprised of smart devices that produce data, networks that transmit data and applications that turn data into real-world insight.

The M2M paradigm presents an exciting new opportunity for companies to use Layer 7’s API Management products.  APIs represent the key to unlocking the value of M2M by linking devices in the field to the core enterprise applications that are able to analyze and apply the data these devices produce. Layer 7 empowers organizations to make that link in a secure, scalable way:

• The SecureSpan SOA Gateway or API Proxy provides REST-based connectivity to heterogeneous enterprise systems
• The Layer 7 API Portal allows M2M API owners to set and enforce SLAs and provide comprehensive information to API users (smart device developers, network operators)
• The Layer 7 OAuth Toolkit configures access control policies that are fit for M2M and able to leverage existing back-end infrastructure

We already have customers achieving M2M success in the automotive, healthcare, media and energy industries. So, whether you’re a logistics company looking to get a real-time view of your global fleet, a retailer needing to manage your disparate warehouses or a telecommunications company providing a broad set of M2M services, we encourage you to apply our industry-leading technology as part of your solution.

Read the solution brief: Simplify M2M Integration with a SOA Gateway

In recent conversations with our service provider partners and customers, I’ve been hearing a common theme: their enterprise customers are scared of BYOD. The recent trend of employees using their own technology – iPads, smart-phones etc. – to connect with corporate assets worries them. Their main concern is that they won’t be able to keep up with the security and management requirements that go along with this new method of accessing data assets.

While there are existing solutions for playing keep-up, many of them rely on isolation and restriction to prevent corporate assets from traveling too far from the enterprise. Unfortunately, I think employees – especially the more tech-savvy among them – will resent having corporate security policies installed on their devices or being limited to separate-but-equal wireless networks with limited access to the resources necessary to do their jobs. By focusing on containment and control, enterprises are missing an amazing opportunity to make BYOD work for them.

The efficiencies gained by embracing the inevitable and implementing some BYOD-centric systems should not be overlooked. Layer 7 customers are creating mobile applications designed specifically to support their employees, whether their devices are employee-owned or provided by IT.  Our solutions for security and governance of the APIs used by those applications can prevent data leakage, protect against incoming threats and provide access to only appropriate personnel.

So, whether your employees are baggage handlers determining the destination for a piece of lost luggage, nurses providing care to house-bound patients or remote employees connecting to their peers through a corporate directory and communication hub, the real winner is the bottom line. BYOD and mobile workforce enablement are opportunities to embrace – not afflictions to be cured – and we’re here to help.