May 24th, 2012

Forrester, ProgrammableWeb & Swagger: Upcoming Webinars

Layer 7 Webinars and Tech TalksThese are eventful times for Layer 7, with staff-members appearing at trade shows across North America and Europe. Notably, our CTO Scott Morrison has been undertaking what he’s termed his APIs, Cloud & Identity Tour. Somehow, Scott is also finding time to take part in a couple of the company’s upcoming Web seminars.

On May 29, he’ll be presenting our latest Tech Talk Tuesday meet-up, titled Swagger, WADL & API ‘Scriptions. This interactive session will take a look at the relative merits of different standards for creating formalized, machine-interpretable API descriptions. For full details on how to view and join in with this event, visit the Tech talk Tuesday page.

The following day, Scott will be reprising the recent webinar Identity, Access & Privacy for the New Hybrid Enterprise, featuring Eve Maler of Forrester Research, Inc. This is a special live presentation for the Asia/Pacific region (at 11am Sydney time/9am Singapore time). For more information, take a look at the webinar registration page.

Scott gets a break when Product Manager Dana Crane takes over webinar duty on June 5 for Getting Your API Discovered: The Secret to API Promotion, featuring ProgrammableWeb Founder John Musser. This session will explore a range of best practices for building a community of API developers. Registration is open now and you can click here to sign up.

May 15th, 2012

APIs, Cloud & Identity Tour 2012: Three Cities, Two Talks, Two Panels & a Catalyst

Scott Morrison on Tour 2012On May 15-16 2012, I will be at the Privacy Identity Innovation (pii2012) conference held at the Bell Harbour International Conference Center in Seattle. I will be participating in a panel moderated by Eve Maler from Forrester Research, Inc., titled Privacy, Zero Trust & the API Economy. It will take place at 2:55pm on Tuesday May 15:

“The Facebook Connect model is real, it’s powerful and now it’s everywhere. Large volumes of accurate information about individuals can now flow easily through user-authorized API calls. Zero Trust requires initial perfect distrust between disparate networked systems but are we encouraging users to add back too much trust, too readily? What are the ways this new model can be used for ‘good’ and ‘evil’ and how can we mitigate the risks?”

On Thursday May 17 at 9am PDT, I will be delivering a webinar on API identity technologies, once again with Eve Maler from Forrester. We are going to talk about the idea of zero trust with APIs, an important stance to adopt as we approach what Eve often calls “the coming identity singularity” – that is, the time when identity technologies and standards will finally line up with real and immediate need in the industry. Here is the abstract for this webinar:

Identity, Access & Privacy in the New Hybrid Enterprise: Making Sense of OAuth, OpenID Connect & UMA
In the new hybrid enterprise, organizations need to manage business functions that flow across their domain boundaries in all directions: partners accessing internal applications; employees using mobile devices; internal developers mashing up Cloud services; internal business owners working with third-party app developers.

Integration increasingly happens via APIs and native apps, not browsers. Zero trust is the new starting point for security and access control and it demands Internet scale and technical simplicity – requirements the go-to Web services solutions of the past decade, like SAML and WS-Trust, struggle to solve.

This webinar from Layer 7 Technologies, featuring special guest Eve Maler of Forrester Research, Inc., will:

  • Discuss emerging trends for access control inside the enterprise
  • Provide a blueprint for understanding adoption considerations

You will learn:

  • Why access control is evolving to support mobile, Cloud and API-based interactions
  • How the new standards (OAuth, OpenID Connect and UMA) compare to technologies like SAML
  • How to implement OAuth and OpenID Connect, based on case study examples”

You can sign up for this webinar at the Layer 7 Technologies Web site.

Next week, I’m off to Dublin to participate in TMForum Management World 2012. I wrote earlier about the defense catalyst Layer 7 is participating in that explores the problem of how to manage Clouds in the face of developing physical threats. If you are at the show, you must drop by the Forumville section on the show floor and have a look. The project results are very encouraging.

I’m also doing a presentation and participating in a panel. The presentation title is API Management: What Defense & Service Providers Need to Know. Here is the abstract:

“APIs promise to revolutionize the integration of mobile devices, on-premise computing and the Cloud. They are the secret sauce that allows developers to bring any systems together quickly and efficiently. Within a few years, every service provider will need a dedicated API group responsible for management, promotion and even monetization of this important new channel to market. And in the defense arena, where agile integration is an absolute necessity, APIs cannot be overlooked.

In this talk, you will learn:

  • Why APIs are revolutionizing Internet communications
  • Why this is an important opportunity for you
  • How you can successfully manage an API program
  • Why developer outreach matters
  • What tools and technologies you must put in place”

This talk will take place at the Dublin Conference Centre on Wednesday May 23 at 11:30am.

The panel, organized by my friend Nava Levy from Cvidya, is titled Cloud Adoption – Resolving the Trust vs. Uptake paradox: Understanding & Addressing Customers’ Security & Data Portability Concerns to Drive Uptake.

Here is the panel abstract:

“As Cloud services continue to grow five times faster vs. traditional IT, it seems that concerns re security and data portability are also on the rise. In this session, we will explain the roots of this paradox and the opportunities that arise from resolving these trust issues. By examining the different approaches other Cloud providers utilize to address these issues, we will see how service providers, by properly understanding and addressing these concerns, can use trust concerns as a competitive advantage against many Cloud providers who don’t have the carrier-grade trust as one of their core competencies. We will see that, by addressing fraud, security, data portability and governance risks heads on, not only will the uptake of Cloud services rise to include mainstream customers and conservative verticals but also the type of data and processes that will migrate to the Cloud will become more critical to the customers.”

The panel is on Thursday May 24 at 9:50am.

April 16th, 2012

Webinar Reminder: Developers, Developers, Developers

Layer 7 RedMonk Developers WebinarIt’s about developers again.

Everything in technology goes through cycles. If you stick around long enough, you begin to see patterns emerge with an almost predictable regularity. I actually find this comforting; it suggests we’re on a path of refinement of fundamental truths that date back in a continuous line though Alan Kay to Turing and beyond.

The wrong way to react to technology cycles is with the defensive-and-crusty “this is nothing new kid—we did it back in ’99 when you were stuck in the womb.” Thanks for nothing, Grandpa. A better approach is to recognize the importance of new energy and momentum to make great things happen.

The cycle that really excites me now is the new rise of the developer. Trying my best not to be crusty, there is a palatable excitement and energy out there that really does feel like it did in 1999. After years of outsourcing, after years of commoditization, developers matter again. A lot. It’s like the world has rediscovered the critical importance of this fundamentally creative endeavor.

This is a golden age of technology and possibility, one that is being driven by new blood and newer technology. The catalyst is the achingly perfect collision of Cloud, mobility and social discovery with APIs, node.js, Git, NoSQL, HTML5, massive scalability… (I really could go on and on here).

Most of all, I’m excited by movements like Codecademy. This simple idea perfectly reflects the tenor of the time in which we live. People are no longer afraid of making things easy. The priesthood is gone; coding is now confident and mature.

I’ll be talking more about these topics – and the important role APIs play – in an upcoming webinar I will be delivering with James Governor, co-founder of RedMonk. This is the analyst firm that truly is at the heart of the new developer movement. I hope you can join us Thursday, April 19 at 9am Pacific. This one is going to be good.

Click here to register for the webinar: Developers, Deveopers, Developers - Why API Management Should be Important to You featuring RedMonk

April 4th, 2012

Upcoming Webinar: Developer Engagement for Open API Initiatives

Layer 7 - RedMonk WebinarThe recently-published Layer 7 white paper Secure Mobile Access for Enterprise Employees points out that, from a business perspective, the real value of mobile devices is not in the devices themselves – it is in the apps that run on these devices. Similarly, from a technical perspective, while APIs hold a great deal of potential value for enterprises, developers hold the key that unlocks this potential.

Value comes not from devices or APIs as such – it comes from developers and the applications they build for these devices, against these APIs. To get true value from its APIs, an organization must take a developer-centric approach: reaching out to get developers on board; providing support to help developers use APIs effectively; tracking API usage to identify the most valuable developers; managing APIs to ensure developers can create applications that work consistently.

Our upcoming webinar Developers, Developers, Developers – The Secret to Running a Successful API Management Program will explore tools and techniques for developer-centric API management. Presented by Layer 7 CTO Scott Morrison and RedMonk analyst James Governor, this webinar will take place at 9am PDT on April 19. Space is limited, so don’t hesitate – sign up today!

March 8th, 2012

Reminder: Upcoming API Access Control Webinar

Layer 7 WebinarOAuth handshake patterns and OAuth token management are currently two of the hottest topics related to enterprise APIs. Although OAuth originated as a third-party authorization mechanism, it now addresses a multitude of patterns related to controlling access for RESTful APIs. With version 2.0 of the standard defining numerous grant types that accommodate both two and three-legged cases, OAuth is becoming the de-facto standard for any API access control.

Regardless of the specific access control scenario, any enterprise-scale OAuth implementation must leverage existing infrastructure and processes for managing and controlling identities. For example, OAuth should be implemented in a way that maintains any existing Single Sign-On user experience or it should simply reuse existing identities and their attributes as part of the authorization checks.

Next Wednesday, I’ll be joined by Steve Coplan of 451 Research for a webinar called Simplifying API Access Control with OAuth. We’ll be taking an in-depth look at just how OAuth can be integrated with existing systems for effective API access control. We’ve already had a lot of interest in the event but there are still a few free spots, so don’t hesitate to sign up for the webinar today.