June 26th, 2014

APIs in the Connected Car: APIdays San Francisco

APIdays SFToday, I’m going to share some rather opinionated thoughts about APIs and the connected car. My opinions on this subject sprang from a combination of real-world experience plus (informed) speculation and came together as I prepared a talk for APIdays San Francisco.

The connected car is widely recognized as a game changer for the automotive industry. Experts all agree that just selling cars is a thing of the past. Mobility, connectivity and in-car user-experience will be leading decision considerations for car sales. Right now, automotive manufacturers, content providers and app developers are all competing to take a leading role in the connected car space. This is a matter of survival. Winners of the competition will be richly rewarded; the losers may sink into oblivion.

Car manufacturers seem understandably determined to dominate the connected car space. But this space is inherently shared with device manufacturers, content providers and app developers. Take away any one participant and you no longer have a sustainable ecosystem. If the automotive sector is not prepared to work with and accommodate the needs of other stakeholders, then no one will win. There are three things the industry can do to make things significantly better right away.

1. Implement a Standard Hypermedia Type for Automotive APIs
Right now, every car manufacturer wants to do its own thing and sees originality as a key to differentiation. This is a fallacy. There are way too many car manufacturers for content providers and app developers to keep up with the variety. Some have suggested that all manufacturers should just deploy Android as the base OS. I personally doubt they will all be able to agree on something as fundamental as the core OS. We should shoot for something much more realistic.

This is where hypermedia comes in. The most distributed system ever built — the World Wide Web — uses a hypermedia type (HTML) as its engine. There is a great opportunity to create a hypermedia format for car APIs that will energize the space just like HTML did for the Web. I believe this format could be based on an existing, generic type such as: Uber, HAL or Siren. This would be similar to the way the Collection.Document type was created for the news media industry, based on Collection.json.

2. Adopt a Standard API Security & Identity System
The prospect of connected cars getting hacked creates enormous anxiety. But connected car security can be addressed quite simply by adopting a security framework based around compartmentalization and standards-based access control.

In this context, “compartmentalization” means that core functions of the vehicle should be highly guarded. Specifically, no third-party app should have access to core driving functions like handling and braking. Meanwhile, a standards-based access control framework like OAuth will provide secure, granular access to specific system features. This would be similar to the way mobile apps currently ask for access to other parts of the device (GPs, contacts etc.)

3. Enable App Developers
Currently, only the lucky few are able to develop apps for connected cars. Generally, these are app vendors that have formal partnerships with car manufacturers. In most cases, developers can’t even get access to API documentation without a group of lawyers signing stacks of papers. The connected car space will not develop if it remains a tightly-held, closed system. On the contrary, manufacturers must build developer communities by providing the things that developers require: documentation; self-service portals; sandboxes; SDKs etc.

But That’s Not All
These are three immediate steps that can be taken to improve the connected car space significantly but as the space develops, we will have to focus not only on immediate requirements but also on the big picture. The connected car is a special case of the Internet of Things (IoT). The context of IoT is different enough that it requires a fundamentally different approach to system design and architecture. Hopefully, I will be able to delve into this context more in future.

Another aspect of the big picture is a good deal simpler: fun. If this space is going to develop as it should, manufacturers will have to make it fun for developers to experiment with the potential of automotive connectivity.

So, have fun out there!

June 9th, 2014

Jailbreak Your APIs

Jailbreak Your APIsAt this week’s Computers, Freedom & Privacy Conference, I gave a presentation titled Jailbreak Your APIs, in which I explored the concept of “linked APIs” and explained the potential these interfaces have for helping us create a freer, more open world. The global informational overload that we are constantly exposed to, can be overwhelming but ideas like linked APIs help us remember that the explosive surge of available data also brings us beautiful things such as transparency, openness and an unprecedented feeling of global connectedness.

We’ve never felt more connected to the rest of the world than we do now. Computers, mobile devices and the Internet have brought us closer than ever before. We now take it for granted that a person can be pretty much anywhere in the world and still get a real-time, front-row view of breaking news from half-way around the globe. While this disappearance of informational boundaries has surfaced many of our most polarizing differences, we still cherish our unprecedented ability to access information because access to information has always been our most powerful weapon for defending our rights and liberties.

In this context, the White House’s Open Data Policy (part of the Open Government Initiative) is particularly exciting. Never before has the American public had so much access to government information, at all levels. And all this happens directly through the Internet, in near real-time. The ability to access this information in a timely manner is crucial – we need access to information right when it is immediately relevant to guaranteeing our freedoms. This relates to my work with CA Layer 7’s API Academy because APIs supply the core technology for facilitating timely access to data.

Recent growth in the prominence of APIs is not simply a reaction to Open Government and Open Data. The API has organically become more important in recent years, due to our increasingly mobile lifestyles. APIs are vital to mobility because they connect our mobile devices to the cloud – specifically, to the datacenters that host the information and functionality that powers our apps. APIs have played an undeniably critical role in the mobile revolution of recent years. However, for APIs to play a similar role in the Open Data revolution, we need them to become much better.

The problem with APIs right now is that most of them are, at best, creating narrow windows into solid walls surrounding siloed data. Even the biggest, most well-known APIs (such as those provided by Twitter, Facebook and Google) to a large extent, only operate on the data that is within these organizations’ own databases. And most Government APIs don’t even allow any “write” functionality – they are strictly read-only.

In that sense, most current APIs create isolated, guarded data islands. This is very “anti-Web” — the World Wide Web was created in the spirit of decentralized equal participation. On the Web, everybody publishes everywhere, owns their data and then we have ways to reach that data through hyperlinks, through Google search and other methods. APIs have not really reached that stage of maturity yet. APIs are highly centralized, in terms of data storage and virtually none of them ever link to other APIs.

We need a new breed of interfaces: linked APIs, based on the same hypermedia design that we have on the rest of the Web. Such APIs will have the biggest impact for Open Data because they will link and make connections across datasets and organizational boundaries. Linked APIs are also very scalable, so they will be best suited to meeting the challenges of Big Data. After all, the Web is the largest, most distributed network of information humankind has ever created. We know the architecture of the Web can scale and linked APIs have the exact same architecture, with hypermedia as the engine.

For freedom of data, we really need more linked APIs. We can only truly have open and free data if we jailbreak the information out of the silos it is currently stashed-away in. Linked APIs provide us with keys to the data fortresses where large aggregators currently keep data. Linked APIs can ensure that our data isn’t stashed in centralized warehouses. Linked APIs represent the engine of data freedom on the Web. Let’s get the engine cranking!

June 6th, 2014

APIs Fueling the Connected Car Opportunity

APIs Fueling the Connected Car OpportunityI just attended the Telematics Detroit 2014 conference, which was abuzz with mobile connectivity sessions and workshops. But the mobile conversation at this event was entirely in the context of the connected car, as opposed to the mobile phone.

The connected car has emerged as a real-world illustration of the opportunities presented to businesses and consumers by the Internet of Things (IoT). And – as you probably know – IoT is a hot topic right now.

Thilo Koslowski, Vice President & Distinguished Analyst at Gartner, who is known for his prediction making, claimed the car will be the most innovative and exciting mobile platform over the next 10-to-15 years. A bold statement but this goal is achievable and very much within reach.

The automobile industry has already made great strides and is quickly leveraging the business advantages offered by the digital economy. What once was considered to be a telematics and roadside assistance market has quickly transformed into fertile ground for mobile app development, with broad connectivity opportunities that will enhance the consumer’s overall digital lifestyle while delivering auto manufacturer efficiencies throughout the entire value chain.

While consumers continue to demand somewhat standard connectivity features such as navigation, maps and parking location services, there’s also a significant demand for advanced connectivity features such as the ability to make payments directly from the vehicle, remotely start the car or receive diagnostic information on a mobile device. There is also a willingness to share data with third parties, especially if this results in a better driving experience or cost savings.

But data sharing has privacy implications in this context, which could become a significant roadblock. A Gartner survey of automobile consumers uncovered that 61% respondents would not opt-in if too much information was taken. So, enabling this new world of connectivity in auto requires a balanced approach. Consumers want the convenience and personalized experience that connectivity offers but only if it doesn’t impact their rights and freedoms.

That’s where a proper API strategy makes a difference. APIs will become fundamental to any connected car strategy by enabling an ecosystem of drivers, vehicles and partners to share data in a way that will improve the consumer experience through better digital design, engagement and security.

To learn more, please read our new eBook: APIs Fueling the Connected Car Opportunity. This document outlines a number of key connected car use cases and explains how the proper API security and management solution will enable you to meet your connected car business and security objectives.

May 27th, 2014

Hybrid App Growth in the Enterprise: Lessons Learned at Gartner AADI

Gartner AADI 2014Last week, I was lucky enough to attend the latest Gartner Application Architecture, Development & Integration Summit in London. One of the key themes that emerged from this show was the need to create agile architectures for mobile apps that leverage enterprises’ backed systems. Architectural agility has long been a central concern for enterprise IT but it has taken on a new urgency with the mobile revolution. As all sorts of enterprises scramble to launch effective mobile app strategies, the issue of how to build agile architectures for the mobile domain is ever more pressing.

One of the key questions for architects charged with enabling enterprise app strategies is whether enterprises should be developing fully native mobile apps, building apps on Web standards like HTML5 or taking a hybrid approach. Based on the sessions I attended and my conversations with architects who are attempting to answer this question in the field, it is clear that each approach has its own advantages and pitfalls. The Web-centric approach enables enterprises to be quick-to-market – a significance advantage in the current climate. But HTML5 simply cannot deliver the kind of rich and seamless functionality offered by native apps.

Logically then, the hybrid approach would seem like the way to go. But even this has its disadvantages. For example, platform vendors like Apple and Google might impose more restrictive terms and conditions on hybrids. Furthermore, hybrid apps retain many of the disadvantages of a Web-centric approach. Hybrids can never deliver the full native experience users prefer and they create significant testing and security challenges. And it’s quite possible that, at some point in the future, mobile development tools could improve to the point where hybrids are no quicker or cheaper to deploy than native apps.

Nevertheless, hybrid apps have significant advantages. First and foremost, the hybrid approach turns the whole “Web-versus-native” binary into a continuum, allowing sophisticated trade-offs to be made between cost/time-to-market and functionality. Furthermore: tools to create hybrid apps are well understood and widely available; unlike pure HTML5 apps, hybrids allow a presence in the app store for marketing purposes; hybrids allow some content and features to be updated without resubmitting the app to the store.

In light of all this, it seems clear to me that the hybrid approach will have a role to play in the ongoing development of enterprise mobility. Indeed, if I remember correctly, one study I heard mentioned said that, by 2016, over half of all mobile apps deployed will be hybrids – whereas less than a quarter were just a year ago. Still, hybrid apps won’t work for every use case and my advice to architects would be to make sure your architectural approach matches the needs and resources of your organization. And whatever approach you take, make sure that it is built on a technology platform that will allow the apps to run smoothly at scale, without impacting the security or performance of backend systems.

December 10th, 2013

Layer 7 at Gartner AADI Las Vegas 2013

Gartner AADI 2013Last week, I attended the Gartner Application Architecture, Development & Integration Summit in Las Vegas for the third consecutive year. Aside from the cool alumni sticker on my attendee badge, returning annually to this conference also provides a really interesting touch-point with a familiar cross-section of potential (and existing) customers.

In past years, talking to other attendees during exhibit hours involved some amount of basic education around the value of APIs to enterprises, potential use cases and the need for security and management of those APIs. This year was a totally different experience, as there was no education necessary. Instead, I found these decision makers already informed – eager to implement or continue implementing their API strategies in order to achieve real-world mandates from their management and lines of business.

They told me about mobile initiatives requiring apps developed for customers, partners and/or employees; they talked about modernization of legacy infrastructure and a deeper embrace of hybrid cloud; they recognized the need for developer enablement and a shift toward continuous deployment. Most importantly for us, they recognized that APIs are essential to the successful deployment of each of these initiatives.

In a world quickly moving toward “software-defined everything,” they also acknowledged the importance of API security and management. Instead of asking why they would need our solution, they asked for differentiators in the marketplace and our latest innovations. I was happy to talk with them about the recently-released version 2.0 of our Mobile Access Gateway, which enables developers to focus on creating the best apps possible while maintaining an unprecedented level of end-to-end security from the native app to the enterprise datacenter.

We also talked about: advanced features in the latest releases of our Gateway and API Portal products; our unparalleled capabilities in security and integration; our recognition from analysts as leaders and innovators in the industry. And we talked about the future – what new technologies are being considered and how they’re going to transform the enterprise even further.

As 2013 comes to a close, this year is beginning to look like a turning point. This may be remembered as the year enterprises embraced the API, leading to a broad range of innovative programs. We’ve seen massive consolidation and investment in our space, including our own acquisition. APIs have certainly joined the mainstream. Now it’s time to see what great things we can help our customers accomplish. I’m really looking forward to 2014!