VMworld 2012 kicks off at the Moscone Center in San Francisco this week. At the event, VMware will be making some exciting announcements around the delivery and management of public and private clouds using automation technologies.

Rapid deployment and onboarding has always been a key requirement for Layer 7 solutions, which is what initiated our strong partnership with VMware years ago. These announcements will showcase the next step in that evolution.

Layer 7 will be presenting at the VMworld Solutions Exchange and we’d love for you to stop by to talk about how we take advantage of the latest VMware technology. Come discuss your use case and find out how we can:

• Protect and manage vCloud APIs
• Securely expose APIs from a vCloud-based solution
• Govern infrastructures based on the vCloud Architecture Toolkit (vCAT)
• Orchestrate APIs for value-added interfaces
• Dynamically provision vApps from policy based on SLAs
• Enforce access control and threat protection across hybrid cloud environments

We’ll also be giving demonstrations of our VMware Ready certified products, including the SecureSpan Mobile Access Gateway and Layer 7 API Portal. In case you can’t catch us on the west coast, we’ll also be at the VMware Forum in Toronto on September 20.

As a San Diego resident, I always love it when friends or relatives come for a visit because it gives me an opportunity to show off the great attractions that America’s Finest City has to offer. From the beaches to the parks to the World Famous San Diego Zoo, there is a multitude of great sights to see.

Next week, IT professionals and enterprise decision makers will descend on San Diego for the Gartner Catalyst Conference. While I hope they have the opportunity to see something of the city, there will be plenty of sights at the Manchester Grand Hyatt from Monday to Wednesday. Discussion topics will include building out a mobile strategy, creating a hybrid cloud infrastructure and making use of “big data”. And Layer 7 will be there in force.

Stop by our booth (#K24), have a drink with us at the reception or visit our zoo-themed hospitality suite in the Oxford room, on Wednesday night. You’ll be able to see our SecureSpan Mobile Access Gateway and the latest version of our API Portal in action, including fun demos of functionality for OAuth and streaming Web protocols.

To hear about a real-world application of our technology, come listen to Thomas Nienhaus of Lilly present on the topic of “Secure Data Access Through a Mobility Gateway” (at 4pm on Tuesday). You could also schedule some time with one of our experts, who will review your technology needs, match them with a Layer 7 solution and provide a live look at our products. We can even give you some hot tips on where to find the best fish tacos in town.

Steve and I had another great Tech Talk in Vancouver this week, discussing the recent controversy around OAuth 2.0 and the state of the standard in general. A couple of questions that came up (thank you Michael and David, among others) were around the availability of libraries for iOS and Android platforms.

Although I’m not as familiar with Android, there definitely seems to be a lack of tooling for enabling OAuth 2.0 on iOS today. The lack of client-side libraries for standards-based access control on mobile devices generally could be problematic for API adoption in the enterprise, as mobile applications represent one of the main targets for enterprise APIs.

Facilitating OAuth on mobile applications is going to be central to my presentation at next week’s Chicago Mobile Meetup where I’ve been invited to speak. At the meetup, we’ll be describing client-side OAuth tooling patterns, exchanging our ideas about different approaches and discussing some code samples.

From there, I will be making my way to Australia for an API Management Breakfast Seminar in Melbourne, where I’ll be talking about API Management in general but also covering the latest in OAuth 2.0 solutions. Finally, I’ll be moving on to the Gartner AADI Summit in Sydney, where Layer 7 will be at booth S6.

Cloud Identity Summit was definitely worth the trip. The talks were great, the audience was great and the venue was outstanding. Sign me up for next year in Napa!

It’s beautiful and quiet at Vail Cascade this morning. As I stepped outside, I’m pretty sure I saw SAML scurrying away into the trees. This is weird given this week’s proclamations that SAML was dead. Although we won’t be rid of SAML anytime soon, I do look forward to enterprise adoption of the new kid on the block: OpenID Connect. Easier federation, OpenID Connect-style is already common for consumer identity providers; enterprise identity providers should take note and follow suit. As a vendor of API Management infrastructure, it’s up to us to enable the enterprise to better reach out to its target audience. I see support for OpenID Connect as a key component in achieving this today.

My favorite proclamation of the week goes to Patrick Harding who declared in his talk titled “The Platformication of the Enterprise is Upon us Again and They Forgot Security (Again)” that API tokens are going to be “the currency of the API economy”. The management of tokens and their lifecycle is indeed a crucial component of API Management. Consider the case of a mobile application consuming an enterprise API using an OAuth token. Such tokens are associated with the API provider, the user (subscriber), the mobile application and the mobile device. Each live token is potentially associated with multiple parties and one of the challenges of API token management is to enable control of the right tokens by the right parties.

As Layer 7’s CTO, Scott Morrison, recently stated: API Management = Developer Management. Okay, there are actually many elements to API Management – securing APIs, enforcing rate limits and SLAs, translating protocols and so forth. But if developers can’t make use of your APIs, then your APIs aren’t going to do you much good. So, providing a place where developers can discover, register for, learn about and leverage your APIs is – in many ways – the key to a truly effective API Management strategy.

That’s why the Layer 7 API Portal – which is designed to help organizations onboard, educate and manage developers – is one of the cornerstones of our API Management Suite.

The world of Web, mobile and cloud API publishing is growing and changing at an incredible rate right now, so we’re constantly working hard to expand and refine our line of API-focused products. With all that in mind – and hot on the heels of our SecureSpan Mobile Access Gateway – we’re very excited to announce version 2.1 of the Portal.

With the developer management needs of API publishers constantly evolving, we’ve added a range of new functionality to the Portal, including:

• Advanced analytic reports
• More granular privacy controls
• Enhanced lifecycle management features
• New customization options for the content management system

We’re exhibiting at Mobile+Web DevCon in San Francisco this week. If you’re at the show and you’d like to learn more about this new API Portal release, please stop by our booth.