The Oracle-Versus-Google Verdict Comes Down
June saw a remarkable amount of media coverage focusing on the world of APIs, as the Oracle/Google court case made headlines. Layer 7’s Jaime Ryan was relieved that the ruling stated APIs are not protected by copyright. Jaime said: “By taking a strong stand on the issue… the judge has possibly prevented a whole new round of lawsuits that could have rivaled the still-ongoing Apple/Samsung/Google patent wars.”
Read the full post >>>

Are Open APIs Too Open for Big Business?
In July, Ronnie Mitra took a detailed look at how nervous major social media platforms like Twitter and Facebook were becoming about their open APIs and concluded that “enterprises will need to adapt or risk being unable to reach their customers as the device revolution continues at its explosive pace… Organizations need to think carefully and plan their API strategies in order to find the perfect balance between control and accessibility.”
Read the full post >>>

Why I Still Like OAuth
In the midst the controversy surrounding July’s formalization of OAuth 2.0, Scott Morrison launched a passionate, though qualified, defense of the standard. Scott argued that “sometimes you just have to declare a reasonable victory and deal with the consequences later. OAuth isn’t perfect, nor is it easy. But it’s needed and it’s needed now, so let’s all forget the personality politics and just get it done.”
Read the full post >>>

History Repeats: The Search for Agility & Reuse Through APIs
This September, Dimitri Sirota visited the SDP Global Summit in Rome and noticed how much of the discussion around telecom carriers’ API initiatives echoed the SOA talk of a decade ago. He noted “telco after telco (echoed) the decade-old SOA mantra of abstraction, agility and reuse when talking about their new API initiatives… But if Web APIs are to deliver on the SOA vision of agility and reuse, they will need some of the same plumbing that made Web services work.”
Read the full post >>>

RESTful or Not?
Also in September, Mike Amundsen provided an explanation of the key term “RESTful”, which is so often used in reference to APIs and Web services. Mike explained: “Essentially, REST… is a style. Specifically, it’s a style of network-based software architecture. This style was first defined in 2000 by Roy Fielding. Fielding stated that ‘an architectural style is a coordinated set of architectural constraints that has been given a name for ease of reference’.”
Read the full post >>>

We tackled issues around mobile and BYOD head-on in a white paper called Secure Mobile Access for Enterprise Employees, which describes how enterprises can securely open their data and application functionality to mobile devices via custom-made apps. Another popular white paper was Federated Identity & Single Sign-On, which explores identity federation for API, mobile, SOA and cloud.

Our webinars featuring input from Forrester Research also drew a lot of interest, especially A Practical Guide to API Security & OAuth for the Enterprise, which provided real-world insight into deploying OAuth as the access control component of a complete API Management solution. Forrester also helped us explore enterprise mobile enablement in another webinar, How to Make Your Enterprise Applications Mobile Ready, Fast.

Looking to the future, Layer 7 will be publishing a series of eBooks, outlining essentials for addressing key issues around API Management and Mobile Access. We got a great reaction from the first of these, called 5 Ways to Get Top Mobile App Developer Talent for Your Open APIs. Over the coming months, we’ll also be publishing eBooks talking about mobile enablement and OAuth. Be sure to watch out for those!

Meanwhile, BYOD is making Mobile Access an urgent issue for enterprises; forcing them to make application functionality available to app developers in a consistent, easily-consumable, mobile-optimized manner, via APIs. Therefore, enterprise technologies are evolving to support API-based mobile interactions.

Identity and access management (IAM) represents a key concern for enterprise IT and it is particularly crucial in BYOD/enterprise mobile scenarios. Mobile IAM requires fundamentally new approaches and the adoption of new standards such as OAuth.

These are some of the most critical issues facing IT departments today but the associated techniques and technologies are not necessarily that well understood in the enterprise world. Therefore, I’d like to take this opportunity to  flag up some relevant webinars from the Layer 7 archive, all of which feature Forrester Research.

If you’re facing the challenge of ensuring secure access in an enterprise mobile scenario, these resources should help you make sense of the issues:

• How to Make Your Enterprise Applications Mobile Ready, Fast
  Leverage backend mobile middleware to deliver mobile ready enterprise APIs
  Find out more >>
• Identity, Access & Privacy in the New Hybrid Enterprise
  Make sense of OAuth, OpenID Connect and UMA
  Find out more >>
• A Practical Guide to API Security & OAuth for the Enterprise
  Implement OAuth as part of an enterprise-level API security solution
  Find out more >>

We have some pretty exciting things planned for upcoming Tech Talks. The next regular Tech Talk will be a discussion of “Swagger, WADL & API ‘Scriptions” on May 29. You can click here to add it to your calendar. We’re also planning to stream a very special Tech Talk from the upcoming Glue Conference. Watch this space for more details.

For all the latest Tech Talk news – as well as quick-and-easy access to archived broadcasts – you can visit the Tech Talk Tuesday page on our Web site.

Many of Layer 7’s customers have already made the move into the Cloud. These companies have benefited greatly from our expertise in governance for SOA. This is because SOA governance is directly applicable to the Cloud. Our white paper The Value of Application Service Governance for Cloud Computing provides a detailed explanation of this connection.

Written by internationally-respected SOA/Cloud thought leader David Linthicum, in collaboration with our own Scott Morrison, this white paper outlines how the structure of SOA – services distributed across departments and locations – is at the core of all Cloud computing. So, governance principles that are effective in SOA also work in the Cloud.

To learn more, download The Value of Application Service Governance for Cloud Computing.

This summer, we presented a webinar that addressed these specific issues. Created in association with Red Hat, Security, Governance & Integration in a Cloud-Connected World provided deep insight into how enterprises can address integration, management and security challenges arising from technologies like SOA and Cloud.

With input from Pierre Fricke, Director of SOA Products at Red Hat, as well as Jaime Ryan, our Partner Solutions Architect, this webinar proposed combining an enterprise service bus with a SOA Gateway to create a secure, standards-based system for governing integrations that cross organizational boundaries. You can stream the full recording in the player below.

[youtube]http://www.youtube.com/watch?v=ol8YO9F3O7k&feature=channel_video_title[/youtube]

For Cloud providers, API publishing has become critical to enabling integration with enterprise systems, sharing information across affiliate Web sites and providing mobile access to services. Of course, Cloud computing and API publishing create all sorts of new security concerns, which is where secure integration providers like Layer 7 come in.

This webinar was co-presented with our friends at the Cloud Security Alliance but it’s about more than just security. A truly safe and secure API publishing programming will have to tackle the full range of API management concerns. Specifically, Cloud API publishers need ways to address versioning and to meter consumption without burdening either developers or consumers.

To find out more, you can read about the webinar on the Layer 7 Web site or simply watch the recording in the player below.

Over the last few years, social media and mobile devices have provided all sorts of organizations with the motivation they need to start publicly exposing data and services they would previously have kept private. Clearly, this raises security and management concerns, especially for larger enterprises with valuable data to protect and reputations to maintain.

While API management products have been on the market since at least 2006, there’s still fairly limited understanding of what a fully-functional API management solution looks like – or should look like. Earlier this year, we published our Choosing the Right API Management Solution for the Enterprise User white paper, to help enterprises fill in the blanks.

So, if you’d like to learn the key functional and operational requirements for an API management solution, just download this white paper.

With these Cloud security-focused events just around the corner, it seems like a good time to mention our archived webinar Extending Enterprise Security into the Cloud. Presented with The 451 Group, this webinar explored ways for enterprises to extend existing security investments into the Cloud without incurring significant costs or creating additional IT complexity.

Presentations from Layer 7 CTO Scott Morrison and 451 Group Security Analyst Steve Coplan, delved into how enterprises can leverage the identity, privacy and threat-protection technologies they already own to facilitate the secure adoption of SaaS, IaaS and other Cloud-based technologies.

You can read more about the webinar in our Resource Library or simply watch the recording in the player below, courtesy of the Layer 7 YouTube Channel.

And if you happen to be attending either CA World or the CSA Congress, stop by and say “hi”. CA World attendees can find us at Partner Pedestal 261A in the Cloud Section and Partner Pedestal 338B in the Security Section. For the CSA conference we’ll be at table 10. Hope to see you there!

Our white paper Identity Federation in Web Services explains exactly why federation is such an issue with Web services. It explores federation problems commonly associated with reusing application logic across diverse business processes that traverse multiple security domains with independent preferences, capabilities and requirements.

It also outlines the requirements for a solution that will simply, effectively and securely bridge application identities across security domains. Our experience with customers – along with the fact that this has consistently been one of our most downloaded resources – continues to reinforce our belief in the value this type of solution offers to today’s extended enterprise

Read the white paper: Identity Federation in Web Services >>