May 28th, 2012

Gluecon 2012

Gluecon LogoGlue Conference, aka Gluecon, is such a refreshing event – filled with API and application developers, not a single suit in sight, demo pods, hackathons, spheros etc.

APIs are popping up everywhere and creating amazing integration possibilities. One of the coolest demos I saw at Gluecon was Ducksboard’s dashboard service, which lets you create your own monitoring dashboard using a library of widgets for existing social and Cloud providers. You can even create your own widget and have your own data pushed to it via an API endpoint created just for you, on the fly – so sexy!

Thanks to everybody who came to my presentation Making Sense of API Access Control. I hope this shed some light on how to leverage OAuth for controlling access to REST-based APIs. A lot of the new APIs I discovered this week could certainly use some help in that regard. API key authentication in HTTP basic without password has its limitations. The slides from Making Sense of API Access Control are embedded below.

May 15th, 2012

APIs, Cloud & Identity Tour 2012: Three Cities, Two Talks, Two Panels & a Catalyst

Scott Morrison on Tour 2012On May 15-16 2012, I will be at the Privacy Identity Innovation (pii2012) conference held at the Bell Harbour International Conference Center in Seattle. I will be participating in a panel moderated by Eve Maler from Forrester Research, Inc., titled Privacy, Zero Trust & the API Economy. It will take place at 2:55pm on Tuesday May 15:

“The Facebook Connect model is real, it’s powerful and now it’s everywhere. Large volumes of accurate information about individuals can now flow easily through user-authorized API calls. Zero Trust requires initial perfect distrust between disparate networked systems but are we encouraging users to add back too much trust, too readily? What are the ways this new model can be used for ‘good’ and ‘evil’ and how can we mitigate the risks?”

On Thursday May 17 at 9am PDT, I will be delivering a webinar on API identity technologies, once again with Eve Maler from Forrester. We are going to talk about the idea of zero trust with APIs, an important stance to adopt as we approach what Eve often calls “the coming identity singularity” – that is, the time when identity technologies and standards will finally line up with real and immediate need in the industry. Here is the abstract for this webinar:

Identity, Access & Privacy in the New Hybrid Enterprise: Making Sense of OAuth, OpenID Connect & UMA
In the new hybrid enterprise, organizations need to manage business functions that flow across their domain boundaries in all directions: partners accessing internal applications; employees using mobile devices; internal developers mashing up Cloud services; internal business owners working with third-party app developers.

Integration increasingly happens via APIs and native apps, not browsers. Zero trust is the new starting point for security and access control and it demands Internet scale and technical simplicity – requirements the go-to Web services solutions of the past decade, like SAML and WS-Trust, struggle to solve.

This webinar from Layer 7 Technologies, featuring special guest Eve Maler of Forrester Research, Inc., will:

  • Discuss emerging trends for access control inside the enterprise
  • Provide a blueprint for understanding adoption considerations

You will learn:

  • Why access control is evolving to support mobile, Cloud and API-based interactions
  • How the new standards (OAuth, OpenID Connect and UMA) compare to technologies like SAML
  • How to implement OAuth and OpenID Connect, based on case study examples”

You can sign up for this webinar at the Layer 7 Technologies Web site.

Next week, I’m off to Dublin to participate in TMForum Management World 2012. I wrote earlier about the defense catalyst Layer 7 is participating in that explores the problem of how to manage Clouds in the face of developing physical threats. If you are at the show, you must drop by the Forumville section on the show floor and have a look. The project results are very encouraging.

I’m also doing a presentation and participating in a panel. The presentation title is API Management: What Defense & Service Providers Need to Know. Here is the abstract:

“APIs promise to revolutionize the integration of mobile devices, on-premise computing and the Cloud. They are the secret sauce that allows developers to bring any systems together quickly and efficiently. Within a few years, every service provider will need a dedicated API group responsible for management, promotion and even monetization of this important new channel to market. And in the defense arena, where agile integration is an absolute necessity, APIs cannot be overlooked.

In this talk, you will learn:

  • Why APIs are revolutionizing Internet communications
  • Why this is an important opportunity for you
  • How you can successfully manage an API program
  • Why developer outreach matters
  • What tools and technologies you must put in place”

This talk will take place at the Dublin Conference Centre on Wednesday May 23 at 11:30am.

The panel, organized by my friend Nava Levy from Cvidya, is titled Cloud Adoption – Resolving the Trust vs. Uptake paradox: Understanding & Addressing Customers’ Security & Data Portability Concerns to Drive Uptake.

Here is the panel abstract:

“As Cloud services continue to grow five times faster vs. traditional IT, it seems that concerns re security and data portability are also on the rise. In this session, we will explain the roots of this paradox and the opportunities that arise from resolving these trust issues. By examining the different approaches other Cloud providers utilize to address these issues, we will see how service providers, by properly understanding and addressing these concerns, can use trust concerns as a competitive advantage against many Cloud providers who don’t have the carrier-grade trust as one of their core competencies. We will see that, by addressing fraud, security, data portability and governance risks heads on, not only will the uptake of Cloud services rise to include mainstream customers and conservative verticals but also the type of data and processes that will migrate to the Cloud will become more critical to the customers.”

The panel is on Thursday May 24 at 9:50am.

May 15th, 2012

API-Aware Traffic Management

Cloud ExpoAs I mentioned in my last blog post, the promise of cost reduction is compelling many enterprises to move their workloads into the Cloud but many IT leaders are reluctant to do so, for fear of compromising the security and availability of their services. These concerns are well-founded but the benefits of Cloud are too great to ignore. To obtain these benefits, companies must adopt techniques that protect against the attendant risks, without compromise.

Many people are familiar with Layer 7’s industry-leading security functionality, so it’s no surprise that I’d recommend using our Gateway technology to protect connections from on-premise infrastructure to off-premise Cloud services. The flexibility of deployment options we offer makes it possible to create a network of secure on- and off-premise endpoints to meet the most stringent requirements. This covers security but what about availability?

People seem to be less familiar with Layer 7’s routing capabilities. Our Gateway technology is optimized to perform flexible, content-based routing with negligible impact on overall transaction times. In the context of the Cloud, this means that traffic proxied by a Layer 7 Gateway can be re-directed using intelligent algorithms and even dynamic, state-based awareness. This routing capability, which I call “API-aware traffic management”, brings huge benefits in ensuring availability when connecting to multiple API instances – on-premise, off-premise, in multiple Clouds… anywhere on the hybrid network.

I’ll be discussing this topic in detail at the upcoming Cloud Expo 2012, June 11-14 in New York City. This promises to be a great event, so I hope you can make it and attend my discussion!

April 30th, 2012

Cloud & Clear

Hybrid CloudIt’s April in Vancouver, which got me thinking about clouds.  Although the IT buzz in 2012 has been dominated by mobile and big data, Cloud computing is still a hot topic, especially since it is an enabler for both. In the public Cloud space, Google just launched Drive in the same week that Microsoft updated SkyDrive. In the private Cloud domain, IBM recently announced its PureSystems platform, which falls along similar lines as the Exa- line from Oracle.

It will be interesting to see whether or not big enterprises buy into this “21st century mainframe” concept but what’s clear is that enterprises now want to migrate critical workloads to the Cloud, en masse. To realize the true benefits of Cloud, many of these workloads will have to be running off-premise. But since many will remain on-premise, enterprises will be relying on hybrid Cloud infrastructure for their most significant IT services.

Security remains a major area of concern for organizations looking to leverage the Cloud. Increasingly, availability and reliability are also significant concerns, particularly since Amazon has had a few outages recently. In addition to addressing these concerns, enterprises are evaluating how they can optimize processing volumes to get maximum cost benefit from their Cloud deployments.

Please join me at the Cloud Expo, June 11-14 in New York, where I’ll be discussing solutions for each of these considerations. Hey, we should have blue skies by then!

March 8th, 2012

QCon London 2012 is the Place to be this Week

QCon LogoI’m off to London for QCon 2012, the Sixth International Software Development Conference (March 7-9). I am one of the track chairs for this meeting. I’ve just learned that the show is now sold out but there is a waiting list if you haven’t already registered. All indications are that this is going to be an outstanding conference, so if there is any way you can attend, you should make the effort.

I’m hosting a track this Friday, called Industrial-Strength Architecture for Integration & Web Computing. Here’s how I described the track to potential speakers:

The enterprise is demanding more from the Web than ever before. No longer content with simple Web application delivery, the new enterprise Web has become an integration point between mobile devices, browsers, legacy systems and third-party Web apps. It is a difficult balancing act. The new enterprise Web is highly scalable but can also reconcile the different service level expectations across each participant. At its core, it enables agile product delivery while maintaining extreme reliability. In this track, we will study the architectural challenges faced by the enterprise that needs to harness the Web as a rich delivery channel — and highlight the real-world solutions that address these challenges. We will explore the intersection where trends such as virtualization, noSQL, JSON, OAuth, APIs and mobile apps meet. Join us to understand the fine tuning between milliseconds and dollars that can make the difference between wild success and disappointing mediocrity.

I’m fortunate to have a great roster of speakers, including Theo Schlossnagle from Omniti, Paul Fremantle from WSO2, John Davies from Incept5 and finally both Marcus Kern and David Dawson from Mobile Interactive Group.

I’m also going to chair a panel titled Integration at Scale: Lessons Learned from the New Enterprise Web. This one promises to be a very interesting discussion:

The mobile device revolution has upended our traditional view of the World Wide Web. The enterprise Web is now about integration: connecting any device to to any data, reliably and under wildly-fluctuating load. How has this affected Web architecture and what changes in the day-to-day operation of the Web resource? Join us for this panel of senior enterprise architects, each of whom has met the challenge of the new enterprise Web.

The panel line up consists of David Laing from CityIndex, Neels Burger from MoneySuperMarket.com, Neil Pellinacci form Tanzarine Technology and Parand Tony Darugar from Xpenser. Each brings tremendous experience to the panel and bringing them all together is going to make for a lively and informative debate. I’m looking forward to it.

Hope to see you in London!