The recently-published Layer 7 white paper Secure Mobile Access for Enterprise Employees points out that, from a business perspective, the real value of mobile devices is not in the devices themselves – it is in the apps that run on these devices. Similarly, from a technical perspective, while APIs hold a great deal of potential value for enterprises, developers hold the key that unlocks this potential.

Value comes not from devices or APIs as such – it comes from developers and the applications they build for these devices, against these APIs. To get true value from its APIs, an organization must take a developer-centric approach: reaching out to get developers on board; providing support to help developers use APIs effectively; tracking API usage to identify the most valuable developers; managing APIs to ensure developers can create applications that work consistently.

Our upcoming webinar Developers, Developers, Developers – The Secret to Running a Successful API Management Program will explore tools and techniques for developer-centric API management. Presented by Layer 7 CTO Scott Morrison and RedMonk analyst James Governor, this webinar will take place at 9am PDT on April 19. Space is limited, so don’t hesitate – sign up today!

I’m off to London for QCon 2012, the Sixth International Software Development Conference (March 7-9). I am one of the track chairs for this meeting. I’ve just learned that the show is now sold out but there is a waiting list if you haven’t already registered. All indications are that this is going to be an outstanding conference, so if there is any way you can attend, you should make the effort.

I’m hosting a track this Friday, called Industrial-Strength Architecture for Integration & Web Computing. Here’s how I described the track to potential speakers:

The enterprise is demanding more from the Web than ever before. No longer content with simple Web application delivery, the new enterprise Web has become an integration point between mobile devices, browsers, legacy systems and third-party Web apps. It is a difficult balancing act. The new enterprise Web is highly scalable but can also reconcile the different service level expectations across each participant. At its core, it enables agile product delivery while maintaining extreme reliability. In this track, we will study the architectural challenges faced by the enterprise that needs to harness the Web as a rich delivery channel — and highlight the real-world solutions that address these challenges. We will explore the intersection where trends such as virtualization, noSQL, JSON, OAuth, APIs and mobile apps meet. Join us to understand the fine tuning between milliseconds and dollars that can make the difference between wild success and disappointing mediocrity.

I’m fortunate to have a great roster of speakers, including Theo Schlossnagle from Omniti, Paul Fremantle from WSO2, John Davies from Incept5 and finally both Marcus Kern and David Dawson from Mobile Interactive Group.

I’m also going to chair a panel titled Integration at Scale: Lessons Learned from the New Enterprise Web. This one promises to be a very interesting discussion:

The mobile device revolution has upended our traditional view of the World Wide Web. The enterprise Web is now about integration: connecting any device to to any data, reliably and under wildly-fluctuating load. How has this affected Web architecture and what changes in the day-to-day operation of the Web resource? Join us for this panel of senior enterprise architects, each of whom has met the challenge of the new enterprise Web.

The panel line up consists of David Laing from CityIndex, Neels Burger from MoneySuperMarket.com, Neil Pellinacci form Tanzarine Technology and Parand Tony Darugar from Xpenser. Each brings tremendous experience to the panel and bringing them all together is going to make for a lively and informative debate. I’m looking forward to it.

Hope to see you in London!

OAuth handshake patterns and OAuth token management are currently two of the hottest topics related to enterprise APIs. Although OAuth originated as a third-party authorization mechanism, it now addresses a multitude of patterns related to controlling access for RESTful APIs. With version 2.0 of the standard defining numerous grant types that accommodate both two and three-legged cases, OAuth is becoming the de-facto standard for any API access control.

Regardless of the specific access control scenario, any enterprise-scale OAuth implementation must leverage existing infrastructure and processes for managing and controlling identities. For example, OAuth should be implemented in a way that maintains any existing Single Sign-On user experience or it should simply reuse existing identities and their attributes as part of the authorization checks.

Next Wednesday, I’ll be joined by Steve Coplan of 451 Research for a webinar called Simplifying API Access Control with OAuth. We’ll be taking an in-depth look at just how OAuth can be integrated with existing systems for effective API access control. We’ve already had a lot of interest in the event but there are still a few free spots, so don’t hesitate to sign up for the webinar today.

Content is king – again. After years struggling to regain a foothold under the gale of new Internet technologies, content producers are once again finding their footing. With the popularization of smart TVs, smart-phones and the iPad (the ultimate content consuming device), content has found itself back at the center of the consumers’ entertainment universe.

For content producers, the ability to make content available across devices and through online distribution partners is dependent on opening up the content and associated metadata via APIs. Sometimes these content streams and supporting materials are just opened to select groups of partners. Sometimes this same content is additionally exposed to public app developers, so that they can build the latest and greatest apps around the content.

In either case, because of the explosion in app-driven smart devices and the APIs that connect them, content producers are able to develop new ecosystems, open new revenue streams and build new customer relationships.

That’s why Layer 7 is excited to have been invited to present at the Entertainment Technology Center’s quarterly Mega Session, tomorrow in LA. Coming on the heels of the latest iPad launch, our presentation on new API-driven distribution models couldn’t be more timely.

The 2012 RSA Conference is now over and as many journalists rightly noted this year’s show was as much about opening up the enterprise to the outside as it was about closing the enterprise from the outside. With the acceleration of Cloud adoption and the rapid growth of tablet and smart phone inside the enterprise, the need to manage how information is shared out securely has never been greater. To this end, Layer 7 gave two talks at RSA in addition to two workshops and a sponsorship of Cloud Security Alliance Conference around this general theme.

The two talks given by Layer 7 staff at RSA included one focused on access best practices for APIs called Enterprise Access Control Patterns for REST & Web API and the other focused on the threat implications of Open APIs called Hacking’s Gilded Age — How APIs Will Increase Risk & Chaos. The first was delivered by Layer 7 Director of Solution Engineering Francois Lascelles. The second was delivered by Layer 7 CTO Scott Morrison. For those of you not able to have caught the talks live, we provide the slides below. Enjoy.