Embed Size (px)
Citation preview
API Management and OAuth for Web, Mobile and the CloudK Scott Morrison
CTO & Chief Architect
Nov 30, 2011
“Change has a considerable psychological impact on the human mind.
To the fearful it is threatening because it means that things may get worse.
To the hopeful it is encouraging because things may get better.
To the confident it is inspiring because the challenge exists to make things better.”
- King Whitney Jr.
This talk is about change
Our basic problem has not changed:
Access to information
But things outside of our control that are
changing
We are interconnected
We are leveraging clouds
Mobility is exploding
You already know the
underpinnings
SOA
But SOA needs to change
And that is what this talk is
about.
Let me tell you a secret…
(it’s a gold rush)
Quote App
Proposal Generator
Product Model:
No. Units:
Next
Proposal Generator
Product Model:
No. Units:
Next
API Portal
Networking Gateway
XML Accelerator
API Portal
Proposal Generator
Product Model:
No. Units:
Next
API Portal
1
3
2
2
Proposal Generator
Product Model:
No. Units:
Next
API Portal
2
Proposal Generator
Discount
Recipient
Submit
Proposal Generator
Discount
Recipient
Submit0%
10%
5%
5%
Proposal Generator
Discount
Recipient
Submit
@whitehouse.gov
5%
Proposal Generator
Processing…
Cancel
Proposal Generator
…Done.
Reference no L7-ABC123
Proposal submitted for review
API
ApplicationProgrammingInterface
APIs transform the Web into an integration platform
Cloud
Third party web apps
Mobile devices
Browsers
Database
Applications
Directory
Legacy
Servers
Enterprise Network
The API is the glue for the New Enterprise Web
Why did the web work so well?
Very loose coupling…
5
Approximate number of global web pages
But haven’t we heard this story before?
WSDL
Web Services Server
Let’s consider the developer experience using SOAP
http://api.layer7.com/getPerson?Name=Scott
{ "firstName": ”Scott ", "lastName" : ”Morrison", ”title" : “CTO”, "address" : { "streetAddress": ”405-1100 Melville", "city" : ”Vancouver", ”prov" : ”BC", "postalCode" : ”V6E 4A6" }, "phoneNumber": [ { "type" : ”office", "number": ”605 681-9377" }, { "type" : ”home", "number": ”604 555-4567" } ] }
http://api.layer7.com/getPerson?Name=Scott
Low Barrier to Entry
Frictionless
Agility
Not Convinced Yet? Take a look at XML
<!DOCTYPE x [ <!ENTITY y "a]>b"> ]><x> <a b="&y;>" /> <![CDATA[[a>b <a>b <a]]> <?x <a> <!-- <b> ?> c --> d</x>
The new alternative is JSON
Structure Name/Value
JSON is simple{ "firstName": ”Scott ", "lastName" : ”Morrison", ”title" : “CTO”, "address" : { "streetAddress": ”405-1100 Melville", "city" : ”Vancouver", ”prov" : ”BC", "postalCode" : ”V6E 4A6" }, "phoneNumber": [ { "type" : ”office", "number": ”605 681-9377" }, { "type" : ”home", "number": ”604 555-4567" } ] }
JSONISJavaScript
XML giving way to JSON illustrates the theme of the change
• Complex• Highly standardized• Vendor driven• Barriers
• Simple• Informal• Grassroots• Frictionless
What about governance?
Contracts
Old way: WSDL
New way: Just write a web page
Design time governance: the
integrated reg/rep
The new design-time governance leverages successful communication tools
• Portal• Wiki• Forum• Blog• Email workflow
What about run time governance?
Rules are only good with enforcement
Consider WS-Security<?xml version="1.0" encoding="utf-8" ?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soap:Header/>
<soap:Body xmlns:m=“http://www.example.org/stock”> <m:GetStockPrice> <m:StockName>ABC</m:StockName> </m:GetStockPrice> </soap:Body></soap:Envelope>
{ "firstName": ”Scott ", "lastName" : ”Morrison", ”title" : “CTO”, "address" : { "streetAddress": ”405-1100 Melville", "city" : ”Vancouver", ”prov" : ”BC", "postalCode" : ”V6E 4A6" }, "phoneNumber": [ { "type" : ”office", "number": ”605 681-9377" }, { "type" : ”home", "number": ”604 555-4567" } ] }
http://api.layer7.com/getPerson?Name=Scotts
What about identity and access control?
SAML is complex
OAuth by example
So what was SOA governance again?
• People• Process • Technology
• People• Process • I have lots of
this already…
Old Governance New Governance
To Summarize:
DocumentationDiscoveryApprovalEnforcementUser ProvisioningCommunity
WSDLReg/RepG10 PlatformGatewayIAMWhat’s that?
Wiki/BlogSearchEmailGatewayPortalForum
Old New
The new way to manage
The new people to manage
These are the new people to manage
“Technology is dominated by two types of people:
those who understand what they do not manage,
and those who manage what they do not understand.”
- Archibald Putt
So how can you understand completely and manage
effectively?
IT is sick of piecemeal solutions
Enterprise Network
That’s why we built the Layer 7 API Developer Portal
API Gateway
API Portal
API Server
Firewall
Developer
App
Let’s Summarize:
• Simple wins every time• SOA is changing
• and so is SOA governance• The new enterprise web is about
APIs• Driven by cloud and mobility
• Solutions like Layer 7’s API Portal integrate all the familiar tools to effectively manage your APIs
November 2011
K. Scott MorrisonChief Technology Officer & Chief Architect
Layer 7 Technologies1100 Melville St, Suite 405Vancouver, B.C. V6E 4A6Canada(800) 681-9377
[email protected]://www.layer7tech.com
For further information:
Picture Credits Big Ben by meanone97 – stock.exchg Whiz Kids by Ron S. Gejman – ron.gejman.com World Puzzle by juancho17 – stock.exchg Rack Server by Pazado – stock.exchg Analogue Erosion Control Device, Fall & wheat by Kevin
Hudkins - Flickr
