This Wednesday in Munich I'm speaking on "Plugging Cloud Identity Leaks -
Should your Business become an Identity Provider?" at the Kuppinger-Cole
European Identity and Cloud Conference.
So what does it mean to "plug a Cloud Identity leak"? If employees at your
business find it easier to "login with Google" or "login with Facebook" to
cloud-based apps which they use for business, then that means that your
employees are using a Cloud-based identity over their corporate login. This
means that your employees credentials are being managed by a third-party.
You're losing control, effectively leaking identity.
What is the alternative? The technical answer comes from standards such as
OAuth 2.0 and OpenID Connect. These allow your employees to use their
corporate login as a springboard to Cloud-based services, providing the same
convenience of single sign-on, but with iden... (more)
A frequent question about the Axway/Vordel API Server is "Can I add a new
filter to the filters on the right of Policy Studio?". The answer is "Yes",
and there are two broad ways to do this. The first way is to use the Filter
SDK, which is a Java SDK for writing filters. The second way, requiring no
programming, is to take an existing policy and convert it into a filter, by
making it into a "Policy Package".
Here I am using the example of SalesForce.com. I have imported a SalesForce
policy [which you can see in action for a SalesForce mashup here]. Once it is
imported, it is visi... (more)
Quick: name some APIs! Which ones come to mind? Amazon? Twitter? Google Maps?
Chances are, the APIs which came to mind are APIs which are open to any
developer to use. But are these the only kinds of APIs that exist? What about
Enterprise APIs?
In order to answer this question, let's look at how APIs can be categorized.
First of all, let's look at API Exposure. The two categories are:
External : Able to be used outside the organization. Internal : Used only
inside the organization
Second, let's look at API Protection. It may be one of three categories:
Open: Anybody can use the AP... (more)
One of the neat features of the Axway/Vordel API Server is the fact that you
can extend it using Java. There are a number of ways of doing this, but a
really neat way is to run your Java class through a Scripting Filter. Here is
a guide to calling your own, or third-pary, Java classes from the
Axway/Vordel API Server.
My use case is that I want to use OpenID for single-sign-on using a Google
login. I found a nice implementation of OpenID called JOpenID and downloaded
it as a jar file. I then placed the JOpenId-1.08.jar file into the /ext/lib
folder of my API Server installation. ... (more)
I've written about this before, but here's a recap and an extra trick which
might be useful...
Let's say your API is expecting parameters passed in the URL, like so:
/customer/12345?name=test
Many REST APIs are defined like this, including parameters in their path.
Here is how you'd read the value of the second item in the URL path, i.e.
"12345" in this case.
Firstly, you'll need the Vordel API Server, which you can download from
www.vordel.com . Then, create a new policy in Policy Studio, starting with
the "Extract REST Request Attributes" filter. To do this, drag it onto the
blan... (more)
- Free Vordel API Workshop in San Francisco next Tuesday
- How to read in a SAML Assertion from a REST STS and insert it into a HTTP header, using the Axway/Vordel API Server
- Forcing HTTP 1.0 or 1.1 for incoming calls to the Axway/Vordel API Server
- Webinar with Jeff Hammond of Forrester - The API wave, the Internet of Things, and the hidden world of Dark APIs
- Simplifying the app delivery stack
- Orchestration of a JSON API with a SOAP Web Service using the Axway/Vordel API Server
- Job posting: Vordel, RESTful Web Services, TIBCO, SiteMinder skills required in Torrance, CA - with SiteMinder, TIBCO, Informatica
- Excellent series on setting up Kerberos, SAML, and RBAC with the Oracle API Gateway
- What to Encrypt - ask the Wizard
- The Goldilocks Question and Your API Analytics