White Paper: Security and Agility in the API Economy. Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7



Similar documents
Helping organizations secure and govern application services for SOA, Web and the Cloud

SOA and API Management

Identity, Privacy, and Data Protection in the Cloud XACML. David Brossard Product Manager, Axiomatics

An Enterprise Architect s Guide to API Integration for ESB and SOA

5 Pillars of API Management with CA Technologies

Top 10 Reasons Enterprises are Moving Security to the Cloud

API Architecture. for the Data Interoperability at OSU initiative

SaaS. A Cost Reduction Strategy or a Source of Strategic Advantage? Paul Selway Solution Architect

Entitlements Access Management for Software Developers

The bridge to delivering digital applications across cloud, mobile and partner channels

APIs The Next Hacker Target Or a Business and Security Opportunity?

API Management Introduction and Principles

Reaching Customers Across Multiple Channels

What Is Cisco Mobile Workspace Solution?

SAP API Management Power Digital Acceleration with APIs. Saad Syed

IBM API Management Overview IBM Corporation

Customer Cloud Architecture for Mobile

Customer Cloud Architecture for Mobile

Understanding Enterprise Cloud Governance

White Paper: Cloud Identity is Different. World Leading Directory Technology. Three approaches to identity management for cloud services

Avoiding the Accidental SOA Cloud Architecture

A Comprehensive Solution for API Management

Federated Identity and Single Sign-On using CA API Gateway

Overview of F5 Networks. Fatih Bilger Senior Systems Engineer, Prolink.

HOW TO BUILD AN ENTERPRISE APl PLATFORM 20 WAYS. TO BETTER DELIVER, MANAGE & SECURE APIs

Leveraging the power of social media & mobile applications

A Step-by-Step Guide to Defining Your Cloud Services Catalog

Is Liferay Right for Your Organization? Seven Things to Consider When Choosing a Portal Platform

API Management Buyers Guide. White Paper

Accelerate Your Enterprise Private Cloud Initiative

PRACTICAL IDENTITY AND ACCESS MANAGEMENT FOR CLOUD - A PRIMER ON THREE COMMON ADOPTION PATTERNS FOR CLOUD SECURITY

Beyond ESB Architecture with APIs

EMA Radar for Workload Automation (WLA): Q2 2012

White Paper Cybercom & Axiomatics Joint Identity & Access Management (R)evolution

White Paper The Identity & Access Management (R)evolution

vision realize your software-defined with the Digital Data Center from Atos Whitepaper

Introduction to SAML

Achieve Economic Synergies by Managing Your Human Capital In The Cloud

Building Cross Platform Mobile Apps Dev Tools, MBaaS, Architecture, APIs

The Top 5 Federated Single Sign-On Scenarios

Sentinet for BizTalk Server SENTINET

SOA Governance: What s Required To Govern And Manage A Service-Oriented Architecture. An Oracle White Paper October 2006

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Sentinet for BizTalk Server SENTINET 3.1

Picasso Recommendation

Cloud Service Brokerage Case Study. Health Insurance Association Launches a Security and Integration Cloud Service Brokerage

TIT E IS A. Social Media. Soziale Netze und IT Sicherheit. Herausforderung? Chance? Alfred Bach Solution Strategist ALPS WE CAN IN BO

VALUE PROPOSITION FOR SERVICE PROVIDERS. Helping Service Providers accelerate adoption of the cloud

What You Need to Know About Transitioning to SOA

SOA and Cloud in practice - An Example Case Study

I D C V E N D O R S P O T L I G H T

SaaS, PaaS & TaaS. By: Raza Usmani

Michigan Criminal Justice Information Network (MiCJIN) State of Michigan Department of Information Technology & Michigan State Police

Why Architecture Matters

Michigan Criminal Justice Information Network (MiCJIN) State of Michigan Department of Information Technology & Michigan State Police

Overview of IBM Cloud Integration

> Please fill your survey to be eligible for a prize draw. Only contact info is required for prize draw Survey portion is optional

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

Mobile Data Virtualization. From Managing Devices, to Apps, to Business Data through Mobile Data Access APIs

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

Infrastructure for more security and flexibility to deliver the Next-Generation Data Center

How your business can successfully monetize API enablement. An illustrative case study

Service Virtualization: Managing Change in a Service-Oriented Architecture

Air Force SOA Enterprise Service Bus Study Using Business Process Management Workflow Orchestration for C4I Systems Integration

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

The case for Application Delivery over Application Deployment

WHITE PAPER. Written by: Michael Azoff. Published Mar, 2015, Ovum

SOACertifiedProfessional.Braindumps.S90-03A.v by.JANET.100q. Exam Code: S90-03A. Exam Name: SOA Design & Architecture

EMA Radar for Private Cloud Platforms: Q1 2013

Improve your mobile application security with IBM Worklight

Cisco Unified Network Services: Overcome Obstacles to Cloud-Ready Deployments

Optimizing Service Levels in Public Cloud Deployments

MaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang

Assuring Application Security: Deploying Code that Keeps Data Safe

SOA REFERENCE ARCHITECTURE: WEB TIER

Global Headquarters: 5 Speen Street Framingham, MA USA P F

How SITEFORUM provides you with main components to build and run an innovative cloud computing service for an industry or special interest group

expanding web single sign-on to cloud and mobile environments agility made possible

API Management: Powered by SOA Software Dedicated Cloud

NOT ALL END USER EXPERIENCE MONITORING SOLUTIONS ARE CREATED EQUAL COMPARING ATERNITY WORKFORCE APM TO FOUR OTHER MONITORING APPROACHES

Accelerate Mobile App Delivery: API Security for DevOps

SOFTWARE-DEFINED ARCHITECTURE

Understanding Object Storage and How to Use It

The XACML Enabled Gateway The Entrance to a New SOA Ecosystem

Take Your Rocket U2 Apps Mobile with Rocket LegaSuite. Greg Mummah, Product Manager Rocket Software

Junos Space for Android: Manage Your Network on the Go

ecommerce & Digital: Margin Management

Ensuring High Service Levels for Public Cloud Deployments Keys to Effective Service Management

Manage all your Office365 users and licenses

How the Barracuda Web Application Firewall Secures Your Mobile and IoT Services. Whitepaper

API-Security Gateway Dirk Krafzig

Boosting Business Agility through Software-defined Networking

Is Your Company Mobile Ready?

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

Build Your Mobile Strategy Not Just Your Mobile Apps

Six Best Practices for Cloud-Based IAM

Enterprise On The Go: 5 Essentials For BYOD & Mobile Enablement

CA Federation Manager

Choosing the Best Mobile Backend

Enterprise Private Cloud Storage

Transcription:

White Paper: Security and Agility in the API Economy Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7

Security and Agility in the API Economy The API Economy is more than the latest buzz-phrase. It is the foundation of a new way for businesses to acquire customers and generate revenue, with lower acquisition and transactional costs than has ever been possible. The API Economy drives how modern web applications are designed, and how Internet commerce will work for the foreseeable future. The technology behind the API Economy is simple, but powerful. Businesses make data and services available over the Internet by using standard web technologies, and through application programming interfaces, or APIs. Customers and partners use APIs in their own applications and services depending on the needs of the business, with or without cost. Because it leverages the power of Metcalfe s Law (the same law that drives the growth of social media sites like Facebook), the API Economy has the potential to be a major source of profit growth for business. For example, in 2012 Salesforce realized that more than half of their $2.2 billion revenue was attained through their API, rather than their web user interface. Web APIs The Foundation of the API Economy A web API is simply a programming interface exposed to the Internet, which uses familiar REST (REpresentational State Transfer) technologies, the same technology browsers and web sites use. Customer programs submit well-defined requests to the interface, and receive some sort of well-defined data back as the result. The request and response can be anything; a request for a price, the location of an office, or the summary analysis of data which has already been collected. Web API s are everywhere and their number is growing at an impressive rate. There are currently almost 10,000 registered and publicly usable API s registered at programmableweb (http://www.programmableweb.com), a popular public web API registry. This is only the tip of the iceberg, because programmableweb only lists public web APIs and not private ones. The number of APIs available is impressive, and the number of transactions using those APIs is staggering. Google processes around 5 billion transactions per day through its web APIs. Twitter processes nearly 13 billion transactions per day and Amazon is closing in on a trillion transactions per day. With these kinds of numbers, you simply cannot leave the management and security of your APIs as an afterthought. The Advantages of Web APIs Why is the notion of web APIs so appealing? Mainly, architecting applications as a set of consumable web APIs promotes agility and lets developers compose complex systems using already built services in a simple and well-defined way. Additionally, it provides a new way for organizations to provide value to customers and partners. Even if the company doesn t drive revenue through their APIs, the enhanced level of collaboration with customers and partners can generate substantial value through increased sales and customer satisfaction. Exposing data and services over the Internet poses enormous security risks, and poses the question: Who is accessing your data? Are they accessing it legitimately, or are they somehow cheating the system and getting it for free? Are hackers taking advantage of publically available interfaces to gain access to data and systems that you need to keep secure? Maintaining security by controlling access to your public APIs are the price of admission to the API Economy. 2

Architecting for Agility and Security It s difficult to know the best way to structure and control access to your API, and it is almost certain that you will go through several iterations before you discover what is best for you and your customers. If you want to maintain security and remain agile in the wake of changing requirements understanding, your application design should incorporate three architectural concepts: 1. Separate the API structure from the underlying service. 2. Separate API security from the underlying service. 3. Manage security with policy, not code. Separating functional concerns in this way creates a system that is agile and adapts to changes in requirements. You can accomplish this with little or no change to your underlying service code by using Layer 7 s SOA Gateway to manage your APIs, and ViewDS s Access Sentinel to provide security services. Managing and Optimizing Your APIs with Layer 7 SOA Gateway Layer 7 s API Proxy is a virtual API gateway that gives API publishers a simple tool for securing, orchestrating and optimizing APIs and enforcing SLAs. The API Proxy can: Protect APIs against attack and misuse. Define and enforce API rate limits and SLA metrics. Translate between JSON and XML. Track and report on API usage and performance. Mediate between API versions. Cache identity calls or messages, for improved performance. Integrate with existing corporate security resources like LDAP, AD and SSO. Securing your APIs with ViewDS Access Sentinel Access Sentinel is an XACML-based authorization server that stores, manages, and evaluates access control policy for your applications, such as Layer 7 s API Proxy. ViewDS s Access Sentinel is an XACML 3.0-compliant authorization server that; Provides applications with externalized, policy-based access control, which allows security to be controlled by policy, rather than be being hard coded within an application. Allows policies to be managed easily and to have the management of policies delegated to different user groups with different responsibilities. Supports role-based access control (RBAC) and attribute-based access control (ABAC) models using: attributes about the user and the device they are using attributes about the resource or service they are interacting with attributes about the action they are performing attributes from the environment, such as the time of day and location. 3

Figure 1. API management and security architecture Layer 7 s API Proxy sits between the applications of your customers and partners and your API service, receiving service requests (1) and applying translation policy to them. As each API request comes in, the Layer 7 API Proxy interprets the incoming parameters (2) and determines what kind of request it is. It then passes this information to Access Sentinel (3) to determine and apply the appropriate authorization policy (4). If request is allowed (5), the API Proxy then translates the request and passes it to the back-end service for processing (6 and 7) and the results of the service are returned to the client (8). If the policy says the request is denied, the Layer 7 API Proxy simply returns an error to the client application. Agility and Security You Can Have it All with ViewDS and Layer 7 When your API requirements change for instance, accommodating for a new mobile application, you can create additional API versions without changing your back-end service software simply by changing the API policy rules in the Layer 7 API Proxy. Or, if your authorization requirements change, such as providing certain APIs for free and other APIs only to paying customers, you can simply change the authorization policy in Access Sentinel to look up the customer s account status without changing your back-end service code. Your API and security systems can evolve independently of your back-end service, providing agility while maintaining security. 4

By combining ViewDS Access Sentinel and Layer 7 s API Proxy, you can reduce the time it takes to make your APIs available. This improves the security of your APIs and makes it easier to create new versions of your APIs without breaking your customer s applications. You can also experiment with new API structures and authorization policies without rewriting your core services. Learn More About ViewDS Access Sentinel and Layer 7 API Proxy For more information about how to design agility and security into your API project and help ensure your success in the API Economy, contact ViewDS Identity Solutions at www.viewds.com, or Layer 7 Technologies at www.layer7.com today. About Layer 7 Technologies Layer 7 is a leading provider of security and management products for API-driven integrations, spanning the extended hybrid enterprise. Layer 7 products simplify: The management of open API for developer communities. Partner and cross-divisional integration via SOA. Cloud connectivity. Enterprise mobile enablement for BYOD (bring-your-own-device) initiatives. Layer 7 has experienced more than double-digit growth for the past five years. In 2011, st Deloitte named Layer 7 as the 71 fastest growing technology company in North America. Layer 7's products have received numerous industry recognitions. In 2011, Layer 7 was the only vendor in its category to be named both a Forrester Wave Leader and a Gartner Magic Quadrant Leader. In June 2013, Layer 7 Technologies was acquired by CA Technologies and since then, Layer 7 has complemented CA Technologies with solutions such as SiteMinder and LISA. About Us ViewDS provides identity management infrastructure for large enterprises and government agencies world-wide, and is a recognized leader in directory and authorization technology. ViewDS products are fast, scalable, and designed for ease of use. ViewDS Directory Server is a highly scalable X.500/LDAP/XML server that provides secure, searchable, fast identity search and retrieval functions for air traffic control, defense, and telecommunications companies all over the world. ViewDS Access Sentinel is an XACML 3.0-compliant authorization server that provides flexible, secure authorization services for applications. It externalizes authorization policy for your application and supports rolebased access control (RBAC) and attribute-based access control (ABAC) models. 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information