I was recently introduced to a powerful new tool created by the folks at Persistent Systems, a long time Oracle development and systems integrator partner. The Oracle Identity and Access Management platform has a very rich set of Java APIs that enable developers to access nearly all of the functionality this platform from external applications.  The challenge is not completeness, but complexity.  To take advantage of this rich API set, external developers have to know much about the internal workings of the IAM products and the intricacies of writing the Java code to access the APIs.

The Persistent Systems engineers have developed a REST API on top of the Oracle Identity Governance Java API that exposes OIG capabilities in a much simpler, more “process friendly” way. For example, a few services available are:

• User Access Request
• Get User’s Provisioned Roles
• Acting on Pending Authorizations
• Authenticate User
• Authorize User

… and the list goes on.

How would you like to translate those “business level” requests into Java API calls?

To demonstrate the capability of the REST API, a developer at Persistent Systems created the application shown in the image below, with a clean, easy-to use interface for OIG approvals and certifications – all without being an expert in Java or the detailed processes within OIG.  The iPhone and Apple watch images include screen shots from my phone and watch.  It really does work!

The most important thing to consider is not the neat user interface – although it has some cool features – it is how an intelligently constructed REST API can provide development agility, application flexibility and rapid deployment, all essential enablers for digital transformation.

 Leonardo Da Vinci has been credited with the wise statement, “Simplicity is the ultimate sophistication.”  I think Leonardo would like this approach.

Having previously introduced my thoughts about Yellow Jeep Architecture Users and Instrumenting the Jeep  we can begin to explore what functionality should exist in the Yellow Jeep Cloud. Here are some functions I have considered:

Basic Yellow Jeep Cloud functions:

• data ingest
• data storage
• event processing
• historical analysis, trending
• supervisory control functions
• historical route mapping
• authentication
• authorization
• user registration / profile management
• user password/credential management
• API security

Of course, in keeping with modern standards in the API Economy  cloud functions would all be exposed in the Yellow Jeep API, with capabilities such as these:

• ingest data
• ingest audio
• ingest video
• request raw data
• request data summary
• request calculated data
• request supervisory control data
• request video stream/segment
• request audio stream/segment
• authentication
• authorization
• user management

What functionality should I add?  What capabilities do you think should existing in the Yellow Jeep API?

Roll on Yellow Jeep Journey!

Kuppinger Cole just released an insightful Advisory Note: “Information Security Predictions and Recommendations 2014.”  The introduction stated:

Information Security is in constant flux. With the changing threat landscape, as well as a steary stream of new innovations, demand for Information Security solutions is both growing and re-focusing.

I like both the predictions and recommendations in this report.  Here are a few excerpts from my favorite recommendations:

Cloud IAM (Identity and Access Management)

Define an IAM strategy for dealing with all types of users, devices, and deployment models that integrates new Cloud IAM solutions and existing on-premise IAM seamlessly.

API Economy

Before entering this brave, new world of the API “Economy”, define your security concept first and invest in API Security solutions. Security can’t be an afterthought in this critical area.

IoEE (Internet of Everything and Everyone)

Before starting with IoEE, start with IoEE security. IoEE requires new security concepts, beyond traditional and limited approaches.

Ubiquitous Encryption

Encryption only helps when it is done consistently, without leaving severe gaps.

The whole paper is well worth reading.  Hopefully, this post whetted your appetite a little bit.

I attended a very thought-provoking Kuppinger Cole webinar last week, entitled, “SAML is Dead.  Long Live SAML,” featuring Craig Burton of Kuppinger Cole and Pam Dingle of Ping Identity.  It is now available as an on demand webcast.  My favorite slide addressed the sheer scale of what we are expecting to see in just a few years.

We are all familiar with big, complex operations now:

• Large enterprise Identity repositories:  hundreds of thousands
• Large mobile telephony user repositories: low hundreds of millions
• Large social media sites: high hundreds of millions

Adding addressable devices and the API’s to support those devices is mind boggling.

• Devices by 2015:  almost 3 billion
• API’s to support all those devices: almost 27 billion

Meeting that demand will take some real innovative technology and processes.  The webcast was certainly worth an hour of my time.  I highly recommend it to you.

This morning I enjoyed reading Craig Burton’s thought-provoking blog post, “The API Computing Magic Troika and the API Economy.” The post centers on:

Three core things that make the Intention Economy work. …

• Cloud-based code
• Cheap telephony-data
• Personal Data Technology

I will not attempt to summarize or paraphrase Craig’s characteristically-lucid commentary, but recommend that you read it.  Please also take a few minutes and read the Programmable Web article Craig mentions, about the accelerating growth of public API’s.

I was particularly intrigued by Craig’s closing comment, echoing a view I have held for years:

Digital Identity is core to all this stuff.

Well said, Craig.