CIS13: Identity-enabled Network APIs

566 views
482 views

Published on

Andrew Johnston, Technology Strategy Manager, Services Enablement, Telus
Many organizations face a common set of challenges as they look to contribute their APIs to the online and mobile application ecosystems. Key concerns include defending our customers from potential API abuse, putting our customers in control of their own service experiences, delivering the best possible user-experience and presenting usable APIs to developers. Learn how TELUS has approached these challenges with the assistance of standards like OAuth 2.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
566
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS13: Identity-enabled Network APIs

  1. 1. Mobile Identity: Truth and Dare – Identity-enabled APIs Andrew Johnston Member of the TELUS team Cloud Identity Summit 2013 July 12, 2013
  2. 2. TELUS Public2 n  (coverage map) n  (key services, technology)
  3. 3. TELUS Public3 Why APIs are important n  Re-using capabilities saves time and money. n  Introducing well-considered APIs affords the abstraction of complexity. n  Opening access to capabilities for 3rd parties brings: n  additional savings; n  greater access to innovation.
  4. 4. TELUS Public4 Why measuring API use is important What we expected 1.  SMS (messaging) 2.  Location 3.  MMS (picture messaging) 4.  Charging 5.  Subscriber profile What we saw 1.  Subscriber profile 2.  Charging 3.  SMS (messaging) 4.  Location 5.  MMS (picture messaging) “There’s something missing.”
  5. 5. TELUS Public5 Why identity is important to APIs n Every API needs a subject. n “On the Internet, nobody knows you’re a dog.”
  6. 6. TELUS Public6 Authentication as an API n  TELUS issues secure credentials to our subscribers. n  Let’s use those! n  Look to what’s working and, ideally, standardized. n  SAML 2.0 Web Browser Single Sign-On Profile. n  Don’t write security software. n  Privacy benefits available. “OK, but…”
  7. 7. TELUS Public7 API Authorization n  Developer usability counts, too. n  Standards are still a good idea. n OAuth 2.0 n  Writing your own security software is still a bad idea. n  Build on what you have. n  Re-use is fun and valuable! n  Customers get a say.
  8. 8. TELUS Public8 What worked well for us n  All customer feedback is positive. n  If they’re unhappy, you’ve learned something! n  Developers are people, too. n  Help them by letting them focus on what they want. n  Keep interfaces simple and consistent with how they will be used. n  Look for standards with: n  a number of interoperable, commercially-supported implementations; n  good tools for a number of platforms; n  an accessible community of practice. n  Re-use represents real value. “Web views? Really?”
  9. 9. Questions? andrew.johnston@telus.com

×