Securing Public Cloud IoT APIs, and Building Private Mesh Trust Domains and Enclaves of Privacy to Integrate a Mesh of “Things” with Integrity & Availability
1. Manage Your Mesh
Securing Public Cloud IoT APIs, and
Building Private Mesh Trust Domains and
Enclaves of Privacy to Integrate a Mesh of
“Things” with Integrity & Availability
ryan.bagnulo@soa.com
Twitter: @iryanb
2. APIs are for any “Thing”
and they don’t always belong on the Internet
IoT Mesh
3. Wiring Things to Arduinos
D1: 2.6 Volt RED LED
& 330 Ohm Resistor
A0: 3V Volt Motor &
330 Ohm Resistor
6. The First Step to Managing your Mesh is with an API Gateway
Gateway
Security
Authentication
Protection
IAM Integration
Encryption
Mediation
Quality of Service
Paging/Caching
Orchestration
Scripting
Public IoT Mesh
Private Mesh
ProTip:
Customer Premise
Equipment such as a WiFi
Router or Cableboxshould
filter API traffic with an
embedded gateway
7. Logical Mesh Management Architecture
Private Mesh
https://iot.mymesh.net/
mynet/status
or
https://skynet.im/status
https://p0st3r.broker.soa.com/v1/skynet/status
Public IoT Mesh
8. Use Gateways in the Cloud & Privately
Private Mesh
“Badge Readers”
Private Mesh
“Department X”
Public Mesh
10. API Policy Configuration Templates
Operational Policies
o API Consumer Application Security Policy
o API DDoS & Malicious Code Protection
o Aggregate Policy
o Authentication Policy
o Authorization Policy
o ICAP Antivirus Integration Policy
o Cache Policy
o HTTP Security Policy
o OAuth Security Policy
o Paging Policy
o Pipeline Policy
o WS-Security Asymmetric Binding Policy
o WS-Security Message Policy
o WS-Security Supporting Tokens Policy
o WS-Security Symmetric Binding Policy
o WS-Security Transport Binding Policy
o WS-Addressing Policy
o WS-Auditing SOAP Message Policy
o WS-Auditing SOAP Service Policy
o WS-Auditing Service Policy
o WS-Auditing Transaction Tracking Policy
o XML Policy
Quality Of Service Policies
o Bandwidth Quota Policy
o Concurrency Quota Policy
o Script Policy
o Service Level Enforcement Policy
o Service Level Policy
o Throughput Quota Policy
o Timeout Policy
Compliance Policies
o Aggregate
o Script
o WSI BP
o XQuery
11. Design Complex Process Orchestrations
Execute JavaScript on the API Gateway to Modify Request
and Response Data and to invoke APIs with Branching
conditions for Content Based Routing and API Response
Aggregation
13. Manage Mobile App Access To Your
Mesh with a Developer Portal
• A social developer engagement
platform
• Integrated API documentation
• App access provisioning and
monitoring
• Integrated discussion and newsfeeds
• Trouble ticket management
• Search with full content indexing
• API and App privacy and group
management – essential for B2B and
partner APIs
• Federation to enable new business
models