“ In short, software is eating the world. We are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy. Marc Andreessen
Evans, Hagiu, and Schmalenseeexplored this deeply in 2006
And Annabelle Gawerhas formalized the solution
In the API era of competition, speed is crucialbecause critical mass leads rapidly to marketdominance.
[Ecosystem Competition] Kishore S. Swaminathan, Chief Scientist, Accenture
Open platforms mean thatapps can be built by developers quicklywithout formal commitment tojoint research,joint development, andjoint marketing.
Open platforms decouple partners from theplatform provider’s business cycles.
This reduces the cost of innovation,enabling many more experiments to be mademore quickly,increasing the chance of a major improvementto the platform business, its customers, and itsintermediaries.
This takes us to the stakes required for adigital business in the API era.
For an intermediary to connect a buyer andseller, there must be trust.
The intermediary must be trustworthy,and the transaction must be trustworthy.
In modern businesses, buyers (users)have accounts with sellers (providers)which are filled with dataas well as transaction privileges.
For the system to function well, buyers must be able to fire their intermediarywithout breaking their relationship with the seller.
With apps as the intermediary, new dynamicsexist on top of the historical foundation.
Apps are new.They are often short-lived.Their business model depends on building ahigh volume of users.They must have some way to attain their firsttransaction and be proven or else improved.
And this way must align with theloose coupling philosophy at the heartof an open platformotherwise we’ve just secured our way backinto old-fashioned closed businessesand killed our platform opportunity.
“ 20th Century IT was about raising barriers to entry for competitors. 21st Century IT is about lowering barriers to participation. James Governor Redmonk
So how do you build a trustworthy systemin an open world?
An app should have just enough permissionto do the things the user wants it to.
OAuth allows for granular access to the user’saccount.The current alternative is all or noneGive the app your username and password –which gives the app access to everythingabout you.
In OAuth, permissions can be gracefullyupgraded as well.If the user tries to do something in an app andthey haven’t authorized the correspondingpermission, the business can give the usersthe option to add that permission, using thebootstrapping sequence used to grant thetoken in the first place.
A developer’s job is to make software thatdoes what it is supposed to do.A security expert’s job is to make suresoftware never does what it is not supposedto do.
App developers DO NOT WANT theresponsibility of holding a user’s secretinformation.Usernames and passwords,Credit card and banking information,Lifetime history of everyone you’ve emailedThese are heavy secretsand require heavy security.
The right place for these is within your ownbusiness, secured by your own experts andyour own infrastructure investments.
Decoupling partners from these challengeskeeps security consistentwith the open platform potential forlow-friction innovation.