Download as KEY, PPTX
![POST /Users HTTP/1.1
Host: example.com
Content-type: application/json
Authorization: Bearer h480djs93hd8
{
"schemas":["urn:scim:schemas:core:1.0"],
"userName":"bjensen",
"externalId":"bjensen",
"name":{
"formatted":"Ms. Barbara J Jensen III",
"familyName":"Jensen",
"givenName":"Barbara"
}
}](https://image.slidesharecdn.com/csg2012final-120613135256-phpapp01/85/CSG-2012-18-320.jpg)
Uploaded byScotty Logan
CSG 2012
The document discusses identity management in the cloud and APIs. It notes that provisioning is essentially the same across cloud services, so the APIs should be similar as well. It introduces the Simple Cloud Identity Management specification, which aims to standardize user and group provisioning across cloud providers using a common RESTful API. The document also discusses the growth of APIs and how developers are driving adoption by building applications and mashups that integrate multiple services. It contrasts SOAP and REST approaches, noting that REST and JSON are now more common as they map better to typical programming models. OAuth is mentioned as the preferred approach for authentication in APIs.
![Single page apps_with_cf_and_angular[1]](https://cdn.slidesharecdn.com/ss_thumbnails/rguckcbqqt2k4rnw6eno-140518085920-phpapp02-thumbnail.jpg?width=640&height=640&fit=bounds)
![Ebook undisturbed rest-v1 [res_tful apis]](https://cdn.slidesharecdn.com/ss_thumbnails/ebook-undisturbedrestv1restfulapis-190917001013-thumbnail.jpg?width=640&height=640&fit=bounds)
CSG 2012
- 2. RESTRICTED R UNDER 17 REQUIRES ACCOMPANYING PARENT OR ADULT GUARDIAN MAY CONTAIN METAPHORS THAT HAVE BEEN STRETCHED BEYOND THEIR BREAKING POINT MAY CONTAIN CODE SAMPLES THAT CAUSE DISTRESS TO PROGRAMMERS AND NON-PROGRAMMERS MAY CONTAIN STATEMENTS THAT UPSET FANS OF WS-*, XML, JAVA, PHYSICAL SERVERS OR THE ENGLISH
- 3. IdM in theCloud
- 4.
- 5. Groups http://www.flickr.com/photos/pineapples101/4557395008
- 6. Deprovisioning http://www.flickr.com/photos/cpstorm/140115572
- 7. Makes my headhurt!
- 8. Provisioning API? Provisioning isessentially the same for each service so why aren’t the APIs the same?
- 9. Internet Identity Workshop Spring & Fall Mountain View, CA
- 10.
- 11. Common Problem Small businesses Startups No problem in old Windows world But now manual provisioning to all cloud providers
- 12. Improvement Small businesses Startups Manualprovisioning to one provider “Primary” provider provisions others Provision users and groups
- 13. Simple Cloud Identity Management http://simplecloud.info/
- 14. IESG hated thename Participants wanted to work with IETF Renamed, but retained acronym Trying to avoid Jabber / XMPP mess
- 15. System for Cross-Domain Identity Management http://simplecloud.info/
- 16. Groups what if cloudproviders implement SCIM? “consume” users push groups to campus SCIM endpoint
- 17. What is SCIM? SAMLbinding RESTful API Create, Update, Delete Users, Groups JSON (& optionally XML) OAuth 2 preferred for authentication
- 18. POST /Users HTTP/1.1 Host:example.com Content-type: application/json Authorization: Bearer h480djs93hd8 { "schemas":["urn:scim:schemas:core:1.0"], "userName":"bjensen", "externalId":"bjensen", "name":{ "formatted":"Ms. Barbara J Jensen III", "familyName":"Jensen", "givenName":"Barbara" } }
- 19.
- 20. Cloud, APIs & Mashups http://www.flickr.com/photos/cizauskas/1422943356
- 21. APIs One of theadvantages of cloud services Programmatic data access Enables mashups and integration across apps APIs usually unique to service
- 22. API Ecosystem Major changesover last few years REST, JSON, OAuth defacto standard SOAP, WS-* dying out for public APIs
- 23.
- 24. API Value Chain App App App World of API Internal User Store App Developer APIs API Team Systems
- 25. Application Developers areKingmakers App App App World of API Internal User Store App Developer APIs API Team Systems
- 26. #1 Rule forSuccess Make it easy for developers Build APIs they can poke at with simple tools Exploration and documentation
- 27. SOAP Simple Object AccessProtocol but really it’s RPC (CORBA, COM, etc) tunnels RPC through firewalls w/HTTP WS-*, WSDL and expensive tool kits uses XML good for document markup no native support for data structures
- 28. this means update POST /InStock HTTP/1.1 Host: www.example.org Content-Type: application/soap+xml; charset=utf-8 Content-Length: 299 SOAPAction: "http://www.w3.org/2003/05/soap-envelope" <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> this means </soap:Header> <soap:Body> read <m:GetStockPrice xmlns:m="http://www.example.org/stock"> <m:StockName>IBM</m:StockName> </m:GetStockPrice> </soap:Body> </soap:Envelope>
- 29. Makes my headhurt!
- 30. KISS REST: using HTTPas it was designed Create, Read, Update, Delete resources JSON: JavaScript Object Notation maps directly to programming constructs easier to process than XML
- 31. GET /stocks/IBM?currency=USD HTTP/1.1 Host:www.example.org Accept: text/plain HTTP/1.1 200 OK Content-type: text/plain 194.29
- 32. GET /historicalPrices/1.0/?stock=AAPL&api_key=... HTTP/1.1 Host:api.stocklytics.com HTTP/1.1 200 OK Content-Type: text/csv date,open,close,high,low,volume 2012-06-12,574.4600,576.1600,576.6200,566.7000,15549300 2012-06-11,587.7200,571.1700,588.5000,570.6300,21094900 2012-06-08,571.6000,580.3200,580.5800,569.0000,12395100 2012-06-07,577.2900,571.7200,577.3200,570.5000,13563100
- 33. Why do APIsmatter? We have large volumes of data on campus Cloud is not a one way street Sometimes cloud apps will need to pull from campus APIs We need easy-to-use APIs
- 34. Authentorization How do thosecloud apps authenticate and get authorized to access our users’ data?
- 35.
- 36. OAuth 2.0 “the valetkey for the web” simplified version of OAuth 1.0 cryptography is no longer mandatory relies more on HTTPS easier for developers
- 37. You’re probably using it already Do you use 3rd party apps with Facebook, Twitter or Google Apps?
- 40.
Editor's Notes
- #2 \n
- #3 \n
- #4 NIST defines 3 service models\nHow you actually use the cloud\n\n
- #5 No IdM: just a recommendation for a service, or a discount\nManual IdM: someone creates each user\nSelf-sign-up: usually using email verification (old Google Team Edition)\nBulk load: CSV file of users\nAPI: &#x201C;unique&#x201D; API to create users\nCreate on first login: use SAML assertion or OpenID + AX to create user\nNo API or Attribute standards... yet\n
- #6 Does the app support groups?\nDoes it have a group API?\nCan you disable the apps group management?\nCan you sync groups back?\n
- #7 disable or delete or disable then delete\ndid the user own data?\nhow is that data handled?\nhow is audit trail affected if user is deleted?\nhow is licensing affected if user is deleted?\n\n\n
- #8 \n
- #9 \n
- #10 \n
- #11 \n
- #12 What if...\nyou had a &#x201C;primary&#x201D; provider?\nand that provider could provision accounts with other providers?\n
- #13 Enterprise IT...\nWe already have IdM\nSimpler integration with new providers\n
- #14 \n
- #15 \n
- #16 \n
- #17 \n
- #18 \n
- #19 \n
- #20 \n
- #21 \n
- #22 \n
- #23 \n
- #24 \n
- #25 \n
- #26 \n
- #27 \n
- #28 Tool vendors saw SOAP & SOA & WS as a huge opportunity\nDevelopers saw SOAP as a way to get RPC through the firewall\n&#x201C;the two port internet&#x201D;\n
- #29 \n
- #30 \n
- #31 remember, URL means &#x201C;Uniform Resource Locator&#x201D;\n
- #32 \n
- #33 \n
- #34 If our APIs are not easy to use, people will work around them\n\n
- #35 \n
- #36 \n
- #37 \n
- #38 \n
- #39 \n
- #40 \n
- #41 \n