The document discusses APIs for digital services and the ecosystem. The most requested APIs by startups are listed as provisioning, identity, charging, user validation, and single sign-on. A chart shows the level of integration for backend services, ranging from no integration to deep integration. The pillars for a proper internet service platform are discussed, including infrastructure abstraction, identity management, profile management, transaction management, analytics, and exposing services through APIs.
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Ā
Taw opening session
1. APIs for the digital service
ecosystem
Michel Burger
Chief Architect R&D
Distinguished Engineer
michel.burger@vodafone.com
2. Confidentiality level on slide master
Most Requested API by startups
1. Provisioning
2. Identity
3. Charging
4. User Validation
5. SSO
Option 12
3. Confidentiality level on slide masterOption 13
Services
that run on
top of
Services
that run
better with
Services
that are
running by
Type of Back End Services
No Integration
Commercial Agreement
(ex: pre embedded client)
Operated externally
Multi level of integration
(light to deep)
Commercial Agreement
(ex: charge to bill)
Generally operated externally
Deep integration
Product or work package done by
vendor or internally developed
Generally operated internally
Differentiation Potential Revenue
Intrinsic Drive and Incentive
Strategic Choice
4. Confidentiality level on slide master
Basic Enabler
Access
1 2 3 4 5
Ī±
Ī²
Ī³
Ī“
Vodafone
Identity
SSOFederated
User Profile
CRM
REST
Analytics
Cloud
System
Mgmt
User Experience
SystemIntegration
Charge to bill
To get money from people who
donāt have a bank account
Store usage
Strong brick and mortar
presence in many countries
Level of Integration for Back End Services
5. Confidentiality level on slide master
Pillars for a proper internet service platform
ā¢ Infrastructure abstraction: to go beyond virtualization to provide service with a set of
API on how to consume basic resources (Storage, Computing, Queueing, Network)
ā¢ Identity Management: to provide open standard (OpenID, Oauth) to deal with identity
and authorization by interacting with different legacy system
ā¢ Profile Management: to make sure that all data resources are linkable and discoverable
ā¢ Transaction Management: to provide the infrastructure to deal with distributed
transactions for operation like user lifecycle
ā¢ High Performance IO Management: to handle real time near real time distributed
event management for services
ā¢ Analytics: to make sure that every services generates data and there is a way to extract
value from that data
ā¢ Exposing service APIs in the proper context: services are about API and not
just end to end experience:
ā Device Management
ā Connection Management
ā User Profile
ā User Services
Option 15
Device as a service
User as a service
6. Confidentiality level on slide master
Working on the API for Management
1. Shared resources and representation
2. Share attributes
3. Service management
Option 16
9. Confidentiality level on slide master
Identity Management: Single Sign On
Responsibilities
ā¢ Allows Customer to login to Services
using their Operator username /
password
ā¢ provides a Common interface for all
Services with re-use to new services
as they arise i.e. build once and use
many
ā¢ Enables click through support
between services without signing in
again
ā¢ Makes use of existing Operator
systems ā development is all
undertaken by top level, with support
from Operators.
ā¢ Services integrate to a single
gateway
ā¢ This in turn is integrated to each
operator SSO system
ā¢ Customer can use their
username to access
Service 1 Service 2
Opco 1
SSO
Opco n
SSO
Other
OpCo
SSO
Top Level
SSO
Gateway
OpCo_username
Service n
10. Confidentiality level on slide master
Profile Management: Resource Discovery
Service 1
Customer
Registry
Serivce n
ā¦
Client
(Internal, 3rd
party)
Resource
Discovery
Responsibilities:
ā¢ Indicates the location of userās
disparate data resources
ā¢ Combines multiple resources into
one view of data across multiple
systems
ā¢ Enables geo-distribution of
resources
ā¢ Enables scalability by spreading
resources across distributed nodes
ā¢ Enables classes of service and
data availability (e.g. VIP users)
Provides data integrity for a system based on
distributed or 3rd party components
11. Confidentiality level on slide master
Transaction Management: User Lifecycle Management
ā¦
User Lifecycle
Management
Responsibilities
ā¢ Manages complex transaction of
user provisioning (Creating,
Updating and Deleting user)
ā¢ Provides consistent way to manage
the user lifecycle across internal
and external services
ā¢ Provides unified set of API on user
lifecycle operations for customer
support services
Provides system integrity for a system based on
distributed or 3rd party components
SSO
Customer
Registry
Resource
Discovery
Service 1 Serivce n
Client
Registration
Customer
Service
13. Confidentiality level on slide master
Electricity production and consumption
Collocation Centralization of production
Decentralization of consumption
Mass distribution of
production and
consumption
Collocation is back
Dam used as cheap stora
13
14. Confidentiality level on slide master
Core Computing (storage, execution ..) production and
consumption
Disconnected computing
?
Cloud Computing
14
Operator
Network
15. Confidentiality level on slide master
The threat: the OTT View
15
+
Modern data centers are an extensive network of
blades that expands within the data centre or between
data centres. Each blade is remotely controlled to
dynamically managed the forwarding plane
For economy of scale, this network needs to be
inexpensive, agile , elastic and controlled by the
application layer using SDN/Openflow
The device is becoming yet
another blade (with
constraints (power, bandwitdth))
To expand the data center as a network of blades, new blades have
been added. Originally these blades had a specific purpose of improving
traffic flow and latency.
CDN
Node
CDN optimizer
Gateway/appliance are
intalled on premise
Home
Gateway
Enterprise
Gateway
Hardware abstraction
ā¢ Network elements should run using commodetized
hardware
ā¢ Network becomes elastic
Forwarding plane remote access
ā¢ Clear separation between the control plane and the data
plane
ā¢ Application layer to control the forwarding plane
ā¢ Can be implemented natively or as an overlay
Google
Akamai
Google, Apple: TV
Amazon: Streaming
Google: openflow technology in android
Oracle: control of the Java virtual machine
Operator
Network
Network of blades
16. Confidentiality level on slide master
The threat: the OTT View
16
+
CDN
Node
Enterprise
Gateway
Modern software services are made of
distributed elements (pieces of software logic
and data) that are accessible thru API. These
elements can be instantiated on different blades
or can migrate from blades to blades (liquid
services)
These software services can use or migrate to remote blades to
offload centralized data center blades and to improve the user
experience.
ā¢ OTT surround or populated our network to create an overlay network of service elements
ā¢ High level control information (routing, flow optimatinization data)., nter-element information and service
data and is going thru tunnels to optimize traffic, offload workload, execute service logic
ā¢ Our network has zero visibility of these three types of information
We are being pushed down to just become one of the forwarding plane
tunneling signalling from the device to a massively distributed controller
Cloud elasticity, Caching
Google desktop, CDN Caching, Facebook desktop UI, Chrome, Kindle
Modern data centers are an extensive network of
blades that expands within the data centre or between
data centres. Each blade is remotely controlled to
dynamically managed the forwarding plane
To expand the data center as a network of blades, new blades have
been added. Originally these blades had a specific purpose of improving
traffic flow and latency.
Home
Gateway
Network of blades
17. Confidentiality level on slide master
The threat: The Network View (with an network approach)
17
Confining SDN to just address the cost (APEX and OPEX)
reduction by creting a virtualized and agile network
Abstracting the hardware of network elements give the ability
to use commodity hardware (CAPEX reduction)
Network need to be software progammable and controllable
to automate the management (OPEX reduction)
Implementing SDN in the network
ā¢ Create a cheaper and more agile network
ā¢ Does not change the status quo but distract operator from the real issues
SDN solve the problem ādu jourā about reducing cost, similar to IMS few year
ago with the problem ādu jourā of accelarating service innovation while
OTT by using SDN will accelerate their abiltity to deliver innovative services
18. Confidentiality level on slide master
The opportunity: The Network View (with an IT approach)
18
Enterprise
Gateway
Home
Gateway
A lot of raw storage and computing power locked in
proprietary solutions which make the network an IT no
manās land
Abstracting the hardware of network elements
enable the ability to exposed them as IT resources
Network need to be software progammable and
controllable to allow quick access of the resources
Implementing SDN in the network
Implementing on premise
(home/enterprise) gateway as IT
resource allows us to extend our
reach
ā¢ Edge (one hope away) IT resources to handle low latency user solution are more viable than device as
IT resources
ā¢ Complementary to the other IT resources
We are part of the computing supply chain providing specific IT resources
only network operator can implement and we have visibility of inter-service
element traffic
Edge IT
Resources
Edge IT
Resources
Edge IT
Resources
Core IT
Resources
Software services can be distributed
at the edge of whithin the network
either for minimizing the latency of the
user experience or optimizing the
centralized data center load
Operator
Network
19. Confidentiality level on slide master
Core Computing (storage, execution ..) production and
consumption
OTT view
Disconnected computing Cloud Computing Massively distributed computing
We are pushed down to just become one of the
forwarding plane
19
Network of blades
Operator
Network
Operator
Network
20. Confidentiality level on slide master
Core Computing (storage, execution ..) production and
consumption
Network View (with an IT approach)
We are complete part of the computing supply chain
providing one hop away computing resources
20
Network of blades
Operator
Network
Disconnected computing Cloud Computing Massively distributed computing
21. Confidentiality level on slide master
What we could do and how?
Confidentiality level in footer | 25 June 201321
ā¢ Leverage the network to become a massively distributed data center and
partner with cloud IT resource provider (like Amazon) to create a continuum of IT
resources from the back end to the device with a strong defacto standard
ā Accelerate migration to general purpose hardware, increase virtualisation in the network controllable by
the software layer and implement IT abstraction using defacto standard leveraging Hybrid Cloud Broker
ā¢ Implement on premise (home/enterprise) gateways as IT resources to expand
reach
ā Promote the deployment of home/enterprise gateways with specific purpose as dedicated soluton and
as IT resources
ā¢ Provide network edge IT resources to mobile solution developers for unmatched
user experience (<1ms latency) and ability to offload back end data center : Edge
cloud (one hop away IT resources )
ā End user device as an IT resource has many constraints (power, bandwith (cost and availability)) which
donāt exist on network edge IT resources. Accelerate the introduction of edge network element as an IT
resource, Develop Network API.
ā Developers are already creating elastic solutions using defacto standard, this is just a distributed
extension of elasticity
ā¢ Improve our influence and steer Open Network Foundation (IT lead) and
OpendDaylight (Network lead) initiatives, educate developers by pushing our
system expertise to create manageable
24. Confidentiality level on slide master
About 11850 Amps to generate
around 8.4 Tesla fields (about
150000 times the earth
magnetic field) but they
operate at low Voltage
A lot of what LHC is about is electricity flow management
25. Confidentiality level on slide master
How BIG?
BIG data is like the LHC combined with gold
extraction
- Huge amount of data -> 6.6 Zettabytes/year by 2016 (Cisco
Cloud Index)
- Big flow of data -> 400TB/day (Facebook)
- LHC generates 10-15 Petabytes/year of data for each
experiment
26. Confidentiality level on slide master
The essence of new service
providers
ServiceData
Consumes
Produces
Improves
experience
Many free services
One data set
and common semantic
The more context
the more efficient and
the more value
Value enriched Data
generates
revenue
Example:
Search/Information Management :
Rated auction/Selling:
User
BI Based Revenue Models
(eg Advertisement)
Core Semantic
Data Set
Mindmap
Service
Service
Revenue from
existing services
will shrink
Additional
revenue from
new services
27. Confidentiality level on slide master
Classic Approach
ā¢ Structured Data
ā¢ Data in the range of Gigabytes to Terabytes
ā¢ Centralized (Data is imported in analytics)
ā¢ Batch based
ā¢ Data silos
Transaction Relational
Database
Data
Warehouse
Analyze
Where is the data that answer my questions ?
ETL ETL ETL
28. Confidentiality level on slide master
ā¢ Multi Structured Data
ā¢ Data in the range of Terabytes to Petabytes
ā¢ Distributed/Federated (Analytics grab the data)
ā¢ Streaming based
ā¢ Holistic Data
Big Data Approach
2
3
n
1
Organize Analyze
Stream
Clusters
Here are the questions and the data for the answers
Sources
29. Confidentiality level on slide master
A new pattern
Consumption
API
Data card
Sim Card
ContentServices
Knowledge
References
Applications
Social Networks
Connected Things
(Consumer, Enterprise)
Connected
Devices
Network Core
IT Infrastructure
RAN
Premise
Gateway
ā¢ Many different data structures
ā¢ Many different ways to extract the data
ā¢ Many different locations (even for the same type of
data)
ā¢ Batch and Realtime based
ā¢ Buffered or stream
ā¢ Correlation parameters
ā¢ Buffering, Routing, Filtering
ā¢ Structured/Unstructured store
ā¢ Event Collector
ā¢ Batch Process/Multi Structure
Stream
ā¢ Multi Stage Store/Process
NonReal-timeReal-time
LowlevelSemanticRichSemantic
CheapStorageHighEfficientStorage
Report
Statistics
Data as a
Service
Graph
Network/
Analysis
Neura l
Network/
Analysis
ā¢ Structured
Buffering
ā¢ Proprietary
ā¢ Graph
ā¢ Neural Network
ā¢ Relational
ā¢ Unstructured
Buffering
ā¢ Streaming
ā¢ Taping at Source
ā¢ Taping on Stream
ā¢ Consumption to
Source
SourcesStream
30. Confidentiality level on slide master
With added security
Sources
Consumption
API
Data card
Sim Card
ContentServices
Knowledge
References
Applications
Social Networks
Connected Things
(Consumer, Enterprise)
Connected
Devices
Network Core
IT Infrastructure
RAN
Premise
Gateway
Report
Statistics
Data as a
Service
Graph
Network/
Analysis
Neura l
Network/
Analysis
ā¢ Securing the infrastructure (public, private)
ā¢ Policy (internal/external)
ā¢ On-going assessment (DDOS, Penetration ā¦)
ā¢ Data leakage
ā¢ Migration
ā¢ Securing the identity
ā¢ Validating ID
ā¢ Anonymization
ā¢ Securing the access
ā¢ Distributed permission/preference
ā¢ 3rd party permission
ā¢ Strong access
control based on
industry standard
(user, dev,
application)
ā¢ Strong
authorization
control based on
open standard
ā¢ Analytics applied
to Analytics
Stream
32. Confidentiality level on slide master
Device
Management
Device
Virtualization
Device
Connected Device
Managed Device
Device as a Service
NetworkStack
Management
Agent
Service
Platform
Services
ā¦
Discovery
Security
Messaging
Protocol
End Point Abstraction
Device Capabilities
Device Profile
Service Enablement
Billing,
Provisioning,
Cloud Services
Content based..
Local Applications
OS
Hardware
(processing/storage/io)
Device Model
Data Abstraction
Data rendering
Service experience
Localrep
of
remoteservice
Localrep
of
remoteservice
The new device
Device as a Service
The binding between the device as a service and a cloud service
can be of the following spectrum from downloading an
application in the device to having a description (html5 based) of
what the interaction should look like pre rendered in the device
proxy.
Atomic
Service
Composite
Service
Network App
3rd party
Identity
Local app
Update
Each steps from device to device as a service implies add-on on
the physical device.
Composition
Device as a service
Connection
Device ProxyConnectionDevice
34. Confidentiality level on slide master
Work
Package
API
Aggregator
Specialized API
(API to focus on a specific client)
Eg: Mobile API, Web API ā¦
SDK
(Code that hide the API for a specific platform)
Eg: Eclipse Plug-in, Mobile device SDK (Apple, Androidā¦)
Via
API optimization
Whattype
ofAPI?
Whichchannelis
usedtodistributethe
API?
Raw
Exposure
PortalAggregatorService Provider
Redistribution
for
for
...
Standard
Environment
Via
API adaptation
Customized API
(API created for a specific partner)
Eg: Apple, Googleā¦
Whoas
developer
willusethe
API??
Back end service API
(Normalized APIs, Common Enablers, Partners
API)3rd party
Product
Opco Opco Opco
What
developer
dowiththe
API?
OTT
Service
Service
Bundle
Mashup Application
Howisit
presented?
OTT API
OTT may also develop anmobile/web app on
tpresentdirectly to the end user or distribute the API
via the appropriate API channel
Web
App
App
Store
Whoisthe
end
customer?
Packaged
Product
Enterprise Consumer
Web DeveloperOTT Service
Developer
Mobile Developer
Device Developer
B2B Service Provider
Developer
Long TailShortTail
Charge to bill
for
Custom
Code
on
Internal
program
for API
normalization