Welcome!

Cloud Expo Authors: Bernard Golden, Roger Strukhoff, Carmen Gonzalez, Sandi Mappic, Esmeralda Swartz

Related Topics: @ThingsExpo, SOA & WOA, Cloud Expo, Big Data Journal

@ThingsExpo: Blog Feed Post

Rise of the Thing - Internet of Things

The Internet of Things (IoT) is giving rise to a whole new set of protocols for API access

Here are some predictions for the API space for 2014:

Rise of the Client
It's generally agreed that an API is only as good as the clients which use it. An unused API is a failure. So that's why it's odd that so much attention has focused on the server side of APIs, with comparatively little attention paid to the client side (there are exceptions though, like Runscope's handy Request Editor and hurl.it, to help developer API clients).

If you ask an API provider about how their API is going to be called by clients, often you are met with a hand-wavy answer along the lines of "It's REST, so it's easy". While it may be true that it's easy to hack together a client to call the API that "just works", the problem is that that's all it does. It "just works", but doesn't provide the high-level benefits such as:
- Ensuring the API is responding according to your expected service level
- A broker layer so that you're not locked into any particular API provider, or:
- API orchestration

At Axway we've seen that our API Gateway is frequently used at the Client Side, adding a layer of visibility and control to API usage from the client's point of view, as well as providing an independent audit log of API usage, separate from the logs provided by the API provider. All of this points to the rise of the client.

Another major factor involving the rise of the important of the API client is raft of new protocols associated with Machine-to-Machine API access, used in smart-meter or "connected car" environments for example. Which leads us nicely on to the next prediction...

Rise of the Thing
(hat-tip to Zahid Ghadialy from EE for this title, taken from his excellent recent presentation)

The Internet of Things (IoT) is giving rise to a whole new set of protocols for API access. Until recently, it was taken for granted that JSON is all-conquering and predominant. In my view, the popularly of JSON for APIs is as much to do with the widespread usage of dynamic languages on the client side (JavaScript in particular, of course) as it is to do with the smaller size of JSON relative to XML.

In the word of IoT, with embedded devices on the client and greater bandwidth constraints, it's not the case that clients will always be JavaScript based and expecting JSON. In IoT, we see MQTT, CoAP, and AMQP. All different, but all existing to deal with the low-latency and message size constraints of IoT devices. In this case, it isn't possible to simply throw together a REST client with JavaScript on the client - the result would be hopelessly inefficient since even JSON is too verbose. Ironically, with the IoT standards we are back to binary encoding, something I wrote about (BER encoding for XML) way back in 2002.

I would also watch Google's Protocol Buffer, which with protobuf.js provides JavaScript without the JSON size overhead.

Going Meta
In the world of SOA, we saw that each Web Service could be associated with metadata expressed using WS-PolicyAttachment with WSDL. The mention of any WS-* specification is enough to make anyone cringe, but in the case of SOA, at least there were standards for attaching meta-data to services.

In the case of APIs, we have sites such as ProgrammableWeb which provide human-readable information about APIs. But this is not the same as machine-readable information which a client can consume, conveying information how to call the API, security tokens (e.g. OAuth 2.0 Access Token) required, and expected response times.

Ole Lensmar wrote a great round-up of the API metadata options, back in the summer (now you would add RAML to this list). For Enterprise APIs, with security and quality-of-service requirements, I expect API metadata to grow in importance in 2014.

Traditional and API-based Integration continue to converge
Axway got a jump on this trend back in late 2012, with the acquisition of Vordel. In fact, at the time of the Vordel acquisition, Kin Lane foretold that "I predict in 2013-2015 we are going to see more of these types of acquisitions occurring. Large software companies are going to need a robust set of API tools to bring legacy systems into the modern, API driven economy." And how right he was! 2013 saw a slew of further acquisitions. I would hope that my predictions could be as accurate as Kin's.

There is clearly a need to take advantage of API-based integration, but in tandem with more traditional integration technologies. It's not a case of "either/or". Here at Axway, with API-based integration incorporated into our portfolio, we provide customers with a single suite solution covering B2B, APIs, managed file transfer, and even email security. In 2014, APIs will not be an isolated "new new thing", but will be working in tandem with traditional integration technologies.

SOA and APIs no longer adversarial
Paolo Malinverno from Gartner likes to say that "When people talk about APIs and Services, 99% of the time they are talking about the same thing". One of the big take-aways of the recent Gartner AADI conference was that we've gotten over the adversarial talk of "SOA versus APIs" and now there is a realization that they are linked. The linkage goes both ways. For example, APIs can be built on SOA principles (loosely-coupled, abstracting underlying implementation details), and SOA architecture itself can be used to manage APIs. Ideas from SOA, such as management of service meta-data in a repository, find new life in API Management with customizable API Catalogs in API Developer Portals.

In 2014, I expect to see more healthy realization that SOA principles are complimentary to API Management,

More API Breaches
Finally, on a less positive note, I believe we will see more successful attacks on APIs. In 2013 we had the attack on Buffer's API and, just last week, the attack on Snapchat's API. Earlier in the year we saw DoS attacks on banking websites which also brought down Web APIs (resulting in some banking mobile apps becoming unusable). One of the key things which API Gateways do is to protect APIs from attack. Of course, they also provide more positive advantages like API Quota Management, caching, and REST-SOAP transformation. But, with growing awareness of API breaches, the security factor will grow in 2014.

Happy 2014 everyone!

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

@CloudExpo Stories
As Platform as a Service (PaaS) matures as a category, developers should have the ability to use the programming language of their choice to build applications and have access to a wide array of services. Bluemix is IBM's open cloud development platform that enables users to easily build cloud-based, creative mobile and web applications without having to spend large amounts of time and resources on configuring infrastructure and multiple software licenses. In this track, you will learn about the...
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at Internet of @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, will discuss how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money! Speaker Bio: ...
Compute virtualization has been transformational, yet security policy implementation and enforcement has lagged behind in agility and automation. There are a number of key considerations when implementing policy in private and hybrid clouds. In his session at 15th Cloud Expo, Holland Barry, VP of Technology at Catbird, will discuss the impact of this new paradigm and what organizations can do today to safely move to software-defined network and compute architectures, including: How normal ope...
Samsung VP Jacopo Lenzi, who headed the company's recent SmartThings acquisition under the auspices of Samsung's Open Innovaction Center (OIC), answered a few questions we had about the deal. This interview was in conjunction with our interview with SmartThings CEO Alex Hawkinson. IoT Journal: SmartThings was developed in an open, standards-agnostic platform, and will now be part of Samsung's Open Innovation Center. Can you elaborate on your commitment to keep the platform open? Jacopo Lenzi: S...
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic • Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff hap...
SYS-CON Events announced today that SOA Software, an API management leader, will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. SOA Software is a leading provider of API Management and SOA Governance products that equip business to deliver APIs and SOA together to drive their company to meet its business strategy quickly and effectively. SOA Software’s technology helps businesses to accel...
SYS-CON Events announced today that Utimaco will exhibit at SYS-CON's 15th International Cloud Expo®, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Utimaco is a leading manufacturer of hardware based security solutions that provide the root of trust to keep cryptographic keys safe, secure critical digital infrastructures and protect high value data assets. Only Utimaco delivers a general-purpose hardware security module (HSM) as a customiz...
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity.
SYS-CON Events announced today that ElasticBox is holding a Hackathon at DevOps Summit, November 6 from 12 pm -4 pm at the Santa Clara Convention Center in Santa Clara, CA. You can enter as an individual or team of up to 10 developers. A New Star Is Born Every Month! All completed ElasticBoxes will then be sent to a judging panel - 12 winners will be featured on the ElasticBox website in 2015. All entrants will receive five full enterprise licenses for one year + ElasticBox headphones + Elasti...
Once the decision has been made to move part or all of a workload to the cloud, a methodology for selecting that workload needs to be established. How do you move to the cloud? What does the discovery, assessment and planning look like? What workloads make sense? Which cloud model makes sense for each workload? What are the considerations for how to select the right cloud model? And how does that fit in with the overall IT tranformation? In his session at 15th Cloud Expo, John Hatem, head of V...
Cloud services are the newest tool in the arsenal of IT products in the market today. These cloud services integrate process and tools. In order to use these products effectively, organizations must have a good understanding of themselves and their business requirements. In his session at 15th Cloud Expo, Brian Lewis, Principal Architect at Verizon Cloud, will outline key areas of organizational focus, and how to formalize an actionable plan when migrating applications and internal services to...
SAP is delivering break-through innovation combined with fantastic user experience powered by the market-leading in-memory technology, SAP HANA. In his General Session at 15th Cloud Expo, Thorsten Leiduck, VP ISVs & Digital Commerce, SAP, will discuss how SAP and partners provide cloud and hybrid cloud solutions as well as real-time Big Data offerings that help companies of all sizes and industries run better. SAP launched an application challenge to award the most innovative SAP HANA and SAP ...
Ixia develops amazing products so its customers can connect the world. Ixia helps its customers provide an always-on user experience through fast, secure delivery of dynamic connected technologies and services. Through actionable insights that accelerate and secure application and service delivery, Ixia's customers benefit from faster time to market, optimized application performance and higher-quality deployments.
SYS-CON Events announced today that Calm.io has been named “Bronze Sponsor” of DevOps Summit Silicon Valley, which will take place on November 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Calm.io is a cloud orchestration platform for AWS, vCenter, OpenStack, or bare metal, that runs your CL tools puppet, Chef, shell, git, Jenkins, nagios, and will soon support New Relic and Docker. It can run hosted, or on premise and provides VM automation / expiry, self-service portals,...
In her General Session at 15th Cloud Expo, Anne Plese, Senior Consultant, Cloud Product Marketing, at Verizon Enterprise, will focus on finding the right mix of renting vs. buying Oracle capacity to scale to meet business demands, and offer validated Oracle database TCO models for Oracle development and testing environments. Anne Plese is a marketing and technology enthusiast/realist with over 19+ years in high tech. At Verizon Enterprise, she focuses on driving growth for the Verizon Cloud pla...
SYS-CON Events announced today that Aria Systems, the recurring revenue expert, has been named "Bronze Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Aria Systems helps leading businesses connect their customers with the products and services they love. Industry leaders like Pitney Bowes, Experian, AAA NCNU, VMware, HootSuite and many others choose Aria to power their recurring revenue bu...
The Internet of Things (IoT) is going to require a new way of thinking and of developing software for speed, security and innovation. This requires IT leaders to balance business as usual while anticipating for the next market and technology trends. Cloud provides the right IT asset portfolio to help today’s IT leaders manage the old and prepare for the new. Today the cloud conversation is evolving from private and public to hybrid. This session will provide use cases and insights to reinforce t...
Blue Box has closed a $10 million Series B financing. The round was led by a strategic investor and included participation from prior investors including Voyager Capital and Founders Collective, as well as the Blue Box executive team. This round follows a $4.3 million Series A closed in December of 2012 and led by Voyager Capital. In May of this year, the company announced general availability of its private cloud as a service offering, Blue Box Cloud. Since that release, the company has dem...
SYS-CON Events announced today that Verizon has been named "Gold Sponsor" of SYS-CON's 15th International Cloud Expo®, which will take place on November 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA. Verizon Enterprise Solutions creates global connections that generate growth, drive business innovation and move society forward. With industry-specific solutions and a full range of global wholesale offerings provided over the company's secure mobility, cloud, strategic network...
SimpleECM is the only platform to offer a powerful combination of enterprise content management (ECM) services, capture solutions, and third-party business services providing simplified integrations and workflow development for solution providers. SimpleECM is opening the market to businesses of all sizes by reinventing the delivery of ECM services. Our APIs make the development of ECM services simple with the use of familiar technologies for a frictionless integration directly into web applicat...