API Governance and Management

Longji Tang, Mark Little

Longji Tang

We live in an era of service computing with cloud computing platforms, social computing, and mobile computing. One of the most significant characteristics of the era is that any device connects to any service and any service connects to any data with a cost-effective way. The connection between device and service as well as between service and data is built by modern Web APIs. The shift is not only for using software in particular business, but also for engaging other business and people - internal developers, partners, customers, and the world at large, through exposing software interfaces by APIs. The trend is creating a new business reality - API Economy. It is leading an evolution of the traditional SOA paradigm to cloud-enabled, social-enabled, and mobile-enabled modern lightweight SOA. There is increasing automation of processes, transactions, and distribution across many industry sectors and organizations. This paper describes the API Economy and the emergence of API management, its building blocks, its role in service infrastructure. Moreover, API-central architecture patterns, its reference architecture, and its deployment topologies can be found in a newly coming book Service Infrastructure. The Application Programming Interface (API) is an old technology, which has been around for decades, the rise of Web APIs, which includes new majority REST APIs, traditional SOAP-based APIs, and other, lead APIs technology for building mash-up applications, getting data and services to mobile applications, and connecting enterprises to their partners and cloud services. APIs have started their new life in modern elastic, social, mobile world. With the modern Web APIs dramatically growing, and high availability through the internet, increasingly business values, and becoming more and more important as the application landscape of enterprises, APIs quality (security, performance, availability) and risk from exposing data and services by using open APIs become main concerns to enterprises. Thus, API management is becoming a very...


Security and Identity Management Applied to SOA - Part II

Jose Luiz Berg

Jose Luiz Berg

To understand how to integrate Web Services with security infrastructure, we must first define some fundamental concepts. We have already said in the previous chapter that the great challenge of security with respect to Web Services, is that they break the boundaries between applications, transforming all applications in a single big one. This statement is not true only regarding to Web Services, but as for any technology allowing remote execution of routines. In this document, when you read Web Services, we are meaning remote services, whatever the technology used. According to Oasis, a service has the following definition: "A service is a mechanism to enable access to one or more capabilities, where the access is provided using a prescribed interface and is exercised consistent with constraints and policies as specified by the service description.1 A service is provided by an entity–the service provider–for use by others, but the eventual consumers of the service may not be known to the service provider and may demonstrate uses of the service beyond the scope originally conceived by the provider." So, despite the objective of this document is the integration of Web Services with security infrastructure, where allowed, the term "service" is used to designate remote functionalities made available by an application, so that the same definition can be applied to any technology used. The term Web Service (WS) is used only when we drill down into the form of operation specific to Web Services. When we talk about WS, we are assigning sets of functionalities made available by applications, which may be consumed by sending messages using high-level protocols such as SOAP or REST, and a means of transport such as HTTP or TCP/IP. The challenge of building the security architecture for WS is to reconcile the internal...


A Look at Service-Driven Industry Models

Thomas Erl, Clive Gee, Jürgen Kress, Berthold Maier, Hajo Normann, Pethuru Cheliah, Leo Shuster, Bernd Trops, Clemens Utschig-Utschig, Philip Wik, Torsten Winterberg

The convergences of modern SOA practices with service technologies have been creating opportunities to form new business relationships and operational models. Intended to inspire the construction of custom models for organizations in any industry, a series of innovative models that highlight the potential of next generation SOA is explored in this chapter. The enterprise service model combines capability, business processes, organization models, and data models into a single unified view of the business and its development priorities. All of the industry models described in the upcoming sections rely on the participation of one or more service-enabled organizations and, correspondingly, the existence of one or more enterprise service models. As a conceptual simulation of how an enterprise operates, this type of model can be applied to any organization. Developing such a model for an enterprise is valuable because any of the services contained therein can be delivered directly by IT assets using automated business processes or delivered as transactional units of business logic. A unified model defines a physical inventory of services for implementation as IT assets and provides a common language that can be used by both business and IT professionals to better understand the other's priorities, needs, and expectations. This alignment of IT and business encourages the development of IT solutions that can map accurately to and better support business processes, which in turn enhances business efficiency in the ability to capitalize on new opportunities and respond to new challenges. While next generation service-oriented enterprises already tend to use some service technologies to optimize business operations and achieve strategic business goals, new business opportunities can uniquely drive IT to embrace other...


Issue LXXXVI, September/October 2014

SOA, Cloud Computing & Big Data Certification Workshops
To view the most current calendar of public SOA, Cloud Computing & Big Data Science Certified Professional workshops, visit www.arcitura.com/workshops
Download This Issue
Download Full Service Technology Magazine PDF The entire September/October 2014 issue of the Service Technology Magazine is now available for download as a high-resolution PDF.
About the Editor

Thomas Erl Thomas Erl is a best-selling service technology author and the Series Editor of the Prentice Hall Service Technology Series from Thomas Erl with over 175,000 copies in print worldwide.