VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Mark O'Neill

Last Tuesday in Detroit, along with IC-Consult, Axway ran an API Workshop in Detroit. Many attendees from the major car companies were present. One of the big conversation topics was Social Login ("Login with Google", etc). This is something which we saw can be implemented using the Axway API Gateway, and in fact the API Gateway can be used to map from a Social Login to a local on-premises Identity and Access Management product like Oracle Access Manager (here's a description of the Google to Oracle OAM mapping in action). That allows for a hybrid Cloud/On-Premises identity approach. Aside from Social Login, we also saw SalesForce.com integration, and the API Developer Portal in action. The highlight, though, was when Robert Foster from IC-Consult ran through the BMW Group Connected Car case study. Here you can see Robert showing a video clip of Pierce Brosnan (as Jam... (more)

The Power of Real-Time APIs in the 'Internet of Things' - Apple Watch and BMW

The Power of Real-Time APIs - Apple Watch and BMW One of the most exciting parts of this week's Apple Watch launch was the example of the BMW watch app. This app allows you to see the charging status of your BMWi electric car, right from your wrist. You can also check the status of the doors of your car (important information such as if they are locked or not!). Although the star of the show was the watch app, APIs had a cameo appearance, since the information shown on the watch is fetched in real-time from APIs. It happens that there is already an example of a watch app for BMIs car... (more)

Mobile backend with a Scottish twist - this Thursday in San Francisco

At our Axway API Workshops, we use an example of a mobile app using the API Gateway as a mobile backend. It happens that Thursday's API Workshop in San Francisco coincides with the Scottish independence vote, so the app we're using will have a Scottish theme... In an instance of the Axway API Portal, I've configured a Scottish Voting API which simulates a voting API. The options, as in the real vote, are "Yes" and "No".  As you can see in the screenshot below, I've configured API Key authentication for my Scottish Voting API. The API Portal has a handy "Try It" feature so that I ... (more)

Are REST APIs Inherently Insecure? - Speaking at ISC2 in Atlanta in October

REST security is a hot topic. One of the reasons for this is the continued blowback from the over-complexity of the WS-* specifications. These specifications,  including WS-Security, WS-Trust, and WS-ReliableMessaging, and were notorious for being difficult to comprehend. In fact, people wrote whole books about Web Services Security :-) . One of the benefits of REST is simplicity. But, on the flipside, the lack of standards for security has led to the proliferation of ad-hoc security approaches such as the use of API Keys. API Keys are frequently used for API "authentication" oft... (more)

ViewDS and Axway - PEP/PDP interop using XACML for externalized authorization

Andrew Sciberras, the man with the most impressive mustache in Identity (until he shaved it off!), has written a very useful post on how Axway and ViewDS interop together using XACML to enable external authorization for SOA and APIs. The interop announcement, which coincides with the Cloud Identity Summit in Monterrey, speaks about how customers can now leverage ViewDS and Axway together in order to create complex authorization rules. An example of such a rule would be "Only the patient or their doctor can access a medical record, or the patient's parents or guardians if the pati... (more)