Welcome!

VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mark O'Neill

It's well known that one of the keys to Amazon's success has been its APIs. Kin Lane has pointed out Amazon's internal APIs, which were famously driven by a directive from Jeff Bezos himself. And, of course, Amazon Web Services (AWS) is fully API-driven, which allows for full automation. Just this week, the Boston Globe covered the fact that Jeff Bezos has been advising iRobot, and it was no surprise to read that "one of the key pieces of advice Bezos supplied was about the value of open APIs". Even more recently, Amazon has released the "Dash Replenishment Service " (DRS). Although I'm writing this post on April Fools Day, it was released yesterday so I think I can confidently say it's not an April Fool :-). Dash will allow customers to re-order stocks of items such as paper towels, simply by pressing a physical button. Amazon has launch partners for Dash, but of c... (more)

APIs in the 'Internet of Things' By @Axway | @ThingsExpo [#IoT #API]

The Power of Real-Time APIs - Apple Watch and BMW One of the most exciting parts of this week's Apple Watch launch was the example of the BMW watch app. This app allows you to see the charging status of your BMWi electric car, right from your wrist. You can also check the status of the doors of your car (important information such as if they are locked or not!). Although the star of the show was the watch app, APIs had a cameo appearance, since the information shown on the watch is fetched in real-time from APIs. It happens that there is already an example of a watch app for BMIs ca... (more)

Protecting API Keys By @Axway | @CloudExpo [#API]

Back in 2011, while CTO at Vordel (API security/management vendor which was acquired by Axway in 2012), I wrote a piece for the Cloud Security Alliance blog entitled "Protect the API Keys to your Cloud Kingdom". In it, I talked about the importance of protecting API Keys. I wrote that: API Keys must be protected just like passwords and private keys are protected. This means that they should not be stored as files on the file system, or baked into non-obfuscated applications that can be analyzed relatively easily. https://blog.cloudsecurityalliance.org/2011/04/18/protect-the-api-ke... (more)

Signing OAuth on the Vordel XML Gateway with Java Using Signpost

XML Magazine on Ulitzer Today I was using Matthias Käppler's "Signpost" Java OAuth API. As the Signpost readme says: "Signpost is the easy and intuitive solution for signing HTTP messages on the Java platform in conformance with the OAuth Core 1.0a standard." http://github.com/kaeppler/signpost#readme As an exercise, I ran Signpost on the Vordel XML Gateway to see it insert the OAuth Authorization header into outbound messages. Getting Signpost up and running on the Vordel XML Gateway is simple. Firstly, download the jar files for Signpost and put them into the "/ext/lib" director... (more)

Signing a SAML Assertion

Signing a SAML assertion in the Vordel XML Gateway is quite straightforward. Firstly, you'll need a private key. Note that it is the private key which is used for signing. The public key (usually contained within an X.509 public key certificate) is used for the signature validation, and can be inserted into the XML Signature block, but it is the private key which is used for the actual signing. Here is a link to information about how to create a public and private key pair in Vordel SOAPbox or the Vordel Policy Studio. You can also, of course, import a private key (or a certificate... (more)