Welcome!

VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mark O'Neill

Here are some predictions for the API space for 2014: Rise of the Client It's generally agreed that an API is only as good as the clients which use it. An unused API is a failure. So that's why it's odd that so much attention has focused on the server side of APIs, with comparatively little attention paid to the client side (there are exceptions though, like Runscope's handy Request Editor and hurl.it, to help developer API clients). If you ask an API provider about how their API is going to be called by clients, often you are met with a hand-wavy answer along the lines of "It's REST, so it's easy". While it may be true that it's easy to hack together a client to call the API that "just works", the problem is that that's all it does. It "just works", but doesn't provide the high-level benefits such as: - Ensuring the API is responding according to your expected service le... (more)

API Workshop in Detroit - Tuesday 24 June - Connected Car, OAuth, Office365, SalesForce.com, and more

Next Tuesday, June 24, in conjunction with our partners at IC-Consult, we are running a half-day API Workshop in the Detroit area. I'm very excited that we have a great guest speaker, Robert Foster from IC-Consult, who will be talking about about the BMW Group case study, explaining how secure APIs drive innovation in the Connected Car area.  In the technical deep dive part of the API Workshop, we'll be covering:How to secure REST APIs - OAuth 2.0 and moreAPIs for Mobile Apps SalesForce.com and other Cloud APIsMicrosoft Office365 and Google Apps Single Sign-OnIt's also a great op... (more)

Security for Internet of Things - OASIS Google Hangout discussion 27 May with Dan Blum & Jonathan Rodriguez

Security for Internet of Things is a hot topic. Just last week, our partner IC-Consult gave a talk about how BMW uses Secure APIs as a business enabler for the Connected Car. And tomorrow, I'm excited to be part of a Google Hangout discussion with Dan Blum and Jonathan Rodriguez about Security for Internet of Things. Today it seems everything is either already networked, or will be soon. Methods originally used to hook up office printers are now being applied to cars, wearable devices, building sensors and security systems and ... you name it. As more devices are added, we find o... (more)

Top 10 Security Issues for REST APIs - Webinar with Gunnar Peterson on September 18

REST API Security has come a long way from being a case of "Just use SSL"... or has it? On September 18th at 11am US Eastern Time / 4pm UK, we're running a webinar with Gunnar Peterson on the Top 10 Security Issues for REST APIs. One of the big criticisms of SOAP Web Services was the complexity of the security standards such as WS-Security, WS-Trust, WS-Policy, WS-PolicyAttachment... the list goes on. People wrote whole books about them ;-) . In the case of REST, it can worryingly seem like a case of the Wild West (the "Wild REST"). Now, there are standards such as OAuth, but also ... (more)

ViewDS and Axway - PEP/PDP interop using XACML for externalized authorization

Andrew Sciberras, the man with the most impressive mustache in Identity (until he shaved it off!), has written a very useful post on how Axway and ViewDS interop together using XACML to enable external authorization for SOA and APIs. The interop announcement, which coincides with the Cloud Identity Summit in Monterrey, speaks about how customers can now leverage ViewDS and Axway together in order to create complex authorization rules. An example of such a rule would be "Only the patient or their doctor can access a medical record, or the patient's parents or guardians if the pati... (more)