In ten years of running conferences, I’ve been responsible (or, at least, partly responsible) for curating a LOT of agendas. And when you’ve done it for a while, and you know what your “audience” is like (I use “audience” lightly, because gluecon attendees are hardly an “audience”), then you get an internal gauge of what will hit the mark and what will miss it.
In that context, let me say this with as little hyperbole as possible: Gluecon 2011 may be the best agenda that I’ve ever put together (and that’s not me patting myself on the back; it’s all due to the presenters). Have I done other agendas with “bigger name” keynoters? Sure. But that’s not what makes an agenda.
As I look at these sessions come together, the sheer weight, the meat, the substance of the breakout sessions is *stunning*. Whether you’re an enterprise developer or a startup developer or an indie developer, you’re going to be stretched. You’re going to find things you didn’t expect. You’re going to walk out with your hair on fire. Okay, that was hyperbole. In any case, get your butt registered for Gluecon.
Here’s today’s session description — brought to you by Francois Lascelles of Layer 7 Technologies:
Enterprise access control patterns for REST and Web API
The current trend of moving enterprise applications to SaaS-style public cloud solutions and deploying services off-premise in general is raising a number of concerns regarding security and governance in the Enterprise. The need for integration between your IT assets does not disappear once they leave your premise. In fact, this integration must now accommodate the fact that service oriented transactions cross multiple domains, over public networks. In addition to this, the Enterprise is increasingly under pressure to provide APIs to third parties such as partners, consumers, etc. The need for API management is security is now at the forefront of the Enterprise’s IT responsibilities.
Proper access control mechanisms must not only serve the protection of the information and services they are acting on behalf of but must also ensure that they accommodate the varying capabilities of the clients that they target. Although standards are slow to emerge when it comes to authentication and integrity for RESTful web services and APIs, there are already a number of related patterns emerging.
This presentation illustrates the applicability of API keys, OAuth, SAML, OpenID, and a number of proprietary mechanisms such as HMAC signatures for consuming and exposing Web APIs and RESTful web services.