Craig Burton Distinguished Analyst, KuppingerCole [email protected] Date: Sept. 14, 2012| Time:...
-
Upload
ada-oliver -
Category
Documents
-
view
217 -
download
0
Transcript of Craig Burton Distinguished Analyst, KuppingerCole [email protected] Date: Sept. 14, 2012| Time:...
Craig Burton
Distinguished Analyst, KuppingerCole
Date: Sept. 14, 2012| Time: 10:00 am MDT
Identity in an API Economy
2
Identity in an API Economy
The API Economy and SAML
• Introduction to the The API Economy Ecosystem• The Cambrian Explosion of Everything• An API for Everyone and Everything• Admin-based mapping is broken• E2S (Entity to Service) automation—beyond SAML• Summary
3
Identity in an API Economy
The API Economy
• The Five KuppingerCole API tenets1. Everything and everyone will be API-enabled2. The API Ecosystem is core to any cloud strategy3. Baking core competency in and API-set is an economic
imperative4. Enterprise inside-out 5. Enterprise outside-in
4
The API Ecosystem
Understanding the API Ecosystem
• The API Ecosystem is divided into to type of API designs– The API Provider—the enterprise inside-out– The API Consumer—the enterprise outside-in
5
The API Ecosystem
Understanding the API Ecosystem
• The API Provider—the enterprise inside-out– API types
• Open APIs—published APIs for public consumption• Dark APIs—unpublished APIs for closed consumption
• The API Consumer—the enterprise outside-in– API types
• Open APIs—published APIs for public consumption• Dark APIs—unpublished APIs for closed consumption• Internal APIs—legacy applications with traditional information
and resources
7
The API Ecosystem
Understanding the API Economy—Twitter unpacked
• 13 billion API calls a day• 54 million+ calls an hour• 900,000+ calls per minute• 15,000+ calls per second
Twitter traffic drove 2012 Olympic Coverage—All API-driven
10
The API Ecosystem
API Growth Rate
• Open APIs– We just hit the 7,000 API mark– 8,000 by year end– 16,000 by 2015
• Dark APIs– Dark APIs are 5x+/- Open API growth rate– 80,000 by 2015
11
The Cambrian Explosion of Everything
Growth In the Cambrian Era—unprecedented growth of life
Source: Adapted from Wikipedia
12
The Cambrian Explosion of Everything
Apple’s numbers
• 400 million iOS devices• 700,000 apps• Average person uses 100+ apps per device• 84 million iPads• 68% market share in 2012• 17 million iPads sold in April-June 2012• More iPads than any PC vendor’s entire product line• 94% of Fortune 500 are investing in or deploying iPads at work
Source: Apple iPhone5 rollout
13
The Cambrian Explosion of Everything
Cisco’s predictions and KC API tenet #1
• 2.8x devices per person on the planet by 2015• 19.6b devices• 7 billion people
• Tenet #1: Everyone and Everything is API-enabled– 26.6 billion APIs
14
Broken Model
The Admin-based mapping model Is broken
• Identity model for ALL current SAML-based systems do not scale• Identity model is Admin-based• All entities are mapped to services by people (Admins)
• The Math– Mapping 26.6 billion entities to just one service– 640,000 admins 24 hours a day for 5 years– Apple numbers 100+/10 apps per device
• Broken
Federation is evolving
Approach IdPs SPs Type of IdP
1:1 – e.g. with a specific supplier
1 1 Owned by federation partner
1:n – e.g. authN to many cloud services
1 n Owned by company
n:1 – e.g. a service for many suppliers or cloud service customers
n 1 Owned by many federation partners
n:1 – e.g. supporting different logins
n 1 Owned by whomever – Facebook, enterprise, government (eID),…
n:n – reality, if you look at the big picture
n n Look at all the federations of your company and you have a mix
15
18
E2S Automation
e2s (Entity to Service) Automation—Beyond Admin-based SAML
• Scalable SAML will require automation• Automation is enabled via APIs• The future of e2s identity mapping must be API-based to meet
today’s demand– 400 million+ iOS devices– 26.6 billion APIs– These numbers are conservative
19
E2S Automation
e2s (Entity to Service) Automation—Beyond Admin-based SAML
• OpenID Connect is SAML’s API future– Tractability unknown– No vendor is using it for automation yet– No vendor is doing e2s automation yet
• SCIM (System for Cross-domain Identity Management) is potential e2s automation protocol
• Note: Salesforce Identity gives both of these standards a boost of reality.
20
Identity in the API Economy
Summary
• SAML will not support all use cases (but some)• Other standards are not as mature
• That means:– Don’t rely on an approach that is focused on traditional
approaches– Understand these approaches as a subset of the big picture– Design your architecture for hat big picture– Start with the subset you need– Look for technology which is built for (or who’s suppliers are
devoted to) the big picture