Craig Burton

Distinguished Analyst, KuppingerCole

cb@kuppingercole.com

Date: Sept. 14, 2012| Time: 10:00 am MDT

Identity in an API Economy

2

Identity in an API Economy

The API Economy and SAML

• Introduction to the The API Economy Ecosystem• The Cambrian Explosion of Everything• An API for Everyone and Everything• Admin-based mapping is broken• E2S (Entity to Service) automation—beyond SAML• Summary

3

Identity in an API Economy

The API Economy

• The Five KuppingerCole API tenets1. Everything and everyone will be API-enabled2. The API Ecosystem is core to any cloud strategy3. Baking core competency in and API-set is an economic

imperative4. Enterprise inside-out 5. Enterprise outside-in

4

The API Ecosystem

Understanding the API Ecosystem

• The API Ecosystem is divided into to type of API designs– The API Provider—the enterprise inside-out– The API Consumer—the enterprise outside-in

5

The API Ecosystem

Understanding the API Ecosystem

• The API Provider—the enterprise inside-out– API types

• Open APIs—published APIs for public consumption• Dark APIs—unpublished APIs for closed consumption

• The API Consumer—the enterprise outside-in– API types

• Open APIs—published APIs for public consumption• Dark APIs—unpublished APIs for closed consumption• Internal APIs—legacy applications with traditional information

and resources

6

The API Ecosystem

Understanding the API Economy—the billionaire club

7

The API Ecosystem

Understanding the API Economy—Twitter unpacked

• 13 billion API calls a day• 54 million+ calls an hour• 900,000+ calls per minute• 15,000+ calls per second

Twitter traffic drove 2012 Olympic Coverage—All API-driven

8

The API Ecosystem

Understanding the API Ecosystem

9

The API Ecosystem

Open API Growth Rate

10

The API Ecosystem

API Growth Rate

• Open APIs– We just hit the 7,000 API mark– 8,000 by year end– 16,000 by 2015

• Dark APIs– Dark APIs are 5x+/- Open API growth rate– 80,000 by 2015

11

The Cambrian Explosion of Everything

Growth In the Cambrian Era—unprecedented growth of life

Source: Adapted from Wikipedia

12

The Cambrian Explosion of Everything

Apple’s numbers

• 400 million iOS devices• 700,000 apps• Average person uses 100+ apps per device• 84 million iPads• 68% market share in 2012• 17 million iPads sold in April-June 2012• More iPads than any PC vendor’s entire product line• 94% of Fortune 500 are investing in or deploying iPads at work

Source: Apple iPhone5 rollout

13

The Cambrian Explosion of Everything

Cisco’s predictions and KC API tenet #1

• 2.8x devices per person on the planet by 2015• 19.6b devices• 7 billion people

• Tenet #1: Everyone and Everything is API-enabled– 26.6 billion APIs

14

Broken Model

The Admin-based mapping model Is broken

• Identity model for ALL current SAML-based systems do not scale• Identity model is Admin-based• All entities are mapped to services by people (Admins)

• The Math– Mapping 26.6 billion entities to just one service– 640,000 admins 24 hours a day for 5 years– Apple numbers 100+/10 apps per device

• Broken

Federation is evolving

Approach IdPs SPs Type of IdP

1:1 – e.g. with a specific supplier

1 1 Owned by federation partner

1:n – e.g. authN to many cloud services

1 n Owned by company

n:1 – e.g. a service for many suppliers or cloud service customers

n 1 Owned by many federation partners

n:1 – e.g. supporting different logins

n 1 Owned by whomever – Facebook, enterprise, government (eID),…

n:n – reality, if you look at the big picture

n n Look at all the federations of your company and you have a mix

15

The traditional federation approach: Direct connections

16

Users Apps

The future federation approach: Meshed/service-focused

17

Users Apps

18

E2S Automation

e2s (Entity to Service) Automation—Beyond Admin-based SAML

• Scalable SAML will require automation• Automation is enabled via APIs• The future of e2s identity mapping must be API-based to meet

today’s demand– 400 million+ iOS devices– 26.6 billion APIs– These numbers are conservative

19

E2S Automation

e2s (Entity to Service) Automation—Beyond Admin-based SAML

• OpenID Connect is SAML’s API future– Tractability unknown– No vendor is using it for automation yet– No vendor is doing e2s automation yet

• SCIM (System for Cross-domain Identity Management) is potential e2s automation protocol

• Note: Salesforce Identity gives both of these standards a boost of reality.

20

Identity in the API Economy

Summary

• SAML will not support all use cases (but some)• Other standards are not as mature

• That means:– Don’t rely on an approach that is focused on traditional

approaches– Understand these approaches as a subset of the big picture– Design your architecture for hat big picture– Start with the subset you need– Look for technology which is built for (or who’s suppliers are

devoted to) the big picture

21