VP Innovation at Axway, Co-founder at Vordel

Mark O'Neill

Subscribe to Mark O'Neill: eMailAlertsEmail Alerts
Get Mark O'Neill: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Mark O'Neill

Joe McKendrick kicks off a thread on the current state of SOA Security. As usual, most discussion of SOA Security applies to "how SOA can be made secure". This is understandable. And, as some commentators have pointed out, there is a body of Best Practice out there on how to secure services in an SOA. For example, Randy Heffner provides lots of good advice on how to secure the services in an SOA) But, there has been relatively little debate on the flipside of SOA Security - how SOA can apply to security. Because, really, "SOA Security" is two separate things, solving two separate problems. The first, most obvious thing, is that it applies security to SOA. The problem it is solving here is "SOA is insecure". Randy Heffner's advice is good here: there are products and procedures for applying security to SOA. But, "SOA Security" also has the meaning of "applying SOA prin... (more)

APIs and Microservices | @DevOpsSummit #DevOps #API #Microservices

Solving the Digital Business Puzzle Using APIs and Microservices - Axway and Forrester When organizations make the choice to put a digital platform in place, a discussion on MicroServices is never far behind. By putting a MicroServices layer in place, an organization creates the springboard to launch into the digital future, whether that involves apps, rich Web clients, or IoT devices such as in-store beacons. Individual MicroServices, or orchestrated groups of MicroServices, serve as the foundation for this innovation. The data being passed to and from MicroServices also serves... (more)

The Multi-Domain Registry/Repository

Frank Kenney from Gartner coined the term "Multi-Domain Registry/Repository", or MDRR, in a tweet recently. What is an MDRR and why is it important? To understand, think of a registry/repository traditionally seen as part of a SOA architecture. It is supposed to include addresses of the services available in the SOA, plus metadata about the services, such as their policies. Now think about how organizations are starting to rely on Cloud-based services, such as Amazon S3 (storage) and Force.com (sales force automation). These services are not on-premises SOA service, so they are not... (more)

All the Web’s an API

I've written a "guest view" article for SD Times about the usage of API Keys in Web/Cloud APIs. API keys seem like a simple way to manage access to a Web API, but if the authentication scheme is not secure then they are dangerously simple (or simply dangerous). A key part of Cloud security is effective management of API key based authentication. The article is here: http://www.sdtimes.com/GUEST_VIEW_ALL_THE_WEB_S_AN_API/By_MARK_O_NEILL/About_APIS_and_CLOUDCOMPUTING_and_SECURITY/34049 ... (more)

Enterprise APIs and Public APIs

Over at APIEvangelist.com, Kin Lane has a great list of "Successful APIs to look at when planning your API". These include Ebay and Flickr. It's a great list, showing how APIs can be very different from each other. Some are OData-y (Ebay), some still support SOAP as well as REST (e.g. Amazon), and some are closer to REST Nirvana than others [if you want to make a RESTafarian's head explode, show them Flickr's delete operation which uses a POST.]. But one thing all these APIs have in common is that information about them is publicly available, to anyone, and anyone with the right ... (more)