Confidential 3 45 9.5 21% Billion Dollars Annual Revenue (Overall) Billion Dollars Annual Revenue (Cisco Services) Cisco Services’ Share of Total Revenue Note: Approximate Numbers with a dash of extrapolation. 45 looks better than 43 on a slide..;-)
Confidential 7 Reach to Number of Partners Externalized Business Services Thousands of Partners and Customers High Cost, High Touch Tight integration Low Cost, Self Service, Loose integration Traditional B2B Hundreds of partners Enabled Partner Defined Experience Cisco UI / Portals Tens of Thousands of Partners and Customers No Integration Serving the middle of the Long Tail in the Partner/Customer Experience “Have it our way” “Have it your way, if you can afford it” “Have it your way. Period.” Make it easy to do business with Cisco! Extend our Reach Enable Disruptive Innovation
Confidential 8 Typical Cisco’s SMARTNet Service What’s missing? Hint: “Have it your way” 24x7 Phone Support Web 1.0 Apps (Forums) Web 2.0 Apps (Wikis) Social Media Apps (Facebook, Twitter)
Confidential 10 Mobile Apps Marketing Go to Market Quote-to-Order Services Cisco Support Community Sales/Partner Deal Mgmt Rebates Certifications & Specializations Incentives & Promos Product Data Campaigns Inventory Service Contract Service EoX Service Field Notice Service Intelleshield Service PSIRT Service Quoting Configuration Pricing Order Status Product Data Got API?
Confidential 11 API Externalization @ Cisco circa 2010 XML Firewall XML Gateway SOA Gateway Source: “Expanding Role of XML Gateways” Webinar Hosted by Layer 7 and Forrester
Confidential 12 Basic Auth Over HTTP(S) Application ID is a pseudo Human ID No difference between Human and App ID Manually Created Generic IDs. Self- Service capabilities minimal HTTPS Basic Auth based authentication Hard to Manage (Add/Edit/Disable) Group-based Authorization Logic
Confidential 13 - Web Services (nomenclature), SOA Gateway, Basic Authentication, Group-based Access Control + APIs, API Management Platform, OAuth 2.0, XACML (ABAC/PBAC) Note: We stopped calling it Web Services. This was around mid-2010. Everyone else was doing it..;-)
Confidential 14 Cisco APIx Platform Addressing Key Cross Cutting Concerns Key Cross-Cutting Concerns of every API App Authentication API Entitlement API Analytics API Rate Limiting/Throttling Developer Console/On-Boarding API Community API/WS Client API #1 API #2 Cross-Cutting Concerns Handled by every API “No Gateway/Proxy Approach” API/WS Client API #1 API #2 Cross-Cutting Concerns Handled by Gateway/Proxy For every API “Proxy Flow through Approach” API Console API Proxy API #1 API #2 API/WS Client Cross-Cutting Concerns Handled by In-memory API Interceptor which in turn communicates with API Proxy “Proxy Connector Approach” API Proxy API Console
Confidential 15 Cisco APIx Platform Our API Management Platform Journey… Dec 2009 Nov 2010 Home Grown Web Services Management Console (WSMC) launches Nov 2011 APIx Platform v1.0 launches Jan 2012 Cisco PingFederate 6.5 (OAuth2 AS) goes LIVE
Confidential 16 Cisco APIx Platform …that led to our current version o Mashery powered Public Cloud Based API Console and Cisco On-Prem OSGi-based (Equinox) API Proxy Node Cluster o Human and Application Entitlement powered by Entitlement Framework APIs using Cisco Entitlement Policy Manager o API Authentication using OAuth 2.0 IETF Draft (soon to be a standard), powered by Cisco OAuth 2.0 Cluster using PingFederate 6.5 o Business Policy & OAuth 2.0 Access Token Enforcement Point (PEP/TEP) implemented as Adapters on OSGi-based (Equinox) API Proxy o Implemented Access Token Cache Object (ATCO) capability to efficiently provide Human and/or Application Context to backend APIs o Deployment Flexibility allowing Cisco to securely expose APIs on Cisco DC Footprint and/or Mashery’s API Distribution Network o Developer On-Boarding (with proper Business Entitlement) handled by Cisco Entitlement Framework UI Tools o Ready for Multiple API Providers (read, Tenants) within Cisco Mar 2012 APIx Platform v2.0 launches http://apiconsole.cisco.com
Confidential 18 Cisco APIx Platform APIx Platform Application Registration Architecture Highlights 1. Human (Party Developer) Authentication using PingFederate SAML Based SSO 2. Human (Party Developer) Authorization using XACML based policies stored in Cisco Entitlement Policy Manager. Exposed by Entitlement Framework as RESTful APIs 3. Application Registration integrated with PingFederate APIs which acts as SSOT of Application Credentials 4. Party Centric Identity of the Application captured during App Registration
Confidential 19 Cisco APIx Platform APIx Platform Application Runtime Architecture Highlights 1. OAuth 2.0 Grant Type dance to get “Access Token” is driven independent of APIx Platform 2. An adapter on the OSGi-based API Proxy acts as the Access Token Enforcement Point (TEP) as well as the Business Policy Enforcement Point (PEP) 3. Access Token Cache Object (ATCO) improves performance significantly by reducing load on PF OAuth 2 AS and Entitlement Framework APIs 4. ATCO provides Human and/or Application Context in Base-64 Encoded JSON Object to the Backend API. 5. All 3 integration touch points with PF, EF and Backend API Handshake are configurable per API Endpoint
Confidential 25 What did we observe? #4. “OAuth Everywhere” for all APIs seems like a daunting task Preserving App Context OAuth implementation is non-trivial OAuth SDKs are maturing
Confidential 26 What did we observe? #5. More OAuth-centric tactical issues Life of an RT per App (not per Instance) Token Translation (between ObSSO Cookie and Access Token) OAuth Grant Types shown to Users during registration API Console + OAuth Authorization Server Admin capabilities: Deleting App Revoking Token
Confidential 27 “This is huge for us. It allows us to have very intelligent conversations with our customers that might have been the domain of a hard core CCIE or networking guru.” “It just worked … It helped close a $1.3 million renewal … EOX API was the shining star of our MSCP audit. Even Cisco people were impressed.” “…breaking new ground” “… don’t care about metrics/reports. Give me more APIs” APIs are important for Cisco. We’re just getting warmed up! Proof-point from our initial Pilot Partners using End-of-Life (EoX) API
indrayam
supermarimobros
igaiga
sagara
humank
recruitengineers
minorun365
yuukiw00w
anizozina
pohjus
riyaamemiya
shisyu_gaku
tammyeverts
speakerdeck
trishagee
bermonpainter
stephaniewalter
marcduiker
orderedlist
bkeepers
reverentgeek
csswizardry
honnibal
chrislema
