By Erik Assink & Vinay Babu Yella
We really enjoyed the first day of the WSO2Con where a lot of announcements were made. The second day of WSO2Con took a deep dive in the technology with a mixture of customer showcases and technology sessions by WSO2 Engineers. Since we couldn’t attend all the parallel sessions we selected some of the sessions which we will cover in this blog.
Skate where the Puck Will Be: Building the Wells Fargo Gateway
Eric Halvorson (Wells Fargo) did a great presentation on their customer facing strategy and how API management enables this. In Europe, the banks had to adopt the Payment Services Directive (PSD2) by Jan 2018, to enable open banking. This is something that Eric Halvorson, when asked if he sees US banks adopting PSD2 (Payment Services Directive), sees as inevitable, but security considerations are important and will need to be discussed with regulators as well.
Yenlo helped several banks to get the WSO2 API Management platform in place to supports PSD2 requirements and helped banks to make sure their API channels meet the requirements.
Identity is Eating the World!
Privacy is easily compromised nowadays. This was recently demonstrated by Aleksandr Kogan, who was able to grab personal data of 87 million Facebook users and sold it to Cambridge Analytica. Also, recently the personal data of more than 143 million American residents was exposed via Equifax. This is just the tip of the iceberg, with many more breaches big and small occurring around the world.
As long as personal data is managed ‘centrally’ by large organizations such risks will remain. And the trend for more central digital identity systems is still on the rise (FBI collecting digital fingerprints, and profile photos of US residents). These central repositories are the honey pots waiting to be attacked.
How can this situation get better? Dropping Facebook (or other social media) is not easy for the 70 million companies that are now relying on transactions via Facebook. Not to mention that a lot of people like using Facebook to keep in touch with others. So, what should we do?
According to Prabath Siriwardena, Senior Director – Security Architecture, WSO2 the answer will need to be a shift towards ‘continuous’ and ‘adaptive’ authentication.
This needs to meet 3 key criteria:
- Unique (unique identification of an identity)
- Decentralized (safe storage)
- Memorable (retrievable or readable)
To achieve this today, a few initiatives are underway and national governments like Estonia and Canada lead the way. These initiatives are based on blockchain based identity systems (‘blockstack’), and WSO2 Identity Server plays an integral part here to achieve interoperability and provide best practices. It can retrieve the unique identity (with SAML, OpenID) that is de-centrally stored via blockchain, then federate this across systems via open standards.
Agile Architecture and Methodology
In this session, Asanka Abeysinghe Vice President (Architecture at WSO2) explains how an enterprise can move to a truly agile execution. Because we simply cannot use the timeframes that we were used to have like. Not only waterfall multiyear projects but also the update cycle of products will move from half yearly cycles to (ideally) on demand.
One of the objectives of building agile enterprise is to enable adaptivity. Adaptivity is an organization’s ability to respond to changes in the environment, overcome new challenges, and meet new customer demands in an effective and agile way.
For example, independent containers with WSO2 installation are becoming increasingly popular. Designing containers in a stateless way brings Continuous Delivery of WSO2 component upgrades one step closer, not through in place upgrades, but through re-creation. In this way, the stateless configuration of the WSO2 container requires a limited adaptation for the component upgrade, after which the instances can be re-created automatically.
As part of this presentation, he Introduces “Cell based architecture” to enable adaptivity. We know what a cell is in biology but what is a cell in this context?
Cells are the units of an Enterprise Architecture. A cell is a collection of components (a process or business logic running in a container, serverless environment, or an existing runtime), grouped from design and implementation into deployment.
A cell is independently deployable, manageable, and observable.
Components inside the cell can communicate with each other using supported transports for intra-cell communication. External communication must happen through the edge-gateway or proxy, which provides APIs, events, or streams via governed network endpoints using standard network protocols.
Thinking of architecture in a cell-based analogy is surely going to change our IT landscapes. It looks like we will not have a dull moment in IT the next couple of years.
Just 1 day left
So, day 2 was an interesting day as well. Day 3 will be a hands-on day (or actually morning as the day ends right after lunch) with working groups. And of course, the Ballerina Conference is happening in the same venue as well. We for sure will go take a look there too! We’ll keep you posted!
Do you want to have some more reading material? Why not downloading our Digital Transformation white paper? Like Tyler Jewell mentioned in his keynote yesterday, the world becomes more digitally native so our white paper might can be of help for your organization.