Tag Archives: Identity and Access Management

Building a Cloud Native Platform for CitySprint’s On the Dot Delivery Service

Picture a scenario where you are analyzing the results of a marketing survey which shows that a high percentage of consumers prefer same day shipping, online tracking of their orders, choice of shipping options, and deliveries within a specific time slot. Then you find out that retailers already fulfill around 65% of these needs, but there is a gap in the market, a gap that you can fill by offering a novel service. This is precisely what UK-based logistics and delivery service provider, CitySprint did when they developed the On the dot delivery service, which allows shoppers to receive their orders during a one hour time slot of their choice without extra costs.

“We wanted to positively disrupt the time slot delivery space. In doing so, we wanted to build an API ecosystem that sparks interaction, open new channels and reach new streams of revenue,” says Eduard Lazar, Senior Solutions Consultant at LastMileLink Technologies (a CitySprint Innovation Lab). At the heart of of this project was generating value for users and driving innovation, “On the dot is all about convenience for consumers, be it as a fulfillment method or in terms of collection and delivery time slots. We also wanted to simplify integration and create a developer community through our API ecosystem,” he adds.

Defining the key challenges was one of the first steps before introducing On the dot to consumers. To begin with, CitySprint had to move their data centers to the cloud in order to become a cloud native platform. They also had to create open RESTful APIs, enable identity federation, foster innovation so that it can result in a community of developers who will think up new marketable ideas and simplify integration. Selecting open source software is one of main tenets at CitySprint, and as such, they set about developing an open source platform made of WSO2’s API management, integration and identity and access management capabilities, using a DevOps approach. Meanwhile, the architecture was developed using Apache’s Tomcat and Cassandra, and WSO2Carbon used for continuous deployment.

By placing API management at its core, CitySprint has been able to achieve the required functionality and formed their innovation community (an interesting anecdote on the latter, a TechSprint event was organized where high profile companies sent teams of developers to CitySprint to build innovative products within 24 hours. Results have been quite amazing with an added bonus of introducing CitySprint to new leads).

From a business perspective, implementing this project was primarily underpinned by issues of costs, in addition to those of speed, integration, lifecycle, and skillset. When CitySprint introduced more complexity into the system, this also meant they potentially introduced a time lag. Yet, can this platform control costs through simplification and reuse? Is there a way to save time by simplifying integration? Is the skillset future proof? Can they model the whole lifecycle?

The result – On the dot – answers all the above with a yes. On the dot cloud native platform has empowered CitySprint to enter the market with an adaptable platform, which allows developers to self-sign and begin using the APIs, it is integrated as there are multiple systems working together, they have also connected data and devices, integrated platforms with those of their partners, and connected the user experiences of both customers and partners. Following their successes in the UK, plans are underway to make On the dot a global phenomenon and CitySprint is certain they can achieve this with the right technology.

If you need more details on how CitySprint made On the dot, watch their presentation.

Learn more about WSO2’s API management, integration and identity and access management capabilities.

State of Arizona: Introducing a Statewide Private PaaS to Improve Efficiencies and Trim Costs

Government institutions across the globe are using cloud-based technologies to add value to citizens and improve their functionality. The State of Arizona is no different, having built the Arizona Enterprise Services Platform (AESP) to reduce costs, improve efficiencies and foster sustainability in the long term. With over 32,000 state employees, 170 business units, over 1,400 IT professionals, and over 100 data centers/server rooms, a transformation of this scale was challenging. Yet, Prasad Putta, the director of enterprise technology services at the Arizona Strategic Enterprise Technology (ASET) office in the State of Arizona who oversees this project, saw an opportunity for improvement and seized it.

ASET is responsible for IT strategy, enterprise capabilities, policies/procedures, and managing high-risk, high-funded projects. AESP was rolled out as an answer to several questions: “How do we not start projects from scratch, stop re-inventing the wheel all the time, and have better data sharing practices? What can we do about redundant solutions throughout the enterprise, ease up license cost payments and solve security issues?” asks Prasad. With these in mind, Prasad and his team had a clear set of objectives they wanted to achieve. At the top of the priority list were cost reduction and sustainability as being a public institution, accountability was a key consideration. Other objectives included the enforcement of standards, revenue generation from data and services, a profitable mechanism for data sharing, allowing better data discoverability, risk reduction, and ease of development/maintenance from a developer’s perspective.

To address these requirements, ASET turned to the public cloud and decided to implement AESP as a private PaaS. The team at ASET was not looking to replace all the applications, rather prefered custom applications across the state agencies. They were also looking to expose data through APIs for private consumption, make the collaboration environment API-centric across the state, shorten their development cycle and ensure all the data is private to the state to mitigate any security and compliance risks. ASET was also looking at economies of scale as not all of the hundreds of applications were fully utilized at one given time. Their existing architecture was entirely hosted on AWS, but for the revamped architecture, AWS was limited to the infrastructure while the rest was built by using WSO2’s integration and identity and access management capabilities.

Introducing AESP brought with it another set of challenges. With agencies working independently, they had to be convinced to opt-in for this platform. Additionally, round-the-clock support was needed along with the right pricing model. Fortunately, AESP found the successful strategies and has several applications in the pipeline now. “Size the menu right” is one of Prasad’s analogies for success, i.e. to reduce the scope of applications to the most sought after ones. Initially, his team spent 30% to 40% of their time maintaining the sheer volume of applications, which is now handled by WSO2’s Managed Cloud. Several issues, such as the pricing model, are still work in progress, but buoyed by the successes, Prasad foresees a busy future.

For more information, watch Prasad’s full presentation at WSO2Con USA 2017.

Find out more about how you can use WSO2’s integration and identity and access management capabilities to improve your organization’s operational efficiency.

Brigham Young University: Enabling API Discoverability and Data-driven Business Insights with WSO2

Brigham Young University (BYU) began their API Management story 2 years ago when they decided to adopt an API-first architecture that follows a governed process. With over 451 APIs for both external and internal customers, and several development teams working independently of one another, Brayden Winterton (Software Engineer at BYU) likens its management akin to running a small city.

Modernizing their API management was a result of a problematic system that existed at that time. For one, the API manager in existence was closed-sourced and used an old, unsupported third party code. Adding some confusion to the mix, BYU had two versions of their API infrastructure in production – having started with one version, developing a second version along the way and the migration process forever a work in progress. Due to a memory leak, boxes had to be rebooted nightly (if not all API traffic ceased by noon the next day). Furthermore, there was no monitoring of API usage and the documentation support was out of date. In short, BYU was in a “serious situation” to use Brayden’s exact phrase.

Faced with all these scenarios, BYU was looking to implement a new API management solution. A key need was to create a centralized repository for all the APIs at BYU, which enables developers to search for and find all the available APIs, in addition to the respective authorization processes. A seamless transition without drastic changes to their existing developer work was another one of their important requirements. Low latency, up-to-date documentation, integrating with legacy systems and the ability to keep track of all the APIs being utilized completed their wish list.

To implement their requirements, they turned to WSO2 API Manager and WSO2 Identity Server. BYU now has subscriptions that allow consumers to get through to the API and subsequent monitoring; they were able to integrate all legacy systems with message mediation, minimized latency even while mediating quite heavily and of course, it is all open source. The BYU model works on open subscription first, however there are instances where they have needed to block a subscription until further approval was granted. They have been able to do this with an open source platform. Another huge plus has been the ability to utilize industry standards and BYU even got something that was not available to them previously – monitoring and analytics to support their business decision making. Improving discoverability and keeping the documentation up to date were the last pending issues for BYU, ultimately solved by the BYU developer portal in the second stage of their implementation.

“Our developers who have migrated are having a fantastic experience. They’re able to use things in a standard way, able to find the documentation they are looking for, utilize libraries, things aren’t drastically different, all of their old systems are continuing to work and they are getting a lot better reliability out of what they’re trying,” says Brayden. Adding to this success, BYU has seen higher API consumption as of late and with the improvements in place, Brayden is excited about the future.

If you would like to listen to Brayden’s full presentation at WSO2Con USA, click here.

Learn more about the WSO2 API Manager and WSO2 Identity Server if you haven’t tried it out yet.

West Interactive: Using WSO2 Identity Server to Enhance Customer Experience

Headquartered in Omaha, West Corporation is all about telecommunication – be it conferencing solutions, safety services, interactive voice response solutions or speech application automation. Pranav Patel, the vice president of systems development at West Interactive, recently spoke at WSO2Con USA 2017 about the unique customer experience they offer through their multi-tenanted role-based identity and access management solution built using WSO2 Identity Server.

An increasing numbers of users today are turning to various different channels like the web, mobile devices, and social media to interact with vendors. Pranav explained that knowing the customer and making sure that they can access West Interactive’s services from whichever channel they prefer is a key requirement for them.

West has been in the telecommunication industry for the last 30 years, and quite commonly, have many solutions that are siloed and distributed. Connecting all these solutions was a major challenge they needed to overcome in order to provide a holistic experience to their customers, explained Pranav. This meant dealing with and managing various different identities that belonged to many different customer portals. They needed to create a solution that revolves around centralizing user identities to a single user portal and creating an efficient identity and access management system.

Pranav then examined the requirements they needed to meet in order to achieve operational efficiency, easily manage accounts, save costs, and provide great customer experience. Other than the evident single sign-on and federation requirements, multitenancy with hierarchical tenant management was an important feature that enabled them to serve all their tenants (a client of West represented as a domain in the system) and users (individuals that require access to the portal and are grouped at the tenant level) through their portal. The system also needed to enforce rule-based access control that allows access to certain products (web applications that need to be integrated) depending on who the user is. In addition to this, they had corporate policy requirements for passwords, needed to maintain password history and had a password expiry date that prompted users to frequently change the password. Audit logging and user bulk imports were some other requirements.

“WSO2 fulfilled several of our requirements out-of-the-box, especially support for various protocols and heterogeneous multiple user stores,” observed Pranav. He went on to explain that they could easily extend the product and customize it for any features that it didn’t already have, making it the perfect solution for West.

WSO2 Identity Server is used for

  • Introducing a relationship hierarchy between the parent tenant and child subtenant and allowing multi-tenancy
  • Asking for and storing answers to five security questions per user
  • Defining permissions or roles for products (web applications) and users
  • Providing single sign-on and federation for users
  • Allowing employees to mimic a user and see how they perceive the user portal
  • Enforcing password policies set by tenants

Pranav expressed how WSO2 Identity Server meets all their current requirements and how they would like to introduce customizable login pages (by tenant), two-factor and multi-factor authentication, automated user provisioning and self-registration among other features in the future. He concluded by saying they were looking forward to adding WSO2 Data Analytics Server to the mix in order to monitor what’s really going on in the system.

To learn more about West Interactive’s story listen to Pranav’s talk at WSO2Con USA 2017.