Category Archives: Products

Ask an Expert: Catching up with Srinath Perera

Srinath Perera is vice president of research at WSO2. He is a scientist, software architect, author, and speaker. He is also a key architect behind Apache Axis2 and WSO2 Stream Processor. We caught up with Srinath recently to get his take on the significance of Streaming SQL, the future of open source stream processing solutions, and why we must learn to think, question, and see beyond the obvious.

1. What has your journey at WSO2 been like?

This is my ninth year at WSO2, but I have been working with Sanjiva Weerawarana on similar technologies since 2003. Yes, it’s been close to 15 years, and it’s been a lot of fun. I have worked on a wide variety of challenging problems, and have worked with many brilliant individuals who will make good stories for one’s grandchildren one day. I have done a lot more than I imagined years ago.

2. For agile digital businesses, the availability of business insights is a significant factor in gaining a competitive advantage. How does WSO2 Stream Processor help?

Our product can easily plug-in to a user’s system and collect data. You could then write queries using Streaming SQL to detect important conditions. Streaming SQL is similar to SQL, but works on data streams instead of data tables. The former is flowing, while the latter is stored on a disk.

Compared to what our competitors offer, we have very powerful Streaming SQL with operators most others do not have. We enable you to use machine learning models within Streaming SQL itself. Also, if you are looking for a small deployment, our server can run a HA deployment with only two nodes and process about 100,000 events/second. If you are looking for a large deployment, we can run on top of Kafka. In the event you are unsure or undecided, you can always start small and later switch to Kafka without changing any code.

Streaming SQL is similar to SQL, but works on data streams instead of data tables. The former is flowing, while the latter is stored on a disk.”

4. What does the future hold for open source stream processing solutions?

In my opinion, stream processing has not become mainstream yet. People are still figuring out analytics. It’s not easy to find developers who excel in analytics. Stream processing has to wait for that adoption to play out. No one will try to do real-time before they figure out basic analytics; that is unless you have specialized use cases such as for stock markets, surveillance, and anomaly detection.

People are still figuring out analytics. It’s not easy to find developers who excel in analytics. Stream processing has to wait for that adoption to play out.”

5. What are the benefits of an open source stream processing solution?

I think there’s a growing trend for middleware as an open source model. They use complex code, support a wide variety of use cases, and are used by many. We are increasingly made aware that products are best built using the open source model. I think there’s no better testament than Microsoft, a company that hated open-source, but has now embraced it.

I think there’s a growing trend for middleware as an open source model. They use complex code, support a wide variety of use cases, and are used by many.”

6. How did you start working in stream processing?

A long time ago, in 2007, while I was doing a Ph.D, we worked on a paper comparing Complex Event Processors (or CEPs, which is an older name for stream processing) and rule-based systems. I was fascinated by the technology, and after I joined WSO2, I supervised an undergraduate thesis project to build an open-source CEP engine. This was in 2011 – well before stream processing became cool! It was called WSO2 Complex Event Processor back then and was later renamed WSO2 Stream Processor.

7. What is your proudest accomplishment in recent times?

In general, it is the role I have played with Apache Axis2. However, if you want me to choose something recent, I suppose my work with the WSO2 Research Team stands out. Some good work will be made public soon. I have also worked with Paul Fremantle, WSO2’s CTO, to build a framework to evaluate different emerging technologies. You will hear more about this too soon.

8. What advice would you like to give a budding developer or an architect to better their career?

I would say learn to think, question, and see beyond the obvious.”

There is this quote that I love, “Wisdom is tolerance of cognitive dissonance.” It took me awhile to understand what it meant. We all interpret how the world works, but when we discover things that do not match our way of thinking, we ignore them. However, the world is more complicated than that. By understanding those mismatches and by learning through struggle and discomfort, we achieve true wisdom. That is what that quote conveys.

I would say learn to think, question, and see beyond the obvious. I refuse to tell people I work with how to solve something. Instead, I tell them, “Tell me how you will solve it and then I will complain.” I think they are used to it now. That way, we all use put our critical thinking skills to good use and one day, they will not need me for guidance.

To learn more about Srinath’s work, follow him on Twitter and read his blog.

Ask an Expert: Catching up with Sagara Gunathunga

Sagara Gunathunga, the product lead of the identity and access management (IAM) team at WSO2, has had one amazing career. Starting as a committer to Apache, he most recently led WSO2’s efforts to become GDPR compliant – using WSO2! In this interview, he tells why GDPR must be viewed as an opportunity to build closer relationships with customers and why we must always be curious to innovate.

1. Tell us about your introduction to open source and your journey at WSO2 so far.

Before I joined WSO2, I was a contributor to the Apache Software Foundation. In 2006 I attended various open source events like ApacheCon and I was highly motivated with the concept of contributing towards open source. So the motivation and some initial work towards it ended up with me being a committer in Apache. My first committer-ship was in an Apache project which was part of the Apache web service project and this also paved the way for my access to other projects.

During this time, I got a chance to join WSO2. Initially, I was driving WSO2’s contribution towards Apache. I started working on Axis2 and web services project during my own time and arranged various initiatives to review and mentor their work towards Apache. I also encouraged others to become committers. At present, I am part of the IAM team. It was quite challenging at the start, as none of my previous projects were on security and my knowledge was limited to the security aspects that I’ve been exposed to when working on Apache projects. Services, application development, and governance were my core focus areas back then but I used the knowledge I gathered as the base for career as an “identity guy”. There was lots to learn, going deep into the concepts of IAM – but it’s a been a rewarding journey.

2. What’s the most exciting project you’ve been a part of recently?

One of the main tasks I was assigned to was to work with the privacy standards given the emerging requirements in the EU/UK(GDPR) and Australia. As a technology company, it’s quite a task to keep up with all the privacy standards per country. Given that we have an identity product, it’s a priority for us.

We manage 50 mn+ identities, so in our case we store personal information and the main challenge is “how do we comply ourselves with the standard?” There are many known approaches like “Privacy by Design” but my architectural effort was to make WSO2 Identity Server comply with all the privacy standards, not just GDPR. Then we had to expand that exercise to all other WSO2 projects as all WSO2 products has some sense of personal data.

From a business perspective, WSO2 has data from customers and users that we need to protect and I was a part of that team that handled the privacy compliance/GDPR compliance. Meeting the deadline on the 25th May was daunting, but we did it!

From a business perspective, WSO2 has data from customers and users that we need to protect and I was a part of that team that handled the privacy compliance/GDPR compliance. Meeting the deadline on the 25th May was daunting, but we did it!”

4. You proudest moments at WSO2?

Not just one, but being a part of WSO2 alone is always something to be proud of. The reality is that on the surface, you don’t see a lot of technological innovations in this part of the world (South Asia) due to various reasons. At WSO2 we are able to innovate given these limitations, competing with leading and innovative tech companies around the world. Right now we are known as the largest OSS integration vendor in the world managing 50 mn identities through our identity server, and that’s truly special.

The reality is that on the surface, you don’t see a lot of technological innovations in this part of the world (South Asia) due to various reasons. At WSO2 we are able to innovate given these limitations competing with leading and innovative tech companies around the world.”

5. How do you see GDPR- is it an opportunity or a roadblock?

It depends on your individual perspective. Some think it’s a financial barrier/roadblock but many other people do not share this view. Last month I presented at the GDPR summit and at various meetups where GDPR was discussed. I learnt that most people think it’s an opportunity for them to demonstrate their commitment towards user privacy, how they respect it, and demonstrate the ways in which they have measures in place to provide data protection.

There are positive perceptions – including as an avenue for brand recognition and how you care about your customers. That’s great and I think it’s one of the best ways to prove to your customers that you respect their privacy and you have taken all measures to protect their data. Businesses are now moving away from being solely profit-oriented and to instead building relationships with their customers. That’s the most important aspect, and I believe this is how GDPR should be viewed.

6. Where do you think the future of IAM is heading and where does WSO2 Identity Server fit into that picture?

IAM is a broad term. We’ve noticed that authentication or how you verify the authenticity of a user is an evolving space and is a part of many privacy standards. For example, PSD2 and Open Banking in the UK requires enforcing Strong Customer Authentication (SCA). Financial institutions and banks used to have biometric and token devices for authentication. Yet, given the volume of cyber attacks and privacy violations, it is important that you provide maximum protection for your users. Therefore, authentication needs to become more agile and adaptive.

We’re hoping to provide adaptive authentication with WSO2 Identity Server, which is a very exciting direction for us!

7. WSO2 IS is an open source IAM product how does it stand as opposed to a regular IAM vendor or product?

At WSO2 the GA releases are under Apache 2.0 license which means you are free to do whatever you want.”

Open source is a loaded term. To ensure that what we offer is truly open source, we provide binary distributions that are freely accessible so you are able to customize, redistribute, and access the source code.

There are other “open source” IAM products where you can get the source code and run it, but you cannot run the officially binary release in production. At WSO2 the GA releases are under Apache 2.0 license which means you are free to do whatever you want. You can use the code and run it yourself or extend, customize or even resell. In case you need professional support and help, you can then engage with us.

8. From the point you started at WSO2, you have had an amazing professional journey. Any advice for budding developers or engineers who are beginning their careers?

Be curious. Always.

If you’re curious, the commitment and passion to what you do will come naturally. But if you settle, innovation becomes a battle.”

I have been in the field for more than 10 years and I’m more curious than ever given how much the technology landscape is evolving. If you are planning to have a fruitful career (which I’m sure you are), you have to be curious. I’m paraphrasing one of our greatest losses from recent times, Stephen Hawking, who said the key to his success was being curious. When people grow up they tend to settle with what they know but if you are curious, you grow with knowledge. It’s a guiding principle for me too.

As an identity guy, the key is to learn ideas and concepts thoroughly, so the application of the technology becomes easier. If you’re curious, the commitment and passion to what you do will come naturally. But if you settle, innovation becomes a battle.

Wait, I have to have WHAT in place by May 25, 2018?

We’re THIS close to inventing a drinking game everytime someone says GDPR. It’s quite fascinating to see how much is going to change with this regulation. Just like college, everyone is scrambling to meet the deadline of May 25, although the regulation came into place in 2016 and this is technically a “grace period”. Personal data and privacy are more important than anything else. We bet you now regret the time you clicked on “What does your favorite pizza topping say about your personality?” in exchange for all the personal data you submitted at the time – without so much as a second thought.

GDPR is going to change everything and place user consent on top, which is great. But if you’re an enterprise dealing with data of anyone living in the EU, you’ve got a lot to do. We put together a few questions we encountered, let us know if these help!

What exactly do I need to have in place to be in compliance with GDPR?

In this article we’ve listed 7 pragmatic steps you can take depending on where you are on the journey. Here’s a quick look of what they are:

  1. Build awareness around GDPR: in-depth awareness and building in-house expertise on all aspects of the regulation.
  2. Analyze if you’re company is affected: if you’re dealing with PII (personally identifiable information) of “residents” in the EU, then your company must deal with GDPR.
  3. Review the impact of your current data: thoroughly evaluate if all data collection methods used the necessary consent and furthermore, if you are able to demonstrate proof of consent.
  4. Review your systems and processes: review data storage and access mechanisms, and specifically decide if a data processing impact assessment (DPIA) must be carried out. It’s recommended you get a professional’s help with this.
  5. Implement necessary safeguards: adjusting business processes, upgrading software/storage systems, training for staff members, and introducing auditing systems.
  6. Appoint a DPO/EU representative: to address GDPR related matters within the organization such as advising staff members on data protection procedures, monitor compliance, and act as the point of contact for supervisory authorities when liaising with them.
  7. Revise your documents and policies: thorough review of all documents and policies of the organization such as websites, terms and conditions, privacy policies, and social channels.

I’m a company in Milwaukee/Bikini bottom [or insert wherever you’re from]. Should I concern myself with GDPR and if so, to what extent?

As long as you’re dealing with PII – Personally identifiable information of those living in the EU, GDPR affects you. From a small retail company to a large financial organization, as long as you deal with Karen who lives in Norway, your company must be compliant with the law. You can find a link to all the laws here.

Should we extract and provide all of the customer data if requested by the customer? All the data or just the personal data like name, address, email, etc? Should we also extract the old orders that we have stored in the system?

Yes. Absolutely. There’s a right on “data portability”, meaning there should be a mechanism to access all the details if an end user wants to. Remember that with GDPR, it’s all about the customer and their rights must be given the utmost priority.

All data or personal data?

All the data. Whatever that’s stored, for whichever reason, should be made available if the user requests. The key term here is, PII – personally identifiable information. And if individuals want their data erased, you must adhere to it too.

Does WSO2 provide consultancy to make an organization GDPR compliant?

If it involves technology such as using WSO2 products, yes, we can provide consultancy to help your organization. Successful GDPR compliance require changes in people, process, and technology aspects. WSO2’s suite of technologies can be used to make your organization GDPR compliant. To reiterate, if you’re looking for consultancy from a technology perspective and if it concerns our products and technology, yes, we provide consultancy based on that.

How can you help me speed up the process? What tools do you provide? / How exactly are you helping to implement GDPR compliance?

WSO2 provides a stack that’s fully GDPR compliant, this includes the WSO2 Identity Server, Enterprise Integrator, API Management, and the open banking solution. This article will help you understand what you need to look for when searching for a GDPR compliant IAM product and how it helps to optimize your GDPR strategy. WSO2’s open source Identity Server in particular can help you save time and cost involved given the consent management and the privacy tool kit in our latest release. Get in touch with us if you’re building your own solution or if you have any questions. What our products will essentially do is, help you build a GDPR compliant solution. You can find out more here.

Should we perform pseudonymization of the database in order to protect our data?

If by our you mean your customer, yes. Performing pseudonymization is in fact a best practice. So yes, by all means. If the end user requested you to erase their data, you should comply according to the “right to be forgotten” rule. Having a proper IAM solution in place to do this would be helpful too. We also have a privacy toolkit that will enable you to do that, learn more here.

We are a company who is doing business with EU customers. We maintain their data in our CRM, do we fall under GDPR? In this case how can we collect consent of customer of CRM?

Yes, you are processing, collecting details of EU residents, therefore you are affected by GDPR.

What if legacy apps are involved?

GDPR is focused on the end user, doesn’t matter how your business does things, whether it is cutting edge or not. So even if it’s legacy apps you work with, you must have processes in place that will bridge between the applications and the regulation.

Are there examples of what other companies have done to become GDPR compliant?

It might be not explicit but if you do a quick search or pay attention to your inbox, a lot of other companies might be already sending you mails saying updating their privacy policies meaning that’s them taking steps to become compliant. And that’s just one part of ensuring explicit consent.

Did we miss a question? Get in touch with us and we’ll get back to you!

Four Warning Signs an Integration Wall is Approaching

The Integration and API Management markets are growing, expanding in both popularity and use. Enterprise App integration will surpass $33b by 2020, and other markets like iPaaS and Data Integration are growing at double-digit CAGRs. Enablers, such as containers and serverless technologies are only accelerating the move toward increased disaggregation of applications.

All seems rosy. And it mostly is.

But with the explosive growth of APIs and endpoints, traditional centralized tools like ESBs will become unsuitable, and simple low-code snap-together tools won’t scale to address the broader scope. We’re potentially about to hit an “integration wall” at high speed.

Consider the following four warning signs – some technical, some process – that I find are beginning to plague the integration market:

1. Waterfall Development for integration is hitting a wall.

Although most code development has shifted to an Agile Development model, the same can’t be said for Integration tools. As the quantity and diversity of endpoints increases, and as Integration projects become more diverse and complex, use of the waterfall model is beginning to slow down integration projects. And with a future where there will be billions of Integratable endpoints, it’s obvious that an Agile Development model for integration will need to become the norm.

2. Existing tools and programming languages aren’t optimized for Integration-at-scale.

Enterprises that currently use low-code, snap-together, centralized integration technologies (including iPaaS) will not be optimized for orchestrating, integrating, observing and governing the expansion of constantly-changing endpoints. Nor are traditional centralized approaches (think: EDI and older ESBs) prepared to handle increasing endpoint scale or diversity. Many of these existing tools are well-adapted for Line-of-Business or Citizen Integrators of relatively small-scale implementations but are far from well adapted for more complex integration-at-scale projects.

3. Current programming languages are not optimized for Integration.

With languages like Java/Spring or JavaScript/Node, developers can engineer flow, but must take responsibility for solving the hard problems of integration. With these languages, developers have to write their own integration logic or use bolt-on frameworks. Clearly a new programming paradigm will be needed long term.

4. The Exploding Endpoint Problem is very real.

As I referenced above, IT is ill-prepared to address the oncoming wave of service disaggregation, the diverse types of APIs, differing sources of service endpoints, challenges from Big Data, and multiple approaches to serverless IT. The industry is about to hit a scale and diversity wall. To wit,

  • 917 apps in use per enterprise (Netscope, 2016)
  • 893-1206 average cloud services used per employee (Kleiner Perkins, April 2017)
  • 19,000 APIs as-of January 2018 (Programmable Web, 2018)

And if you don’t believe those numbers, Matt Eastwood of IDC recently pointed out that the number of containerized services has expanding well beyond where VMs ever were. Yep, billions of programmable endpoints aren’t kid’s stuff.

Where does this leave us?

A new approach to addressing the future of integrating thousands-or millions-of endpoints could lie in a new programming language, Ballerina.

Ballerina is a simple programming language whose syntax and runtime have been optimized for the hard problems of integration. Its focus is integration – bringing concepts, ideas and tools of distributed system integration into the language. Based on the concepts of interactions within sequence diagrams, Ballerina has built-in support for common integration patterns and connectors, including distributed transactions, compensation and circuit breakers. And it supports JSON and XML, making it simple and effective to build robust integration across distributed network endpoints.

So, watch this space for future developments. And in the meantime, beware of the approaching wall.

5 Countries, 14 Cities: WSO2’s IAM Summer Tour

Given the needs for regulatory compliance, the need to offer a customized experience for customers and employees and tightening privacy controls (think Cambridge Analytica), having a solid IAM system solves more than just a simple IT problem of connecting identities.

Certain debates you need to resolve within your team is what kind of technology (we suggest IAM) will help you accelerate your compliance processes especially with having to meet deadlines. Or if adopting an open source IAM solution would offer more value as opposed to a traditional IAM solution and if it offers better capabilities or create additional privacy or security issues. What must you look for when opting for Customer IAM solution and what value do you create by prioritizing these?

WSO2’s Senior Director of Security Architecture, Prabath Siriwardena (fresh out of sabbatical), is going to hit the road starting April 30 and we’re going all out with everything we know on identity and access management and how adopting open source IAM can help you better with your IAM strategy. He’s got a jam packed schedule and given his expertise of over 10 years including extensively speaking at conferences worldwide (he just spoke at RSAC 2018, sold out his books on API security), we think you should be marking your calendars just like you’re waiting for the final GOT season.

Here is a partial list of the topics we will cover:

  • Improving app IAM: About 71% of enterprise security decision makers believe that securing customer facing apps is a critical priority. So here’s what it means. You need to ensure that you have an effective customer IAM solution in place that offers BYOID, progressive profiling, strong SSO and authentication, and self-care portals to secure your customers data and offer them and engaging experience. What should you have in place so your IAM solution can address these?
  • Securing APIs: APIs are everything and most enterprises are increasingly adopting and exposing APIs with more 3rd parties involved. Are your APIs secure enough and what best practices should you adopt?
  • The IAM and Compliance Relationship: In the wake of privacy and regulations like GDPR, what steps are your enterprise taking to be compliant?

Find the answers to these and more! We’re starting with Canada and taking it all the way to WSO2Con USA.

Here’s where we’re going to be:

Canada

USA

Sri Lanka

  • May 30 – Jaffna

Singapore

UAE

  • June 6 and 7 – Dubai

Learn more about our events and how the WSO2 Identity server can help your enterprise.

Ask an Expert: Catching up with Seshika Fernando

Women in engineering are unicorns (almost) and that’s probably why #Ilooklikeanengineer became a thing. But WSO2, with a 30% female representation, tells you a different story. Plus, we consider everyone at WSO2 a handpicked lot. So is Seshika Fernando. She’s a Chevening scholar, a speaker at conferences around the world, backed by both finance (London School of Economics) and computer science. Outside her workspace she’d be playing basketball as if it were rugby or making sure her son Ezra is getting enough sleep.

We caught up with Seshika recently to speak to her about her transition from the WSO2 analytics team to financial solutions, why open banking is taking over the world, and why she encourages more girls to join the IT industry.

1. How have your experiences at WSO2 been so far?

It’s been great! I was originally involved in data analytics while in the Research team. Now I manage the financial solutions initiative at WSO2 where I am able to capitalize on my background in Finance and create specialized solutions on top of WSO2 products, catered towards the specific business requirements of the financial industry.

I’ve had great experiences at WSO2. From being able to speak at atleast half a dozen international conferences a year, to interacting with some of the largest brands in the world, to playing basketball. WSO2 has been a great place to work irrespective of the team I belonged to.

2. How did the idea for building an open banking solution come about?

Open banking is taking over the banking world – not only in Europe but globally. And our open banking solution, built on top of the battle hardened WSO2 products, is proving to be very useful in all these markets.”

WSO2 gave me a challenge – “create solutions for the Financial Services industry using WSO2 products.” With a background in Computer Science as well as Finance, I took this up with open arms. At the time we started this initiative, PSD2 was taking over every conversation in the European banking sector.

With many of our existing customers coming to us with the PSD2 requirement, we forged ahead and created WSO2 Open Banking. Now in retrospect, this was the best decision we made. Open banking is taking over the banking world – not only in Europe but globally. And our open banking solution, built on top of the battle hardened WSO2 products, is proving to be very useful in all these markets.

3. This leads us to believe that the market for PSD2 solutions is open to many forms of competition. How did you formulate a technical and sales and marketing strategy to ensure WSO2 stands out?

Yes, there was stiff competition when we started. However, thanks to the vast capabilities of WSO2 products, surviving and thriving within this landscape have been easy.

There was stiff competition when we started. However, thanks to the vast capabilities of WSO2 products, surviving and thriving within this landscape have been easy.”

First of all, even though we entered the race late, we realized that most of the requirements of the PSD2 regulation can be serviced through the existing WSO2 products. Technically, all we had to do was wire everything together, add any missing features, and package an end to end solution which enabled banks to achieve full compliance very quickly.

We had to go for a very aggressive sales and marketing strategy in order to gain traction in a market that was full of different types of competition (not just our usual middleware competition). So we planned different types of campaigns to first create awareness and then engage with banks that were outside our usual customer base. Once we did the first few implementations, word got around and we were getting a large number of requests from both European and non-European banks.

4. Can you tell us about your experiences with customers who are trying to become PSD2 compliant? What are the key challenges they face?

Security is the utmost concern for all banks. Since it is sensitive customer data that is being exposed, banks that engage with us emphasize the importance of the ability to secure data and its access, above all other requirements. The WSO2 Open Banking solution overcomes all security challenges, since it incorporates WSO2’s very strong and proven IAM offering.

Most of our customers are also looking for ways to make their regulatory investment worthwhile, by being able to earn some revenues from their implementation of PSD2. With a digital transformation focused open banking implementation, our open banking customers are easily able to achieve this.

5. It seems obvious that banks will need to think beyond API when planning a technology strategy for compliance. How difficult/easy is to convince them to do so?

When we look beyond the regulation and discuss implementation details with each bank, the need to integrate with existing internal systems, the requirement for comprehensive Identity and Access management, the capability to onboard third party providers, and the necessity to have a strong analytics component to achieve regulatory reporting requirements comes to light. These requirements are usually enough for customers to understand the necessity for an overall technology strategy rather than just an API strategy.

However, we don’t just stop there. We understand that each customer (big or small) is making an investment to extend their technology platforms in order to satisfy these requirements. We help the customer identify ways that they can reuse the technology they are investing in, to further digitize and optimize their existing processes in a way that promotes market expansion and create new revenue streams.

6. What are your thoughts on how open banking will be adopted globally?

It’s only a matter of time before open banking becomes a must have for all banks globally.”

Well, all regions are moving towards open banking albeit at different paces. Australia is next in line to implement open banking through regulation and there are many other regions such as New Zealand, Hong Kong, Japan, etc., that have stated their intentions to mandate open banking through regulation.

In the meantime in all other parts of the world, even without regulatory pressure, individual banks are adopting open banking due to the many benefits they can achieve especially in an environment where they could be the first movers to a new ecosystem. Therefore, it is only a matter of time before open banking becomes a must have for all banks globally. WSO2 is excited and ready to work with each region on their specific open banking journeys.

7. Finally, as a woman playing a leadership role in a technology company, what is your advice to other women in the field on how they can reach the highest pillars of success?

I’d encourage more and more girls to join the IT industry, and contribute towards development of great products that are created by a diversified workforce for a diversified consumer base.”

I believe that being female does not have any disadvantages for a career in IT. Since women are the minority in this industry, it provides women a superb opportunity to easily standout within a male dominated workforce. Furthermore, the IT industry’s flexible working arrangements really enable us to balance work life and family life.

I would encourage more and more girls to join the IT industry not just to profit from its various benefits but also to reverse the gender imbalance and contribute towards development of great products that are created by a diversified workforce for a diversified consumer base. In fact, I’ve even written a blog post on the subject for the World Bank.

Seshika, 2nd from the right, Winner of the Young Engineer of the Year award for 2017 by IET Young Professionals-Sri Lanka

Three Months in to PSD2 – Confessions of the WSO2 Open Banking Team

It’s been 3 months since the PSD2 compliance deadline and the dust is settling in. Or is it really? Just like when it started, the post PSD2 landscape is viewed from different angles. It has been called everything from a ticking time bomb to a slow burn to a never ending honeymoon period. We think the biggest surprise was that everyone thought that January 13 was the end. It wasn’t, it was the beginning.

When we created WSO2 Open Banking, we knew customer needs would be diverse and every technology experience we deliver would be unique. Turns out we were right. Our journey with WSO2 Open Banking has unraveled some interesting experiences while working with different stakeholders in this compliance ecosystem. Here’s what we learned.

Confession #1: (Almost) Everyone was late to the party

Everyone (including us) started counting down to PSD2 from 6 months to 3 months to 1 month. But the reality was, January 13 was just the date when PSD2 was implemented by the EU parliament as a European-wide regulation.

Several regions across Europe chose to deal with imposing PSD2 in their own way. We’ve been tracking the country-specific deadlines quite closely and about 46% are yet to set an official deadline for compliance. We believe that the final date for compliance will be when the Regulatory Technical Standards (RTS) come into effect in September 2019. That’s good news for us because there’s still a large viable market for compliance technology! ;)

Confession #2: Compliance confusion did not discriminate

Over the past several months, we’ve worked with many banks of different sizes across Europe and they all had similar questions:

This led us to believe that banks, regardless of size, require a lot of guidance in the compliance process. It’s a good thing we have a team of experts to do just that!

Confession #3: They came, they saw, they vanished

When PSD2 first started gaining traction in 2016, the knee-jerk reaction of every API management and integration vendor was “this is a goldmine of opportunity we cannot miss”. So they went head on into the market with an existing product. Come 2018 when the need for compliance technology has evolved, these “first mover” technology vendors have gone quiet.

It remains uncertain whether it was the lack of a well thought out strategy to keep consistent market demand, fintech domination, or not giving the compliance market the attention it deserved. One thing is for sure, this is a highly competitive market for technology vendors like us. But no complaints, we love a challenge and are pretty good at winning them!

Confession #4: API standards (and the organizations writing them) are a solution providers BEST friends

A lot of shade gets thrown at not having a common API standard across Europe (version 1.1 of the Berlin Group API specification is yet to come, we’ve got our eyes peeled for that). However, Open Banking UK has got this in the bag by having a comprehensive API specification that WSO2 Open Banking supports.

When we first started out, these standards really helped set the base for building our solution. Our development team continues to spend a good couple of hours every week identifying latest improvements in the specifications and contributing to their development by participating in working groups.

Confession #5: Compliance is not a back breaker…it just needs a well thought out strategy

A lot of banks think of compliance as a major headache and seek a “quick fix” to compliance just so they can tick off the checkbox. The reality is, quick fixes can do more damage than good. PSD2 compliance is a big deal and if you go into it without a strategy, that’s cause for alarm. Even if you don’t have a dedicated open banking or compliance team you can still get the job done.

You just need to rally the right members, set your goals for compliance and figure out what you need from a technology vendor. Then you need to pick the technology that gives you value for money and won’t take eons to work with your systems and deliver compliance. It’s a matter of working closely with a solution provider towards a common goal.

Confession #6: Do your research or go home – The learning never stops

There is a minimum of 3 articles written a week on open banking. Everything from thought leadership material, opinion pieces (like this one), and publications from standards continue to explore and discuss this ecosystem. And what we learn from our conversation with customers is an invaluable source of research to keep abreast of where the market is heading. We treat each of these as a unique source of intelligence and they continue to nurture our product management, sales, and marketing strategies. It’s the only way to survive in an ecosystem as dynamic as this one.

It’s been a great ride so far and we can’t wait to see what comes up next! No doubt there will be plenty more surprises and exciting developments to look forward to!

The WSO2 Open Banking Team

Announcing Our 2018 Spring Release Which Brings Platform-Wide Support for Fast-Tracking GDPR Compliance

The clock is ticking toward the May 2018 deadline to comply with the General Data Protection Regulation (GDPR), which harmonizes data privacy laws across Europe to protect all data belonging to EU citizens and residents. The regulation applies to organizations that operate within the EU as well as those that sell or market to the EU—essentially the rest of the world.

Some enterprises may only see the immediate burden of meeting GDPR’s requirements. However, savvy organizations understand that the technology platform they implement to comply with the regulation can set the stage for new digital business models that drive revenue and growth. To help these enterprises accelerate these efforts, WSO2 today debuted its Spring 2018 Release, featuring product developments designed to offer platform-wide support for GDPR.

The Spring 2018 Release is the first set of synchronized product updates being rolled out as part of WSO2’s new quarterly release of new and enhanced capabilities across the platform aimed at addressing the real-world business and technology demands enterprises face today.

Let’s take a closer look at the challenges and opportunities that GDPR brings, as well how WSO2’s product features and services empower organizations to fast-track their GDPR compliance and enable agile digital transformation initiatives.

The Immediate GDPR Challenge

GDPR requires that organizations conducting business in the EU adopt internal policies and implement measures that meet, in particular, the principles of data protection by design and data protection by default. What this essentially means is that enterprises need to ensure all personal data collection, processing, storage and destruction measures are designed to secure privacy. It doesn’t just end there. Organizations must also be able to demonstrate proof of consent and allow individuals to review the status of their consent and opt out if they choose to do so.

The immediate challenge for enterprises is finding a solution to help tune their identity and access management (IAM) and ensure secure API management quickly so that they can address the new requirements of GDPR. These include customer data privacy, a self-care portal to enable customer rights defined by GDPR, and full-scale consent lifecycle management. The solution also must support secure identity provisioning across systems in a GDPR-compliant manner.

The Long-Term Benefit

While meeting their near-term GDPR requirements, organizations have the potential to look beyond compliance and leverage the strong data protection fostered by GDPR to support their digital transformation efforts aimed innovating new services and building brand loyalty with customers. To make this move, organizations need a cohesive platform that has the capabilities to make businesses programmable through APIs, program the business using integration systems, maintain solid identity and security practices, and increase agility through the adoption of open source and cloud systems.

The WSO2 Advantage for Capitalizing on GDPR

WSO2 has the expertise to be your trusted technology partner, not just to make sure you clear the GDPR hurdle, but also to ensure your organization has the ability to leverage the wider benefits brought by this regulation. With the Spring 2018 Release of the WSO2 platform, you have a digital transformation solution that capitalizes on the data protection measures of GDPR to accelerate your business growth via a digital innovation platform.

Using the WSO2 platform, you can capitalize on the technology trusted by globally recognized brands across a range of industries—including eBay, Experian, Verifone, BNY Mellon, West Interactive, Motorola, Transport for London, and StubHub—to:

  • Comply with the GDPR regulations quickly via platform-wide support that helps you to ensure all personal data collection, processing, storage, and destruction messages are designed to secure privacy.
  • Look beyond compliance and enhance digital transformation with a cloud-native, open source platform composed of the key technology enablers required for the agility and innovation you need to maximize your competitiveness.

Technology Enablers for GDPR and Digital Transformation

Within the WSO2 platform, key technology enablers for meeting GDPR regulatory requirements and setting the stage for digital transformation include:

  • Identity and access management in the Spring 2018 Release is delivered via a solution that supports secure identity provisioning across systems in a GDPR-compliant manner. Consent management and privacy toolkit in WSO2 Identity Server enable enterprise data controllers to accelerate their organization’s GDPR compliance. It also introduces personal information export capabilities and support for encrypting OpenID Connect identity tokens. Together, these new features address the different aspects of individual rights defined in GDPR, such as the “right to be forgotten” and the “right to personal data portability” among others, in order to ensure the protection of personal information.
  • Secure API management in the Spring 2018 Release addresses the new requirements of GDPR, such as customer data privacy, a self-care portal to enable the customer rights defined by GDPR, and full-scale consent lifecycle management. These capabilities can now be deployed via a hybrid cloud solution that provides organizations a local gateway rather than a cloud API gateway. This enables users to have the best of both worlds and ensures all API calls happen locally, thus increasing security and minimizing latency. Moreover, it’s easy to maintain as users; just supply their cloud credentials, and it pulls configuration and changes from the cloud.
  • Integration capabilities in the Spring 2018 Release provide the ability to seamlessly connect and manage multiple identities across legacy systems, SaaS applications, services, and APIs. This enables organizations to support even the most demanding integration requirements across services. Key capabilities include the required tools to connect to a wide variety of protocols and security mechanisms as well as streamline integration APIs in a secure manner.
  • Streaming analytics capabilities empower organizations to derive meaningful insights with available data. The Spring 2018 version of the product includes functionality to support GDPR compliance, such as the ability to anonymize both login user information and any data stored in databases.
  • A customized open banking solution, first launched for the financial industry in August 2017, provides the functionality to comply with both GDPR and the European Union’s second Payment Services Directive (PSD2). It also empowers companies to go beyond traditional banking by offering third-party services and innovating new digital offerings.

In addition to the enabling technologies delivered through the WSO2 platform, WSO2 is offering a series of seven webinars to help organizations accelerate their GDPR compliance.

Now is the time to start complying with GDPR—and lay the groundwork for the new digital business models it will enable. WSO2 brings you the technology, expertise and services to get up and running quickly and cost-effectively, along with the agility to capitalize on digital transformation opportunities as they emerge.

Ask an Expert: Catching up with Kasun Indrasiri

Kasun Indrasiri, WSO2’s director of integration architecture, spoke to us recently about some things he’s passionate about – WSO2, integration and its role in digital transformation, and an exciting new project that he’s been working on!

1. For how long have you been at WSO2 and what has your journey been like?

The highlights of my job have been the chance to help customers around the globe solve their enterprise integration problems, and contributing to design and development of a world-class integration platform.”

I’ve just completed 8 years at WSO2 and it’s been a fascinating journey indeed. I have been working on WSO2 ESB/WSO2 EI products and I got the chance to work with great colleagues as well as customers across the world. Being a part of this product team has been a great opportunity and I’ve enjoyed every bit of it.

The highlights of my job have definitely been the chance to help customers around the globe solve their enterprise integration problems, contributing to design and development of a world-class integration platform, and solving complex production problems to scale WSO2 ESB to handle billions of transactions.

2. Almost all enterprises are moving towards digital transformation to stay agile and shorten the time to market. What is the role of Integration in Digital Transformation?

In my opinion, integration between applications, services, data, and systems is the bedrock of transforming a conventional enterprise into a digital enterprise. Whether you are a green-field or a brownfield enterprise, the plumbing between those entities is absolutely essential. Conventional enterprise architecture fosters the use of a central integration bus or an ESB (such as WSO2) which can take care of all such integration problems. However, with Microservice architecture, we more or less do the same in a fully decentralized way.

3. Talking about Microservices, what are the key considerations when moving towards Microservice Architecture (MSA)?

Microservices is an architectural style in which you develop a software solution as a suite of independent and business capability oriented services that are developed, deployed, and operated independently. In this approach, we no longer use a central ESB to plumb different services and systems. Rather we do the integration at the service level itself. For example, if you need to create a business capability that requires calling multiple microservices and other systems, then you will create another composite service which encapsulates the service composition logic.

For any organization that considers moving into Microservice Architecture, it’s important to understand the benefits as well as the complexities that microservices bring in. Building business capability oriented services, using container-based deployment, and using CICD pipelines will certainly help you to build solutions in a rapid and agile manner. However, organizations require having a well defined strategy to overcome the challenges in microservices architecture such as inter-service communication, observability, decentralized data, and transaction management.

4. Having said that, what is your take on the ESB solutions (config-over code) and its future?

I think a majority of enterprise software solutions still use ESBs in production at the moment. Also, there are certain use cases for which the ESB style is well suited and these scenarios can continue to leverage ESB architecture. I won’t expect the ESB or centralized integration bus to disappear anytime soon.

However, with new architecture paradigms such as microservices, cloud and container-native applications, and event stream driven messaging, we are moving into a different landscape where integration logic is being dispersed into the services itself. Also, with the proliferation of services, APIs and SaaS applications, then integration problems will be even more complex. Therefore the conventional centralized ESB based approach won’t be the best fit for such use cases. In my opinion, there will be a dedicated set of technology stacks to address such integration needs in the future.

5. What’s the latest project you’ve been working on or your proudest accomplishment in recent times?

We have been building a new programming language called Ballerina, to empower this kind of decentralized and cloud-native integration paradigm.”

We have been exploring a next-generation integration platform for cloud-native and microservices oriented integrations. Most existing technologies are not really designed to cater to those needs. We have been building a new programming language called Ballerina, to empower this kind of decentralized and cloud-native integration paradigm. This is still work in progress, so stay tuned for more information!

I also completed my the first book, ‘Beginning WSO2 ESB’ last year. It was a compilation of my experience with WSO2 ESB/WSO2 EI , to help WSO2 ESB/EI users to get up-to-speed and master it quickly.

6. What advice would you like to give a budding developer/architect ?

I guess we are living in a technology era in which change is inevitable and the technologies as so diversified. Neither developers nor architects can merely stick to one particular technology and be complacent with that.”

Well, rather giving advice I would like to share a few interesting things I recently read in an article from Neal Ford of ThoughtWorks, on the role of a developer and an architect. I guess we are living in a technology era in which change is inevitable and the technologies as so diversified. Neither developers nor architects can merely stick to one particular technology and be complacent with that.

If you are a developer it’s quite important to focus on the technical depth of the current technology that you are working on. The architect should focus more on the technical breadth of the technology stack. It is quite important to have sufficient understanding on each technology stack. That way, the architect can pick and choose the best of breed technologies for a given scenario.

Read Kasun’s blog and follow him on Twitter.

We Did It! WSO2 Identity Server is Now OpenID Certified

We thought turning 10 was a reason enough to celebrate, but we’re not done with the celebrations yet. Our Identity Server (IS) team has been working to keep that momentum going. We just became OpenID certified!

Being OpenID certified by the OpenID foundation is a big deal. What is OpenID? OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. “We’ve been compliant with OpenID standards for a long time,” says an ecstatic Prabath Siriwardena, WSO2’s Senior director of security architecture. “Getting the certification puts a stamp on it and gives the assurance users are looking for,” Prabath explains.

WSO2 Identity Server is the most extensible and fully open source IAM provider that can help connect and manage your identities. It’s a key enabler of digital transformation. Our single sign-on bridges protocols such as OpenID, has been a key component offering solutions to enterprises in education, telecommunication, and health among others.

By becoming OpenID certified, we’re joining a list of industry giants who also have this certification including Yahoo! Japan, University of Chicago, Verizon, Salesforce, Paypal, and Google. Now WSO2 Identity Server can provide the assurance to its users that it really conforms to the profiles of OpenID connect protocol.

Kudos to our IS team on this feat and looking forward to many more successes!