Tag Archives: Identity and Access Management

WSO2 Identity Server 5.8.0 is Here!

WSO2 Identity Server 5.8.0 is the latest success story of our Identity and Access Management team. After a marathon effort, we are glad to release v5.8.0 with new features, major improvements, and bug fixes.

New Features

OpenID Connect Back Channel Logout

So far WSO2 Identity Server has supported OIDC Session Management as the OIDC logout mechanism. From v5.8.0 onwards, it provides support for OIDC Backchannel logout as well. OpenID Connect Backchannel logout is a mechanism by which Relying Party (RP) applications are logged out with logout requests communicated directly between RPs and OpenID Providers (OP) bypassing the User Agent. The main advantage of this method is the ability to skip obtaining the support of user agents, hence this logout mechanism is less fragile.

SAML Front Channel Logout

WSO2 Identity Server 5.8.0 onwards provides supports for SAML Front Channel Logout. In SAML Front Channel Logout, session participants can use asynchronous binding such as:

  • HTTP Redirect Binding
  • HTTP POST Binding
  • Artifact Binding

Use this logout mechanism when the involvement of the browser agent is necessary.

Improvements

Product Observability

Product observability enables rapid debugging of product issues. By using this improvement, it is easy to narrow down issues in a production system by tracking the time of the major flows of the system. This helps to identify issues in production systems such as slow performance. There can be several reasons for the drop in performance. Examples include database bottlenecks, LDAP bottlenecks, or multiple JDBC queries. The observability feature helps you to identify the exact bottleneck that is slowing down performance.

SCIM2 Improvements for Filtering and Pagination

One of the main targets of this release is to stabilize SCIM filtering and pagination. We have mainly addressed some existing inconsistencies and spec compliance issues.

Configuring X509 Authentication with SSL Termination

This is supported by passing the client certificate in the request header from the proxy over SSL tunneling.

Other improvements include:

  • Support for issuing access tokens per token request
  • Support for configuring a JWKS endpoint for OAuth or OIDC based service provider
  • Support for configuring SAML metadata validity period for the resident identity provider
  • Inclusion of OAuth transaction logs for token generation and introspection
  • Supports reCAPTCHA for password recovery and username recovery

Performance Improvements

Compared to previous versions, performance of the major flows of Identity Server have been increased. The following diagram shows the average response times taken for some major flows in v5.8.0 compared to v5.7.0

Seamless Migration WSO2 Identity Server 5.7.0

With few configurations changes, a user can seamlessly migrate from v5.7.0 to v5.8.0. To enable the new features introduced in v5.8.0, the schema changes are necessary. However without those schema changes, the system will not break, so existing customers can simply point to the existing database which they have used v5.7.0 for the v5.8.0 and consume the existing features. A few default configuration changes done with v5.8.0 may cause some behavioral changes and these configurations can be referred to here.

You can learn more about WSO2 Identity Server 5.8.0 from this screencast.

Lindex: Innovating with APIs in the Fashion Retail Industry

Fashion is a dynamic industry and any fashion retail business needs to be as agile as possible, particularly in the present era of e-commerce and instant customer gratification. This is a reality that the Scandinavian based fashion chain Lindex is all too aware of, having been around since the 1950s. Currently Lindex has 470 stores in Scandinavia, Central Europe, Baltic states, Middle East, and the UK, with an employee base of over 5,000. Their business is underscored by sustainability, as 55% of their clothing is made from sustainable materials. Lindex decided to enhance their digital services by exposing APIs over their existing monolithic architecture. This enabled them to build applications that improved user experiences for both customers and employees.

Move With The Times

15 years ago, Lindex began their first foray into e-commerce. This was very much an experimental project, where a team was tasked with designing a platform and more importantly, monitoring customer responses to such a platform. Lindex started with a monolithic architecture which had worked satisfactorily for a decade. But there was a snag – they had accumulated a lot of technical debt over the years and moreover, security models had changed. It was time to try something new. Lindex considered open source, as they understood that it provides greater extensibility and flexibility when building a solution.

That something new was the development of a customer loyalty app – their change agent. Lindex wanted an omni-channel app which gave users a hassle free experience, with product information, prices, and promotions being shared between the app, website, and stores. They were clear that they did not want to integrate this new system with the existing monolith and furthermore, they also knew that a new team was needed.

The new platform consisted of customer loyalty app, the new ‘My Store’ app, and other customer experience solutions on the top layer, all to be exposed via an API layer. Once Lindex had completed the implementation of this first set of APIs it immediately became apparent that different levels of complexity within the backend systems would require different versioning of each of the created API’s moving forward as each monolithic application was adapted to become digital. It was recognized that the team would require some form of management for the API framework and a business case was undertaken to assess a number of API Manager systems which complied with industry standards and more importantly, would work seamlessly with their existing customer repository. Lindex also had a preference for a security solution that was able to work seamlessly with their existing customer repository. These requirements, along with the need for an open source solution, led them to WSO2 API Manager (which addresses API management, development, and integration). They also chose WSO2 Identity Server, which is optimized for identity federation and single-sign.

Multiple Teams for Multiple Customer Experiences

While the app team was developing the new application, Lindex’s team responsible for their existing monolithic architecture was busy refactoring the code in order to expose functionality in the customer shopping experience – i.e. features like shopping cart, wish list, pricing, promotions, and order details. They also had other development teams working on other areas of customer experience simultaneously. The ‘My Store’ program was upgraded, they were able to create a ‘My Stock’ app and a ‘My Customer’ app (when in-store personnel were acting on behalf of customers). During the complex process of setting up multiple levels of authentication across different user groups, Lindex found that WSO2 Identity Server provided the authentication capabilities needed for these apps. In total, there were 5 teams working on enhancing customer experience and there are plans for expansion.

Like their initial venture to e-commerce, this project has also been an experimental one for Lindex, to understand what works best and adds business value. They now believe that a gradual replacement of backend functionality is what works for them. “Thanks to WSO2 and the open source model, this has been a breeze. It’s been risk-free for us. The middleware has been rock solid from the get-go really,” says Johan Edling, an enterprise IT architect at Lindex.

Some Lessons Learnt Along the Way

Lindex gained some valuable insights when they worked on this project, and if they were to return to square one, their key advice to others starting this journey would be as follows:

  • Set up API statistics right at the start of the project, even if it looks expensive at first glance. Failing to do so is not the best course of action.
  • Time is always important – time must not only be allocated to the development of API resources, but to changes you anticipate as well.
  • Perform automatic testing of API resources and ensure that teams working on the project have the relevant API development skills are things to consider.
  • Document error handling guidelines.

With the new API design in place, Lindex now offers a modern shopping experience for their customers.

For more details, watch Johan’s talk.

WSO2 was named a Leader in The Forrester Wave ™: API Management Solutions, Q4 2018 report. Check it out here and learn about WSO2 Identity Server here.

Achieving GDPR Compliance in Heraklion, Crete

The city of Heraklion, capital of the Greek island of Crete, is many things – it’s a tourist attraction, a port and ferry dock, and a smart city. In fact, Heraklion was recognized as one of the world’s 21 smartest communities in 2014 and even has a technological university. As a tech-driven city, the Municipality of Heraklion decided to build a web portal for more than 6,000 users and a case management system for 700 employees. Also in this plan was the creation of an email system based on Postfix and Horde, mobile applications for the convenience of both citizens and employees, an e-payment gateway, and several WordPress sites for affiliated organizations of the municipality.

Solution Requirements

The IT infrastructure of the Municipality has multiple applications and users. And both ITDT and the Municipality wanted to create unique user profiles (and avoid duplications), a single-sign-on process for users, provide authentication mechanisms and very importantly, achieve GDPR compliance. A team comprising of the University of Crete, the National Technical University of Athens (NTUA), and ITDT Solutions (a company based in Cyprus working with a range of customers in Cyprus and the Balkans) worked with the Municipality of Heraklion to achieve these ambitious goals.

The new solution had a list of proposed items for successful project completion. The starting point for this project was the creation of a new LDAP infrastructure based on OpenLDAP (the LDAP infrastructure which existed at the time needed upgrading). User migration had to occur from the web portal’s database and other applications. Identity management is a huge requirement and the team used WSO2 Identity Server and the national identity provider for advanced security services. And the final important item was the migration of applications to SAML2 and OAuth2.

GDPR Compliance Made Easy

GDPR compliance and its importance led the project team to WSO2 Identity Server, which as an identity solutions provider, is GDPR ready. This meant that ITDT and the rest of the team did not have to do much to become GDPR compliant by themselves. ITDT created a single user store for convenience which simplified the process (the other option was to become compliant for each and every user store and application). The self-care user portal of WSO2 Identity Server plays a crucial role in GDPR compliance since it functions as a medium for users to exercise their individual rights as defined by GDPR for data managed and retained by WSO2 Identity Server. This self-care portal allows users to access and rectify any information about themselves at any point of time. Users can also request portal administrators to delete their entire user account if needed. It also enables users to revoke consent and exercise their right to be forgotten, in addition to providing them with a portal format of storing data, the right to pause/ restrict data processing, and of course, transparency on how their data will be processed.

WSO2 Identity Server comes with other perks as well. For one, it enabled ITDT and team to build a central identity so they migrated all their user stores to the central LDAP infrastructure by the project’s end. Secondly, WSO2 supported various inbound authentication mechanisms (SAML, OAuth, JWT, etc). Lastly (and best of all) is that WSO2 Identity Server is open source. This project did not have the most generous budget, and the Municipality of Heraklion needed a solution that did not have extra licensing costs attached to it. WSO2 Identity Server has an Apache 2.0 license, thereby giving the team heading this project the freedom to use this solution.

Benefits and Expansion

Apart from creating a robust solution to achieve GDPR compliance, ITDT has been able to create unique user experiences and reduce development costs for the Municipality. A digital transformation project of this nature (or indeed any such project), naturally provides insights to the team leading it by the project’s end. What ITDT learnt was that the migration of user stores is harder than they had initially anticipated as it required a lot of manpower. The team also learnt that WSO2 Identity Server is an ideal platform for creating custom solutions whilst keeping the core solution unchanged. Given the success of this project, the next step involves expansion – to other applications in Heraklion city and to other municipalities in Crete. Data exchange between municipalities and universities in Crete, and creating loyalty schemes between public and private bodies are other areas of interest. Identity management will continue to play a central role in all these plans.

Watch this presentation to learn more.

WSO2 Identity Server can be used for a host of identity management requirements, check it out here.

This article helps you understand how WSO2 Identity Server helps you achieve GDPR compliance.

Why We Make Our Product Roadmaps Public

“Can you please share your roadmap?”

“What are your plans to engineer feature xxx?”

“Great product, but does your vision match ours?”

We get these questions all the time, from customers, partners, and analysts.

As the leading open source API integration company, it seemed antithetical to be open and transparent about our code, financials, and priorities, but not about our actual product roadmaps.

So we’ve now opened-up our product and solution visions and roadmaps for each of our integration-related products, all part of our Integration Agile platform:

Why would we do this?

There are a number of reasons we chose to take this bold step – a step that most high-tech companies shun as competitively risky, and thus guard their plans with absurd paranoia.

  • Public roadmaps are consistent with our open source community
  • We trust our community to work with us, and they can only do so if they know our plans. That way they are always involved in the technology and will be able to best deliver meaningful new features, contributions, and roadmap suggestions.

  • Public roadmaps signal our transparency
  • Transparency is key to building trust between partners. A public roadmap helps committers, partners and customers to know we’re pulling no punches with our direction. It’s also consistent with our no-lock-in approach… and that means there’s no lock-in to our roadmap either. With a transparent set of roadmaps, our technology partners know what to expect… and have a proactive vehicle to comment on the direction.

  • Public roadmaps are good for our customers’ trust
  • When our customers buy-in to our integration platform, they’re putting technology direction on the line. They want to know if we’ll be evolving in the direction they want. For them, it’s all about mitigating long-term technology risk. This way, we’re “opening the kimono” and boldly stating direction.

  • Public roadmaps show our pride, confidence, and vision
  • WSO2’s technology has been evolving for over 13 years. Over 350 engineers currently work on technologies like API management, identity management, ESBs, enterprise integration, and related integration architectures. This is one way of showing-off our vision and capabilities.

  • Public roadmaps are good for business
  • In sales situations, customers often ask pointed questions about specific (missing) features. And the usual answer “Yup, we’re working on supporting it” is always received with skepticism. Our public roadmaps put our money where our mouth is… either it’s on the roadmap, or it’s not. Or, we work with our partners to change the roadmap… for everyone else to see.

Next, what’s on our Roadmap roadmap?

This is the first of many more steps we’ll be taking toward increased openness and transparency. But the other critical component is your feedback. So if you have thoughts about our roadmap- positive or negative – there are many avenues you can use, including our Contact Us button – and include your feedback.

Medical Device Integration for Better Decision Making in the Healthcare Industry: A Case Study From Engineering Ingegneria Informatica S.p.A

Medical devices that communicate with one another…sounds futuristic (or like something from a science fiction movie or novel), but it’s happening today. Engineering Ingegneria Informatica S.p.A, an Italian based software solutions provider, developed a Medical Device Integration (MDI) solution that enables devices to communicate securely, efficiently, and intelligently, enhancing patient care and monitoring capabilities. And to create their solution, they rely on the entire WSO2 Integration Agile platform.

Medical Device Integration with the WSO2 Integration Agile Platform

MDI comes with its distinctive set of challenges. Communication between medical devices is complex, hence each device needs a standard and secure communication protocol based on multiple channels. Then there’s the issue of processing thousands of events. A large hospital has a multitude of patient data, generated from thousands of sources. Engineering Ingegneria Informatica S.p.A needed to analyze these events and view patient data in the form of trend lines on customized dashboards. Also needed were monitoring dashboards displaying data regarding the status of devices.

The architecture behind MDI makes use of WSO2 Identity Server, WSO2 API Manager, WSO2 Enterprise Integrator, and WSO2 Stream Processor, along with WSO2’s IoT platform (now developed and supported by Entgra). To begin with, WSO2 Identity Server – a holistic identity and access management product – makes this solution and communication between components secure by using protocols such as OAuth2 with JWT tokens. This identity platform also generates tokens to access WSO2 API Manager.

WSO2 Enterprise Integrator facilitates all the communications in this solution and comes with integration runtimes, message brokering, and business process modeling capabilities. This agile integration platform is responsible for communicating with external modules, between the various devices and the central MDI system, and with Terminology Services to perform compensation and transformation of incoming/outgoing streams. Furthermore, WSO2 Enterprise Integrator provides technology for this solution to generate alerts or notifications from MDI to application solutions.

WSO2 Stream Processor – a lightweight stream processing platform – analyzes clinical messages from the device driver in real-time. Technical and clinical information has been divided into different complex event processing (CEP) flows. This makes it possible to manage technical warnings or CEP feeds of clinical data, and the machine learning component acquires and refines classified algorithms to help predict critical situations. WSO2 Stream Processor, in particular, has helped Engineering Ingegneria Informatica S.p.A to address the challenges of processing and analyzing the many events and the need for a customized dashboard.

The IoT capabilities are used to develop device drivers with installation packages. Each device driver has a health module that transmits technical information (which ranges from data like the heartbeat to the status of components). Each driver is also able to transform specific device protocols (such as RS232, HL7, etc.) into an encrypted generic platform message, thereby eliminating the need for MDI to identify each protocol.

The Benefits for Patients in Real Life

There’s quite a complex architecture in operation, so how does it function in a real-life situation? Marco Mastroianni, a software architect at Engineering Ingegneria Informatica S.p.A, explains how their solution applies to an Intensive Care Unit (ICU). Patients in the ICU are dependent on monitoring and life-sustaining devices where the use of information from combined (or integrated) data sources play a critical role in predicting a patient’s condition. Underpinning everything is time and the speed of communication. In such environments, monitoring capabilities and notification mechanisms come to the foreground. The data generated by these devices appear in the form of signals which is of value to signal processing techniques. Therefore, this process helps to both monitor patients and design algorithms that are used to implement patient alarms.

Patient monitoring is not limited to hospital premises – the MDI solution helps to monitor them in their homes too. Monitoring is dependent on communication between devices, how they’re managed, and how patient data is received by medical professionals. An MDI solution such as this reduces the probability of errors (particularly human errors) – greatly supporting the wellbeing of patients and the quality and speed of decision making.

You can listen to Marco’s presentation for more details on the MDI solution built by Engineering Ingegneria Informatica S.p.A.

WSO2 offers an open source integrated platform for digitally driven organizations who want to become integration agile. Everything you need to know is here.

Scaling Single-Sign-On with the Swiss Alpine Club

Mountain climbers and hikers in the Alps need reliable assistance, and that’s exactly what the Swiss Alpine Club (SAC) provides. Established in 1863, SAC is passionate about alpinism. They’ve contributed to the development of the Alpine region over the centuries and are advocates of safe, responsible mountaineering whilst ensuring free access to the mountain world.

Today, SAC has approximately 150,000 members, 111 sections in Switzerland that manage 153 mountain huts. On average, SAC sees 1 million daily visitors to these huts. SAC offers a range of services to both members and non-members. They have a SAC route portal, manage an online store with SAC products, offer discounts for accommodation, organize educational and training opportunities, and much more. Furthermore, SAC relies heavily their 7,000 volunteers who work as officials, guides, and youth organizers. These volunteers are supported by SAC’s IT office, which is located in the Swiss city of Bern.

Integration and Identity Management for User Convenience

SAC defined their digital strategy 2 years ago, and the cornerstone of this strategy is easy usage and access of services for their members and non-members. To this end, they had a straightforward set of goals which include: one identity login across all SAC services, single-sign-on (SSO) to access different services, easy onboarding of members, and to provide self-management of user accounts. SAC has around half a million users (this number keeps growing daily) and there are about 6,000 roles. Given the number of roles and types of membership (for example, officials, wardens, subscribers, etc.) means that there is a quite complex identity management structure at SAC.

SAC worked together with WSO2 Certified Integration Partner Avintis to implement their strategy. Right from the beginning of this project, both SAC and Avintis agreed on the consolidation of SAC’s user store. SAC’s new solution is composed of 2 parts – one part is concerned with integration and the other focuses on authentication, powered by WSO2 Enterprise Integrator (which can be used to build, scale, and secure integration solutions) and WSO2 Identity Server (which is a uniquely flexible product for identity needs) respectively. Being open source, both WSO2 Enterprise Integrator and WSO2 Identity Server provide SAC with a solution to avoid vendor and data lock-in, and use open standards for identity management and integration. This also further enables SAC to keep abreast with ever changing market needs.

The solution has a bi-directional integration with Microsoft Dynamics NAV and WSO2 Enterprise Integrator. They’ve also implemented REST based web services. This solution also consists of one master user store, with multiple service providers. At present, they have 6 service providers but this could potentially increase to 100 depending on the speed at which their implementation progresses. SAC translates their business cases to their user store and assign the right roles in the user store. They’ve created a login app on top of WSO2 Identity Server, which received the customer services that passes through WSO2 Enterprise Integrator. Furthermore, the identity management component follows the OpenID connect protocol.

The Result: One Login App for Everything (Literally)

SAC has reduced their data silos with the new solution. The resulting single login app facilitates user authentication, registration, membership applications, account activation, and password resets. Users can now book accommodation, subscribe to SAC services, shop in the online store, and access any other service with one single identity.

SAC’s plans extend beyond creating a seamless and convenient user experience. They’re now looking at WSO2 API Manager (which can be used to address any spectrum of the API lifecycle, monetization, and policy enforcement) for secure access to and management of upcoming/ existing APIs. In order to achieve scalability and reduce downtimes to zero, SAC runs most of the applications in Docker containers using Jelastic PaaS, and plans to migrate all of their web infrastructure to this cloud platform.

With plenty of changes anticipated in the near future (along with rising numbers of visitors to the Alps), Daniel Fernandez, head of IT at SAC, advises meticulous planning when undertaking a digital transformation project of this nature. And in addition to planning, he advocates being prepared for unexpected situations, as in his opinion a project such as this has an impact on everything else in an enterprise.

Listen to Daniel’s presentation for more details on how SAC implemented SSO.

WSO2 API Manager, WSO2 Enterprise Integrator, and WSO2 Identity Server form the WSO2 Integration Agile Platform. Learn all about our open source approach here.

Delighting Customers with an API First Approach at Proximus

Proximus, the largest telecommunications provider in Belgium, has been around since 1930. At present, Proximus provides internet, TV, telephone, and network-based ICT services. Their brand portfolio includes Scarlet, NBRACE, tango, ClearMedia, TeleSign, Davinsi Labs, telindus, BEMOBILE, and bics. Collectively, these brands have presence beyond Europe – in the Middle East, Americas, Africa, and APAC.

APIs Are Great – Again

Proximus has 2,000 to 3,000 applicators in the entire organization, integrating internally and externally with partners, competitors, and customers. Most importantly, these integrations have to be managed. The scenario that would result in not doing so is endless difficulty and inconvenience. A decade ago, Proximus designed their architecture for managing commodity services such as authentication, authorization, routing, and monitoring. So far, so good.

Change came in the form of agile business transformation. By becoming more agile, they were looking to deliver services faster, of better quality, and at lower cost. Proximus achieved business agility by building functionality shaped building blocks that are re-usable and loosely coupled. These building blocks are used to provide their digital solutions, all at lower costs and higher quality. Agile transformation has been made possible by WSO2 API Manager, which supports any spectrum of the API lifecycle, and WSO2 Identity Server, a holistic identity and access management (IAM) solution. Both are open source.

“We had to rethink what we were doing and essentially look at making APIs great again,” says Sean Kelly, an enterprise architect at Proximus. They’ve already worked with APIs, mainly to offer services – but agile transformation means approaching everything differently. This began by bringing together architectural domains that are well-defined and separate. For one, there was a functional domain which operated on specific blocks of functionalities (such as customer address management). Then there was an important security domain that is responsible concerns such as GDPR compliance. The application domain handles patching, upgrading, migrations, and such. And finally, the infrastructure domain is needed for deployment.

Functional Domain in Detail

Sean explains the new approach at Proximus by using the functional domain as an example. The team at Proximus documented all business capabilities and they first defined the characteristics of a capability. For starters, a capability must be a subject matter expert i.e. a customer address management capability is the owner and master of this specific block of data. This capability is the single source of data for the particular function, with a specific team attached to it. Furthermore, business capabilities are also mutually exclusive – unique, but independent, self-contained, and well defined.

The implementation of this new API-first approach happened in a very structured manner. APIs at Proximus are lightweight and powerful, with simpler life cycles and release cycles. Product teams were empowered and the API management platform is more agile. Although the API management platform is a self-service one, there are certain controls in place. Collaboration plays a big role too. Given the number of architectural domains, collaboration could be a challenge and it required a shift in mindset across the organization.

Organizational Change from Service Orientation (SOA) to Resource-Based Architecture

Proximus adopted the Bimodal practice to deal with organizational change. Introduced by Gartner, Bimodal refers to the strategy of coping with change and it’s comprised of two modes (modes 1 and 2). As per Gartner’s definition, these 2 modes are cycles, and not separate groups or departments in the company. “Mode 1 is the marathon runner, that is, it refers to APIs that perform core business functions. Mode 2 is more like a sprinter. These are the APIs that respond to the environment, are closer to your customers, more agile, and typically more disruptive,” Sean explains. At Proximus, mode 1 is applied to internal APIs and existing SOA services. Mode 2 is applied to external APIs and this is where they publish their digital products, with a strong focus on security.

Apart from the Bimodal practice, Proximus has also adopted several principles. There’s no domain dumping model at Proximus, and they use concepts that are known and understood within the organization. They design for loose coupling, as vendor-neutral APIs are preferred and it allows them to change one component to another with minimal impact. Proximus also use industry standards such as O-Auth2, XACML, SID, JWTE, etc. Another is the use of smart endpoints and dumb pipes, which is to avoid business logic in a centralized middleware. Security is coded, rather than configured. As such, the code is typically only written once and then validated by security, making it easier to manage this process as well. Proximus also do not use the latest version of a particular technology offered – they prefer to trail behind the bleeding edge, as they’re on the lookout for the first round of patches and use the functionality with greater confidence at a later time. And finally, Proximus only builds components or purchases software that is cloud native.

Delighting Customers

The team at Proximus are satisfied with their API first approach and the resulting API marketplace. “We’re focusing on delighting our customers, delivering value, and doing all this at a lower cost. We use WSO2 to do what they do best. For us, WSO2 is an API management platform and we let them handle that while we focus on the business,” says Sean. As with any innovative business, there are more changes afoot at Proximus and they’re looking to take WSO2 along with them as their business evolves.

Watch Sean’s presentation for more information about the transformation at Proximus.

Check out our product pages for WSO2 API Manager and WSO2 Identity Server to find out how you can use these products in your enterprise.

The API-driven World: WSO2 Integration Summit is Coming to a City Near You!

Starting in March, the WSO2 team, our partners, and I will be hitting the road for the 2019 WSO2 Integration Summit world tour. The 2018 Summit series was our biggest yet, featuring customer success stories from enterprises that have used our technology to fulfill digital transformation strategies and create innovative experiences for their customers. Refusing to sit back and relax, we’re making the 2019 Summits even better. We will be visiting at least 24 cities in 20 countries and 6 continents to show how you can achieve API-driven integration agility.

We are scaling our efforts by collaborating with our partners on each of our summits. We started this year by inviting all our partners for WSO2 Sales Bootcamp. For the first time ever, we had partners from all around the world participating in the 2019 kickoff alongside our own teams. Insights were gained, strategies were discussed, plans were made, and the summit tour was born. Because of our partners’ global presence, we are able to reach six of the seven continents (the penguins in Antarctica didn’t show much interest in WSO2!).

Group picture from Sales Bootcamp 2019

Summit Theme: The API-driven World

APIs are touching every facet of our society and the underlying trends are going to generate nearly 1 billion APIs in the coming years. All digital transformation depend on APIs and integration technologies underpin their evolution. Each WSO2 Summit will comprise a full day of vision and practical use cases focused on integrating a world of disaggregated APIs, cloud services, and data. We will discuss topics such as transforming integration projects from waterfall to agile, by moving from the centralized model to a decentralized architecture and methodology; combining enterprise integration, API management, and identity solutions; writing microservices that integrate APIs using Ballerina; and using open source technology for greater customization and flexibility. The summits will also feature guest speakers from digital-native organizations who will talk candidly about their API-driven transformations.

We’ll show you how to navigate current trends and use them to deliver innovation and new opportunities. Listen to visionary keynotes by WSO2 senior leadership, meet and network with industry experts and others who are striving to solve similar enterprise problems, and learn how integration agility could help with maximizing revenue and productivity. Join our interactive discussions to empower your team and stay one step ahead of evolving business needs.

While the the underlying themes of each summit remains the same, the agenda differs from location to location. The interactive sessions are tailored to each region, helping you gain relevant information on what matters to you and your enterprise. From open banking to retail and healthcare, our plan is to cover it all.

WSO2 Integration Summit 2019 global locations

If you are a customer or a community user and would like to speak at one of the summits, please let us know, as we have a limited number of spots still available. Get in touch with us at cfp@wso2.com.

I look forward to seeing you soon.

Space is limited, so save your spot today.

Follow @wso2 on Twitter to get the latest updates. We are using the #WSO2Summit hashtag.

Ask an Expert: Catching up with Ruwan Abeykoon

Ruwan, on the right, participating in a badminton competition in WSO2

If you bump into Ruwan outside WSO2, you’re most likely to meet him along a hiking trail or underwater, scuba diving somewhere in Sri Lanka’s southern coast. He’s also a vehicle enthusiast and loves technology. Inside WSO2, Ruwan currently looks into product stabilization efforts of WSO2 Identity Server that results in improving the overall architecture of the product.

In this interview Ruwan sheds light into his journey at WSO2 so far, identity and access management (IAM), and his view about software.

1. How did you enter this industry (was it by accident, why IAM)? Tell us about your journey at WSO2 so far?

Every change in my career was based on calculated decisions at critical junctures and I’m very pleased at how everything has turned out.”

I started off as an entrepreneur after grad school, working in the telecom and retail sectors. My expertise lies in telecom signalling and it’s been one of my interests for the longest time, in addition to high performance computing and IoT. Subsequently, I joined WSO2 where I was a part of the App Manager team, which is now the WSO2 Identity Server team. Every change in my career was based on calculated decisions at critical junctures and I’m very pleased at how everything has turned out.

2. What are some of the interesting projects you’ve worked on recently?

Adaptive authentication is one of the latest features we added to WSO2 Identity Server. What’s different about how we offer adaptive authentication is that it’s based on scripting language similar to ECMA. This is also involves user behavior analytics based authentication.

WSO2 Identity Server analytics is able to monitor login and logout sessions, and provide analysis based on a user’s behavior which helps with providing an additional security layer when authenticating them. This is what adaptive authentication is ultimately about.

Adaptive authentication is very important right now and not because of user convenience alone. Major financial institutions use adaptive authentication to provide advanced user experiences while providing Open-Banking APIs.

3. Do you see adaptive authentication as a game changer and how so?

People always want easy access to applications and systems. Making this process difficult means users will either move away from the business or they will have weak security methods. For example, enforcing people to use long and complex passwords can lead to them writing their passwords on a piece of paper somewhere, which isn’t a smart thing to do.

On the other hand, security experts want to limit access to resources and systems as well. Hence there is a need to find the right balance. And a need to detect risk and limit access while allowing free access for legitimate cases or users. This involves evaluation of many parameters and behaviors than simple static rules that are offered by most IAM solutions. In the future, we’ll also need to embrace AI on the authentication process.

4. What trends do you see in the IAM market? Where do you think we’re heading?

I’m going to provide a very brief overview of some trends that I’ve observed. For one, there’s an increasing dilemma between whether or not we should opt for a centralized IAM system. But given privacy concerns, it’s quite evident the IAM industry is heading towards a decentralized identity and access management system. Another trend is sovereign identity, where an individual decides what can be done with an identity. Although there’s a growing need for increased privacy, people must be able to share and delegate easily. Another is space-time-bound edge device security with identity of a person.

5. We now keep hearing that IAM is an enabler and it’s more than just security or an IT project. What’s stopping enterprises from embracing this? Why do you think they should?

It is easy to start an IAM system with a homegrown solution of simple databases. There are a plethora of libraries available to kick start a homegrown IAM system. But it gets into an inescapable vortex when more and more functionalities are needed in today’s agile businesses. Enterprises need to detect this at an early stage and adopt a proper IAM solution before the vortex grows into an unmanageable beast by itself.

6. Two things you’ve learned in your career that you’d like to share with a newbie?

Think of software as a medium of communication between both systems and people.”

First, think of software as a medium of communication between both systems and people. This could be system to system, system to person, and person to person. Second, learn to unlearn. No software practice has lasted for more than a decade. New languages and methods keep propping up and your openness to learn is what helps you progress.

Ruwan on one of his many scuba diving adventures!