The API-driven World

Financial institutions and fintech vendors are amongst the larger producers of software and employers of highly talented developers worldwide. Yet while Wall Street has been consistently increasingly consumption open source, this interactive-by-nature ecosystem has been largely missing out on the opportunities of open collaboration, participation and contribution open source projects.

But in the context of a massive generational and technological evolution, with cloud and decentralized technologies taking over the industry, the opportunity for an open fintech is huge for financial institution decision makers, for developers and generally for each one of us, downstream users of the financial services complex.

In this session, Gab, Executive Director of the Fintech Open Source Foundation, will discuss the state of open source in financial services, discussing trends, opportunities, concrete examples of collaboration and extending a call for contribution to the extended OSS community.

The number of microservices running in enterprises increases daily. As a result, service composition, governance, security, and observability are becoming a challenge to implement and incorporate. A “cell-based” architecture is an approach that can be applied to current or desired development and technologies to address these issues. This technology-neutral approach helps cloud-native dev teams become more efficient, act in a more self-organized manner, and speed overall release times.

In this keynote, Asanka will introduce the "cell-based" reference architecture, which is API-centric, cloud-native, and microservices-friendly. He will explain the role of APIs in the cell-based approach, as well as examine how real applications are built as cells. Asanka will explore the metrics and approaches that can be used to measure the effectiveness of the architecture and explore how organizations can implement the cell approach.

“The whole is greater than the sum of its parts” - In this world of disaggregated, cloud native architectures, developers are increasingly adopting micro services to build Complex Systems. APIs play a huge role in creating a sustainable platform and a good API driven micro services design is key to building and scaling these complex systems. Whilst API Management and API Gateways have traditionally been used for north-south communication, Service Meshes and specialised gateways have emerged to handle complexity for East-West communication.

The “parts” work, but is the “whole greater than the sum of its parts”? That’s the objective of this talk. We apply method to madness, and take a critical look at the role of APIs in cloud native, service mesh driven complex system design. We will look at how various API technologies including full lifecycle API Management, API Gateways and Micro-gateways, API Proxies and frameworks to build on-the-fly gateways play with Service Meshes like Istio and LinkerD, proxies like Envoy and ingress gateways. We will also look at practical examples of how full lifecycle API Management play an important role in Service Mesh based K8S Infrastructure.

The microservices architecture expands the attack surface with multiple microservices communicating with each other remotely. It’s a common principle in security that the strength of a given system is only as strong as the strength of its weakest link. Unlike in any other system design, the repercussions will be extremely highly if we do not get right the security in a microservices design. The key driving force behind microservices architecture is the speed to production (or the time to market). One should be able to introduce a change to a service, test it and instantly deploy it into production. A proper secure development lifecycle and test automation strategy needs to be there to make sure that we do not introduce security vulnerabilities at the code level. We need to have a proper plan for static code analysis and dynamic testing — and most importantly those tests should be part of the continuous delivery (CD) process. Any vulnerability should be identified early in the development lifecycle and should have shorter feedback cycles. There are multiple microservices deployment patterns — but the most commonly used one is service-per-host model. The host does not necessarily mean a physical machine — most probably it would be a container (Docker). The DevOps security needs to worry about container-level security. How do we isolate a container from other containers and what level of isolation we have between the container and the host operating system? How do we authenticate and access control users to microservices and how do we secure the communication channels between microservices? All fall under application level security. This talk addresses multiple perspectives in securing microservices: SDLC, DevOps, and application-level security.

The phrase “cloud-native” has become overrated in today’s tech scene. Every familiar enterprise technology product is now rebranded as “cloud-native” and is offered as a containerized workload for today’s business needs. But are they really “cloud-native” ? To answer this question we have to deeply understand the cloud native qualities. Can our existing enterprise monoliths become cloud native or use cloud native tools ? is it worthwhile to break down the monolith as today’s advice goes ?

This talk focuses on those hard questions in today’s enterprise landscape. This is a discussion with enterprise architects on the challenges they face in their cloud native journey.

Higher Education is no stranger to the challenges of the ever-changing pace of technology. There are many systems built, bought, and put together to keep a university running. These systems need data, need to connect other systems, and also need to be connected to various devices. Higher Education needs to stay competitive and provide educational tools, resources, and methods for today’s digital citizens/natives (students, faculty, staff) that goes beyond the brick & mortar norms.

“The” Ohio State University (OSU), one of the largest public institutions in the nation, is not immune to these challenges. A large challenge is keeping systems, applications, and 3rd-parties integrated and data flowing efficiently, effectively, securely and predominately in real-time between sources and targets. In today’s and tomorrow’s world, OSU has to tackle this challenge by being flexible, adaptable, lean and continuously improving its integration agility.

In this session, Glenn will discuss Ohio State ’s journey in becoming more integration agile. He will give brief (his)story of how a small group went from implementing most of the “integrations”, then implementing the Enterprise Integration Platform (EIP) with a “DevOps” group on the down-low, to multiple development teams growing into integration personas, and EIP becoming a key foundational ecosystem supporting many of Ohio State’s key efforts (i.e. PeopleSoft, Workday, Salesforce, etc.). Throughout, Glenn will briefly share what’s components are used, where we are, and what’s next!

Ballerina is a programming language designed for network-distributed applications. One of its key objectives is to make providing and consuming services easier by baking concepts such as listeners, services, and endpoints as inherently concurrent first-class language constructs. Another important aspect of the language is the sequence diagram based graphical view which shows the most fundamental aspect of the semantics of a network distributed application. Ballerina language is pragmatic and intended for commercial adoption and provides familiarity for users of Java, C#, and JavaScript. While it looks like Java and other popular languages in some ways, it is very different from those in fundamental ways.

In this session, Lakmal, will discuss and demonstrate how Ballerina simplifies your microservices development. Also, he will show you how Ballerina is different, why it's different, and how those differences give Ballerina an unfair advantage when it comes to developing resilient, performant, and secure network services and applications.

Has someone in your organization recently decided you need a “digital transformation” and asked you to lead the way? Have you started one and hit some unexpected turbulence along the way? You’re not alone. Whether you’re figuring out how to get started, or you’re well on your way, join Brandon in this session as he briefly shares the strategy, challenges, and tactical approach his team is using to drive an enterprise API program in a 30,000 person global organization; with an emphasis on their approach to adoption.

The industry seems to be moving away from pure open source businesses. WSO2 is going the opposite direction, maintaining a strong commitment to open sourcing our products and open sourcing even more of our IP, building communities, making expertise available to our customers, and bringing transparency to our business culture and operations. This session explains why we believe our strategy of openness is fundamental to the success of WSO2 and our customers.