Welcome!

Jaime Ryan

Subscribe to Jaime Ryan: eMailAlertsEmail Alerts
Get Jaime Ryan via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Jaime Ryan

My grandfather has a bumper sticker on his pickup truck that says “He who dies with the most toys, wins.” Since my world revolves more around API Management than collecting die-cast models of John Deere tractors, I have my own version of the saying – “He who has the most context wins.” Context has always been an important part of managing data or applications, but the proliferation of enterprise B2E (business-to-employee) and B2C (business-to-consumer) mobile apps has significantly increased the need for context-based policy. The Layer 7 family of API Gateways has always been good at context. Not only does a Gateway have access to the full request and response content, it can also access header content (from a wide variety of protocols) and transaction metadata (latency, source information etc.) Then it adds in user credentials and attributes retrieved from the req... (more)

Drones, Phones & Pwns: The Promise (& Dangers) of IoT APIs

Earlier this month, CA Layer 7 participated in yet another great conference – this time, it was QCon New York. As a three-time QCon attendee, I have always really appreciated the level of technical knowledge displayed by attendees. At this show, it’s rare that I have to explain the basics of APIs; most attendees are already using APIs in some form or another. And even though many of them are very hands-on developers, they are savvy enough to realize when it is and isn’t appropriate to “build it yourself.” Many of my conversations began with, “We’re exposing APIs but we don’t hav... (more)

Snapchat Snafu!

When the folks at Snapchat recently turned down an acquisition offer of three billion dollars, I have to admit I was shocked by their incredibly high estimation of their own importance. After all, half of their “secret sauce” is an easily-reproducible photo sharing app; the other half is the fact that their users’ parents haven’t discovered it yet. I’ll admit a bit of jealousy and the fact that my age starting with “3” makes me demographically incapable of understanding the app’s appeal. However, what I do understand is that a frightening disregard for API security might have ... (more)

The Oracle-Versus-Google Verdict Comes Down

Whew! That loud sigh of relief you hear reverberating from Silicon Valley is a reaction to the June 1st Oracle-Google ruling, which declared that APIs are not protected by copyright. While this case could be far from over – Oracle may appeal and force another $50 million round of litigation – a knowledgeable judge and a well-argued 41-page decision will likely make for a strong precedent. In the few weeks, since I last discussed this case, I’ve gotten a lot of feedback. While some techies provided commentary supporting Google’s position, more responses came in the form of questi... (more)

OAuth Tutorial: Modifying a Layer 7 OAuth 1.0a Implementation to Support Custom Requirements

Last week, I posted a video tutorial demonstrating how Layer 7’s OAuth Toolkit makes it possible to use a SecureSpan or CloudSpan Gateway as an OAuth 1.0/1.0a Server and Client. Today, I’m going to follow that up with a tutorial on how a Layer 7 OAuth implementation can be modified to support custom requirements. The tutorial demonstrates this thorough the addition of a new parameter, which is extracted from transaction metadata and then used to tweak the implementation. Specifically, I create a policy in which the authorization token’s lifespan is shortened if the user comes in... (more)