Mobile Identity: Truth and Dare – Identity-enabled APIs

Andrew Johnston Member of the TELUS team Cloud Identity Summit 2013 July 12, 2013

TELUS Public 2

n  (coverage map)

n  (key services, technology)

TELUS Public 3

Why APIs are important

n  Re-using capabilities saves time and money.

n  Introducing well-considered APIs affords the abstraction of complexity.

n  Opening access to capabilities for 3rd parties brings: n  additional savings; n  greater access to innovation.

TELUS Public 4

Why measuring API use is important

What we expected 1.  SMS (messaging)

2.  Location

3.  MMS (picture messaging)

4.  Charging

5.  Subscriber profile

What we saw 1.  Subscriber profile

2.  Charging

3.  SMS (messaging)

4.  Location

5.  MMS (picture messaging)

“There’s something missing.”

TELUS Public 5

Why identity is important to APIs

n Every API needs a subject.

n “On the Internet, nobody knows you’re a dog.”

TELUS Public 6

Authentication as an API

n TELUS issues secure credentials to our subscribers. n  Let’s use those!

n Look to what’s working and, ideally, standardized. n  SAML 2.0 Web Browser Single Sign-On Profile.

n Don’t write security software.

n Privacy benefits available.

“OK, but…”

TELUS Public 7

API Authorization

n Developer usability counts, too.

n Standards are still a good idea. n OAuth 2.0

n Writing your own security software is still a bad idea.

n Build on what you have.

n Re-use is fun and valuable!

n Customers get a say.

TELUS Public 8

What worked well for us

n All customer feedback is positive. n  If they’re unhappy, you’ve learned something!

n Developers are people, too. n  Help them by letting them focus on what they want. n  Keep interfaces simple and consistent with how they will be used.

n Look for standards with: n  a number of interoperable, commercially-supported implementations; n  good tools for a number of platforms; n  an accessible community of practice.

n Re-use represents real value.

“Web views? Really?”

Questions?

andrew.johnston@telus.com