Name: 

Dave Perhne
Application Architect
dcp@umich.edu

Do you have a wiki or web site with a lot of this info?  If so, link please.
Project web site: https://sites.google.com/a/umich.edu/wso2/
Developer site (Will be changing soon): http://developer.it.umich.edu

What API Management Infrastructrure (Middleware) do you have in place or have in place?  What are the other core systems?  API Management, ESB, ERP , DataIntegration, and Security(Authz/Authn/Access)
Currently implementing WSO2 Middleware.  Starting with WSO2 Data Services Server, WSO2 ESB, and WSO2 API Manager

End User Authentication is either Cosign or Shibboleth.  Authorization is usually handled in the back-end system with local roles.  We do not have a central roles management system. 
Web Service Security is dependent on the back-end system.  Each one has it's own way of implementing WS security.  Basic Auth, WS-Security, Digital Signing, Access Tokens, IP Filtering. 

Back-end systems include PeopleSoft for Financials, Student, and HR.  Click Commerce for Research Admin.  ImageNow

Picture of current state and aspirational state?

What are the "poster child" use cases you're using to build momentum for SOA?

Do you have low-hanging fruit, or "easy wins" that you can show reasonably quick value with?

How do you evolve the culture from file based to real-time based?
Good question.  We struggle with changing the culture of integration development.  New tool sets and frameworks are adopted, but we tend to stick to the same old integration patterns.  I think there are so many barriers to using web services to make it efficient for the common developer.  Everyone can write a file and ftp it.  One goal of our project is to make web services "easy" for developers, which will hopefully change the culture.

Do you have design documents that you could share?
We can share anything we have.  We have not really started designing APIs around our data objects yet though.  This is an area we would love to collaborate with other organizations.

How did you build data objects?  What kind of governance did you put around the objects?  How do you maintain them?  How do you put security and authorization around them?
We have not built API's around data objects yet.  We have high level data areas and data stewards/managers assigned to each of these areas that

How are you gathering resources - people and funding to support the effort?  Where do these resources live?   What skills sets do you think you need to support this?

What is the technical stack you are running?  Why did you pick that stack?  Pros and Cons of the stack.   What else did you look at and didn't pick?
WSO2 was chosen after a quick scan of open source technologies.  We were limited to open source because we had little or no funding.  WSO2 is less java centric and they have built a nice layer above the technology to help guide you with building integrations - It's more intuitive than just a bunch of xml config files.  This was important to us, because we do not have a strong skill set in this area.  WSO2 is a relatively new company, and doesn't have a large customer base yet.  It's products are relatively immature as well, but they are very engaged in customer feedback and producing new releases with good features.

We also looked at MuleSoft.  The main reason we ruled them out was the difficulty of start up.  The time to implement our use cases was huge, compared to the WSO2 product. 

What is behind your API?  How do you handle security?
We are planning on using Oauth2, both 2 legged and 3 legged.  3 legged will utilize shibboleth and Cosign authentication.  The middleware will then handle some type of security mediation.  For example, it might validate the user via Oauth and then call the back-end system via a generic system ID, or, in the case of our student system, it might pass the end user's identity to the back-end system and run the service as that user.

Why are doing this?  What is your vision?  What do you see as the future state?
The main focus of this project is to provide APIs for our mobile team, and mobile developers on campus.  Our mobile initiative has struggled with getting access to the data, in the format that they want.  They spend more time building interfaces to back end systems vs. building mobile apps.  Our vision is to remove barriers to getting access to data - "Free the Data". 

What benefits you have achieved in your implementation?

TBD

  • No labels