WIXLIB

Cloud Platform Support for API GovernanceChandra KrintzHiranya Jayathilaka, Stratos DimopoulosAlex Pucher, Rich Wolski, Tevfik BultanDept. of Computer ScienceUC Santa BarbaraMarch 2014

WEB AND MOBILE APP DEVELOPMENTo “Service-ize” digital assets and IP"o Accessible everywhere, all the time (BYOD)"o Platforms-as-a service (Paas) simplify this process"o Facilitates deployment for software/data as-a-service"o Automates configuration, deployment, container management, monitoring, "

DIGITAL ASSETS ENCAPSULATED AS SERVICESo Code and data of value to the organization"o Application Programming Interface (API)"o Common entry point for access & control"DASW Envo By client apps and browsers"o Functional boundary "o Web service software environment (SW Env)!o Storage technologies: SQL, NoSQL, bucket/object stores, HDFS"o Computation technologies: Hadoop, tasks, event handlers"o Load balancers, app servers"

DIGITAL ASSETS ENCAPSULATED AS SERVICESo Code and data of value to the organization"o Application Programming Interface (API)"DASW Envo Common entry point for access & control"o By client apps and browsers"o Functional boundary "o Web service software environment (SW Env)!o Storage and computational technologies"DevelopRetireo API lifecycle"Deprecateo Evolves with that of digital assets (DAs)"o Software environment can/does evolve separately!o Can change without impacting API clients"DeployManage

PROLIFERATION OF APISo Popular development model"o Service-ize digital assets, exposing them via APIs"o Reuse extant APIs to construct new APIs, mashups, applications"o For public consumption"o Pay-per-use and free"o Google, Facebook, Twitter, Yahoo!, "

PROLIFERATION OF APIS123ContactForm 123ShopPro 12secondstv 140Proof 18amail 1Map21FortyMedicalDistrictSlideShowD 23 30Boxes 3dCart 411Sync 43Places43Things 4Shared 500px 5min 7digital 8coupons 8tracks A9 AbbreviationsAcapela AccuWeather ActBlue ActivaLiveChat Active Activecom ActivFinancialActualReports AddThisAnalytics AddThisMenu AddThisServicesAddThisSharingEndpoints AdenForshaw039sTheCat Adility AdobeOnAirAdobeShare AdobeSocial AevumObscurum AftertheDeadline AgendizeActionAgentRank aideRSS AIM AIMPhoneline Airbrake Akismet AlchemyAPIAlchemyAPIKeywordandTermExtracti AlchemyAPITextCategorization AlexaAlexaThumbnail AlexaTopSites AlexaWebInfo Alibris AllforGood AllocinMovieAllogarage AlternativeTo Amazonca AmazonCloudWatch AmazonDynamoDBAmazonEC2 AmazonElasticMapReduce AmazonFulfillmentWebServiceAmazonHistorical AmazonMarketplaceWebService AmazonPaymentsAmazonProductAdvertising AmazonQueueAmazonRDSRelationalDatabaseServi AmazonRedshift AmazonS3AmazonSES AmazonSimpleDB AmazonSNS Ambassador AMEE AmplifyAngelList AngularJS AOLOpenAuth AOLOpenMail AOLPictures AOLVideoAOLVideoUpload AOLWebAIM AonawareDictionary ApiculturWordLemmatizerAPIfy AppFog AppHarbor Appnet ArcWeb ARKive ArtBeat ArtistData arXivAssembla AtlassianBitbucket AustralianBusinessNumberLookup AustraliaPostAuthenticJobs AuthorityLabsAccount AuthorityLabsPartner Authorize.NetAvantLink AviaryEffects AviarySuite AviaryWeb Avvo AwardWallet AwesmBabyNames Backpack BackTweets BackType Baidu Bandcamp BandsintownBarcelonaBicing BART Basecamp BatchBook BBC BBCMusic Beatport BeboBeenVerified BeerMapping Behance BeliefNetworksBestBuyBBYOpenProducts Betfair BibleGateway Bibliacom BibSonomyBigCommerce BigHugeThesaurus BigTribe Billboard BilleoActiveeWalletBillomat Bing BingMaps BingMapsGeocode BingMapsGeocodeDataflowBingMapsRoutes BingMapsSearch BingTraffic BingTranslatorBiodiversityHeritageLibrary BioIDWebServices Bit.ly BitcoinChartsMarketsBitcurex Bitext BitPay Bitrix24 BitStamp BlankSlate bLaugh Blekko BlinksaleBlinkx Blip.tv Blipfm rer BlogamaIPInfoDB Blogger Bloglines Blogmarks BlueBlueDot Bolcom BookingMarkets BookMooch BooRahRestaurantSearch BoxBoxcar BoxnetEmbedit BreweryDB BrightcoveBrighterPlanetEmissionEstimates Brightkite BroadsoftXtendedBrooklynMuseum BrownPaperTickets BTCe Bter BTWeb21C BufferBuildasearch Bump Burstn BusinessAlerts Businessgov BusinessProfilesbuySAFE BuzzData Buzznet CafePress Calais CampaignMonitor CampBXFromprogrammableweb.comDemocracyInAction DeviantART Dezrez DHL Digg DigitalBucket DigitalNZDigitalPodcast Diigo Dipity DirectedEdge DirectTextbook Discogs DisqusDlvrit DNSimple DNSTools Doba Docstoc DocuSignEnterprise DoIt DomainDomainTools DonorsChoose Doodle dopplr Drawloop Dribbble DronestreamDropbox Dropio Dwolla Earth911Search EarthTools EasyUtil EBayEBayFinding EBayMerchandising EBayProductServices EBayShoppingECGridOSEDI EchoNest EchoSign EditGrid EdmundscomVehicleEducationcom EEADiscomap Egnyte Elance ElderCareLocatorEliLillyClinicalOpenInnovation Embedly EmporaEvergreenEndiciaLabelServer Enthusem Entrez Envato EPAStationCatalogEPAWatershedSummary Ergast eSideWalk ESPN ESRIArcGISJavaScriptESV Etsy EvatureTravelSearch Eventbrite Eventful EveOnline EvernoteEveryTrail Evoca Evri ExchangeRate Exfm Expedia Expono Extractiv EyeEmFacebook FacebookAds FacebookChat FacebookCredits FacebookGraphFacebookRealtimeUpdates FacebookSocialPlugins Facecom Faces FactualFanarttvMusic FanBridge FanFeedrSportsNews FanSnapFantasyFootballNerd FAROO FatSecret fav.or.it Faviconz FCC FedExFedSpending FeedBurner FeedMap Feedzilla ffwd Figoconnect FilePickerFilesAnywhere FilesTube FilmCrave Findory FireEagle FitbitFizberNeighborhoods Flattr Flickr FlightStats FlightView Floobs FloristOneFollowTheMoney Forecast Formstack Forrst Forvo Fotolia FoursquareFoxrate Framey Freebase FreebieSMS Freewheel FreeYourID FreshBooksFriendFeed Friendster Fring FullContactPerson FUTEFWikipedia FwixFwixLocation GamePro GamesRadar Garmin Gatekrash GeckoLandmarksGeeklist Genability GengoHumanTranslation GeoAdmin geocodergeocoderCanada Geocubes Geograph GeoGratis GeoIQ Geolenz GeoloqiGeoNames GeoNB GeoPlugin Geoportail GetGlue GetMappingGetSatisfaction Gigablast GigJunkie Gigya GitHubGlobalBiodiversityInformationFac GlobeXplorer GoMoTextSMSGatewayGoodreads Goodsie Google GoogleAdSense GoogleAdWordsGoogleAffiliateNetwork GoogleAjaxFeeds GoogleAJAXLanguageGoogleAJAXLibraries GoogleAjaxSearch GoogleAnalytics GoogleAppEngineGoogleAppsEmailMigration GoogleAppsMarketplace GoogleAppsScriptGoogleBase GoogleBooks GoogleBookSearchBookViewability GoogleBuzzGoogleCalendar GoogleChart GoogleCheckout GoogleCivicInformationGoogleClientAuth GoogleClosureCompiler GoogleCloudPrintGoogleCodeSearch GoogleContacts GoogleCustomSearch GoogleDesktopGoogleDirections GoogleDistanceMatrix GoogleDocsList GoogleDriveGoogleEarth GoogleEmailSettings GoogleFinancePortfolio GoogleFont

PROLIFERATION OF APISo Popular development model"o Service-ize digital assets, exposing them via APIs"o Reuse extant APIs to construct new APIs, mashups, applications"o For public consumption"o Pay-per-use and free"o Within organizations!o Leverage development across organization through reuse!o Internal and external development"o Agile processes and DevOps change SW environment frequently"o API becomes point of strategic business decisions!o Common entry point into org (security, access control, activity)"o Focuses development, DevOps, and IT"o Can influence business value"

A NEW IT RESPONSIBILITYo HW/SW infrastructure now commoditized by cloud"o Experiencing a shift toward management of "o Software environment (directly controllable by DevOps)"o APIs"o Control, maintain, facilitate reuse, and secure"o Provision resources and software environment"o Requires new tools and a system-wide framework"o For API Governance: combined policy, implementation, anddeployment control of APIs for IT-managed services and DAs "o Unify and automate API management processes"o Facilitate efficiency and scale"o In number of APIs, API clients (service users), developers"o That accounts for input from business concerns"

PAAS’S NEXT BIG THINGo PaaS is the perfect infrastructure for API Governance"o Deployment automation, elasticity, fault tolerance, highavailability, logging and monitoring, on-premise and/or public"o Requires additional support for"o API cataloging, search, and registration"o This already exists in the numerous API management platforms!"o Unified and automated policy support!o Specification (a language)"o Verification, analysis, and feedback (developer tools)"o Enforcement"o Deployment time"o Runtime"

API GOVERNANCE FOR ITSW environmentDAAPIAPIAPIAPIDA DAAPIDAAPIAPIAPIRuntEnfor imecementDeployEnfor mentcementDevelopersIT Managed InfrastructureServiceconsumersand clientsDev Tools Dependency checks APIs SW infrastructure Provenance tracking Static analysis Policy verification Automated testing Autogen of enforcement logic Runtime policy enforcement Access and rate control AB testing Auditing & feedback gathering SLA & QOS checksEAGER -- Enforced API GovernancE for REST

EAGER IMPLEMENTATION: APPSCALEPaaS platform that decouples innovation from common services"ooAutomatically manages and scales apps service ecosystem"Access scalable services via well-defined de facto standard APIs!UserCredentialingData storage &Processing (NoSQL,SQL, )DeveloperInnovationMonitoring& LoggingAPISecurity& AuthenticationAPIoMessaging &CommunicationsWebHosting & Serving

EAGER IMPLEMENTATION: APPSCALEPaaS platform that decouples innovation from common services"ooAutomatically manages and scales apps service ecosystem"Access scalable services via well-defined de facto standard APIs!o Starting point: Google App Engine "UserCredentialingData storage &Processing (NoSQL,SQL, )DeveloperInnovationMonitoring& LoggingAPISecurity& AuthenticationAPIoMessaging &CommunicationsWebHosting & Serving

WRITE-ONCE, RUN-ANYWHERE CLOUD APPSo On-premise"o Behind your firewall"o Everywhere"NO CODE REWRITE

EAGER: APPSCALE EXTENSIONSo Enforced API GovernancE for REST"o Policy language "o Restricted subset of Python"o Policies: per-operation, per-API, system-wide"o Developer Tools"o API analysis!o Static policy verification"o Automatic generation of"o Functional tests from policies"o Policies from unit tests"o Deployment enforcement checks"o Runtime deployment checks"o Deployment enforcement"o Runtime enforcement"

EAGER DEVELOPER TOOLS: EXAMPLEo API Similarity Tool"o Evaluate the “porting effort” associated with changing anapplication "o That is using one API, to use a similar API"o Helps developers and IT managers reason about "o How hard it will be to change to use a similar API (reuse code)"o How similar two APIs are (for policy enforcement @ code reuse)"o How APIs evolve over time (and how to enforce change control)"o Describe API behavoral and functional semantics"o Using the EAGER language: as axiomatic semantics"o Translate to ASTs (per operation)"o Employ DICE coefficient (Hoare’s Rule of Consequence)"o To compute an AST similarity (porting effort) score"

EEMPIRICALMPIRICALEEVALUATIONVALUATION: PORTING EFFORT

SUMMARYo API Governance is increasingly important for IT "o Vast proliferation of API development/deployment"o Lacking management, control, and automation"o API Governance is unified and automated API policyspecification, analysis, auditing, and control "o PaaS is the ideal foundation for providing API Governancesolution"o Elasticity, fault tolerance, scale, distribution, portability"o EAGER extends PaaS (AppScale in particular) with "o Policy specification, verification, and enforcement"o Developer tools (analysis, feedback, autogeneration of testsand enforcement checks)"o Automatic deployment and runtime enforcement"

THANKS!o Recent Student Researchers and Visitors!"o Current: Stratos Dimopoulos, Geoffrey Douglas, Adam Ehrlich,Chris Horuk, Hiranya Jayathilaka, Alex Pucher"o Past: V. Arora, M. Baranski, C. Bunch, N. Canumalla, J. Chohan,N. Chohan, A. Gupta, S. Hedge, M. Hubert, J. Kupferman, P.Lakhina, Y. Li, Y. Nomura (Fujitsu), K. Prakasam, S. Sundaram"o Collaborators"o Linda Petzold (CSE/UCSB), Andreas Hellander (Uppsala U),Rich Wolski (UCSB/Eucalyptus)"o Support"o Google, IBM Research, NSF, NIH"" "http://www.cs.ucsb.edu/ ckrintz "ckrintz@cs.ucsb.edu!" " "http://www.appscale.com (AppScale Systems)"

o Application Programming Interface (API)" o Common entry point for access & control" . ECGridOSEDI EchoNest EchoSign EditGrid EdmundscomVehicle . o Enforced API GovernancE for REST