WSO2-Yenlo Integration Summit Stuttgart 15 may 2019

INTEGRATION SUMMIT 2019
API-driven world
WSO2 & Yenlo’s integration summit series
Stuttgart, 15 May 2019
INTEGRATION

Agility is Key

Agility by an Open Source & Open Standards first strategy

Agility by an API first strategy

Agility by a Cloud first strategy

Agenda – Block 1
• Soft Integration
Hans Bot, Senior Architect @ Yenlo
• Emerging Architecture Patterns; API-centric and Cell-based
Dr. Paul Fremantle, CTO and Founder @ WSO2
è Coffee Break (11:00 – 11:15)

Agenda – Block 2
• Decentralizing API’s for agile business
Pubudu Gunatilaka, Technical Lead @ WSO2
• Enabling Enterprise IT with a API-first Strategy to Accelerate Digital
Transformation
Daniel Harprecht, Senior Enterprise Architect @ Trumpf
è Lunch Break (13:00 – 14:00)

Agenda – Block 3
• Role of Integration in an API-driven world
Asitha Nanayakkara, Technical Lead @ WSO2
• Open Banking API’s and PSD2 – Our Journey so far
Dirk Köhler, IT Project Lead, Hanseatic Bank GmbH & Co KG
• Identity & Access Management in an API-driven world
Pubudu Gunatilaka, Technical Lead @ WSO2
è Drinks and Finger food (16:00 – Onwards)

Soft Integration
WSO2 Summit Stuttgart
15 May 2019, Hans Bot
INTEGRATION

INTEGRATION SUMMIT 2019 3
Market force 1: Cloudification
Orchestrated containers on
virtual networks as cloud operating
model, providing resilience and
cosmic scalability, leveraging
smaller, immutable runtimes

Market force 2: Microfication
Microservices are the new
software engineering paradigm,
providing flexibility and
independence through
disaggregation and descoping

Market force 3: Data disentanglement
Databases get rearchitected.
Denormalization and data replication
bring data isolation, leaving
consistency across data silos to be
managed elsewhere

Market force 4: Scaling Agile
Organizations are transforming
into collections of agile teams,
acting autonomously, ready to
change anything anytime, and
continuously evolving
managed elsewhere

Whilst APIs have become
the pinnacle of change

Big balls of mud considered harmful

APIsarethelanguage
everybodyhasadopted

Granularity101
Scale
Scope
Feasibility
Horizon
Clustering
Sharding
Decomposition

Granularity101
Scale
Scope
Flux
Feasibility
Horizon

Aligning market forces drive a major change
Organizations are transforming
into collections of agile teams,
acting autonomously, ready to
change anything anytime, and
continuously evolving
managed elsewhere

!"
!#
> %

What is it?
• A modern, general
purpose programming
language (Turing
complete)
• Integration centric
• Cloud native,
extensible
• Platform agnostic,
open
• Designed for resilience
Why a new language?
• To support agile teams
with a single, powerful
development tool,
whatever their target
platform or
architecture
• To bring state of the
art integration
technologies to server-
side application
developers
What makes it special?
• Remote function calls
are as simple to code
as local function calls
• Connectivity details
inside code
• Built-in support for
streaming functions
• Sequence diagrams
A sequence diagram describes
the detailed implementation
of each use case

(&&. &%)*%%%
=
,-. ..%

(&&. &%)*% %%%
=
%. %%%

Cell-based architecture with WSO2 Cellery

Growing live –
Continuous Improvement
with Regular Rejuvenation
24

Take away’s
1. Embrace cloud-
native technologies,  
use infrastructure as
code practices.
3. Small is beautiful
4. Go rethink your
governance
2. Leverage a
strategic approach
on integration.  
Put your APIs ﬁrst.
5. Learn to Integrate
like a Ballerina,  
gently and softly.

THANK YOU
wso2.com
And good luck fighting
entropy when you’re
back at work
yenlo.com connext.com
hans.bot@yenlo.com

API and cell-based architectures
Dr Paul Fremantle
CTO & Co-Founder, WSO2
paul@wso2.com / @pzfreo
INTEGRATION

The Integration Imperative is Growing
Disaggregated architectures drive 50 billion endpoints, growing >1 trillion
CONSUMER DEMAND
Scale and agility are pushing
app disaggregation...
…that makes hybrid
integration the unspoken
challenge of all cloud
services
SUPPLIERS DISAGGREGATE ARCHITECTURE TO MEET DEMAND
1
10
102
103
105
109
MONOLITHIC
BUSINESS APP
ENTERPRISE
APPS
DEPARTME
NTAL APPS
SAAS APPS
PUBLIC /
PRIVATE APIS
SERVERLESS &
MICROSERVICES
1970s
|
MAINFRAME
1980s
|
IT
AWAKENING
1990s
|
INTERNET
2000s
|
MOBILE
2010s
|
IoT/AI
2020+
|
DIGITAL NATIVE

APIs create business agility
that fosters the rapid
business reconﬁguration
necessary to continually
adapt to an unknown future
of constant change.”
~ Randy Heffner,
Forrester Research
...And APIs Are The Glue
All integration is becoming hybrid integration
“

Why are APIs important?
• An API is a business capability delivered over the Internet
to internal or external consumers
– Network accessible function
– Available using standard web protocols
– With well-deﬁned interfaces
– Designed for access by third-parties
• A Managed API is:
– Actively advertised and subscribe-able
– Available with SLAs
– Secured, authenticated, authorized and protected
– Monitored and monetized with analytics

APIs are the products of the 21st Century
● APIs are how digital value is delivered
● Monetized either directly or indirectly
● Increasingly intermediated, traded and marketed
● Not just between organisations but within
organisations as well

StubHub is an API driven business

Jaguar Land Rover is an API-driven business

Every Bank in Europe is now API-driven
Open Banking

Trumpf is an API-driven business

WSO2 API Manager
Leader in open source API Management
WSO2 API Manager 2.6
○ WSO2 API Microgateway 2.6
○ WSO2 API Analytics 2.6
○ WSO2 API Tooling 2.6
○ WSO2 IAM Key Manager Profile 5.7
Hybrid Options
○ Public, private, hybrid
○ Macro and micro deployments
○ Dozens of install & update packages
○ WSO2 Update Manager with incremental updates

What about security?
● Encryption, Tokens, SSO
● Multi-factor authentication
● Fraud detection and
real-time analysis
● Step-up authentication
● Adaptive authentication

https://github.com/wso2/product-microgateway
https://wso2.com/api-management/api-microgateway/

A cloud-native programming language for microservices and APIs
● A compiled, transactional, statically and
strongly typed programming language with
textual and graphical syntaxes.
● Incorporates fundamental concepts of
distributed system integration
● Offers a type safe, concurrent environment
to implement microservices with
distributed transactions, reliable
messaging, stream processing, and
workﬂows.

Ballerina - code and visual syntax in sync

● An API Marketplace goes
above and beyond the API
Developer Portal
● Enables aggregation and trade
in APIs
● Creates new revenue sharing
models
API Marketplaces

IdeaBiz
In the ﬁrst 18 months, 2500 developers created 3300 apps

Agile is here
- just not very
evenly distributed

Physical
Functional
Linux/OS
Virtualization
Cloud
Containers
K8s, Cloud
Orchestration
ABIs Web Services SOA APIs Endpoints
Cloud Native

The best architectures, requirements, and designs emerge from
self-organizing teams.
The Agile Manifesto
Agile processes promote sustainable development. The sponsors,
developers, and users should be able to maintain a constant pace
indeﬁnitely.
Deliver working software frequently with a preference to the shorter
timescale.
“
“
“

Two Pizza Rulehttps://ﬂic.kr/p/X9B7CH

A team which:
● Manages its own work
● Pulls work
● Doesn’t require “command and control”
● Communicates effectively with each other
● Is not afraid to ask questions
● Continuously evolves skills and capabilities
What is a “self-organizing” team?
https://www.scrumalliance.org/community/articles/2013/january/self-organizing-teams-what-and-how

Physical
Functional
Linux/OS
Virtualization
Cloud
Containers
K8s, Cloud
Orchestration
ABIs Web Services SOA APIs Endpoints
O
rganizational
Composable Enterprise

The cell is the basic structural,
functional, and biological unit
of all known living organisms

Cell boundaries
Transmembrane receptors and signalling

Composite Service
Cell API Gateway
Cell
Managing Groups of Microservices

Self-contained
Deployable as a unit
API Centric
Data plane and control plane
Cells are the building blocks of a composable
enterprise

https://wso2-cellery.github.io/

Cellery - simple composition and graphical view

Summary
• Disaggregation is inevitable
• Cloud Native + APIs => Agility
• An API strategy is essential for
– Digital transformation, and
– Organisational effectiveness
• Cells are the building blocks of a composable
enterprise

Decentralizing APIs for Agile
Businesses
Pubudu Gunatilaka
Associate Technical Lead - WSO2 Inc.
INTEGRATION

User Story
Online Shopping Store
Product API
Order API
Inventory API
Payment API

- High traffic
- Self contained access tokens to secure the API
- Dynamic routing for product discovery
- Custom response caching requirements
- API Shaping to minimize mobile bandwidth usage
- Additional API gateway for internal users
Product API
GATEWA
Y

- Medium traffic
- Mutual TLS and OAuth 2.0 to secure the APIs
- Custom response caching requirements
- Different API mediations
Order API Payment API
GATEWAY

- Low traffic
- Basic Auth to secure the API
- Private API
- Different API mediations
Inventory API
GATEWAY

Typical API Management Story

TRAFFIC MANAGER
API PUBLISHER
DEVELOPER PORTAL KEY MANAGER
GATEWAY
API PROVIDERS
API CONSUMERS
API CONSUMERS
Publish
API
Push to
Store
Publish
throttling
policies
Update gateway
Access token
generation request
Key
Validatio
n
API
Invocation
SERVICE IMPL
Subscribe
to API

Usage of APIs in API Gateway
GATEWAY

Some key concerns...
- Different resource usages
- Different Security enforcements
- Dynamic routing
- API mediation and transformation
- API Shaping
- Response Caching
- Private vs Public APIs
- API Gateway per department/unit

Moving into Decentralizing
APIs

Addressing the concerns...
GATEWAY GATEWAY GATEWAY

Some Key Requirements for Decentralizing APIs
- API Security
- Rate limiting
- API Discovery
- Analytics & Traffic Monitoring
- API Monetization
- API Mediation

WSO2 API Microgateway

API Security
● Authentication
○ Security latency should be minimum
○ Security in locked down environments
○ Use of Self contained access tokens
● Authorization
○ Scope validation
○ API subscription validation
○ Other fine grained access controls

Rate Limiting
● Throttling happens at
○ API level
○ Application level
○ Resource level
● Use of Traffic Manager

WSO2 API Microgateway
Developer first approach

Developer first approach
● Skip API Publisher
● Skip Developer Portal
● Use of JWT to secure the API
API MICROGATEWAY
Swagger

API Discovery
● API visibility in Developer Portal
○ Public
○ Restrict by role
● Publish API to developer portal from API
Microgateway

Analytics and Traffic Monitoring
● File based analytics
data recording
● Upload data zip files
to Analytics servers
● Summarize analytics
data in Analytics
servers

API Monetization
● Usage based billing
○ Summarized
analytics data can
be used

API Mediation
● Mediation at
○ API level
○ Resource level
● Mediation as function

Deployment Patterns for
Decentralized APIs

Hybrid API Gateway
Source: https://wso2.com/api-management/api-
microgateway/

Lockdown API Gateway
microgateway/

Static API Gateway
microgateway/

Moving to Microservice
Architecture

Source: https://www.bmc.com/blogs/microservices-architecture/

Challenges with Microservices
- Secure communication between services
- Analytics, tracing and monitoring
- Disaggregation of architecture increases the number of
endpoints
- Communication among these endpoints will be a key
challenge
- Service discovery
- Network resiliency
- End to end authentication

The Solution

Service Mesh
A service mesh is a dedicated infrastructure layer that
controls service-to-service communication over a network.
It provides a method in which separate parts of an
application can communicate with each other.
source:techtarget.com

Service Mesh
Source: https://www.nginx.com/blog/what-is-a-service-mesh/

Istio
Source: https://istio.io/docs/concepts/what-is-istio/#architecture

When is API Management required in a Service
Mesh
- When users need to expose microservices to outside in
a secured and a controlled manner
- When fine grained security should be enforced on APIs
exposed
- When stats need to be collected on API usage for
monetization and billing
- When it is required to offer a marketplace for APIs for
easy discovery and adoption

WSO2 API Management for Istio, Service Mesh
Source: https://wso2.com/api-management/microservices/istio/

THANK YOU
wso2.com

Enabling Enterprise IT with a API-first
Strategy to Accelerate Digital
Transformation
Stuttgart, May 2019
Daniel Harprecht
INTEGRATION

Company
presentation
Our Journey Conclusion
Agenda
1 2 3

Company Presentation

TRUMPF is…
A Family-owned company
since 1923
Technology leader in two
business areas
Close to our customers
with 77 subsidiaries
Innovation-guaranteed –
sustainable and
permanent

Digital Transformation TRUMPF
Digital Ambition as Starting Point for Digital Priorities and Requirements
DIGITAL FOUNDATION
DIGITAL AMBITION
Internal Digital Transformation
Smart Factory Solutions &
Services for new Business Areas
Smart Factory Solutions
& Services for TRUMPF
Machines/Lasers
Disruptive Business Models
Supplier
New digital offerings
Consumer
Digital Business Processes
Organizational
Structures
Data-
Analytics
Architecture Employee SkillsPartner Network
Data-
Structure
Mindset/
Working Method
Technical Requirements Organizational Requirements

Our Journey since 2017

▼ No Interface Strategy
▼ Importance of Interfaces
▼ Missing Accountability
▼ cost-intensive interface
development process
▼ long development cycles
▼ hardly reusable
Did our “Homework”
?
07/2017 2018 2019 202+
As-Is
eShop(s) Workday
C4C SAP ERP
PI
HCI
SIS E2Q
Created a Vision
Found comrades

Created a Vision
Found comrades
To-Be
eShop
C4C SAP ERP
Individualization
Harmonization
Translation
DMA …
…
We connect every application with
every process internal & external
to ensure that the right information
is consumed and processed flawless & secure.
?
07/2017 2018 2019 202+
As-Is
eShop(s) Workday
C4C SAP ERP
PI
HCI
SIS E2Q

?
07/2017 2018 2019 202+
Vision
TextReason
Costs
Time
Fear
Created a Vision
Found comrades
Enterprise
Architect Solution
Architects
e.g. Web, Mobile, …
Developers
e.g. JS, ABAP, …
IT Security

Designed Target Architecture
2017 11/2018 2019 202+
• collected >140
requirements
• screened 7 technologies
with 9 different
Implementation Partners
• conducted 15 Beauty
Contests
A B C D E F
A C D F
D
A1 A2 A3 D1 D2 D3
A1 A3 D1 D3
A A3 DD1
TCO
A
DD1
Requirementsto
Solutiondetermination
SolutiontoImplementation
partnerdetermination
We connect every application with every process internal & external
to ensure that the right information is
consumed and processed flawless & secure.
Chose Technology & Partner
Finalized RFP
RFP

Technologies
Implementation Partner
2017 11/2018 2019 202+
Finalized RFP
RFP

2017 11/2018 2019 202+
Finalized RFP
RFP

MVP Go-Live
Advertised our vision & project
Deployed our first set of API’s
✓ Communication Packages (Intranet- & Yammer-Post, Status, Progress, …)
✓ Monthly Demo-Sessions
✓ Team Meeting Visits
✓ FAQ
2017 2018 04/2019 202+
Communication Strategy
Reason
Costs
Time
Fear

2017 2018 04/2019 202+
MVP Go-Live
Articles
= to retrieve Product Master Data, its
availability or price(s).
SAP ERP PIM
Transformation
Customer Addresses
= to retrieve customer address details
SAP ERP
SAP
Hybris
Transformation
Machine Equipment
= to retrieve machine equipment
hierarchy & attributes information
ERP SIS DIP
Transformation
Order
= to place customer purchase orders
ERP SIS DIP
Transformation

• 14 APIs
• 20 POs per Week
• >500 NL Identities
migrated
• >1000 Other Identities
migrated
2017 2018 04/2019 202+
MVP Go-Live

2017 2018 2019 202+
Expand Internal & External
Hybrid Cloud Mode
ERP Transformation

2017 2018 2019 202+
Extend Internal & External
Hybrid Cloud Mode
ERP Transformation
Consumable
APIs
On-PremiseCloud
API
API
API API
SAP
ERP
API API
…
(Legacy)
API API
…
(Legacy)
API API
SAP
Cloud
API API
Workday
API API
AWS
API API

2017 2018 2019 202+
Extend Internal & External
Hybrid Cloud Mode
ERP Transformation
• 180 Technical R/3 Interfaces (April 2019)
• 25 years of Add-on's & Customizing
• R/3 End of Support (31 December 2025)

Conclusion
Vision & Target
✓ You need a vision to motivate your organization!
✓ Draft a Logical Target Architecture
✓ Define, but iterate when needed your Technical Target Architecture
Partnership
Communicate &
Commit

Conclusion
Vision & Target
Partnership
Communicate &
Commit
✓ Find Comrades in your organization
✓ Look for a partner who you can rely on
✓ Strengthen your partnership continuously

Conclusion
Vision & Target
Partnership
Communicate &
Commit
✓ Communication is the key across your organization
✓ Show your progress – visible & understandable for everyone!
✓ Check your API “customers”, manage them and win them for new APIs!

Conclusion
Vision & Target
Partnership
Communicate &
Commit
✓ Communication is the key across your organization
✓ Show your progress – visible & understandable for everyone!
✓ Actively manage your “API Customers” and win them for new APIs!

Questions?

Role of Integration In API Driven World
Asitha Nanayakkara
Technical Lead, Integration team
INTEGRATION

Story of SuperCity

Challenge from Digital Competition

New Strategy
Reuse existing systems
Cost Savings
Faster time to market
Work with legacy
backend systems
Room for future
expansions
API Management solution along with some broad integration capabilities

SuperCity API Initiative
API
Existing System
Mobile
App
Website

API Driven Development

Why APIs ?
● APIs are a key enabler of digital enterprise
● APIs acts as gateways to enterprise digital asserts
● Allows the enterprise to build new digital consumer experiences within
accelerated time frame
● They open up new revenue channels and expand existing revenue
channels
● APIs enable the enterprise to cater for future expansions

Code first design
Code First vs API First Design
Back-end
Team
ImpI 1
API
2
Client
A
Client
B
...
SDK SDK ...
3
Front-end
Teams
API first design
Front-end
Teams
Back-end
Team
API API API
Mock Mock Mock 1
Client
A
Client
B
...
SDK SDK ...
ImpI 2
2
ImpI ImpI
Data Services

API Façade
IoT
Mobile
Apps
Web
API Gateway
API Façade
DatabaseLegacy System
Content
Management
CRM/HR/Inventory
Systems
SaaS

API Façade
System 1
API 1
System 2
API 2
Composite API
System APIs
Orchestration APIs

Orchestration APIs
Invoke
Policy / discovery
Enrich Publish
DB
write
Transform Update
Policy
Orchestration API
CRM
API1 Queue
DB
REST
API

API Façade
IoT
Mobile
Apps
Web
API Gateway
API Façade
DatabaseLegacy System
Content
Management
CRM/HR/Inventory
Systems
SaaS
API A API B
Orchestration API
Orchestration APIs
System System

SuperCity’s Digital Story

Building the API’s
Price
Update
System
Inventory
System
Reservation
System
PoS
System
Store 1
Store 2
Store 3
Mobile App
Website
API
API
Delivery System
API
Payment System
API
API
API

Building the API’s
Price
Update
System
Inventory
System
Reservation
System
PoS
System
Store 1
Store 2
Store 3
Mobile App
Website
API
Delivery System
API
Payment System
API
Managed API
API
API
API

Types of digital assets in enterprises
● Application silos that hold key business capabilities of the enterprise
● Enterprise SaaS applications
● Enterprise Data stored in various storage mechanisms including RDBMS,
Files, Spreadsheets, CSV files ...
● Applications that execute the process flows in the enterprise
● Systems based on proprietary protocols and data formats

Key integration capabilities
● API and Service Hosting
● Orchestration of services and apis
● Routing
● Transformations
● Protocol switching and ability to process different data formats
● Parallel processing

Integration Strategy
• Discover the ecosystems and Application silos
• Understand the data
• Understand the capabilities
• Identify the possible integration points for each system
• API enable the identified systems
• Implement the integration logic

WSO2 Enterprise Integrator

A Hybrid Integration Platform
Connectivity / Integration: anything-to-anything
WSO2 EIConnectors
Web services
APIs
Filesystems
Messaging systems
Business
Applications
Partners’ systems
Data
Supporting Standards
• HTTP(S)
• JMS, AMQP, MQ
• Websockets
• VFS
• FIX, HL7
• JSON, SOAP
• XSLT, XPATH, Smooks
• JDBC, CSV, NO-SQL
• OAuth, XACML, WS-Sec

Enterprise Integrator Capabilities

API Integration - Integrator Profile
A lightweight, high performance integration runtime
• Comprehensive REST, SOAP, and WS-* support
• Support for File, Data, Messaging based integrations
• SAP, FIX, and HL7 - Domain specific solutions
• Configuration driven
• Extensible and Scalable
• 100% coverage of all EI patterns

Data Integration - Integrator Profile
Building service abstractions on top of disparate data sources
SQL
SOAP/REST/OData
XML/JSON
Integrator Runtime
WSO2 EI

Business Processes - BPS Profile
Processes/Workflows with BPMN, BPEL, Human Tasks
Application α
Application β
Defined processes and workflows
which may also consist of human
tasks
Business Process Execution as
a Service
WSO2 EI
Application N
Process Initiation
Results/Decisions

Micro Integrator
• Can be to used to create composite services using atomic services
• Separate distribution that can be used in a cloud native environment
• Users can use the same EI tooling to create artifacts
• Deploy few composite integration services per micro integration
• Command line tool for management tasks
• Fast startup time (5s)
• Small distribution size of 150 mb
• K8S Integration
https://github.com/wso2/micro-integrator

Micro-integrations
28
Consumer 1
API Service P API Service Q API Service R API Service S
Consumers
Consumer 2 Consumer 3
μ Service A
Proprietary &
Legacy
Systems
Web API /
SaaS
API Services/
Edge Services
Composite Service/
Integration Services
Core Services/
Atomic Services μ Service I
μ Service H
μ Service J
μ Service E
μ Service C
μ Service D
μ Service G
μ Service B
μ Service F
API
Management

WSO2 EI Graphical Tooling
• Drag and Drop Visual Editor
• Develop, Deploy, Test, Debug
capabilities from the editor
• Build in micro Integrator runtime for
testing and debugging
• Export artifacts as a docker image
with micro integration
• Integration templates for rapid
development

Integration Analytics
Dashboards for Transaction Analytics and Monitoring
Overall setup
• Overall Throughput (in TPS)
• Overall Message Count
APIs, proxies, endpoints specific
• Request Count
• Message Count
• Message Latency
• Explore Messages
• Explore Message Flows

Other Analytics Integrations
• ELK Stack
• Prometheus

Continuous Integration and Continuous Delivery
Continuous Integration
Server
Source Control
System
WSO2 EI
WSO2 EI
Environment 1
WSO2 EI
WSO2 EI
Environment 2
Continuous Test Server
Integration
artifacts
IDE IDEIDE

Solving the Integration
Requirements with WSO2 EI

Integration with Systems that Talk in Standard
Protocols
Support for a wide range of
standard protocols
• HTTP/HTTPS
• JMS
• AMQP
• FTP/SFTP/FTPS/SMB
• SMTP/IMAP
• MQTT
• KAFKA
• And many more
SMTP
HTTP
JMS
FTP
Websocke
t

Integration with Systems that Talk in Standard
Protocols
HTTP/API
Public Private Organization
Existing
System
FTP

Integration with Systems that Talk in Non-
standard/ Proprietary Protocols
• Built in support for well-known proprietary protocols
E.g. SAP
• Easy to extend the functionality to introduce new protocols
HTTP/API
Public Private Organization
Existing
System
Non Standard
Protocol
Connector

Integration with Files-based Systems
● WSO2 Enterprise Integrator supports a wide range of file transferring
protocols such as FTP, SFTP, FTPS, and SMB
○ Listen to a location, pick files, and invoke a web API using the content of the
files
File HTTP
Web API
Invocation
Existing Legacy
System

Integration with Systems that Use Databases
Expose databases or other data sources as services
HTTP

Extension Points
• Script mediator
• Connectors
• Custom/Class mediators
• API handlers
• Custom tasks
• Custom inbound endpoints
• Custom XPath functions
• Message builders and formatters
• Transport listeners and senders
• Custom message
stores/processors

Conclusion
● Why API Driven integrations are important
● API and Integration strategy and approaches
● WSO2 Integration suite functionality to support API driven Integration
● How to successfully implement API driven Integration

Open Banking API and PSD2
Our journey so far
Presented by Dirk Köhler – Hanseatic Bank
INTEGRATION

Hanseatic Bank

Consumer credit
Personal loans (B2B/B2C)
Card accounts (B2B/B2C) White-Label

Insurance
Residual debt and
direct insurances (B2B / B2C)
Deposit
Fixed and variable rate
products (B2C)
Factoring
Acquisition of short and medium-term
receivables out of payment facilities

PSD2 and Open Banking
Definitions

PSD2 in a nutshell
Source: https://www.cbinsights.com/research/challenger-bank-strategy/

Open Banking
Source: https://www2.deloitte.com/de/de/pages/financial-services/articles/open-banking.html

PSD2 and Open Banking
Opportunities

Consistent API-Architecture
Easy maintenance and scalability
Source: https://pxhere.com/en/photo/1566111

Standardized interface landscape
Reusability of internal APIs saves implementation time

Easy and fast onboarding of TPP
New business opportunities

Business Intelligence
Optimizing products to customer needs

Our journey
Why WSO2 Open Banking?

WSO2 Open Banking – Key Features
API templates that support The Berlin
Group API specifications
Inbuilt API Security including OAuth2
and certificate validation
Strong customer authentication,
Adaptive authentication, and User
Consent Management
API Analytics & Business Insights with
Dashboards
Fraud Detection and Transaction Risk
Analysis
Compliance with General Data
Protection Regulation (GDPR)
Source: WSO2

Our journey
Architectural concept

South API Layer
North API Layer
Core Banking Systems
TPP
Internal Tools
TPP
NorthSouthBackend

TestDevelopment Live
North API Layer (WSO2 Open Banking)
South API Layer (WSO2 API Manager)
Backend (Hanseatic Bank Services)
Staging approach

Our journey
Challenges

Security in financial areas
Source: https://pxhere.com/de/photo/1341681
missing trust
regulations

Silo based organisation
data
base
network
developer
application
management
project
management
system
administration

Exemption from fallback interface
• 116 pages guideline report
• approx. 60 questions
• 3 month before mid of September
• live conditions
• feedback from TPP

2 registered TPP in Germany
live conditions?
https://de.m.wikipedia.org/wiki/Datei:WTF_(8439080666).jpg

Our journey
Next steps

API strategy – next steps
base for new strategic
opportunities
HB
mobile
banking
HB
online
banking
PSD2

API strategy – possible future steps
•products
•conditions
•service functions
Open
Banking
•digital credit application
•access to partner account data
Strategic
Partner
•reusable services
•migration of existing interfaces
•central communication hub
internal

Service based organisation
Source: https://pxhere.com/de/photo/1445813
crossfunctional
api as one tool to support new approach
self organized

Identity and Access Management in an
API-driven World
Pubudu Gunatilaka
Associate Technical Lead - WSO2 Inc.
INTEGRATION

The API-driven World

IAM in The API-driven World
ID Token Access Token Refresh Token

IAM in The API-driven World
1. How to onboard users ?
1. How to authenticate users ?

Users Onboarding

Users Onboarding
X
Registration Fatigue

Users Onboarding - BYoID
Application
Identity Providers

Users Authentication

● Over 70% of employees reuse passwords at work
● 59% reuse their passwords everywhere
● 81% of hacking-related breaches leveraged either stolen and/or
weak passwords
● The above rate has gone from 50% to 66% to 81% during the
past three years (2017)
‘Passwords’ are Not Secure!
Source - 2017 Verizon Data Breach Investigations Report (DBIR)

Users Authentication
X

How do you support ‘Strong
Authentication’ ?

Multi-factor
Authentication
Break authentication into
multiple steps and verify
different authentication
factors at each step.

Authentication Factors
1. Knowledge
Something you know
Password, passphrase, pin, secret fact
1. Possession
Something you have
Phone, token, badge, smart card
1. Inherence
Something you are
Fingerprint, facial feature, voice

Authentication Factors
Step 1
Step 2

90% Google users have no 2FA
Multi-factor Authentication in Reality

What is the Problem?

Usability
Security
Convenience

Solution ?

Authentication needs to be more dynamic,
responsive and context sensitive
=
Adaptive Authentication

Use Case: An Application Request LoA

Use Case: Authentication From New Devices

Use Case: Geo Velocity

WSO2 Identity Server Offering - Overview

Static Authentication Flow
● IdP offers static authentication flow to the user
● Multi-factor & Multi-option authentication
● In Multi-option authentication user can pick one
option from each step
Request-based Conditional Authentication Flow
● IdP offers dynamic authentication flow to the user
● Based on attributes of request message
authentication steps will change
● HTTP message, SAML ACR, OIDC ACR

User-based Conditional Authentication Flow
● IdP offers static authentication flow to the user
● Based on attributes of identified user
authentication steps will change
Adaptive/Risk-based Authentication Flow
● IdP offers dynamic authentication flow to the user
● Authentication steps can be based on user
behaviors, environments, history and risk score

● Everyone knows passwords are no longer secure.
● Multi-factor authentication offers a perfect solution but less
adopted due to usability issues.
● Multi-factor authentication needs to be more dynamic, responsive
and context sensitive, and we called it ‘Adaptive Authentication’
● WSO2 Identity Server can support any adaptive or risk-based
authentication use case.
Conclusions

Managed Middleware as a Service
Out-of-the-box integration platform
powered by WSO2 technology
www.connext.com

Thank you!
info@yenlo.com
INTEGRATION

WSO2-Yenlo Integration Summit Stuttgart 15 may 2019

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (17)

Semelhante a WSO2-Yenlo Integration Summit Stuttgart 15 may 2019

Semelhante a WSO2-Yenlo Integration Summit Stuttgart 15 may 2019 (20)

Mais de Yenlo

Mais de Yenlo (20)

Último

Último (20)

WSO2-Yenlo Integration Summit Stuttgart 15 may 2019