Enteprise SaaS integration using REST and OAuth

September 17, 2010

The current trend of moving enterprise applications to SaaS-style public cloud solutions is raising a number of concerns regarding security and governance. What about integration though? In the now legacy enterprise, various applications are deployed within the same trusted network under a single security domain which facilitate the integration between these applications.

How do you integrate these applications moving forward when they are separated across a number of different public cloud providers independent from each other? If you thought it was hard enough to integrate applications from different vendors inside your domain, imagine what this will turn into once different solution providers host these applications. As a consumer of such services, you need to demand and favor solutions providing adequate integration mechanisms; this is a critical selection factor. On the web, an elegant solution to integrate various services on behalf of users is gaining popularity: OAuth.

OAuth standardizes the process where the owner of a resource authorizes an application to access this resource on the resource provider. OAuth is very ‘resource-oriented’. As such, OAuth is well suited to enable authorization between two entities communicating using a RESTful web service interaction. This very pattern involving OAuth and REST, is ideal to enable the integration of two SaaS provider acting on behalf of their common enterprise subscriber as illustrated below.

In this case, two SaaS (or PaaS) solutions, which are otherwise independent, can share data as coordinated by the enterprise subscriber. This interaction substitutes the integration that would traditionally occur on-premise between two applications managed by the enterprise itself and provides the basis for restoring integration on the cloud.

Of course, the SaaS/PaaS adoption by the enterprise is only partial, and many IT assets remain on-premise. The enterprise therefore requires the same level of integration between externally hosted SaaS and these resources within the enterprise itself. It is logical that the enterprise supports the very integration mechanism that it demands from its external providers. This pattern is known as the ‘cloud call-back’ and is enabled by a specialized perimeter gateway that facilitates the enterprise cloud adoption such as CloudConnect.

To learn more about such patterns or find out how Layer 7 Technologies can help your enterprise integrate to the cloud securely, I invite you to visit us at the SOA/Cloud symposium October 5-6 2010 in Berlin. I will be presenting on the topic of Enterprise Security Patterns for RESTful Web Services.