1. Manage Your Mesh Securing Public Cloud IoT APIs, and Building Private Mesh Trust Domains and Enclaves of Privacy to Integrate a Mesh of “Things” with Integrity & Availability ryan.bagnulo@soa.com Twitter: @iryanb

2. APIs are for any “Thing” and they don’t always belong on the Internet IoT Mesh

3. Wiring Things to Arduinos D1: 2.6 Volt RED LED & 330 Ohm Resistor A0: 3V Volt Motor & 330 Ohm Resistor

4. Tinkering With Things Turn on Buzzer Turn on Motor

5. Programming Things – Protect the Flash API

6. The First Step to Managing your Mesh is with an API Gateway Gateway Security Authentication Protection IAM Integration Encryption Mediation Quality of Service Paging/Caching Orchestration Scripting Public IoT Mesh Private Mesh ProTip: Customer Premise Equipment such as a WiFi Router or Cablebox should filter API traffic with an embedded gateway

7. Logical Mesh Management Architecture Private Mesh https://iot.mymesh.net/ mynet/status or https://skynet.im/status https://p0st3r.broker.soa.com/v1/skynet/status Public IoT Mesh

8. Use Gateways in the Cloud & Privately Private Mesh “Badge Readers” Private Mesh “Department X” Public Mesh

9. Public, Private, Hybrid

10. API Policy Configuration Templates Operational Policies oAPI Consumer Application Security Policy oAPI DDoS & Malicious Code Protection oAggregate Policy oAuthentication Policy oAuthorization Policy oICAP Antivirus Integration Policy oCache Policy oHTTP Security Policy oOAuth Security Policy oPaging Policy oPipeline Policy oWS-Security Asymmetric Binding Policy oWS-Security Message Policy oWS-Security Supporting Tokens Policy oWS-Security Symmetric Binding Policy oWS-Security Transport Binding Policy oWS-Addressing Policy oWS-Auditing SOAP Message Policy oWS-Auditing SOAP Service Policy oWS-Auditing Service Policy oWS-Auditing Transaction Tracking Policy oXML Policy Quality Of Service Policies oBandwidth Quota Policy oConcurrency Quota Policy oScript Policy oService Level Enforcement Policy oService Level Policy oThroughput Quota Policy oTimeout Policy Compliance Policies oAggregate oScript oWSI BP oXQuery

11. Design Complex Process Orchestrations Execute JavaScript on the API Gateway to Modify Request and Response Data and to invoke APIs with Branching conditions for Content Based Routing and API Response Aggregation

12. Monitor the Mesh

13. Manage Mobile App Access To Your Mesh with a Developer Portal A social developer engagement platform Integrated API documentation App access provisioning and monitoring Integrated discussion and newsfeeds Trouble ticket management Search with full content indexing API and App privacy and group management – essential for B2B and partner APIs Federation to enable new business models

14. Multisite Meshes Internet Zero Trust (I0T) Architecture IoT Mesh

15. Demo / Q&A

16. Restrict IoT API Operations with Scope Mappings

17. Manage Acceptance of API Legal Agreements

18. Quickly Test API OAuth Client App Integration

19. Verify Public Scope Tokens Cannot Access Private Scoped Operations

20. Enforce SLAs to Throttle Requests Per Minute

21. Manage IoT API Documentation with Swagger

22. Generate Self-Service IoT API Usage Reports

27. View Alerts and Participate in Discussion Boards