This Week in APIs- October 16-22 »

We've been thinking about slogans lately. How do you guys feel about: "You do the REST, we'll do the rest?" Alright alright. Here's the best news in APIs from this week.

Game development... more social? Interesting article on what the Playstation integration with the Facebook API holds for the future of gaming. APIs are disrupting the gaming and console space- good news for devs and the industry as games become increasingly weaved into the social sphere.

The OpenStack project, an open source cloud computing software for managing compute, launched its first official release. Notable is its OpenStack API, which will likely play a big role in shaping the future of cloud APIs. Worth a read over from Alex Williams at ReadWriteWeb.  

PayPal's P2P (person to person) payment API is showing significant adoption with banks. Look out for a big announcement next week at the Innovate conference- we'll be there too so make sure to say hi!

Dev Candy

• Mappr, an iPhone and web app that lets you publish check-ins to Facebook Groups, is one of the first apps to integrate into the new Facebook Groups API. Worth a look at how they are making it work.
• MapQuest launched a new API to provide geographic search results for any data added to its OpenStreetMap. The Nominatim Search provides an interface to an open source project that lets you do cool things like landmark searches. As the data explosion only grows in volume, search functionality and search layers become increasingly important. Great move.
• Goodreads, a social network for book lovers, has opened up an API to pull rating and reviews for book titles. Register for a dev key and get hacking!

What'd we miss? Send us a tweet on Twitter.

Does open source still matter in cloud computing? »

Open source has a role in all types of computing.

It has always reduced barriers to entry to a particular platform or  programming model.

But in cloud computing open source plays a new role - driving the rate of evolution of the infrastructure to match pace with the rate of evolution of an early market.

Open Source in Cloud Platforms

Open source platforms like Xen, OpenNebula, and Eucalyptus enable universities and early-stage adopters to deploy the core platforms without financial risk.  No up-front commitment in a cash-poor environment like the current economy means that pilot projects can still move forward as companies and institutions explore the potential of cloud computing. 

Xen and OpenNebula enable development of on-premise cloud environments.  Eucalyptus goes a step beyond this to emulate Amazon's EC2 APIs for cloud infrastructure.  Eucalyptus effectively remedies a hole in Amazon's strategy - a zero-cost entry point for EC2 pilot projects - and adds weight to the de facto standard stature of the EC2 APis.

Open Source in Cloud Programming models

Cloud computing is expanding much more rapidly than service-oriented architectures, largely due to the accessibility of the model ; it can be understood with little effort by those who currently have skills in web programming, and is implemented in a range of popular programming platforms - Ruby on Rails, PHP Symfony, Apache Axis2 - as REST services. 

There are SOAP cloud services as well.  But the REST model is easier to pick up, implement and integrate.  Again, the ubiquity of open source through the entire cloud stack - from programming layers down to HTTP and TCP/IP - means that the time and cost barriers to entry to this market are very low, which has led to its rapid expansion.

Open Source in Evolution of the Cloud Computing Market

The most important aspect of open source in cloud computing is the open collaboration model which is a property of the communities developing both infrastructure and frameworks. 

There are fundamental differences in cloud-scale computing  - such as how to manage writes, reads and searches across all that data now that it's consolidated in a single place.  Hadoop and Cassandra represent two very different solutions to different aspects of this problem. 

As the largest cloud infrastructure platforms (Facebook, Digg, Yahoo, Microsoft, Google, and others) continue to demolish the envelope of scale, new approaches must emerge.  Hadoop is a "stand the problem on its head" approach to rapidly searching through huge repositories for particular pieces of data - evolving rapidly due to the multiple parties contributing to it as they solve for their individual business problems.  Cassandra is a reimagining of the nature of large-scale reads and writes outside of a traditional relational model that avoids the architectural bottlenecks that exist in the RDBMS genre.   

Programming models will also continue to evolve as the infrastructure and platforms evolve - and the crucial aspect of open source community development will continue to show its value as framework and application developers continue to codify their understanding of the new patterns and practices of cloud computing into existing and new application frameworks.

Commercial open source in cloud computing

Commercial opportunties surround these technologies - both in adapting to new de facto standards, and delivering faster or more efficient infrastructure. 

A few good examples of these include Heroku - an EC2-based fabric for Ruby on Rails, fully compliant with the evolving standards of the Rails community, yet providing an implementation of Rails functions that scale efficiently on Amazon's AWS - and Cloudera - again, an EC2-based packaging and support offering that makes it simple to deploy Hadoop, which is powerful but notoriously hard to get up and running.  I expect that savvy storage vendors will find ways to build Cassandra-compatible infrastructure that enhances scalable operations and analysis of next-gen cloud applications.

Does open source matter in cloud computing?

Some have said - including Tim O'Reilly - that open source doesn't matter in the cloud.  I think that what was meant was that once your computing workloads are hosted on a remote service, the most important things to you as a customer are reliability, uptime, scalability, interoperability and manageability - not whether or not the cloud infrastructure or application provider is running on open source.  I think this is true. 

Cloud computing does not make open source irrelevant.  The enormous value that cloud computing is generating, and the rate at which it is changing, demands that open source plays a ubiquitous role.  It will not always be a flashy role and may not seek the limelight, but it will be the glue that lets the whole system evolve and mature.

Fast Company Podcast: Helping Companies Take on “the Cloud” »

A while back we had a fun conversation with Lena West of Fast Company's FC Expert Blog, and were excited to see the podcast published last week.

Some great discussion on emerging trends in cloud computing, including:

• cloud standards - driving them yourself vs. the interests of vendors
• adoption drivers for cloud computing - a comparison with SaaS
• how IT is using cloud computing to make IT more strategic

You can get the podcast here and below is a transcript.

We’re joining the Cloud Security Alliance »

Today, Sonoa is joining the Cloud Security Alliance. Why are we doing this?

The first reason is because we’ve talked to hundreds of companies who are building APIs and web services both internally and externally, and for the most part they are using cloud services from other companies, or they are planning to expose their own web services to others on the Internet, or they are running their own infrastructure in the cloud – or all of the above. Cloud computing is a big part of what we do, and we want to make it succeed. The Cloud Security Alliance is a great group of experienced security architects working on solving the most vexing problem faced by companies hoping to take advantage of cloud computing – security.

We encounter security issues all the time when we talk to customers about their own experiences with APIs and cloud services. For instance, there seem to be as many ways to authenticate API users as there are companies publishing APIs. There are venerable standards like HTTP authentication, WS-Security, and two-way SSL, new ones like OAuth and OpenID, and the countless other schemes that API providers also come up with. How does a new API provider deal with all those standards? How does a company consuming some of all of these APIs deal with the proliferation of authentication mechanisms?

In this area, we are not necessarily looking for the CSA to define new standards, but to spend some time identifying best practices for producers and consumers of these APIs, and helping them choose when its necessary to make a choice.

We also encounter security issues when companies are looking to take advantage of cloud computing – especially when they are planning to run some or part of their infrastructure on a public cloud platform. What is the most effective way to connect services on a public cloud with services running behind the traditional corporate firewalls? What kinds of data can be sent to a public cloud platform and what data must remain in a corporate-owned data center? What are the best practices around data encryption, authentication, data retention, and the maze of legal requirements about all this? On these areas, the CSA has already shown itself to be leading the field, and we would like to help.

-Greg