The SaaS industry, APIs and standards


A session titled “Herding Cats: Managing SaaS Sprawl” provoked some very interesting debate and discussion at Interop last week, as covered in this Network World article.  Several important themes emerged which we wanted to highlight and expand upon:

  • Current state of APIs – the state of SaaS vendor APIs is clearly not where it needs to be – here at Conformity we see a broad range of SaaS vendor API maturity, with some vendors offering robust web services APIs to most of their data objects, and others offering literally no access whatsoever.  Unfortunately our experience is that most vendors tend to fall closer to the second camp, particularly when it comes to providing visibility required for effective management and control of user access and usage of SaaS applications.
  • CIO expectations – as mentioned in the session, we also are seeing CIOs becoming more and more aware and involved in SaaS procurement, deployment and ongoing management and support processes. Experience managing on-premise applications has set expectations (rightly or wrongly) for CIOs and their teams, who many times are unpleasantly surprised at the lack of accessibility SaaS vendors provide to data critical to effective management and control, such as event logs.  The current lack of vendor APIs also frustrates IT teams, who are used to integrating on-premise applications into IT management processes and tools such as identity management tools and directory services.  These expectations for management and visibility of SaaS applications, users and activity are unlikely to change, and SaaS vendors will have to meet these expectations, versus attempting to modify them.
  • Standards and adoption – we also agree Narinder Singh of Appirio who’s concerned about the potential impact that standards and compliance efforts could have on SaaS innovation and vendor API development.  Successful standards typically emerge after, not before a particular problem is solved by the industry, which could partially explain the relatively lackluster ISV adoption of SAML, SPML, XACML and other standards around authentication, access control and provisioning.  The challenge is for the industry to develop models and approaches for APIs and interoperability to solve the underlying problem first.  While the standards mentioned above may end up being the right answer (or part of it), the first order problem is for the industry to make sure it has a model for satisfying end-customer requirements around APIs and interoperability.

The key to addressing the challenge the SaaS industry is facing around APIs is for vendors is to get started now, by exposing what they can around their objects and data models.  The SaaS vendors that we believe have made the most progress and who demonstrate the most maturity around APIs and interoperability decided to get started by opening up access to data and objects, not by first determining what API standard(s) to support.  Channel partners, customers and even other SaaS vendors can help solve the industry problem around what needs to be exposed via APIs and how.  Starting with standards first is a bit like putting the cart in front of the horse…


One Response to “The SaaS industry, APIs and standards”

  1. alextoussaint Says:


    I would say I agree with the content, however I believe there are another dimension to the APIs and Standards themes.

    For APIs: there may not be a pre-defined set or even a way to quantify the existence of good APIs for SaaS today. What you do have under APIs is that REST is the way to go – dev community embraces this approach and several web 2.0 companies provide this such as and other. If you go with REST, either light or broad, you will be a player to integrated with most of SaaS and non-SaaS vendors.

    For Standards: you should look beyond the old approach to SAML and XACML. They are fine and helpful, no doubt about that. However other light weight, approaches are becoming extremely popular. Look at the companies using , such as Twitter. Extremely simple approach to SSO. Not your typical heavy weight security protocol. Also take a look how other web 2.0 companies are leveraging this, for example ZenDesk.

    There is a on-the-glass approach for APIs and Standards that are coming with the likes of web 2.0 companies that you be really interesting for your team to take a look. Speed is your best advantage, adding some ultra-cool innovative ways to link/connect with Apps in SaaS and on premise would be very powerful.



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: