University of Palestine

Student Name: Majed AbusalamaStudent Number: 220060064Teacher responsible : Yasmin AlboboCollege: IT

Revised v4Presenter

Google Apps APIsRyan Boyd @ryguyrg (Google)withMarcos Farias @MarcosFariasBr (Just Digital)

Agenda•Overview

•Building in the Cloud•Data APIs 

oApplication APIsoManagement APIs

•Authentication & Users•Just Digital's SSO solution

•HostingoApps Script

•Secure Data Connector•Gadgets

•Q & A

Google Apps: Tools for Today's User

GMail  Huge inbox with search: keep and find everything.

Talk  Business class IM and VC as easy as email.

Groups  Let users easily create and work in teams.

Calendar  Make sharing calendars and schedules easy.

Docs  Makes collaborating as easy as creating

Sites  Allow users to manage their own sites.

Video  Unlock the power of video within your business.

Postini  Security and compliance solutions.

The Web is the Enterprise Platform

Lots of Customers, Growing Fast

2008 2009 2010

Over 30M active users

Over 3M businesses

More than 3,000 new businesses signup every day 

Building in the Cloud

Apps from Google

Google Apps

Apps from Google

Google AppsApps Marketplace

3rd Party Apps

Building in the Cloud

Apps from Google Custom Apps

Platform ServicesGoogle AppsApps Marketplace

3rd Party Apps

Building in the Cloud

Apps from Google Custom Apps

Administration

Enterprise Firewall

Platform ServicesGoogle AppsApps Marketplace

3rd Party Apps

Building in the Cloud

Data APIs Overview

Data Access APIs allow developers to integrate authenticated Google user data in their apps, using secure, standardized protocols.

Data APIs Overview

Standards-based

•Atom Publishing Protocol (AtomPub)oHTTPoREST

oAtom data format•OAuth Authorization

Authorization with OAuth

Consumer Business

Individual User is Resource Owner

Use 3-legged OAuth 

Company Admin is Resource Owner

Use 2-legged OAuth

Available Libraries

•Java•.NET

•Objective-C•PHP via Zend_Gdata

•Python

Recent Developments

•Partial Response•Partial Updates (using HTTP PATCH)

•JSON-C

Application APIs

Many Integration Points

Calendar Contacts

Documents List Sites Spreadsheets

Gmail

Google Calendar

Calendars, Calendar Events, Access Control Lists•Create (POST)•Retrieve (GET)

•Update (PUT)•Delete (DELETE)

Google Calendar - Creating an Event

<atom:entry xmlns:atom='http://www.w3.org/2005/Atom'xmlns:gd='http://schemas.google.com/g/2005'>

<atom:title type='text'>  Tennis with Beth</atom:title>

<atom:content type='text'>  Meet for a quick lesson.</atom:content>

<gd:where valueString='Rolling Lawn Courts'></gd:where><gd:when startTime='2006-04-17T15:00:00.000Z'         endTime='2006-04-17T17:00:00.000Z'></gd:when></atom:entry>

Google Calendar - Creating an Event

POST /calendar/feeds/default/private/fullHost: www.google.comContent-Length: 380Content-Type: application/atom+xml

<atom:entry xmlns:atom='http://www.w3.org/2005/Atom'xmlns:gd='http://schemas.google.com/g/2005'><atom:title type='text'>Tennis with Beth</atom:title><atom:content type='text'>Meet for a quick lesson.</atom:content><gd:where valueString='Rolling Lawn Courts'></gd:where><gd:when startTime='2006-04-17T15:00:00.000Z'endTime='2006-04-17T17:00:00.000Z'></gd:when></atom:entry>

Google Calendar - Partial Update

PATCH /calendar/feeds/default/private/full/eventIDHost: www.google.comContent-Length: 380Content-Type: application/atom+xml

<atom:entry xmlns:atom='http://www.w3.org/2005/Atom'xmlns:gd='http://schemas.google.com/g/2005'gd:fields='atom:title'>

<atom:title type='text'>  Tennis with Beth and Kate</atom:title></atom:entry>

Gmail - Retrieving Email

[connection begins] C: C01 CAPABILITY S: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA XLIST CHILDREN XYZZY SASL-IR AUTH=XOAUTH S: C01 OK CompletedC: A01 AUTHENTICATE XOAUTH R0VUIGh0dHBzOi8vbWFpbC5nb29nbGUuY29tL21haWwvYi9zb21ldXNS: A01 OK Success

IMAP + OAuth

Gmail - Sending Email

[connection begins] S: 220 mx.google.com ESMTP 12sm2095603fks.9 C: EHLO sender.example.com S: 250-mx.google.com at your service, [172.31.135.47] S: 250-SIZE 35651584 S: 250-8BITMIME S: 250-AUTH LOGIN PLAIN XOAUTH S: 250-ENHANCEDSTATUSCODES S: 250 PIPELINING C: AUTH XOAUTH R0VUIGh0dHBzOi8vbWFpbC5nb29nbGUuY29tL21ha WwvYi9zb21ldXNlckBleGFtcGxlLmNvbS9zbXRwLyBvYXV0aF9jb25zdS: 235 2.7.0 Accepted 

SMTP + OAuth

Management APIs

Many Integration Points•Provisioning

•Calendar Resources•E-mail migration

•E-mail settings•Reporting

•Audit 

Examples: E-mail Settingsimport gdata.apps.emailsettings.client...client = gdata.apps.emailsettings.client.EmailSettingsClient(    domain='yourdomain')

... auth ...

client.UpdateSignature(    username='liz',     signature="Liz Jones - (+1) 619-555-5555\n" +              "Working in Accounts Management, A&Z LTD.")

Authentication & Users

Where are the User Accounts?

Goal: They all work together!

Cloud Apps Google Apps On Premise

How does Apps work with On Premise?

•Accounts must exist in Google Apps•Passwords can be anywhere!

Where are the User Accounts?

On Premise Google Apps

What about the Passwords?

On Premise Google Apps1.OR

2. SAML

What is SAML?

•Company hosts own login page - publicly or behind a firewall

•User goes to login, Google redirects user to company login page

•Google Apps trusts the company to assert the identity of the user

What about 3rd Party Apps?

•Google Apps users can sign in with their existing accounts

•User goes to login, app redirects user to Google Apps login page

•App trusts Google to assert the identity of the user

solução de single sign-on desenvolvida pela

Desafios

•Ambiente de Login Único

•Suporte

•Caso de uso

Caso de Uso - Exemplo

Google Just SSOUsuário

2

3

Browser

6

1 Início

Usuário tenta acessar um serviço hospedado no

Google Apps

Google recebe o pedido de acesso e redireciona o browser para a url da página de Login do Just SSO

O Just SSO analisa a requisição e exibe a página com o formulário de login/senha.

Usuário informa seu login e senha4

O Just SSO verifica a credencial informada e caso seja válida e autorizado pelo Serviço de Diretório, uma resposta autorizando o acesso é enviada para o Google Apps.

7

Google verifica a resposta do Just SSO e redireciona-o ao serviço solicitado.

5

COMO FUNCIONA

Provisioning API - Passo 1

Antes de qualquer coisa, você precisa habilitar a Provisioning API no seu domínio Google Apps.

Provisioning API - Passo 2

Conecte sua aplicação à nuvem:import sample.appsforyourdomain.AppsForYourDomainClient;...AppsForYourDomainClient client =     new AppsForYourDomainClient(        adminEmail,        adminPassword,         dominio);

Provisioning API - Exemplos

Obtém o usuário:import com.google.gdata.data.appsforyourdomain.provisioning.UserEntry;

UserEntry usuario = client.retrieveUser("marcos");

Suspendendo o usuárioclient.suspendUser("marcos");

Provisioning API - Exemplos

Criando novo usuário:

client.createUser("newUser",  // login/email"Usuário",  // Nome"Novo",     // Sobrenome"senhaInicial"); // Senha

Solução

Mais informações

Marcos Fariasmarcos@justdigital.com.br@MarcosFariasBr

http://www.justdigital.com.br/

Hosting your App

You can Host your App Anywhere!

•Servers on premise in your corporate data center•Cloud servers in Amazon EC2, Azure, etc

•Your servers at a commercial hosting service•Your desktops anywhere

App Engine too!

•Easy to build•Easy to maintain

•Easy to scale

App Engine for Business

•Auth for the Enterprise•Administration for the Enterprise

•Support and SLAs for the Enterprise•SQL, SQL, SQL

•$8/user/month per app

Scripting

Google Apps Script

Apps Script allows you to run your code in the cloud, as server-side executed JavaScript.  Send e-mails, create calendar appointments, migrate Google Sites and more-- all accessible from the Google Apps UI.

Secure Data Connector

Secure Data Connector

Secure Data Connector allows your application, hosted on Google infrastructure, to securely access corporate data behind the firewall, without exposing it to the web

Building in the Cloud

Data from CRM app

Data from product catalog

Data from ERP system

Gadgets

Gadgets

Gadgets allow youto embed your application's UI into Gmail, Calendar, Spreadsheets and Sites, using the OpenSocial standard

Gmail Sidebar Gadgets

Gmail Contextual Gadgets

Gmail Contextual Gadgets

Gmail Contextual Gadgets

Summary•Build for yourself or make a living building for

others or selling in the Marketplace•Build anywhere you want

•Integrate with:othe UI of Google Apps

oGoogle Apps DataoGoogle Apps accounts

oData behind your firewall•Write Scripts for easy tasks

Resources

ResourcesGoogle Apps APIs:http://code.google.com/googleapps

Google Apps Developer Blog:http://googleappsdeveloper.blogspot.comMe:http://www.twitter.com/ryguyrghttp://www.google.com/profiles/ryan.boyd