Where is WSO2 going? (Image Credit: Ian Murphy)WSO2 recently held its London conference, Oxygenate, at the Brewery, London. Enterprise Times attended and caught up with Chief Technology Officer, Asanka Abeysinghe to talk about WSO2, its current products and future product strategy.

To many people, WSO2 is best known for its API management tools but it has a much deeper set of tools than that. For example, it has an AI-powered integration platform and identity and access management (IAM) tools. It also has Choreo, its developer platform, which exposes all those tools to developers.

The evolution of Choreo as a core platform

Choreo has been around for several years and has become a mature developer platform that hooks into all the other technologies that WSO2 has. It is positioned by WSO2 as a tool to address the full software development lifecycle, from ideation to deployment and operations.

Abeysinghe commented, “Choreo is not just about facilitating those three technologies in a SaaS environment. It’s more than that. Any workload you can containerise, bring inside Choreo and run, we manage it and provide that into an application lifecycle for the organization.”

The wider goal for WSO2, according to Abeysinghe, is to use Choreo to redefine the concept of the internal developer platform. It wants to take Choreo beyond the traditional focus on operational and administrative features. To do that, it plans to deeply integrate software engineering practices and capabilities.

It will make Choreo a more comprehensive and empowering environment for application development teams. Abeysinghe believes that the increased emphasis on security, developer productivity and a seamless platformless experience is what customers want from Choreo. Eventually, it will become a Developer Platform as a Service solution for all developers.

It’s an impressive target, but how will WSO2 deal with some of the challenges that developers have?

Adding security to the developer platform

Earlier this year, WSO2 had a major update of its Identity Server and now claims over 1 billion identities under managed identities globally. But the problem with identity today is that the vast majority of identities are no longer about humans.

Those non-human identities often get created, rarely have the credentials updated and need better management. It makes them increasingly important to cybercriminals who use stolen accounts for privilege escalation. One solution is to move away from role-based access controls (RBAC) to attribute-based access control (ABAC).

Asanka Abeysinghe, Chief Technology Officer, WSO2 (Image Credit: LinkedIn)
Asanka Abeysinghe, Chief Technology Officer, WSO2

Abeysinghe says WSO2 has already evolved beyond just role-based access control (RBAC) and now supports more advanced identity and access management approaches. He stated: “We have the role-based stuff, plus the attributes as well. The main focus, even as an industry, is multifactor authentication.

“We are also looking at how you create these attributes around an identity and, based on those attributes, how you can make an authorization, authentication or consent management decision. The next level is a more dynamic approach, based on behaviour.”

A step towards zero-trust

One of WSO2’s goals with Choreo is to provide developers with a zero-trust environment for developers to build applications. While many see zero-trust as about security identity, it is far more than that, it needs the right infrastructure.

Abeysinghe says that Choreo as a platform is the solution that developers need. It has both a system-level security layer and an application-level security layer. They ensure that everything a developer writes, including the services, service-to-service communication, API layer, and integrations, are all secured.

Integrating Choreo and Identity Server is a key part of that zero-trust environment. The company has already written a paper about how Choreo provides a zero-trust environment.

Abeysinghe commented, “The first thing customers ask is, How secure is this? We have enough documentation that they can take it through their compliance teams and then the security office to make sure that the platform is well secured at the end user level as well as the developer level.”

Choreo’s “Platformless” Approach

One of the things that WSO2 wants to do is abstract the underlying platform making it invisible to developers. It calls this “platformless”. According to Abeysinghe, the goal of making the underlying platform invisible allows developers to focus solely on building and delivering business value without being burdened by the complexities of the underlying technology stack.

He commented, “We believe you need software engineering embedded into the internal level of the platform. So we redefine the meaning of internal development platform and deliver it through Choreo.”

Importantly, this goes back to an earlier comment about going beyond operational and management features. It reinforces the idea of deeply integrating software engineering practices and capabilities into the platform. This will provide a more comprehensive and empowering environment for application development teams, where the platform supports and enhances the entire software development lifecycle.

Integrating AI-Powered Capabilities in Choreo

Like all tech companies, WSO2 has been adding machine learning and AI to its products for some time. Choreo already uses the two technologies to boost its software engineering capabilities, such as API testing, data mapping, and integration flow generation.

But what about speeding up developer productivity? Other vendors are adding AI to make it easier to find function calls and speed up writing code. For example, a developer is stuck on solving something, so they ask the built-in AI. The AI provides an example, and it stops the developer from spending time experimenting with multiple code builds.

But there is a risk here. While the AI might provide a syntactically correct line of code or code snippet, will it be functionally correct and secure? Many vendors are unsure of that and think we need to be careful. Abeysinghe also pointed out that there is a need to maintain human oversight and validation. He stated, “AI should be used as an assistant, with developers verifying and validating the AI-generated outputs to ensure quality and reliability.”

Abeysinghe also believes that how AI is integrated into a product is important. He does not believe in a “one-size-fits-all” approach. He commented that WSO2 is taking a more selective and strategic approach to integrating AI capabilities within its products.

To make access to the tools easier to use, WSO2 has developed its own Copilot-style AI assistant specifically for Choreo. This is aimed at enhancing developer productivity and streamlining tasks. Abeysinghe said, “We wrote our own copilot version for Choreo, and then we have already integrated some of these things and provided examples like how easily you can design an API.”

Open-source

The accepted way of making tools available as open-source is to build a two-tier strategy. The first tier makes the current open-source version available to the developer community. They can then download, compile and work with the tool for free while accepting that it will have possible bugs and vulnerabilities.

At the same time, the community is encouraged to help advance the product and write add-ons and code snippets. That helps widen the appeal of the software and increases the number of eyes on the code base, which, in turn, helps to spot bugs.

The second strand is to offer a commercial version. It is often a few versions behind the open-source code but has been hardened. Vendors then wrap services such as consultancy, training and paid-for support.

WSO2’s approach to open-source is not as clearly defined as this. For example, their commercial offering is the same version of the open-source code base. It comes with subscriptions to support services, and the company offers consultancy.

The big difference is in how the open-source is made available. The company makes the code available for download. However, it is down to the end-user to compile and maintain the code. Over the life of that code, WSO2 makes no software updates available free of charge, nor does it offer support.

So how does it plan to work with its community going forward?

Open-Source community

Abeysinghe talked about the open-source community. The company does operate an open-source contribution model and does have developers contributing to its software. He commented, “Certain connectors are coming from the community, and then our partner network, they are building connectors as well.”

That is good news for WSO2 customers, but how is it going to improve that communication and relationship with that community? After all, thirty years ago, recognition of contribution was a t-shirt, an invite to a conference or a fluffy MVP title in an online forum.

Recognition is still the motivator for many contributors, according to Abeysinghe, and Developer Relations deals with that. However, he admitted that WSO2 hadn’t always done a good job or taken it to the next level. To resolve that, the company has now recruited a Chief Developer Advocate, Isabelle Mauny.

Abeysinghe said that Mauny is now building a practice around Developer Relations staff to better support contributors. It will have multiple programmes, including an Ambassador and Orbit level, which will all come with benefits. WSO2 is planning to launch it soon, and in Barcelona next year, there will be an entire open-source track.

However, for partners, the company is sticking with its existing programmes and has no new updates at the moment. What is important is that partners are required to ensure their staff are certified on WSO2 products. Top-tier Platinum partners also have to have certified trainers to ensure customers get authorised training.

Ballerina

The last area we talked with Abeysinghe about was Ballerina. It’s a programming language that WSO2 introduced a few years back, and its usage has been growing steadily ever since. It’s an open-source, cloud-native language that focuses on making integration easier. We’ve spoken about Ballerina with WSO2 several times in the past, including in interviews with Sanjiva Weerawarana and former CTO Eric Newcomer.

Abeysinghe said that the adoption of Ballerina is increasing, especially among those customers who are dealing with integration issues. Since creating the common control plane, customers can manage Ballerina and their integrations in parallel. Abeysinghe is seeing adoption in enterprises where the low-code and traditional developers are both taking advantage of it.

Abeysinghe says, “Ballerina is a really cool way to do that. You can write distributed integrations like you are writing microservices. You then put it into the system so it will do the integration.”  The result of that for WSO is now extending beyond its own customer base and into the wider developer community.

That wider acceptance of Ballerina has led the company to start work on a Ballerina integrator. Abeysinghe describes it as a low-code abstraction for Ballerina that short-circuits how quickly a developer can adopt the language, use a local interface, and then build integrations. The expectation is that it will increase adoption of Ballerina.

Another way that WSO2 plans to expand the use of Ballerina is through the AI copilot, which will make it easier for developers to learn a new language.

Enterprise Times: What does this mean

This was an interesting conversation with Abeysinghe about where WSO2 is and where it is going with its products. The acquisition by EQT seems to have made the company much more open about the future and what its expectations are. It is not just Abeysinghe who is being more open. The conversation that Enterprise Times had with Devaka Randeniya, Chief Revenue Officer at WSO2, was equally open.

WSO2 appears to be in a much better place now than it has been for a while. Its products are more mature, the future development plans show where it is headed, and it is executing on its own vision. However, there is a caveat to all this. While EQT provides it with the capital and opportunity to move forward, it will need to show a return on that opportunity.

That could be a merger with SUSE, as Randeniya suggested in our conversation. Alternatively, it could be product-led, as Abeysinghe has talked about. It raises some questions. Does the company have all the technology it needs to grow organically? Will it need to make acquisitions to get to the next level? What does it plan for the future for its partners to help grow the business?

The answers to these questions are likely to become clearer as we get to WSO2CON 2025 in Barcelona next March.

LEAVE A REPLY

Please enter your comment!
Please enter your name here