More and more companies provide Web APIs for their core services as an effective way to foster an ecosystem, but you need to have an API platform to host and manage the Web APIs. Building one from scratch can be challenging. This session teaches you how to create your API platform based on oAuth 2.0, REST, and NoSQL technologies by using open source stacks, including Apache projects such as Tomcat, Tuscany, Wink, Amber, and HTTP clients together with NoSQL solutions such as MongoDB and Redis. From real-world experience, you’ll learn the key components and techniques for creating a robust and scalable Web API server.
This document discusses open source authentication and authorization for web applications. It describes authenticating users through standards like LDAP, SAML and secure tokens. Single sign-on is presented as a way to use one set of credentials across multiple applications and organizations through identity federation. Authorization controls what resources a user can access based on their group membership, roles or dynamic conditions. Rather than embedding this logic into each application, the document proposes managing authentication and authorization as a centralized service. This allows applications to integrate and leverage identity services through pluggable authentication modules built on standards.
OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuAntonio Sanso
The document provides an introduction to OAuth 2.0 and the Apache Oltu framework for implementing OAuth in Java. It discusses the traditional OAuth authorization code grant "dance" involving a client, authorization server, and resource server. It also summarizes some common attacks like confused deputy and redirect URI exploitation. The document concludes with an overview of OAuth 2.0 for server to server authorization without user consent.
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
This document provides an overview of OAuth 2.0 and how it can be used by developers to access user data from an API or service without requiring the user's credentials. It begins with explaining the problem that OAuth solves by allowing access to user data without sharing usernames and passwords. It then demonstrates the OAuth flow through diagrams and descriptions of the steps. These include generating an authorization URL, exchanging the authorization code for tokens, making requests with the access token, and refreshing tokens. The document concludes by noting that a demonstration of OAuth will be shown.
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails.
The document discusses design-first API development using Swagger and Node. It introduces APIs and their purpose. Design-first development means defining the API first using Swagger, then generating code from the specification. This ensures the API documentation and code stay in sync. The document outlines how Swagger-Node works by parsing a Swagger API definition to validate and route requests. It provides examples of how Apigee and customers like Burberry use this approach. Finally, it promotes API management tools from Apigee and demonstrates Swagger-Node.
The document discusses stateless authentication using OAuth 2.0 and JSON Web Tokens (JWT). It begins with an introduction to OAuth 2.0, including its roles, common grant types like authorization code and implicit grants. It then discusses how JWT can be used to achieve statelessness by encoding claims in the token that are signed and can be verified without storing state on the authorization server. The document provides examples of what a JWT looks like and considerations for using JWT in applications.
Presentation showed in the Global Wireless Summit 2013 event, about the BETaaS Platform Architecture. It defines the main features provided and the design proposed for implementing such features in a distributed platform.
Marrow: A Meta-Framework for Python 2.6+ and 3.1+ConFoo
This document provides an overview of the Marrow Meta-Framework for Python. Key points include:
- Marrow provides YAML-based configuration, introspective scripting, template-derived directory trees, streaming templates, a high performance HTTP server, object wrappers, middleware, and optimizations.
- It supports Python 2.6+ and 3.1+. Configuration is provided via YAML files for type safety and simplicity over INI files.
- Scripting is done through a non-imperative command line parsing system built on top of marrow.script. Templates can be used to generate directory trees via the Blueprint class.
- Streaming templates provide a Python micro-language for generating content. The server uses
This document discusses open source authentication and authorization for web applications. It describes authenticating users through standards like LDAP, SAML and secure tokens. Single sign-on is presented as a way to use one set of credentials across multiple applications and organizations through identity federation. Authorization controls what resources a user can access based on their group membership, roles or dynamic conditions. Rather than embedding this logic into each application, the document proposes managing authentication and authorization as a centralized service. This allows applications to integrate and leverage identity services through pluggable authentication modules built on standards.
OAuth Hacks A gentle introduction to OAuth 2 and Apache OltuAntonio Sanso
The document provides an introduction to OAuth 2.0 and the Apache Oltu framework for implementing OAuth in Java. It discusses the traditional OAuth authorization code grant "dance" involving a client, authorization server, and resource server. It also summarizes some common attacks like confused deputy and redirect URI exploitation. The document concludes with an overview of OAuth 2.0 for server to server authorization without user consent.
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
This document provides an overview of OAuth 2.0 and how it can be used by developers to access user data from an API or service without requiring the user's credentials. It begins with explaining the problem that OAuth solves by allowing access to user data without sharing usernames and passwords. It then demonstrates the OAuth flow through diagrams and descriptions of the steps. These include generating an authorization URL, exchanging the authorization code for tokens, making requests with the access token, and refreshing tokens. The document concludes by noting that a demonstration of OAuth will be shown.
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails.
The document discusses design-first API development using Swagger and Node. It introduces APIs and their purpose. Design-first development means defining the API first using Swagger, then generating code from the specification. This ensures the API documentation and code stay in sync. The document outlines how Swagger-Node works by parsing a Swagger API definition to validate and route requests. It provides examples of how Apigee and customers like Burberry use this approach. Finally, it promotes API management tools from Apigee and demonstrates Swagger-Node.
The document discusses stateless authentication using OAuth 2.0 and JSON Web Tokens (JWT). It begins with an introduction to OAuth 2.0, including its roles, common grant types like authorization code and implicit grants. It then discusses how JWT can be used to achieve statelessness by encoding claims in the token that are signed and can be verified without storing state on the authorization server. The document provides examples of what a JWT looks like and considerations for using JWT in applications.
Presentation showed in the Global Wireless Summit 2013 event, about the BETaaS Platform Architecture. It defines the main features provided and the design proposed for implementing such features in a distributed platform.
Marrow: A Meta-Framework for Python 2.6+ and 3.1+ConFoo
This document provides an overview of the Marrow Meta-Framework for Python. Key points include:
- Marrow provides YAML-based configuration, introspective scripting, template-derived directory trees, streaming templates, a high performance HTTP server, object wrappers, middleware, and optimizations.
- It supports Python 2.6+ and 3.1+. Configuration is provided via YAML files for type safety and simplicity over INI files.
- Scripting is done through a non-imperative command line parsing system built on top of marrow.script. Templates can be used to generate directory trees via the Blueprint class.
- Streaming templates provide a Python micro-language for generating content. The server uses
The document provides an introduction to API security with OAUTH 2.0, describing the basics of authentication and authorization, the four primary grant types including the authorization code grant process and actors. It also discusses criticisms of OAUTH including a lack of interoperability and being designed for hosted applications in 2006. Alternative security approaches like Oz are presented that build on the lessons learned from OAUTH.
Adding a Google Map to your web page is very easy, once you've been shown how! That's what we're going to do in this lesson - we'll go over each step of creating a basic Google Map using the JavaScript API.
You don't need much to create a Google Maps API webpage:
A text editor. Windows machines generally include Notepad; Mac OS X comes with TextEdit; Linux machines come with a variety of applications, including gedit, vim, or KWrite.
A web browser. We heart Google Chrome, but there are many web browsers available for various platforms: Firefox, Safari, and Internet Explorer are some of the best-known options.
This document discusses smart devices and productivity applications. It describes how applications can be developed using GeneXus to be platform independent. Key points include:
- Productivity applications allow people to accomplish tasks by organizing and manipulating detailed information.
- GeneXus Evolution 2 adds REST web services and the Work With pattern to Evolution 1 for multi-device apps. This allows targeting multiple platforms from a single codebase.
- Pattern-based user interfaces following guidelines like Dashboard and Master-Detail can be declaratively defined and generated for different devices.
Teacher Dashboard for Google Apps overview june 2011Hapara
The document provides an overview of key features of the Teacher Dashboard, a tool for managing digital classrooms on Google Apps for Education. It describes features like viewing and organizing student documents, images, blogs and sites. It also covers setting up class calendars and shared folders, and resetting student passwords. The overview explains that Teacher Dashboard aims to simplify classroom setup and management while also enforcing policies and making student activity more transparent.
OAuth is an open standard for authorization that allows apps to access user accounts without passwords. It provides a secure way for users to authorize apps to access their data by granting tokens with specific and limited permissions. This allows for low friction innovation on open platforms while maintaining security. As apps become key intermediaries connecting users and businesses, standardizing on OAuth is important to securely enable this new wave of digital innovation.
Within the past decade, internet and mobile phone usage increased dramatically. However, mobile security practices have not caught up, as most mobile users do not password protect their devices and multifactor authentication is rarely used for mobile apps. This leaves devices and accounts vulnerable to theft and hacking. To address these issues, the document discusses how single sign-on (SSO) can increase security and productivity by streamlining login across native mobile apps and browsers. It also outlines some challenges with current SSO methods and standards being developed for improved mobile SSO, such as work by the OpenID Foundation.
This document describes a metadata-driven software as a service (SaaS) platform. The platform provides features such as metadata-driven service development, an open API service for web and mobile applications, and shared services. It includes functional specifications for security, metadata management, utilities, and application architecture. The platform uses a Spring framework with Hibernate and supports features like batch processing, preferences, ratings/comments, and more through its open API interfaces.
The document describes an open API platform system that uses a metadata driven service architecture. It has logical layers for interfaces, services, and repositories that interact with underlying infrastructure components. The technical specifications list the main frameworks used, including Spring, Hibernate, Google Gson and Apache Velocity. It outlines the project structure and Java package structure, and provides examples of how domain objects and their metadata are defined using annotations and configured in Hibernate.
The document discusses Yahoo's open platform which includes standards like OAuth and OpenID for authentication. It covers various dashboard, API, and markup languages to build applications. Key components are social blocks, tags, and JavaScript functions to enable social features. Sanitization solutions like Caja and customized markup languages allow securely embedding third-party content.
This document discusses data and API ownership. It notes that while individuals own the data they generate, terms of service agreements typically give companies broad rights to use, store, modify and share customer data. It advises API owners to clearly define their value proposition, assume data may be accessed or stolen, communicate policies to customers, stay up to date on legal terms, and implement redundancies in case of data loss or theft. API ownership is important for building brand reliability.
I want to be an efficient developer - APIdays Barcelona versionQuentin Adam
This document summarizes a talk given by @waxzce at APIDays Barcelona 2014 about how to be a more efficient developer. Some of the key points discussed include: optimizing code and processes to make developers happy; modularizing code and teams; using tools like configuration managers and version control; focusing on code readability; and embracing practices like continuous integration/deployment to release code early and often. The talk concludes with promoting a focus on the developer experience and using emerging technologies to work faster.
usable rest apis, by Javier Ramirez from teowaki (Apidays Mediterranea)javier ramirez
This summary provides the key points from the document in 3 sentences:
The document discusses various aspects of designing usable and effective REST APIs, highlighting the importance of usability principles and emphasizing that API usability is just as important as web usability. It also provides examples of different HTTP status codes and considerations for API design such as supporting different formats, enabling caching, implementing hypermedia and links, handling pagination and versioning, and ensuring the API is self-documenting. The overall message is that API designers should thoughtfully consider usability and the user experience when building RESTful interfaces.
This document discusses ways to enhance the browser experience by improving the "health" of the browser. It provides several ideas and approaches to consider, such as using responsive web design (RWD) for multi-device support, considering browsers based on Webkit, and determining whether a single page application (SPA) is needed. It also discusses aspects of the browser like the JavaScript engine and rendering engine. The document recommends checking browser compatibility and performance, and considering tools like polyfills and Modernizr to address issues. Finally, it briefly mentions some emerging HTML5 APIs and experimental browser technologies.
The document discusses the history of intellectual property protections like patents and copyrights. It provides background on the Google vs Oracle case, where Google was sued for copyright infringement for its use of Java APIs in Android. The case went to the Supreme Court, which ruled that APIs could be copyrighted, setting an important precedent. The document argues that APIs are the new software patents, and that open APIs like patents before can breed ecosystem innovation, but more is needed to scale the API economy, with some companies already building tools to help discover and explore APIs.
The Lincoln Institue - 10 Ways to Regenerate America's Legacy CitiesCassidy Swanson
Urban renaissance has touched many cities across America in the last two decades, but there are many others – typically what we call “legacy cities” that are still trying to find their footing a generation or two after experiencing drastic manufacturing loss and population decline.
The AIL Platform is a non-invasive telecare product that allows seniors to participate in modern society enhancing independence through ICT-based solutions. The platform is composed of independent but interoperable modules through AIL-Middleware.
The document discusses Drupal's API and REST services. It provides code examples for interacting with Drupal's API using cURL and Guzzle to make GET, POST, and authentication requests. It also covers configuring content types and models, permissions, and multilingual support in Drupal.
LoopBack is an open source API framework built on top of Express optimized for mobile and web. Connect to multiple data sources, write business logic in Node.js, glue on top of your existing services and data, connect using JS, iOS & Android SDKs.
Building a Node.js API backend with LoopBack in 5 MinutesRaymond Feng
LoopBack is an open source API framework built on top of Express optimized for mobile and web. Connect to multiple data sources, write business logic in Node.js, glue on top of your existing services and data, connect using JS, iOS & Android SDKs.
The document provides an introduction to API security with OAUTH 2.0, describing the basics of authentication and authorization, the four primary grant types including the authorization code grant process and actors. It also discusses criticisms of OAUTH including a lack of interoperability and being designed for hosted applications in 2006. Alternative security approaches like Oz are presented that build on the lessons learned from OAUTH.
Adding a Google Map to your web page is very easy, once you've been shown how! That's what we're going to do in this lesson - we'll go over each step of creating a basic Google Map using the JavaScript API.
You don't need much to create a Google Maps API webpage:
A text editor. Windows machines generally include Notepad; Mac OS X comes with TextEdit; Linux machines come with a variety of applications, including gedit, vim, or KWrite.
A web browser. We heart Google Chrome, but there are many web browsers available for various platforms: Firefox, Safari, and Internet Explorer are some of the best-known options.
This document discusses smart devices and productivity applications. It describes how applications can be developed using GeneXus to be platform independent. Key points include:
- Productivity applications allow people to accomplish tasks by organizing and manipulating detailed information.
- GeneXus Evolution 2 adds REST web services and the Work With pattern to Evolution 1 for multi-device apps. This allows targeting multiple platforms from a single codebase.
- Pattern-based user interfaces following guidelines like Dashboard and Master-Detail can be declaratively defined and generated for different devices.
Teacher Dashboard for Google Apps overview june 2011Hapara
The document provides an overview of key features of the Teacher Dashboard, a tool for managing digital classrooms on Google Apps for Education. It describes features like viewing and organizing student documents, images, blogs and sites. It also covers setting up class calendars and shared folders, and resetting student passwords. The overview explains that Teacher Dashboard aims to simplify classroom setup and management while also enforcing policies and making student activity more transparent.
OAuth is an open standard for authorization that allows apps to access user accounts without passwords. It provides a secure way for users to authorize apps to access their data by granting tokens with specific and limited permissions. This allows for low friction innovation on open platforms while maintaining security. As apps become key intermediaries connecting users and businesses, standardizing on OAuth is important to securely enable this new wave of digital innovation.
Within the past decade, internet and mobile phone usage increased dramatically. However, mobile security practices have not caught up, as most mobile users do not password protect their devices and multifactor authentication is rarely used for mobile apps. This leaves devices and accounts vulnerable to theft and hacking. To address these issues, the document discusses how single sign-on (SSO) can increase security and productivity by streamlining login across native mobile apps and browsers. It also outlines some challenges with current SSO methods and standards being developed for improved mobile SSO, such as work by the OpenID Foundation.
This document describes a metadata-driven software as a service (SaaS) platform. The platform provides features such as metadata-driven service development, an open API service for web and mobile applications, and shared services. It includes functional specifications for security, metadata management, utilities, and application architecture. The platform uses a Spring framework with Hibernate and supports features like batch processing, preferences, ratings/comments, and more through its open API interfaces.
The document describes an open API platform system that uses a metadata driven service architecture. It has logical layers for interfaces, services, and repositories that interact with underlying infrastructure components. The technical specifications list the main frameworks used, including Spring, Hibernate, Google Gson and Apache Velocity. It outlines the project structure and Java package structure, and provides examples of how domain objects and their metadata are defined using annotations and configured in Hibernate.
The document discusses Yahoo's open platform which includes standards like OAuth and OpenID for authentication. It covers various dashboard, API, and markup languages to build applications. Key components are social blocks, tags, and JavaScript functions to enable social features. Sanitization solutions like Caja and customized markup languages allow securely embedding third-party content.
This document discusses data and API ownership. It notes that while individuals own the data they generate, terms of service agreements typically give companies broad rights to use, store, modify and share customer data. It advises API owners to clearly define their value proposition, assume data may be accessed or stolen, communicate policies to customers, stay up to date on legal terms, and implement redundancies in case of data loss or theft. API ownership is important for building brand reliability.
I want to be an efficient developer - APIdays Barcelona versionQuentin Adam
This document summarizes a talk given by @waxzce at APIDays Barcelona 2014 about how to be a more efficient developer. Some of the key points discussed include: optimizing code and processes to make developers happy; modularizing code and teams; using tools like configuration managers and version control; focusing on code readability; and embracing practices like continuous integration/deployment to release code early and often. The talk concludes with promoting a focus on the developer experience and using emerging technologies to work faster.
usable rest apis, by Javier Ramirez from teowaki (Apidays Mediterranea)javier ramirez
This summary provides the key points from the document in 3 sentences:
The document discusses various aspects of designing usable and effective REST APIs, highlighting the importance of usability principles and emphasizing that API usability is just as important as web usability. It also provides examples of different HTTP status codes and considerations for API design such as supporting different formats, enabling caching, implementing hypermedia and links, handling pagination and versioning, and ensuring the API is self-documenting. The overall message is that API designers should thoughtfully consider usability and the user experience when building RESTful interfaces.
This document discusses ways to enhance the browser experience by improving the "health" of the browser. It provides several ideas and approaches to consider, such as using responsive web design (RWD) for multi-device support, considering browsers based on Webkit, and determining whether a single page application (SPA) is needed. It also discusses aspects of the browser like the JavaScript engine and rendering engine. The document recommends checking browser compatibility and performance, and considering tools like polyfills and Modernizr to address issues. Finally, it briefly mentions some emerging HTML5 APIs and experimental browser technologies.
The document discusses the history of intellectual property protections like patents and copyrights. It provides background on the Google vs Oracle case, where Google was sued for copyright infringement for its use of Java APIs in Android. The case went to the Supreme Court, which ruled that APIs could be copyrighted, setting an important precedent. The document argues that APIs are the new software patents, and that open APIs like patents before can breed ecosystem innovation, but more is needed to scale the API economy, with some companies already building tools to help discover and explore APIs.
The Lincoln Institue - 10 Ways to Regenerate America's Legacy CitiesCassidy Swanson
Urban renaissance has touched many cities across America in the last two decades, but there are many others – typically what we call “legacy cities” that are still trying to find their footing a generation or two after experiencing drastic manufacturing loss and population decline.
The AIL Platform is a non-invasive telecare product that allows seniors to participate in modern society enhancing independence through ICT-based solutions. The platform is composed of independent but interoperable modules through AIL-Middleware.
The document discusses Drupal's API and REST services. It provides code examples for interacting with Drupal's API using cURL and Guzzle to make GET, POST, and authentication requests. It also covers configuring content types and models, permissions, and multilingual support in Drupal.
LoopBack is an open source API framework built on top of Express optimized for mobile and web. Connect to multiple data sources, write business logic in Node.js, glue on top of your existing services and data, connect using JS, iOS & Android SDKs.
Building a Node.js API backend with LoopBack in 5 MinutesRaymond Feng
LoopBack is an open source API framework built on top of Express optimized for mobile and web. Connect to multiple data sources, write business logic in Node.js, glue on top of your existing services and data, connect using JS, iOS & Android SDKs.
Data Binding Unleashed for Composite ApplicationsRaymond Feng
The document discusses data binding in Apache Tuscany composite applications. It introduces data binding concepts and how data is represented and flowed across SCA components. It also provides examples of interface definitions using different data binding technologies like JAXB, SDO, and an example composite application definition showing how components are wired together and expose services.
Building Flexible APIs for Web 2.x/Cloud Applications (JavaOne 2011 Session ...Raymond Feng
The document discusses service design principles for coarse-grained distributed services. It recommends using data transfer objects (DTOs) to represent data in a self-contained way using identifiers instead of object references. DTOs should be serializable and protocol-independent. The document also recommends keeping business logic separate from data objects and avoiding language-specific data formats. Services should have stateless, coarse-grained interfaces to enable scalability and loose coupling between providers and consumers.
This document summarizes RESTful services using Apache Tuscany SCA. It describes how to expose existing services as REST APIs, invoke REST services from SCA, and include JAX-RS applications in SCA composites. Key capabilities include REST bindings, consuming REST via references, and the implementation.jaxrs type for integrating JAX-RS applications.
Data Binding Unleashed for Composite ApplicationsRaymond Feng
This document discusses data binding and SCA composite applications. It provides an overview of data binding concepts, SCA composites, and the Apache Tuscany project. It then describes how data is represented and transformed between components in a composite application using Tuscany's data binding framework. The framework introspects data types and transparently transforms data between different bindings like JAXB, SDO, JSON, etc. without requiring changes to application code. Developers can also extend the framework to support additional data bindings.
Apache Tuscany 2.x Extensibility And SPIsRaymond Feng
Apache Tuscany 2.x provides extensibility through extension points and service provider interfaces (SPIs). It uses the Java service provider mechanism to discover and configure extensions. Extension points allow third parties to provide custom implementations of things like artifact processors, builders, and lifecycle listeners. SPIs define the core abstractions in Tuscany including models, contributions, bindings, and nodes. The SPI packages are designed to have well-defined dependencies.
The document discusses enabling OSGi for Apache Tuscany by modularizing Tuscany modules into individual OSGi bundles. This allows Tuscany to work in OSGi environments and provides benefits like versioning, isolation, and lifecycle management of extensions. Key steps include turning Tuscany modules and third party dependencies into OSGi bundles, and tools are provided to help with development and testing of Tuscany within an OSGi environment.
OSGi Remote Services With SCA using Apache TuscanyRaymond Feng
The document discusses OSGi remote services and how they can be modeled and implemented using the Service Component Architecture (SCA). It provides an example of distributing a calculator application across multiple OSGi runtimes using SCA. Key points covered include predefined and on-demand mappings from OSGi entities to SCA components, the use of bindings like RMI and web services, and how service discovery works in the SCA domain.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Dive into the realm of operating systems (OS) with Pravash Chandra Das, a seasoned Digital Forensic Analyst, as your guide. 🚀 This comprehensive presentation illuminates the core concepts, types, and evolution of OS, essential for understanding modern computing landscapes.
Beginning with the foundational definition, Das clarifies the pivotal role of OS as system software orchestrating hardware resources, software applications, and user interactions. Through succinct descriptions, he delineates the diverse types of OS, from single-user, single-task environments like early MS-DOS iterations, to multi-user, multi-tasking systems exemplified by modern Linux distributions.
Crucial components like the kernel and shell are dissected, highlighting their indispensable functions in resource management and user interface interaction. Das elucidates how the kernel acts as the central nervous system, orchestrating process scheduling, memory allocation, and device management. Meanwhile, the shell serves as the gateway for user commands, bridging the gap between human input and machine execution. 💻
The narrative then shifts to a captivating exploration of prominent desktop OSs, Windows, macOS, and Linux. Windows, with its globally ubiquitous presence and user-friendly interface, emerges as a cornerstone in personal computing history. macOS, lauded for its sleek design and seamless integration with Apple's ecosystem, stands as a beacon of stability and creativity. Linux, an open-source marvel, offers unparalleled flexibility and security, revolutionizing the computing landscape. 🖥️
Moving to the realm of mobile devices, Das unravels the dominance of Android and iOS. Android's open-source ethos fosters a vibrant ecosystem of customization and innovation, while iOS boasts a seamless user experience and robust security infrastructure. Meanwhile, discontinued platforms like Symbian and Palm OS evoke nostalgia for their pioneering roles in the smartphone revolution.
The journey concludes with a reflection on the ever-evolving landscape of OS, underscored by the emergence of real-time operating systems (RTOS) and the persistent quest for innovation and efficiency. As technology continues to shape our world, understanding the foundations and evolution of operating systems remains paramount. Join Pravash Chandra Das on this illuminating journey through the heart of computing. 🌟
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
A Comprehensive Guide to DeFi Development Services in 2024Intelisync
DeFi represents a paradigm shift in the financial industry. Instead of relying on traditional, centralized institutions like banks, DeFi leverages blockchain technology to create a decentralized network of financial services. This means that financial transactions can occur directly between parties, without intermediaries, using smart contracts on platforms like Ethereum.
In 2024, we are witnessing an explosion of new DeFi projects and protocols, each pushing the boundaries of what’s possible in finance.
In summary, DeFi in 2024 is not just a trend; it’s a revolution that democratizes finance, enhances security and transparency, and fosters continuous innovation. As we proceed through this presentation, we'll explore the various components and services of DeFi in detail, shedding light on how they are transforming the financial landscape.
At Intelisync, we specialize in providing comprehensive DeFi development services tailored to meet the unique needs of our clients. From smart contract development to dApp creation and security audits, we ensure that your DeFi project is built with innovation, security, and scalability in mind. Trust Intelisync to guide you through the intricate landscape of decentralized finance and unlock the full potential of blockchain technology.
Ready to take your DeFi project to the next level? Partner with Intelisync for expert DeFi development services today!
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Building a Web API Platform with Open Source oAuth 2.0, REST, and NoSQL (JavaOne 2012)
1. BUILDING A WEB API
PLATFORM WITH OPEN
SOURCE OAUTH 2.0, REST,
AND NOSQL
SESSION 6946
JAVAONE 2012
2. About the speakers
Raymond Feng
Software Engineer – Shutterfly, Inc.
Staff
Member – Apache Software Foundation
Committer – Apache Tuscany, Wink, Amber
Co-author – Tuscany SCA In Action
3. Agenda
Why a Web API platform
The key components of Web API platform
stack
OAuth 2.0
Http Reverse Proxy
Metrics
API discovering, exploring and playing
Q&A
5. Why a Web APIs platform?
Why Web API?
A great way to build the ecosystem
For some companies, APIs = products
Proliferation of mobile clients
Universal access for internal systems/web or mobile
fronts/third party apps
This talk is about the platform/infrastructure
behind the curtain to support Web API calls.
It’s NOT about Web API
design/development/security.
6. What’s behind the scene?
What’s behind an oAuth 2.0 protected REST
API call?
GET
https://api.<mycompany>.com/me/albums?acces
s_token=<oAuth 2.0 access token>
POST
https://api.<mycompany>.com/me/albums?acces
s_token=<oAuth 2.0 access token>
Content-Type: application/json
Accept: application/json
Request body: {“name”: “Summer 2012”}
7. A Web API Platform
QoS plugins
HTTP Reverse Proxy
Auth Protected
Protected
Resource
Resource
Metrics
Client
Client
Application Throttling
Application
Mediation
User Sign-in
Page
…
Infrastructure
Distributed data grid
(service registry, metrics, quota/usage)
Persistenc
Security e
(Identity management, client application registration, user
authentication, token management, resource ACLs)
11. oAuth 2.0
Based on Apache Amber which implements
the latest oAuth 2.0 spec
http://tools.ietf.org/html/draft-ietf-oauth-v2-31
http://incubator.apache.org/amber/
Additional SPIs are identified for oAuth 2.0
related metadata management and integration
with the security infrastructure
12. oAuth 2.0 concepts
OAuth defines four roles:
resource owner: An entity capable of granting access
to a protected resource (e.g. end-user).
resource server: The server hosting the protected
resources, capable of accepting and responding to
protected resource requests using access tokens.
client: An application making protected resource
requests on behalf of the resource owner and with its
authorization.
authorization server: The server issuing access
tokens to the client after successfully authenticating
the resource owner and obtaining authorization.
13. oAuth 2.0 flows/grant types
An authorization grant is a credential
representing the resource owner's
authorization (to access its protected
resources) used by the client to obtain an
access token.
oAuth 2.0 specification defines four grant
types:
authorization code
implicit
resource owner password credentials
client credentials
14. User cases: Trusted client
applications
Trusted clients include:
Internal applications (running at the server side or
client side)
Mobile clients
Mapping to oAuth 2.0
Clientcredentials for access token (super user)
Resource owner password credentials for access
token (run as the “resource owner”)
15. Use cases: Third party
applications
We plan to roll out web APIs to 3rd party
applications
oAuth 2.0 will be used as the
authentication/authorization mechanism
Mapping to oAuth 2.0
Authorization code flow
Implicit grant flow
17. oAuth 2.0 SPI – resource ACL
Determine if a resource is protected
Public
Client-id
specific
Resource-owner specific
Who are the resource owners?
Scopes of the access
{"scope": "media", {"id": "media_resource",
"description": "Media", "operations": [ "ALL”],
"expiresIn": 604800, "path": "/media",
"requiredAccessLevel": 1, "scopes": [ "media”]
"resourceOwnerAuthorizationRequired": }
false
}
18. oAuth 2.0 SPI – Authentication &
Authorization
Make sure a client is registered
Make sure a token/code is valid
Authenticate a client using
client_id/client_secret
Authenticate a resource owner using user
name/password
Check the token against the protected
resources (ACL)
Establish the principal/subject
19. oAuth 2.0 SPI – Token
Management
Generate access/refresh tokens for a given client,
resource owner, and scopes
Generate authorization codes for a given client,
resource owner, and scopes
Look up the token metadata based on the token
string
Look up the authorization code metadata based
on the code string
Expiration
Refresh tokens
MongoDB as the backend store for tokens
20. oAuth 2.0 infrastructure
Client Client
Authorization Registration Client
Registration
Server Manager Registrations
Endpoint
Resourc
e Owner
Authorization Users
Authenticator
Endpoint (Resource Protected
Owners) Resources
User Internet (such as
Agent user media
(browser) or address
Token
Endpoint Token Tokens and book)
Manager Authorization
Codes
Resource
Client Access
Manager Resource
oAuth 2.0
Permissions
Resource and Scope
Filter Definitions
HTTP
Resource proxy
Server
21. Mapping oAuth 2.0 scopes
Scope
Scope
Scope
Protected
Protected
Resource
oAuth 2.0 Protected
Resource
token GET /services/addressbook/…
Resource
POST/services/addressbook/…
Client
GET /services/media/…
…
…
Resource
Owner
See an example at:
http://developers.facebook.com/docs/reference/api/permissions/
23. Client/Resource management
(administrative)
We need to have UI to
manage the resource endpoints (URI patterns
and HTTP operations)
define oAuth 2.0 scopes to map to a list of
resource access permissions
Manage client applications (enable/disable,
setting quota, …)
Manage access tokens/authorization codes
24. Dashboard
Monitor the API usages (administrative)
By client id
By user id
By resource URIs
By timeline
Let developers see their client applications
(developer)
Registrations
Usages
Granted permissions
25. REST APIs for API
management
Get the list of defined scopes
Display a scope
Get the list of defined resources
Display a token
Display an authorization code
Display a client registration
Get the list of registered clients for a given user
List tokens by client id/user id
List authorization codes by client id/user id
List granted permissions
28. HTTP reverse proxy
DO NOT deploy the services on the api server
directly
API server dispatches API calls to the back-
end services
Open source tools:
Apache http components: http://hc.apache.org/
29. HTTP reverse proxy – connection
management
HTTP connection pool
Persistent connections (keep-alive)
Check the keep alive settings at the backend web
servers
Chunked transfer encoding support
Some Nginx servers don’t support chunked mode
Make sure the http entity is “consumed” so that
the http connection will be released back to the
pool
http://hc.apache.org/httpcomponents-client-
ga/tutorial/html/connmgmt.html
30. Routing/Proxying
URL mapping service registry
URL templating
<uriMapping>
<source>/addressbook/{uid}</source>
<target>http://backend.xyz.com/services/addressbook/{uid}</target>
</uriMapping>
api.xyz.com/addressbook/me/contatcs
The
“me” or “self” will be replaced with the resource
owner from the oAuth 2.0 access token
31. Sync vs. Async
Sync:
Servlet 2.5 and Apache HTTP client 4.x
Async:
Servlet 3.0 async filter (Tomcat 7.0.x or Jetty 8.x)
Apache HttpAsyncClient 4.0 beta 2
final AsyncContext asyncContext =
request.startAsync();
asyncContext.start(new Runnable() {
public void run() {
asyncDispatch(asyncContext, target);
}
});
32. Java vs. Node.js
Which one is better?
Overhead
Scalability
Servlet 2.5 sync mode + Apache http client
Servlet 3.0 async mode + Apache http async
client
Node.js event-driven mode + http
33. Mediations
Some examples:
Protocol/data translation
XML JSON
API tracking
https://github.com/codahale/metrics
http://graphite.wikidot.com/
Analytics
CORS enablement
35. API discovery and
documentation
Some apis/tools that help developers to discover
and explore the apis
A spec to describe the apis (urls, methods,
input/output/exception data model)
A UI to discover and explore the apis
Some integration with the api implementation stacks
such as JAX-RS to introspect the api signatures
Client code generation tool
Open source tools
http://swagger.wordnik.com/
https://developers.google.com/discovery/