OpenID Connect: An Overview
•Download as PPTX, PDF•
5 likes•13,261 views
OpenID Connect is a simple identity layer that allows clients like mobile or web apps to verify user identities based on an authentication performed by an authorization server, as well as obtain basic profile information about users. It is built on OAuth 2.0 and defined by the OpenID Foundation. The specification defines core features as well as optional discovery, dynamic registration, session management, and OAuth 2.0 response types. Major companies like Google, Salesforce, and Microsoft have implemented or are deploying OpenID Connect to provide single sign-on for web and mobile clients.
Report
Share
Report
Share
![What is OpenID Connect?
Simple Identity Layer for the Internet
[OpenID Connect] allows Clients to verify the
identity of the End-User based on the
authentication performed by an Authorization
Server, as well as to obtain basic profile
information about the End-User in an
interoperable and REST-like manner.](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
OpenID Connect Explained
OpenID Connect is a simple identity/SSO protocol based on OAuth 2.0. This presentation explains its intent and core business features in 15 slides.
OAuth 2.0 and OpenId Connect
This document discusses authentication and authorization frameworks like OAuth and OpenID Connect. It provides an overview of key concepts like authentication, authorization, roles in OAuth like resource owner, client, authorization server and resource server. It explains the authorization code grant flow in OAuth and how OpenID Connect builds upon OAuth to provide identity features. It also compares OpenID Connect to SAML and discusses Microsoft and TechCello implementations of these specifications.
Introduction to OpenID Connect
This document summarizes a presentation about OpenID Connect. OpenID Connect is an identity layer on top of the OAuth 2.0 protocol that allows clients to verify the identity of the user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the user. It defines core functionality for modern identity frameworks by standardizing how clients and servers discover and use identity data exposed by identity providers and how clients can verify that identity data. The presenter discusses how OpenID Connect provides a simple yet powerful way to authenticate users and share attributes about them between websites and applications in an interoperable manner.
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
Intro to OAuth2 and OpenID Connect
An introduction to OAuth2 and OpenID Connect intended for a technical audience. This covers terminology, core concepts, and all the core grants/flows for OAuth2 and OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
SAML, OAuth 2.0, and OpenID Connect are the three most common authentication protocols. SAML provides authentication and authorization assertions while OAuth 2.0 focuses on authorization. OpenID Connect builds on OAuth 2.0 by adding authentication features and using claims to provide user information. It has a lower implementation barrier than SAML and is well-suited for mobile and API use cases. The document compares the protocols and their applications, security considerations, and history of adoption.
OAuth 2.0
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
An Introduction to OAuth2
Slides from my O'Reilly Webcast on OAuth 2.
Book coming in 2013 http://shop.oreilly.com/product/0636920023531.do
Recommended
OpenID Connect Explained
OpenID Connect is a simple identity/SSO protocol based on OAuth 2.0. This presentation explains its intent and core business features in 15 slides.
OAuth 2.0 and OpenId Connect
This document discusses authentication and authorization frameworks like OAuth and OpenID Connect. It provides an overview of key concepts like authentication, authorization, roles in OAuth like resource owner, client, authorization server and resource server. It explains the authorization code grant flow in OAuth and how OpenID Connect builds upon OAuth to provide identity features. It also compares OpenID Connect to SAML and discusses Microsoft and TechCello implementations of these specifications.
Introduction to OpenID Connect
This document summarizes a presentation about OpenID Connect. OpenID Connect is an identity layer on top of the OAuth 2.0 protocol that allows clients to verify the identity of the user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the user. It defines core functionality for modern identity frameworks by standardizing how clients and servers discover and use identity data exposed by identity providers and how clients can verify that identity data. The presenter discusses how OpenID Connect provides a simple yet powerful way to authenticate users and share attributes about them between websites and applications in an interoperable manner.
Demystifying SAML 2.0,Oauth 2.0, OpenID Connect
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
Intro to OAuth2 and OpenID Connect
An introduction to OAuth2 and OpenID Connect intended for a technical audience. This covers terminology, core concepts, and all the core grants/flows for OAuth2 and OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
SAML, OAuth 2.0, and OpenID Connect are the three most common authentication protocols. SAML provides authentication and authorization assertions while OAuth 2.0 focuses on authorization. OpenID Connect builds on OAuth 2.0 by adding authentication features and using claims to provide user information. It has a lower implementation barrier than SAML and is well-suited for mobile and API use cases. The document compares the protocols and their applications, security considerations, and history of adoption.
OAuth 2.0
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
An Introduction to OAuth2
Slides from my O'Reilly Webcast on OAuth 2.
Book coming in 2013 http://shop.oreilly.com/product/0636920023531.do
OAuth & OpenID Connect Deep Dive
OAuth and OpenID Connect are the two most important security specs that API providers need to be aware of. In this session, Travis Spencer, CEO of Curity, will cram in as much about these two protocols as will fit into 20 minutes.
IdP, SAML, OAuth
IdP, SAML, OAuth are new acronyms for identity in the cloud. SAML is used for federated authentication between an identity provider (IdP) like Active Directory and a service provider (SP) like Office 365. The IdP authenticates the user and sends a SAML token with claims to the SP. OAuth streamlines authentication for mobile by issuing short-lived access tokens instead of passing full credentials or SAML assertions between each service. It allows authorization without passwords and tokens can be revoked, reducing risks of compromised apps. Office 365 uses Azure Active Directory as an IdP with SAML or OAuth to authenticate users from an on-premises Active Directory via federation or synchronization.
OAuth2 - Introduction
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
OAuth 2.0 and OpenID Connect
An overview of OAuth 2.0 and OpenID Connect. How they are related and how they fit into the Neo Security Stack.
SIngle Sign On with Keycloak
Talk given at Open Source Datacenter Conference 2019 about open source iam with Keycloak, a red hat project around OpenID Connect and Saml 2.0
OpenId Connect Protocol
The presentation overviews the OpenId Connect Protocol and steps to its adoption.
In addition, you will see the Keycloak Overview.
Introduction to SAML 2.0
This document provides an introduction to Security Assertion Markup Language (SAML) 2.0, including:
- SAML is an XML-based standard for exchanging authentication and authorization data between parties like an identity provider and service provider.
- It defines roles like identity providers, service providers, and users.
- SAML supports single sign-on, attribute sharing, identity federation, and other use cases through protocols, bindings, and profiles.
- Liferay supports acting as an identity provider or service provider using SAML through an enterprise edition plugin, allowing configuration as an IdP or SP through properties and metadata files.
- The presentation demonstrates SAML single sign-on flows and configurations using examples
Demystifying OAuth 2.0
It seems that OAuth 2.0 is everywhere these days. Whether you are building a hot new single page web application (SPA), a native mobile experience, or just trying to integrate with the API economy, you can't go far without running into the popular authorization framework for REST/APIs and social authentication.
During Oktane15 (https://www.okta.com/oktane15/), Karl McGuinness, our Senior Director of Identity, demystified the powerful, yet often misunderstood, world of OAuth 2.0 and shared details on Okta’s growing support for OpenID Connect.
Secure your app with keycloak
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
OAuth 2
OAuth 2 is an authorization framework that allows applications to access user data and perform actions on their behalf. It defines flows for applications to request access, and provides short-lived credentials in response. The main roles in OAuth are the resource owner (user), client (application), resource server (API), and authorization server (issues tokens). Common grant types include authorization code, implicit, and client credentials flows. Tokens returned include access and refresh tokens, and OpenID Connect adds optional ID tokens containing user information.
Token, token... From SAML to OIDC
This document compares and contrasts three token-based authentication and authorization protocols: SAML, OAuth access tokens, and OpenID Connect ID tokens.
SAML uses XML assertions for identity and authorization. Access tokens in OAuth are opaque bearer strings, while ID tokens in OpenID Connect are JSON Web Tokens (JWTs) containing user information. SAML is for web services and uses WS-Security, while access tokens and ID tokens can be used by web and mobile apps via HTTP. Both SAML and ID tokens can be used to represent user identities, while access tokens and SAML assertions can authorize access to protected resources. Security considerations for each include confidentiality, integrity, and replay attacks.
Building secure applications with keycloak
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
An Introduction to OAuth 2
The document provides an overview of the history and development of OAuth standards for authorization. It describes some of the issues with early implementations that prompted the creation of OAuth 1.0, including services storing user passwords and lack of ability to revoke access. OAuth 1.0 introduced signatures to address these issues. OAuth 2.0 replaced signatures with HTTPS and defines common flows for different use cases, including authorization code, implicit, password, and client credentials grants.
An introduction to OAuth 2
This document provides an introduction and overview of OAuth 2.0. It discusses the key components and actors in the OAuth framework, including clients, protected resources, resource owners, and authorization servers. It describes the major steps of an OAuth transaction, issuing and using tokens. Specifically, it outlines the authorization code grant flow, how clients request and receive access tokens from authorization servers to access protected resources on behalf of resource owners. It also defines common OAuth concepts like scopes, refresh tokens, and authorization grants.
DCC17 - Identity Server 4
This document discusses Identity Server and authentication. It introduces Chris Holwerda and his background. It then covers topics like today's authentication landscape, security token services, identity servers, claims, tokens, and building an identity server demo using ASP.NET MVC, ASP.NET Web API, and external providers like Facebook and Google. Potential gotchas with claim and token sizes are also mentioned.
Jwt Security
JSON Web Tokens (JWTs) are a compact way to securely transmit information between parties as a JSON object signed with a secret or public/private key pair. JWTs have three parts - a header specifying the signing algorithm, a payload containing claims, and a signature. The document discusses the structure and security concerns of JWTs such as information leakage, weak algorithms, and attacks that modify the algorithm or signature.
Understanding JWT Exploitation
JSON Web Tokens (JWTs) are compact, self-contained tokens used to securely transmit information between parties as JSON objects. JWTs contain a header, payload, and signature. The header typically specifies the token type and signing algorithm being used. The payload contains claims about the user such as username, ID, and expiration time. The signature ensures the token integrity. JWTs are signed using a secret or public/private key pair to authenticate and securely exchange information.
Understanding OpenID
OpenID is a decentralized protocol that allows users to log in to multiple websites using a single digital identity. It allows users to maintain a single username and password that can be used to access any website that accepts OpenID logins. When a user logs in to a website using OpenID, they are redirected to their OpenID provider to authenticate, and then sent back to the website. This allows for single sign-on across multiple sites without needing separate credentials for each site.
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 allows third party applications to access resources without sharing credentials. It uses grant types like authorization code and implicit grant to obtain an access token. The access token is then used by the client to access resources from the resource server. DataPower supports OAuth 2.0 and provides customization options like additional grant types and extension points to customize the OAuth handshake process.
API Security : Patterns and Practices
The document discusses API security patterns and practices. It covers topics like API gateways, authentication methods like basic authentication and OAuth 2.0, authorization with XACML policies, and securing APIs through measures like TLS, JWTs, and throttling to ensure authentication, authorization, confidentiality, integrity, non-repudiation, and availability. Key points covered include the gateway pattern, direct vs brokered authentication, JSON web tokens for self-contained access tokens, and combining OAuth and XACML for fine-grained access control.
OpenID Connect "101" Introduction -- October 23, 2018
This document provides an introduction to OpenID Connect and summarizes its key aspects:
1) OpenID Connect is an identity layer built on top of OAuth 2.0 that allows clients to verify the identity of users and obtain basic profile information through RESTful APIs and JSON.
2) Many major companies have already implemented OpenID Connect in their applications and websites.
3) OpenID Connect specifications cover a wide range of use cases from non-sensitive to highly secure information as well as different levels of sophistication in claims usage. Implementations can build only the required pieces.
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Connect Working Group update presented by Dr. Michael B. Jones (Microsoft) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
More Related Content
What's hot
OAuth & OpenID Connect Deep Dive
OAuth and OpenID Connect are the two most important security specs that API providers need to be aware of. In this session, Travis Spencer, CEO of Curity, will cram in as much about these two protocols as will fit into 20 minutes.
IdP, SAML, OAuth
IdP, SAML, OAuth are new acronyms for identity in the cloud. SAML is used for federated authentication between an identity provider (IdP) like Active Directory and a service provider (SP) like Office 365. The IdP authenticates the user and sends a SAML token with claims to the SP. OAuth streamlines authentication for mobile by issuing short-lived access tokens instead of passing full credentials or SAML assertions between each service. It allows authorization without passwords and tokens can be revoked, reducing risks of compromised apps. Office 365 uses Azure Active Directory as an IdP with SAML or OAuth to authenticate users from an on-premises Active Directory via federation or synchronization.
OAuth2 - Introduction
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
OAuth 2.0 and OpenID Connect
An overview of OAuth 2.0 and OpenID Connect. How they are related and how they fit into the Neo Security Stack.
SIngle Sign On with Keycloak
Talk given at Open Source Datacenter Conference 2019 about open source iam with Keycloak, a red hat project around OpenID Connect and Saml 2.0
OpenId Connect Protocol
The presentation overviews the OpenId Connect Protocol and steps to its adoption.
In addition, you will see the Keycloak Overview.
Introduction to SAML 2.0
This document provides an introduction to Security Assertion Markup Language (SAML) 2.0, including:
- SAML is an XML-based standard for exchanging authentication and authorization data between parties like an identity provider and service provider.
- It defines roles like identity providers, service providers, and users.
- SAML supports single sign-on, attribute sharing, identity federation, and other use cases through protocols, bindings, and profiles.
- Liferay supports acting as an identity provider or service provider using SAML through an enterprise edition plugin, allowing configuration as an IdP or SP through properties and metadata files.
- The presentation demonstrates SAML single sign-on flows and configurations using examples
Demystifying OAuth 2.0
It seems that OAuth 2.0 is everywhere these days. Whether you are building a hot new single page web application (SPA), a native mobile experience, or just trying to integrate with the API economy, you can't go far without running into the popular authorization framework for REST/APIs and social authentication.
During Oktane15 (https://www.okta.com/oktane15/), Karl McGuinness, our Senior Director of Identity, demystified the powerful, yet often misunderstood, world of OAuth 2.0 and shared details on Okta’s growing support for OpenID Connect.
Secure your app with keycloak
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
OAuth 2
OAuth 2 is an authorization framework that allows applications to access user data and perform actions on their behalf. It defines flows for applications to request access, and provides short-lived credentials in response. The main roles in OAuth are the resource owner (user), client (application), resource server (API), and authorization server (issues tokens). Common grant types include authorization code, implicit, and client credentials flows. Tokens returned include access and refresh tokens, and OpenID Connect adds optional ID tokens containing user information.
Token, token... From SAML to OIDC
This document compares and contrasts three token-based authentication and authorization protocols: SAML, OAuth access tokens, and OpenID Connect ID tokens.
SAML uses XML assertions for identity and authorization. Access tokens in OAuth are opaque bearer strings, while ID tokens in OpenID Connect are JSON Web Tokens (JWTs) containing user information. SAML is for web services and uses WS-Security, while access tokens and ID tokens can be used by web and mobile apps via HTTP. Both SAML and ID tokens can be used to represent user identities, while access tokens and SAML assertions can authorize access to protected resources. Security considerations for each include confidentiality, integrity, and replay attacks.
Building secure applications with keycloak
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
An Introduction to OAuth 2
The document provides an overview of the history and development of OAuth standards for authorization. It describes some of the issues with early implementations that prompted the creation of OAuth 1.0, including services storing user passwords and lack of ability to revoke access. OAuth 1.0 introduced signatures to address these issues. OAuth 2.0 replaced signatures with HTTPS and defines common flows for different use cases, including authorization code, implicit, password, and client credentials grants.
An introduction to OAuth 2
This document provides an introduction and overview of OAuth 2.0. It discusses the key components and actors in the OAuth framework, including clients, protected resources, resource owners, and authorization servers. It describes the major steps of an OAuth transaction, issuing and using tokens. Specifically, it outlines the authorization code grant flow, how clients request and receive access tokens from authorization servers to access protected resources on behalf of resource owners. It also defines common OAuth concepts like scopes, refresh tokens, and authorization grants.
DCC17 - Identity Server 4
This document discusses Identity Server and authentication. It introduces Chris Holwerda and his background. It then covers topics like today's authentication landscape, security token services, identity servers, claims, tokens, and building an identity server demo using ASP.NET MVC, ASP.NET Web API, and external providers like Facebook and Google. Potential gotchas with claim and token sizes are also mentioned.
Jwt Security
JSON Web Tokens (JWTs) are a compact way to securely transmit information between parties as a JSON object signed with a secret or public/private key pair. JWTs have three parts - a header specifying the signing algorithm, a payload containing claims, and a signature. The document discusses the structure and security concerns of JWTs such as information leakage, weak algorithms, and attacks that modify the algorithm or signature.
Understanding JWT Exploitation
JSON Web Tokens (JWTs) are compact, self-contained tokens used to securely transmit information between parties as JSON objects. JWTs contain a header, payload, and signature. The header typically specifies the token type and signing algorithm being used. The payload contains claims about the user such as username, ID, and expiration time. The signature ensures the token integrity. JWTs are signed using a secret or public/private key pair to authenticate and securely exchange information.
Understanding OpenID
OpenID is a decentralized protocol that allows users to log in to multiple websites using a single digital identity. It allows users to maintain a single username and password that can be used to access any website that accepts OpenID logins. When a user logs in to a website using OpenID, they are redirected to their OpenID provider to authenticate, and then sent back to the website. This allows for single sign-on across multiple sites without needing separate credentials for each site.
OAuth 2.0 with IBM WebSphere DataPower
OAuth 2.0 allows third party applications to access resources without sharing credentials. It uses grant types like authorization code and implicit grant to obtain an access token. The access token is then used by the client to access resources from the resource server. DataPower supports OAuth 2.0 and provides customization options like additional grant types and extension points to customize the OAuth handshake process.
API Security : Patterns and Practices
The document discusses API security patterns and practices. It covers topics like API gateways, authentication methods like basic authentication and OAuth 2.0, authorization with XACML policies, and securing APIs through measures like TLS, JWTs, and throttling to ensure authentication, authorization, confidentiality, integrity, non-repudiation, and availability. Key points covered include the gateway pattern, direct vs brokered authentication, JSON web tokens for self-contained access tokens, and combining OAuth and XACML for fine-grained access control.
What's hot (20)
Similar to OpenID Connect: An Overview
OpenID Connect "101" Introduction -- October 23, 2018
This document provides an introduction to OpenID Connect and summarizes its key aspects:
1) OpenID Connect is an identity layer built on top of OAuth 2.0 that allows clients to verify the identity of users and obtain basic profile information through RESTful APIs and JSON.
2) Many major companies have already implemented OpenID Connect in their applications and websites.
3) OpenID Connect specifications cover a wide range of use cases from non-sensitive to highly secure information as well as different levels of sophistication in claims usage. Implementations can build only the required pieces.
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Connect Working Group update presented by Dr. Michael B. Jones (Microsoft) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
Michael Jones with Microsoft provided an update on the OpenID Connect Working Group at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
CIS 2013 Ping Identity Chalktalk
Learn about upcoming product features from Ping Identity product management, view demonstrations of new functionality direct from the engineering team, and participate in a lively discussion about the latest technology advancements and their business applications.
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group update presented by Michael Jones (Microsoft) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OpenID for SSI
OpenID for SSI aims to specify protocols based on OpenID Connect and OAuth 2.0 to enable self-sovereign identity (SSI) applications. This initiative is conducted by the OpenID Foundation in collaboration with the Decentralized Identity Foundation. One specification builds upon the DID-SIOP and SIOPv1 standards. Using OpenID Connect allows for variety in SSI technology choices like identifiers, credentials, and cryptography while leveraging existing OpenID Connect implementations, libraries, and developer familiarity. Demonstrations show credential presentation and issuance via OIDC4SSI specifications.
ざっくり解説 LINE ログイン
The document discusses LINE Login and the LINE Developer Community (#LINEDC). It explains that LINE Login allows easier login through LINE accounts. It uses OAuth2 and OpenID Connect protocols. The LINE Developer Community is a community for engineers and creators building on the LINE Platform. It has over 4,000 members and shares information about events and the latest updates.
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
This document summarizes an OpenID Connect workshop about challenges for mobile applications. It introduces OpenID Connect, explaining that it combines functionality from SAML and OAuth. It then discusses high-level challenges for mobile, conformance and interoperability testing, and OAuth and OpenID Connect protocols and flows, focusing on authorization code and implicit flows. Key points covered include security challenges on mobile, dynamic client registration, and issues around webviews versus system browsers for authentication.
Five Things You Gotta Know About Modern Identity
Modern identity supports the new world built on device-independent, location-anywhere access. New-school provisioning and authentication are requiremed. Its protocols are increasingly built upon frameworks like REST and JSON; examples include SCIM, OAuth OpenID Connect and FIDO. Modern identity leverages IDaaS and identity bridges to manage users and applications across the hybrid cloud.
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Microservice architectures bring many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure and efficient authentication and authorization scheme in such architectures.
The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC).
In this talk, you will get a concise introduction into OAuth 2.0 and OIDC.
We will look at OAuth 2.0 and OIDC grant flows and discuss the differences between OAuth 2.0 and OpenID Connect. Finally, you will be introduced to the current best practices currently evolved by the working group.
So If you finally want to understand the base concepts of OAuth 2.0 and OIDC in a short time then this is the talk you should go for.
SSO with the WSO2 Identity Server
The document discusses single sign-on (SSO) solutions using OpenID, SAML 2.0, and WS-Trust. It provides an overview of each standard including key entities, profiles, messages and bindings. It also demonstrates each SSO solution using the WSO2 Identity Server.
Sso with the wso2 identity server
Suresh Attanayake's presentation discusses single sign-on (SSO) solutions including OpenID, SAML 2.0, and WS-Trust. It provides an overview of each standard including key entities, authentication flows, and how they address common SSO problems. It also demonstrates implementations of each using the WSO2 Identity Server product.
Implementing Microservices Security Patterns & Protocols with Spring
SpringOne Tour Toronto 2018 by Pivotal
Implementing Microservices Security Patterns & Protocols with Spring - Adib Saikali
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
This deck gives an overview of OpenID 4 Verifiable Credentials and shows how the specs can be tailored to the needs of a certain category of projects/ecosystems.
Microservice with OAuth2
OAuth2 is an authorization standard that enables third-party applications to obtain limited access to protected resources on behalf of a resource owner. It does not handle authentication. SAML is a standard for single sign-on and federated identity management. OpenID allows users to authenticate using third-party identity providers like Google or Facebook. While SAML and OpenID both use federated identity, OAuth2 focuses only on authorization of resources. Spring Security OAuth provides support for OAuth consumers and providers, while Pivotal Cloud Foundry's UAA server is an OAuth2 provider commonly used with Cloud Foundry.
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
The OpenID Foundation and the Open Identity Exchange co-hosted an Open Banking Workshop on Tuesday, January 30, 2018 in London. This presentation is an and overview of the OpenID Foundation and provides updates on the OpenID Connect standard and OpenID Certification Program that was presented by Mike Jones (Microsoft), OpenID Foundation Secretary.
Keycloak SSO basics
Red Hat Single Sign-On (RH-SSO) is an identity and access management product based on the open source Keycloak project. The document provides an overview of RH-SSO, including its architecture, core concepts such as authentication, authorization, tokens, and security considerations for deployment. It also discusses clustering, user federation, and identity brokering capabilities.
WSO2 Identity Server - Product Overview
As the industry’s first enterprise identity bus (EIB), WSO2 Identity Server is the central backbone that connects and manages multiple identities across applications, APIs, the cloud, mobile, and Internet of Things devices, regardless of the standards on which they are based. The multi-tenant WSO2 Identity Server can be deployed directly on servers or in the cloud, and has the ability to propagate identities across geographical and enterprise borders in a connected business environment.
Authorization and Authentication using IdentityServer4
This document summarizes a presentation about OAuth 2.0, OpenID Connect, and single sign-on (SSO) using IdentityServer4. It discusses the differences between authorization and authentication, provides an overview of OAuth 2.0 authorization grant types and how IdentityServer4 can implement OAuth 2.0 and OpenID Connect protocols to secure APIs, web, and mobile applications. It also lists some demos and helpful links related to implementing OAuth 2.0 and OpenID Connect with IdentityServer4.
Getting Started with Spring Authorization Server
SpringOne 2021
Title: Getting Started with Spring Authorization Server
Speakers: Joe Grandja, Spring Security Engineer at VMware; Steve Riesenberg, Software Engineer at VMware
Similar to OpenID Connect: An Overview (20)
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
More from Pat Patterson
DevOps from the Provider Perspective
The document discusses DevOps from the perspective of a technology provider. It suggests that providers should engage with their technical community to understand how customers are implementing DevOps and where they are getting stuck. This will help providers identify the most useful resources to prioritize in their DevOps tools. Providers should adopt an agile approach to implement these resources, starting with an MVP and iterating based on customer feedback. Releasing tools as open source and working with the community can help fill gaps and improve the tools over time.
How Imprivata Combines External Data Sources for Business Insights
Imprivata is a healthcare-focused IT security company. Using data integration tools from StreamSets, they built a pipeline to consolidate data from NetSuite, Salesforce, and Oracle in a cloud-based PostgreSQL data warehouse. Hear how their analytics team combined transaction, product, and support data in Einstein Analytics to support decision-making across their business functions: sales, marketing operations, product owners, and CxOs.
Data Integration with Apache Kafka: What, Why, How
Presented at Orange County Advanced Analytics and Big Data Meetup, June 21 2019.
Apache Kafka has fast become the dominant messaging technology for the enterprise; if you're a data scientist or data engineer and you have not yet worked with Kafka, that situation will likely change soon! In this session, Pat Patterson, director of evangelism at StreamSets, explains what Kafka is, why it has disrupted the previous generation of messaging products, and how you can use open source products to build dataflow pipelines with Kafka, without writing code.
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
On a typical day we see hundreds of downloads of StreamSets Data Collector, our open source data integration tool. We used to wrangle our download logs using a combination of the AWS S3 command line, sed, grep, awk and other tools, all run from a shell script (on my laptop!) once a week. This was a classic example of a brittle, hard to maintain, custom data integration. One day it dawned on me, "This is crazy, we have a tool that can do all this!". In this session, I'll explain how I built a dataflow pipeline to stream content delivery network (CDN) logs from S3 to MySQL in real-time, allowing us to gain valuable insights into our open source community. You'll also learn how we use the same techniques to not only gain insights into our community on Slack, but also build tools to better serve them.
Dealing with Drift: Building an Enterprise Data Lake
This document discusses Cox Automotive's use of StreamSets to build an enterprise data lake. It describes the challenges of acquiring and ingesting data from 25 companies with different source types and schemas at scale. Cox Automotive addressed this by using StreamSets to separate the acquisition of data from its various source systems from the ingestion into the data lake. StreamSets pipelines automatically apply data standards and load balancing during ingestion. This architecture has allowed Cox Automotive to significantly increase its monthly ingestion volumes.
Integrating with Einstein Analytics
Einstein Analytics (previously known as Wave Analytics) allows developers to not only create analytics applications, but also to create application templates that allow end-users to create their own analytics applications based on your master app. You, the developer, can define parameters and rules as part of the template, allowing the end-user to customize the app to their requirements. This Dreamforce 2017 session explains how to use Analytics Templates and the Analytics External Data API to automate the ingest of data from outside the platform, manipulating datasets and dataflows to provide a seamless experience for the user.
Efficient Schemas in Motion with Kafka and Schema Registry
This document discusses Apache Avro and Schema Registry. Avro is a data serialization format that allows for schema evolution. Schema Registry provides a REST API and stores Avro schemas, allowing producers and consumers to reference schemas by ID rather than sending the full schema with each message. This reduces network traffic. The presenter demonstrates registering schemas and performing schema evolution using Schema Registry.
Dealing With Drift - Building an Enterprise Data Lake
Data drift, the gradual morphing of data structure and semantics, is a fact of life in enterprise IT. New requirements force schema changes, the meaning of database columns changes over time, and infrastructure upgrades add new fields to log files. Left unchecked, drift in data sources can cause applications and dataflows to fail, with costly downtime and, in the worst case, corruption in downstream data stores.
Cox Automotive comprises more than 25 companies dealing with different aspects of the car ownership lifecycle, with data as the common language they all share. The challenge for Cox was to create an efficient engine for the timely and trustworthy ingest of data capability for an unknown but large number of data assets from practically any source. Discover how their big data engineering team overcame data drift and are now populating a data lake, allowing analysts easy access to data from their subsidiary companies and producing new data assets unique to the industry.
Building Data Pipelines with Spark and StreamSets
Big data tools such as Hadoop and Spark allow you to process data at unprecedented scale, but keeping your processing engine fed can be a challenge. Metadata in upstream sources can ‘drift’ due to infrastructure, OS and application changes, causing ETL tools and hand-coded solutions to fail. StreamSets Data Collector (SDC) is an Apache 2.0 licensed open source platform for building big data ingest pipelines that allows you to design, execute and monitor robust data flows. In this session we’ll look at how SDC’s “intent-driven” approach keeps the data flowing, with a particular focus on clustered deployment with Spark and other exciting Spark integrations in the works.
Adaptive Data Cleansing with StreamSets and Cassandra
Presented at Cassandra Summit 2016.
Cassandra is a perfect fit for consuming high volumes of time-series data directly from users, devices, and sensors. Sometimes, though, when we consume data from the real world, systematic and random errors creep in. In this session, we'll see how to use open source tools like RabbitMQ and StreamSets Data Collector with Cassandra features such as User Defined Aggregates to collect, cleanse and ingest variable quality data at scale. Discover how to combine the power of Cassandra with the flexibility of StreamSets to implement adaptive data cleansing.
Building Custom Big Data Integrations
Big data ingest frameworks ship with an array of connectors for common data origins and destinations, such as flat files, S3, HDFS, Kafka etc, but sometimes, you need to send data to, or receive data from a system that's not on the list. StreamSets includes template code for building your own connectors and processors; we'll walk through the process of building a simple destination that sends data to a REST web service, and show how it can be extended to target more sophisticated systems such as Salesforce Wave Analytics.
Ingest and Stream Processing - What will you choose?
Pat Patterson and Ted Malaska talk about current and emerging technologies. They evaluate each and understand how they are useful in solving problems related to large scale data processing, joining and combining streams. They also talk about the various ways of achieving "at least once" and "exactly once" processing and how we can make sure that data is processed in a timely fashion.
Open Source Big Data Ingestion - Without the Heartburn!
Big Data tools such as Hadoop and Spark allow you to process data at unprecedented scale, but keeping your processing engine fed can be a challenge. Upstream data sources can 'drift' due to infrastructure, OS and application changes, causing ETL tools and hand-coded solutions to fail, inducing heartburn in even the most resilient data scientist. This session will survey the big data ingestion landscape, focusing on how open source tools such as Sqoop, Flume, Nifi and StreamSets can keep the data pipeline flowing.
Ingest and Stream Processing - What will you choose?
This document discusses ingestion and stream processing options. It provides an overview of common streaming patterns and components, including producers, Kafka, and various streaming engines and destinations. Spark Streaming is highlighted as being highly used for its high throughput, SQL support, and ease of transition from batch. The document also discusses other streaming engines like Storm, Flink, and Kafka Streams, noting their strengths and weaknesses. Finally, it introduces StreamSets Data Collector as a tool for building data pipelines.
All Aboard the Boxcar! Going Beyond the Basics of REST
This document discusses RESTful principles and how the Salesforce REST API implements and extends those principles. It begins by outlining Roy Fielding's definition of REST, including client-server architecture, statelessness, caching, uniform interface, layered system, and hypermedia as the engine of application state. It then demonstrates how the Salesforce REST API fulfills most of these principles through examples of retrieving and updating objects. However, it also presents two extensions - object trees and batch requests - that allow creating and manipulating multiple objects in one request, pushing the boundaries of the uniform interface principle. The document concludes by encouraging readers to carefully consider REST principles and only diverge from them when it meaningfully improves the experience.
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
This document discusses using the Simple Cloud Identity Management (SCIM) standard to enable cloud identity and user provisioning across different systems. It provides an overview of SCIM, including its benefits for managing the user lifecycle across on-premise and cloud systems. It describes the SCIM schema for core and extended user attributes. The document demonstrates a SCIM request to retrieve a user and the response, showing both core and extended attribute information. It lists some implementations of SCIM and provides a demo use case of using SCIM to automatically provision a new employee's account, update access upon promotion, and deactivate accounts upon retirement.
OData: Universal Data Solvent or
Clunky Enterprise Goo? (GlueCon 2015)
Why would anyone but the most pedestrian enterprise developer be interested in a data access protocol originally designed by Microsoft, implemented in XML and handed to OASIS for standardization? The Open Data Protocol, or OData for short, has evolved into a clean, RESTful interface for CRUD operations against data services. Alongside the usual enterprise suspects such as Microsoft, Salesforce and IBM, OData has been adopted by government and non-profit agencies to open up their data and make it accessible to the public. For developers wanting to consume data, or create their own OData services, there's no shortage of open source options, from Apache Olingo in Java to node-odata and ODataCpp. Whether you're accessing customer orders in SAP or the Whitehouse visitor book, you're going to need some OData smarts.
Enterprise IoT: Data in Context
The document discusses Internet of Things (IoT) use cases and system architecture patterns for connecting IoT devices to Salesforce. It identifies three common IoT use case patterns: remote monitoring, instrumenting products, and new customer experiences. It then outlines five architecture patterns for connecting devices to Salesforce: anonymous, direct, buffered, gateway, and cloudy. The document promotes connecting IoT data to Salesforce to enable proactive customer engagement and service opportunities.
OData: A Standard API for Data Access
The Open Data Protocol, or OData for short, provides a RESTful interface for CRUD operations against data services. OData services, such as Microsoft Azure, SAP, and WebSphere expose data and metadata as typed name/value pairs in JSON or XML, allowing 'off-the-shelf' data consumers to integrate with services without custom code. This session gives an overview of OData, and explains why salesforce.com selected it as a protocol to integrate with external data services.
API-Driven Relationships: Building The Trans-Internet Express of the Future
Presented at IRM Summit, June 4 2014. Abstract:
Move over Thomas the Tank Engine! If developers are the train conductors of the railway, then APIs
are the bullet trains of the future. In this session, Pat Patterson will explain how identity allows API
ecosystems to flourish, enabling developers to build ever more elaborate integrations. Whether it be
ExactTarget, Minecraft, or other great services, APIs are the basis for empowering developers to build
boundary-less railways across the web. ALLLLLL ABOOOOOOOOOAAAARD!
More from Pat Patterson (20)
How Imprivata Combines External Data Sources for Business Insights
How Imprivata Combines External Data Sources for Business Insights
Data Integration with Apache Kafka: What, Why, How
Data Integration with Apache Kafka: What, Why, How
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Project Ouroboros: Using StreamSets Data Collector to Help Manage the StreamS...
Dealing with Drift: Building an Enterprise Data Lake
Dealing with Drift: Building an Enterprise Data Lake
Efficient Schemas in Motion with Kafka and Schema Registry
Efficient Schemas in Motion with Kafka and Schema Registry
Dealing With Drift - Building an Enterprise Data Lake
Dealing With Drift - Building an Enterprise Data Lake
Adaptive Data Cleansing with StreamSets and Cassandra
Adaptive Data Cleansing with StreamSets and Cassandra
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?
Open Source Big Data Ingestion - Without the Heartburn!
Open Source Big Data Ingestion - Without the Heartburn!
Ingest and Stream Processing - What will you choose?
Ingest and Stream Processing - What will you choose?
All Aboard the Boxcar! Going Beyond the Basics of REST
All Aboard the Boxcar! Going Beyond the Basics of REST
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
Provisioning IDaaS - Using SCIM to Enable Cloud Identity
OData: Universal Data Solvent or
Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or
Clunky Enterprise Goo? (GlueCon 2015)
API-Driven Relationships: Building The Trans-Internet Express of the Future
API-Driven Relationships: Building The Trans-Internet Express of the Future
Recently uploaded
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
Astute Business Solutions | Oracle Cloud Partner |
Your goto partner for Oracle Cloud, PeopleSoft, E-Business Suite, and Ellucian Banner. We are a firm specialized in managed services and consulting.
Mutation Testing for Task-Oriented Chatbots
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.Apps Break Data
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Session 1 - Intro to Robotic Process Automation.pdf
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...Pitangent Analytics & Technology Solutions Pvt. Ltd
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications."What does it really mean for your system to be available, or how to define w...
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
GNSS spoofing via SDR (Criptored Talks 2024)
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
What is an RPA CoE? Session 1 – CoE Vision
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Recently uploaded (20)
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Crafting Excellence: A Comprehensive Guide to iOS Mobile App Development Serv...
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
"What does it really mean for your system to be available, or how to define w...
"What does it really mean for your system to be available, or how to define w...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
"Scaling RAG Applications to serve millions of users", Kevin Goedecke
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk
OpenID Connect: An Overview
- 1. OpenID Connect: An Overview Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy
- 2. What is OpenID Connect? Simple Identity Layer for the Internet [OpenID Connect] allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
- 3. What is OpenID Connect? • Specification defined by OpenID Foundation ‘Connect’ Work Group – NRI, Ping Identity, Microsoft, Google, Salesforce etc • Built on OAuth 2.0 • REST-based • Successor to SAML?
- 4. OpenID Connect Status • ‘Nearly complete’ – Second set of OpenID Connect Implementer’s Drafts approved in July, 2013 – Interop testing under way – Waiting for dependencies to be standardized • JWT, JWS etc
- 5. OpenID Connect Specification • OpenID Connect 1.0 Specification – Core – Discovery (optional) – Dynamic Registration (optional) – Session Management (optional) – OAuth 2.0 Multiple Response Types • Implementer’s Guides – Basic Client Profile – Implicit Client Profile
- 6. OpenID Connect Roles Web-based, mobile, or JavaScript Clients verify the identity of End-Users based on authentication performed by an Authorization Server.
- 7. OpenID Connect Basic Client Profile
- 8. OpenID Connect Implicit Client Profile
- 9. OpenID Connect Token Response { "access_token":"SlAV32hkKG", "token_type":"Bearer", "expires_in":3600, "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA", "id_token":"eyJ0 ... NiJ9.eyJ1c ... ZXso” } • id_token is a JSON Web Token (JWT) – Signed, URL/filename-safe base64 encoded JSON data
- 10. OpenID Connect ID Token { "iss": "https://server.example.com", "sub": "24400320", "aud": "s6BhdRkqt3", "exp": 1311281970, "iat": 1311280970 } • Issuer, Subject, Audience, Expiry, Issued At • Also optional email, auth_time, nonce etc
- 11. Who is Deploying OpenID Connect? • Services: Google, Salesforce, eBay, AOL, Deutsche Telekom, Orange • Vendors: IBM, Microsoft, Ping Identity, Layer 7, ForgeRock, Gluu, MITRE, NRI
- 12. OpenID Connect in Action • Client: Salesforce Community • Auth Server: Google • End User: Me!
- 13. Salesforce Community Login Page
- 16. Salesforce Community Home Page
- 17. Questions? Pat Patterson Developer Evangelist Architect salesforce.com @metadaddy