David Brossard, Product Manager, Axiomatics
Application development trends often collide with security best practices, leaving enterprises with a patchwork mix of authorization schemes that are difficult and expensive to operate, modify and certify for compliance. This session will explore the latest trends in authorization and describe standards-based mechanisms to protect APIs, web services, data resources and more. Included in the discussion will be the interaction between XACML, OAuth, REST and JSON.
The Swisscom API journey document outlines Swisscom's efforts to transform into a digital company by exposing its services through APIs. It details the creation of an API program team to oversee API development. Swisscom established an internal Apigee platform called GREENFIELD to allow agile API development and testing. Through initiatives like the API-Kitchen events, Swisscom aims to educate internal developers and change its culture to embrace APIs. The document shares lessons learned and APIs Swisscom has developed, like ones for SMS, payments, customer info, and video conferencing.
The document summarizes the key findings from a global survey conducted by CA Technologies and The Ponemon Institute on trends in Bring Your Own Identity (BYOID). The survey polled over 3,000 IT and business users across eight regions. It found that interest in BYOID is highest for supporting online and mobile users due to demands for simplified user experiences. However, security concerns still pose a barrier to greater BYOID adoption. Additionally, the survey revealed that business users see BYOID's value in gathering customer data, while IT users view it more as a cost-saving initiative.
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCloudIDSummit
This document discusses enabling single sign-on (SSO) for mobile business users. It describes the needs of users who want easy access and IT who needs security and manageability. The challenges of mobility are outlined as enabling productivity while addressing security and making management easy. Solutions presented include SSO using iOS WebViews, Samsung Knox with Centrify for containerization separating work and personal activities, and integrated mobile and application administration.
CIS14: Identifying Things (and Things Identifying Us)CloudIDSummit
Paul Madsen, Ping Identity
Discussing a security and identity model for things that do not make the existing password problem orders of magnitude worse (perhaps using identity protocols like OAuth & OpenID Connect), and how our things might facilitate our own interactions with applications.
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCloudIDSummit
Aaron T. Myers (ATM), Software Engineer, Cloudera, Inc.
The era of “Big Data for the masses” is upon us. Despite the mindshare Big Data has been receiving – driven by the development and distribution of Apache Hadoop, the first commercialized release was only in December of 2011 by Cloudera, Inc. Cloudera remains the leading Hadoop platform provider in the market today. Now, with a diverse enterprise and government early adopter customer list, through Cloudera we can get a bird’s eye view of the leading authentication issues beginning to emerge from these companies headed out of the sandbox and into full production.
Speaker Aaron T. Myers (ATM) was one of Cloudera’s earliest engineers and maintains a core focus on Apache Hadoop core, specifically focused on HDFS and Hadoop’s security features. ATM is an Apache Hadoop PMC Member and Committer.
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding EdgeCloudIDSummit
Balu Rajagopal, Global Product Marketing, Pivotal
While Apache Hadoop represents a core infrastructure driver in the Big Data movement, much it changing on application layer technology landscape in order to cross connect data from different repositories in different domains. A new class of Business Applications are emerging that inherently leverages three major fabrics - Big Data platforms, Cloud and Analytics all together. From a business user perspective, the traditional model of logging into every application to access the data to make decisions (primary purpose of apps) is no longer relevant. This means that new authentication, authorization and access control capabilities are needed that leverages the three fabrics mentioned earlier.
Speaker Balu Rajagopal is in Global Product Marketing for Pivotal, a Big Data Analytics spinoff from EMC and VMWare that includes Greenplum. Balu came to VMWare via the earlier VMWare acquisition of Cetas.
Diana Schlegel, Caterpillar, Inc.
Case study of how Caterpillar is implementing OAuth corporate-wide and x509 certificates as an additional authentication mechanism for employee-owned assets, incorporating additional authentication schemas into existing technologies, serving mobile devices, and ensuring that the right individuals have the right access.
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and IdentitiesCloudIDSummit
Kurt Johnson, Courion
A discussion of how identity management needs to move to the next generation of intelligent IAM, combining traditional elements of provisioning and governance with continuous monitoring and rich analytics to identify risk, threats, and vulnerabilities to access.
The Swisscom API journey document outlines Swisscom's efforts to transform into a digital company by exposing its services through APIs. It details the creation of an API program team to oversee API development. Swisscom established an internal Apigee platform called GREENFIELD to allow agile API development and testing. Through initiatives like the API-Kitchen events, Swisscom aims to educate internal developers and change its culture to embrace APIs. The document shares lessons learned and APIs Swisscom has developed, like ones for SMS, payments, customer info, and video conferencing.
The document summarizes the key findings from a global survey conducted by CA Technologies and The Ponemon Institute on trends in Bring Your Own Identity (BYOID). The survey polled over 3,000 IT and business users across eight regions. It found that interest in BYOID is highest for supporting online and mobile users due to demands for simplified user experiences. However, security concerns still pose a barrier to greater BYOID adoption. Additionally, the survey revealed that business users see BYOID's value in gathering customer data, while IT users view it more as a cost-saving initiative.
CIS13: Gateway to the Enterprise: Supporting SSO in Mobile AppsCloudIDSummit
This document discusses enabling single sign-on (SSO) for mobile business users. It describes the needs of users who want easy access and IT who needs security and manageability. The challenges of mobility are outlined as enabling productivity while addressing security and making management easy. Solutions presented include SSO using iOS WebViews, Samsung Knox with Centrify for containerization separating work and personal activities, and integrated mobile and application administration.
CIS14: Identifying Things (and Things Identifying Us)CloudIDSummit
Paul Madsen, Ping Identity
Discussing a security and identity model for things that do not make the existing password problem orders of magnitude worse (perhaps using identity protocols like OAuth & OpenID Connect), and how our things might facilitate our own interactions with applications.
CIS13: Big Data Platform Vendor’s Perspective: Insights from the Bleeding EdgeCloudIDSummit
Aaron T. Myers (ATM), Software Engineer, Cloudera, Inc.
The era of “Big Data for the masses” is upon us. Despite the mindshare Big Data has been receiving – driven by the development and distribution of Apache Hadoop, the first commercialized release was only in December of 2011 by Cloudera, Inc. Cloudera remains the leading Hadoop platform provider in the market today. Now, with a diverse enterprise and government early adopter customer list, through Cloudera we can get a bird’s eye view of the leading authentication issues beginning to emerge from these companies headed out of the sandbox and into full production.
Speaker Aaron T. Myers (ATM) was one of Cloudera’s earliest engineers and maintains a core focus on Apache Hadoop core, specifically focused on HDFS and Hadoop’s security features. ATM is an Apache Hadoop PMC Member and Committer.
CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding EdgeCloudIDSummit
Balu Rajagopal, Global Product Marketing, Pivotal
While Apache Hadoop represents a core infrastructure driver in the Big Data movement, much it changing on application layer technology landscape in order to cross connect data from different repositories in different domains. A new class of Business Applications are emerging that inherently leverages three major fabrics - Big Data platforms, Cloud and Analytics all together. From a business user perspective, the traditional model of logging into every application to access the data to make decisions (primary purpose of apps) is no longer relevant. This means that new authentication, authorization and access control capabilities are needed that leverages the three fabrics mentioned earlier.
Speaker Balu Rajagopal is in Global Product Marketing for Pivotal, a Big Data Analytics spinoff from EMC and VMWare that includes Greenplum. Balu came to VMWare via the earlier VMWare acquisition of Cetas.
Diana Schlegel, Caterpillar, Inc.
Case study of how Caterpillar is implementing OAuth corporate-wide and x509 certificates as an additional authentication mechanism for employee-owned assets, incorporating additional authentication schemas into existing technologies, serving mobile devices, and ensuring that the right individuals have the right access.
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and IdentitiesCloudIDSummit
Kurt Johnson, Courion
A discussion of how identity management needs to move to the next generation of intelligent IAM, combining traditional elements of provisioning and governance with continuous monitoring and rich analytics to identify risk, threats, and vulnerabilities to access.
CIS14: From Card to Mobile—Evolving Identity CredentialsCloudIDSummit
Julian Lovelock, HID Global Identity Assurance
Discussion of the move toward employing personal smart devices as secure identity credentials, examining real-world use cases to highlight the advantages of doing so; also touching on the the implications for IT as departments work to establish comprehensive BYOD policies that not only secure employee access but also help organizations comply with industry mandates and regulations.
CIS14: Knowing vs. Asking: Innovation in User RecognitionCloudIDSummit
Pam Dingle, Ping Identity
Walk-through of simple changes in approach—away from the traditional stateless authentication model—that can have radical effect on what a user might be asked to do, and how they are asked to do it, with demonstration of recommended methods.
CIS14: Why Federated Access Needs a Federated IdentityCloudIDSummit
Matt Tatro, Denise Lores, Wade Ellery
Radiant Logic
How creating a federated identity service gives you a single unified view of ALL identities and their context to improve your federated access, WAM and application deployment.
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
Dale Olds, VMware
A pinch of authentication theory and methods, a taste of the sweet and the bitter of the much maligned password, and then larger portions of federated authentication protocols from
SAML to OpenID Connect, clearing up along the way some confusion between federated authentication and tokens used for delegated authorization.
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCloudIDSummit
Whether you want to give users single sign-on to SaaS applications, create a solution with the PingOne IDaaS and PingFederate identity bridge, or simply take advantage of the CloudDesktop, this bootcamp is for you.
This document provides an overview of OAuth 2.0 and how it addresses issues with the previous "password anti-pattern" approach to API authentication. It describes the key actors in OAuth - clients, authorization servers, and resource servers. It also summarizes the different flows for obtaining access tokens, common use cases for OAuth, and how OAuth compares to SAML for SSO and authorization.
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CloudIDSummit
Lisa Grady, Senior Solutions Architect, Radiant Logic
You've federated access, but what about identity? Lisa Grady, technical guru at Radiant Logic, will offer concrete solutions for deploying an identity provider in a complex, federated and siloed world.
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?CloudIDSummit
The cloud provides scalability and flexibility but also poses security challenges for enterprises with strict requirements. It discusses security needs like privacy, compliance, authentication, authorization and access controls. Advanced techniques are needed like attribute-based access control policies and metadata tagging to enable fine-grained security. Standards-based solutions can help meet enterprise needs and facilitate secure collaboration while enabling migration of workloads to the cloud.
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jainCloudIDSummit
Ashish Jain, VMware
A look at the use cases for Mobile SSO, what are the gaps and what are the various industry initiatives available today, along with a review of the NAPPS standard—an OpenID Connect Profile to address various Mobile SSO flows.
CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2...CloudIDSummit
Ken Riggio, Live Nation Entertainment
Discussion of Live Nation Entertainment’s approach to IDaaS,
governance, delegated administration, migration strategies,
and the multiple authentication strategies required for its web-based and mobile B2B and B2C applications
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
In this presentation I introduce the basics of Attribute-based Access Control, XACML, and why it matters to developers. I also focus on the latest XACML TC profiles - the REST profile and the JSON profile that make integration easier and faster.
NoSQL matters in Catchoom Recognition ServiceCatchoom
David Arcos from Catchoom presented at NoSQLMatters Barcelona (6 Oct 2012) how Catchoom Recognition Service (a SaaS platform for visual recognition) was implemented using Redis and other deployment tools. David argues about the necessity of NoSQL for critical components of the service.
The days of a "simple" LAMP stack are behind us. We now rely on different types of technologies, applications and services to run our web based applications. With "the cloud" we have learned how to distribute our operations, but are we resilient when these cloud services are not available?
We have all heard about the major outages of Amazon and Azure in the past and many online services were impacted by those outages. So how can you protect yourself against being "offline" for hours or days and what are the tools you can use to protect yourself against it?
Learn how we protect our customers with distributed systems (cloud and on-prem) to mitigate outages and stay online even when the lights go out.
New Approaches for Fraud Detection on Apache Kafka and KSQLconfluent
This document discusses new approaches for fraud detection using Apache Kafka and KSQL. It introduces KSQL, an open-source streaming SQL engine for Apache Kafka. KSQL can be used to perform streaming ETL, anomaly detection, and event monitoring using SQL-like queries on streaming data. The document demonstrates how to run KSQL locally or in a client-server configuration, and how Arcadia Data provides a visualization layer on top of KSQL to enable visual analytics on streaming data.
This document provides an overview and summary of a workshop on designing a cloud enterprise data warehouse using AWS services. The workshop covers Amazon Redshift for the data warehouse, Amazon Kinesis and AWS Glue for ingesting and processing data, and Amazon QuickSight for visualization. It discusses designing the data warehouse, loading data through batch and streaming methods, and using AWS services together to build the complete analytics pipeline for collecting, storing, processing and analyzing data in the cloud.
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018Kelley Robinson
The document discusses analyzing pwned passwords using Apache Spark. It provides an overview of Spark, including its evolution from RDDs to DataFrames. It also discusses the state of passwords, how Spark can be used to analyze large datasets of pwned passwords, and both the benefits and challenges of using Spark for this type of analysis. The document encourages securing authentication while providing a seamless user experience and notes that developers have a responsibility to secure authentication.
Gerhard Pretorius, Cloud Architect, Rackspace Asia presented at the Accion Cloud in Practice event in Singapore, where he described how enterprises can benefit from adopting the cloud, and what they need to consider while doing so
The Role of Blockchain in Enterprise Commerce and Product Content ManagementSAP Customer Experience
This deck takes you on a deep dive into blockchain -- a timely, interesting technology being used for financial, real estate, and supply chain applications and whose capabilities are provided by SAP Leonardo. Join us as we focus on a proof of concept for integrating a blockchain with enterprise commerce and product content management.
For more about SAP Hybris, please visit us at: https://hybris.com/en/products/commerce
Hadoop and the Relational Database: The Best of Both WorldsInside Analysis
This document summarizes a presentation about the Splice Machine database product. Splice Machine is described as a SQL-on-Hadoop database that is ACID-compliant and can handle both OLTP and OLAP workloads. It provides typical relational database functionality like transactions and SQL on top of Apache Hadoop. Customers reportedly see a 10x improvement in price/performance compared to traditional databases. The presentation provides details on Splice Machine's architecture, performance benchmarks, customer use cases, and support for analytics and business intelligence tools.
Leveraging the Power of the Cloud for Your Business to Grow: Nate Taylor at S...smecchk
The document discusses cloud computing and how it can benefit businesses. It defines cloud computing as pay-as-you-go computing over the internet and outlines the three main types of cloud services: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). SaaS delivers applications over the internet, PaaS provides development platforms, and IaaS provides virtual computing resources. The cloud allows businesses to access powerful software and platforms in a cost-effective and scalable way.
The document discusses OpenStack and its components. It begins with introductions and an overview of Rackspace, then covers concepts like full stack development, OpenStack components like Keystone, Glance, and Nova, and why OpenStack matters for both public and private clouds. It emphasizes that OpenStack is open source, supports both public and private clouds, and has a thriving global community and commercial support from many organizations.
Two large enterprise AEM implementations were presented and compared. Anshul Chhabra from Symantec presented their implementation handling 3.3 billion requests per month. Anil Kalbag from Cisco presented their implementation handling 375 million monthly page views. Both implementations utilized multiple data centers for high availability and disaster recovery. Key architecture decisions around virtual/physical infrastructure, storage, caching, and multi-tenancy were discussed and compared between the two organizations.
CIS14: From Card to Mobile—Evolving Identity CredentialsCloudIDSummit
Julian Lovelock, HID Global Identity Assurance
Discussion of the move toward employing personal smart devices as secure identity credentials, examining real-world use cases to highlight the advantages of doing so; also touching on the the implications for IT as departments work to establish comprehensive BYOD policies that not only secure employee access but also help organizations comply with industry mandates and regulations.
CIS14: Knowing vs. Asking: Innovation in User RecognitionCloudIDSummit
Pam Dingle, Ping Identity
Walk-through of simple changes in approach—away from the traditional stateless authentication model—that can have radical effect on what a user might be asked to do, and how they are asked to do it, with demonstration of recommended methods.
CIS14: Why Federated Access Needs a Federated IdentityCloudIDSummit
Matt Tatro, Denise Lores, Wade Ellery
Radiant Logic
How creating a federated identity service gives you a single unified view of ALL identities and their context to improve your federated access, WAM and application deployment.
CIS14: Authentication: Who are You? You are What You EatCloudIDSummit
Dale Olds, VMware
A pinch of authentication theory and methods, a taste of the sweet and the bitter of the much maligned password, and then larger portions of federated authentication protocols from
SAML to OpenID Connect, clearing up along the way some confusion between federated authentication and tokens used for delegated authorization.
CIS13: Bootcamp: PingOne as a Simple Identity ServiceCloudIDSummit
Whether you want to give users single sign-on to SaaS applications, create a solution with the PingOne IDaaS and PingFederate identity bridge, or simply take advantage of the CloudDesktop, this bootcamp is for you.
This document provides an overview of OAuth 2.0 and how it addresses issues with the previous "password anti-pattern" approach to API authentication. It describes the key actors in OAuth - clients, authorization servers, and resource servers. It also summarizes the different flows for obtaining access tokens, common use cases for OAuth, and how OAuth compares to SAML for SSO and authorization.
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CloudIDSummit
Lisa Grady, Senior Solutions Architect, Radiant Logic
You've federated access, but what about identity? Lisa Grady, technical guru at Radiant Logic, will offer concrete solutions for deploying an identity provider in a complex, federated and siloed world.
CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?CloudIDSummit
The cloud provides scalability and flexibility but also poses security challenges for enterprises with strict requirements. It discusses security needs like privacy, compliance, authentication, authorization and access controls. Advanced techniques are needed like attribute-based access control policies and metadata tagging to enable fine-grained security. Standards-based solutions can help meet enterprise needs and facilitate secure collaboration while enabling migration of workloads to the cloud.
CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jainCloudIDSummit
Ashish Jain, VMware
A look at the use cases for Mobile SSO, what are the gaps and what are the various industry initiatives available today, along with a review of the NAPPS standard—an OpenID Connect Profile to address various Mobile SSO flows.
CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2...CloudIDSummit
Ken Riggio, Live Nation Entertainment
Discussion of Live Nation Entertainment’s approach to IDaaS,
governance, delegated administration, migration strategies,
and the multiple authentication strategies required for its web-based and mobile B2B and B2C applications
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
In this presentation I introduce the basics of Attribute-based Access Control, XACML, and why it matters to developers. I also focus on the latest XACML TC profiles - the REST profile and the JSON profile that make integration easier and faster.
NoSQL matters in Catchoom Recognition ServiceCatchoom
David Arcos from Catchoom presented at NoSQLMatters Barcelona (6 Oct 2012) how Catchoom Recognition Service (a SaaS platform for visual recognition) was implemented using Redis and other deployment tools. David argues about the necessity of NoSQL for critical components of the service.
The days of a "simple" LAMP stack are behind us. We now rely on different types of technologies, applications and services to run our web based applications. With "the cloud" we have learned how to distribute our operations, but are we resilient when these cloud services are not available?
We have all heard about the major outages of Amazon and Azure in the past and many online services were impacted by those outages. So how can you protect yourself against being "offline" for hours or days and what are the tools you can use to protect yourself against it?
Learn how we protect our customers with distributed systems (cloud and on-prem) to mitigate outages and stay online even when the lights go out.
New Approaches for Fraud Detection on Apache Kafka and KSQLconfluent
This document discusses new approaches for fraud detection using Apache Kafka and KSQL. It introduces KSQL, an open-source streaming SQL engine for Apache Kafka. KSQL can be used to perform streaming ETL, anomaly detection, and event monitoring using SQL-like queries on streaming data. The document demonstrates how to run KSQL locally or in a client-server configuration, and how Arcadia Data provides a visualization layer on top of KSQL to enable visual analytics on streaming data.
This document provides an overview and summary of a workshop on designing a cloud enterprise data warehouse using AWS services. The workshop covers Amazon Redshift for the data warehouse, Amazon Kinesis and AWS Glue for ingesting and processing data, and Amazon QuickSight for visualization. It discusses designing the data warehouse, loading data through batch and streaming methods, and using AWS services together to build the complete analytics pipeline for collecting, storing, processing and analyzing data in the cloud.
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018Kelley Robinson
The document discusses analyzing pwned passwords using Apache Spark. It provides an overview of Spark, including its evolution from RDDs to DataFrames. It also discusses the state of passwords, how Spark can be used to analyze large datasets of pwned passwords, and both the benefits and challenges of using Spark for this type of analysis. The document encourages securing authentication while providing a seamless user experience and notes that developers have a responsibility to secure authentication.
Gerhard Pretorius, Cloud Architect, Rackspace Asia presented at the Accion Cloud in Practice event in Singapore, where he described how enterprises can benefit from adopting the cloud, and what they need to consider while doing so
The Role of Blockchain in Enterprise Commerce and Product Content ManagementSAP Customer Experience
This deck takes you on a deep dive into blockchain -- a timely, interesting technology being used for financial, real estate, and supply chain applications and whose capabilities are provided by SAP Leonardo. Join us as we focus on a proof of concept for integrating a blockchain with enterprise commerce and product content management.
For more about SAP Hybris, please visit us at: https://hybris.com/en/products/commerce
Hadoop and the Relational Database: The Best of Both WorldsInside Analysis
This document summarizes a presentation about the Splice Machine database product. Splice Machine is described as a SQL-on-Hadoop database that is ACID-compliant and can handle both OLTP and OLAP workloads. It provides typical relational database functionality like transactions and SQL on top of Apache Hadoop. Customers reportedly see a 10x improvement in price/performance compared to traditional databases. The presentation provides details on Splice Machine's architecture, performance benchmarks, customer use cases, and support for analytics and business intelligence tools.
Leveraging the Power of the Cloud for Your Business to Grow: Nate Taylor at S...smecchk
The document discusses cloud computing and how it can benefit businesses. It defines cloud computing as pay-as-you-go computing over the internet and outlines the three main types of cloud services: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). SaaS delivers applications over the internet, PaaS provides development platforms, and IaaS provides virtual computing resources. The cloud allows businesses to access powerful software and platforms in a cost-effective and scalable way.
The document discusses OpenStack and its components. It begins with introductions and an overview of Rackspace, then covers concepts like full stack development, OpenStack components like Keystone, Glance, and Nova, and why OpenStack matters for both public and private clouds. It emphasizes that OpenStack is open source, supports both public and private clouds, and has a thriving global community and commercial support from many organizations.
Two large enterprise AEM implementations were presented and compared. Anshul Chhabra from Symantec presented their implementation handling 3.3 billion requests per month. Anil Kalbag from Cisco presented their implementation handling 375 million monthly page views. Both implementations utilized multiple data centers for high availability and disaster recovery. Key architecture decisions around virtual/physical infrastructure, storage, caching, and multi-tenancy were discussed and compared between the two organizations.
RightScale Roadtrip - Accelerate to CloudRightScale
The Accelerate to Cloud keynote will help you understand the current state of cloud adoption, identify the business value for your organization, and provide you a framework to plot your course to cloud adoption.
NSC #2 - D2 04 - Ezequiel Gutesman - Blended Web and Database AttacksNoSuchCon
The document discusses blended web and database attacks on in-memory platforms like SAP HANA, outlining potential threat vectors such as SQL injection, cross-site scripting, integration with R server, and post-exploitation using C/C++. It notes that SAP HANA uses a blended web and database architecture, with code and data stored directly in the database, and that vulnerabilities could allow an attacker to access sensitive business and customer data, disrupt operations, or enable fraud. The presentation covers the architecture of SAP HANA, programming languages used, and how attacks may have a greater impact or different execution compared to traditional web application scenarios.
The document discusses using Oracle Database to store and query JSON documents along with relational data. It shows how Oracle allows storing JSON in table columns, querying JSON with SQL, and configuring REST services. It also discusses using materialized views to improve query performance when joining JSON and relational data, redirecting queries to use the materialized view.
This document discusses web performance gains in NetSuite 17.1. It provides an overview of benchmarks and performance standards, improvements made in 17.1 including single domain shopping and checkout over HTTPS and faster loading of larger carts. It also discusses best practices for performance including using a content delivery network (CDN), optimizing images, reducing page weight, and excluding unnecessary scripts. Common performance issues like slow searching, page loads, and cart interactions are examined along with solutions such as removing unused fields, scriptable cart settings, and optimizing the SEO engine.
Framing the Argument: How to Scale Faster with NoSQLInside Analysis
The Briefing Room with Dr. Robin Bloor and IBM Cloudant
Live Webcast March 24, 2015
Watch the Archive: https://bloorgroup.webex.com/bloorgroup/onstage/g.php?MTID=e8bf62408d47e76c43aa73be08377e41c
Context matters. Perspective matters. Thinking outside the box? That's often the key! While the Structured Query Language remains the lingua Franca of data, there are some views of the world that are best rendered with the benefit of NoSQL engines. As usual, that's easier said than done. How can your organization migrate from a structured query to unstructured or semi-structured query language?
Register for this episode of The Briefing Room to find out! Veteran Analyst Dr. Robin Bloor will provide a detailed assessment of serious considerations when using NoSQL engines in conjunction with SQL. He'll be briefed by Ryan Millay of IBM Cloudant, who will showcase his company's solution, and how it's addressing the more vexing challenges facing today's information managers.
Visit InsideAnalysis.com for more information.
Case Study: O2/Telefonica Transitions From CA eHealth® to CA Performance Mana...CA Technologies
O2/Telefonica is launching its SD-WAN offering this year using the Network Operations and Analytics platform from CA. After a successful CA eHealth to CA Performance Management transition, O2/Telefonica has the capability to deliver its customer SD-WAN offering with the assurance provided by modern network performance monitoring from CA. In this session, learn how one of the largest UK telecommunications providers transitioned to a modern network monitoring platform that delivers fast and intuitive network operations insights, capacity planning and high scale, and future-proofs its next-gen software-defined networking (SDN) initiatives to competitively win in the digital marketplace.
For more information on DevOps: Agile Operations, please visit: http://ow.ly/kMUi50g5X49
Building real-time applications with Amazon ElastiCache - ADB204 - Anaheim AW...Amazon Web Services
In this session, we give an overview of how to build low-latency and high-throughput applications with Amazon ElastiCache. We also provide an introduction to Redis and Memcached, two of the world’s leading in-memory databases, and we cover the specific use cases customers are solving with them. From use cases like caching, session storage, and leaderboards, a wide range of applications can have dramatic performance improvements with an added an in-memory database.
Similar to CIS13: Externalized Authorization from the Developer’s Perspective (20)
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com.
Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
This document introduces a new identity security system called Sierra Border Security V1.0. It discusses how the assumptions around internet and enterprise security have changed over time as the perimeter has expanded with new technologies. The key challenges mentioned are that identity is now too weak and disconnected to protect organizations at scale. The proposed new system aims to evolve authentication beyond single-factor to continuous multi-factor authentication using standards-based interactions. It will leverage big data and intelligence for dynamic access control and move to identity-based security definitions.
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
This document discusses authentication and security across devices, operating systems, applications, and networks. It covers a variety of authentication mechanisms like fingerprints, facial recognition, PINs, and security hardware. It also discusses the FIDO protocol for passwordless authentication and its ability to securely authenticate users across different devices and applications. The growing number of connected devices makes scalable authentication a challenge, but solutions like FIDO aim to simplify authentication without compromising security.
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism.
With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments.
How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
This document discusses building an enterprise identity provider (IdP) to address security, scalability, and governance of federated identity and access management. It describes what an enterprise IdP is and its benefits, including being a federated identity service, security token service, providing a 360 degree view of identity, and more. It outlines considerations for building an enterprise IdP such as for scalability, ROI, durability, and longevity. Potential pitfalls are also discussed like responsibility issues, skills gaps, lack of time and sponsorship. Planning recommendations include committing to a strategic IAM view, formalizing an IAM program, selling the idea of an enterprise IdP, and leveraging strategic partners.
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them?
In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
This session will review digital identity’s transition from vulnerable authentication methods and what Microsoft and others are doing to address the hard problems associated with managing and protecting digital identities.
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
Brian Katz discusses how IoT and identity management are important for mobile enterprises. He notes that IoT strategies must include connectivity APIs, sensors to collect data, and tools to manage identity across endpoints. Effective IoT implementation generates large amounts of data from connected devices that companies need to properly manage and secure. There are also challenges around data ownership, privacy, lack of standards, and security that businesses must address when incorporating IoT technologies.
A "from the trenches" view into how GE is using federation standards to abstract & harden our growing cloud WAM platform. Topics covered: GE's approach to OpenID Connect for cross platform authentication (web, mobile), 2) GE's API management platform for API publishing, subscription & security, 3) how the two work together, 4) lessons learned & areas for improvement.
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
The document discusses securing the Internet of Things. It begins by describing common constraints of IoT devices like limited RAM, flash, and CPU capabilities. It then summarizes lessons learned from real-world attacks on IoT systems, including limited software update mechanisms, missing key management, inappropriate access control, lack of communication security, and vulnerability to physical attacks. The document advocates following security best practices like integrating software updates, using modern OS concepts, automated key management, and considering physical attacks in threat analyses. It also describes ARM's contributions to improving IoT security through its mbed platform, libraries, and involvement in standards organizations.
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
This talk will review the breadth of the Internet of Things (IoT), the challenges of Identity Management and the IoT and the impact to Industrial Enterprise.
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
Are you in a situation where you have two business units (maybe because of a merger) that have their own Federation solutions and now you need to share access to SaaS resources among the 2 workforces. But you don't want to have to setup to separate SaaS connections to the same vendor and you want to manage this connection on premises instead of in the Cloud. We can help with that, come see how!
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
CIS13: Externalized Authorization from the Developer’s Perspective
1. XACML
for
Developers
Updates,
New
Tools,
&
Pa:erns
for
the
Eager
#IAM
Developer
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
1
2. eXtensible
Access
Control
Markup
Language
2
What
is
XACML?
Not
guacamole
De
facto
standard
Defined
at
OASIS
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
3. One
of
the
several
standards
in
the
#IAM
family
XACML
in
the
IAM
spectrum
SAML
SPML
LDAP
RBAC
ABAC…
SCIM
OpenID
Oauth
WS-‐*
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
3
4. In
a
web
3.0
world
where
it’s
about
small
apps
and
your
data…
Why
XACML?
Quick,
call
the
plumber:
1-‐800-‐GO-‐XACML
it’s
Ime
to
get
leaks
under
control
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
4
7. AuthorizaIon
should
really
be
about…
When?
What?
How?
Where?
Who?
Why?
7
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
8. A
car
retail
company
has
a
web
applicaIon
that
users
can
access
to
create,
view,
and
approve
purchase
orders,
in
accordance
with
policy
rules
8
Example
Scenario:
Managing
Purchase
Orders
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
9. A:ributes
Resource
a>ributes
Resource
type
PO
amount
PO
loca2on
PO
creator
PO
Status
Subject
a>ributes
Iden2ty
Department
Loca2on
Approval
limit
Role
AcBon
a>ributes
Ac2on
type
Environment
a>ributes
Device
type
IP
address
Time
of
day
Profile
designed
by
Sven
Gabriel
from
The
Noun
Project
Invisible
designed
by
Andrew
Cameron
from
The
Noun
Project
Wrench
designed
by
John
O’Shea
from
The
Noun
Project
Clock
designed
by
Brandon
Hopkins
from
The
Noun
Project
PO
Id
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
9
10. A
simple
rule
Anyone
in
the
purchasing
department
can
create
purchase
orders
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
10
11. A
manager
in
the
purchasing
department
can
approve
purchase
orders
§ up
to
their
approval
limit
§ if
and
only
if
the
PO
locaIon
and
the
manager
locaIon
are
the
same
§ if
and
only
if
the
manager
is
not
the
PO
creator
11
A
richer
rule
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
13. 13
What
does
XACML
contain?
XACML
Reference
Architecture
Policy
Language
Request
/
Response
Protocol
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
14. XACML
Architecture
&
Flow
14
Decide
Policy
Decision
Point
Manage
Policy
AdministraBon
Point
Support
Policy
InformaBon
Point
Policy
Retrieval
Point
Enforce
Policy
Enforcement
Point
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
Access
Document
#123
Access
Document
#123
Can
Alice
access
Document
#123?
Yes,
Permit
Load
XACML
policies
Retrieve
user
role,
clearance
and
document
classificaIon
15. 15
What
does
XACML
contain?
XACML
Reference
Architecture
Policy
Language
Request
/
Response
Protocol
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
16. " 3
structural
elements
" PolicySet
" Policy
" Rule
" Root:
either
of
PolicySet
or
Policy
" PolicySets
contain
any
number
of
PolicySets
&
Policies
" Policies
contain
Rules
" Rules
contain
an
Effect:
Permit
/
Deny
" Combining
Algorithms
16
Language
Elements
of
XACML
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
19. 19
What
does
XACML
contain?
XACML
Reference
Architecture
Policy
Language
Request
/
Response
Protocol
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
20. • Subject
User
id
=
Alice
Role
=
Manager
• AcIon
AcIon
id
=
approve
• Resource
Resource
type
=
Purchase
Order
PO
#=
12367
• Environment
Device
Type
=
Laptop
20
Structure
of
a
XACML
Request
/
Response
XACML
Request
XACML
Response
Can
Manager
Alice
approve
Purchase
Order
12367?
Yes,
she
can
• Result
Decision:
Permit
Status:
ok
The
core
XACML
specificaIon
does
not
define
any
specific
transport
/
communicaIon
protocol:
-‐ Developers
can
choose
their
own.
-‐ The
SAML
profile
defines
a
binding
to
send
requests/
responses
over
SAML
asserIons
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
21. So
what’s
in
it
for
the
developer?
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
21
22. #1
A
single
authorizaIon
model
&
framework
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
22
24. #1.b
and
across
different
technology
stacks
Java
C
ObjecIve-‐C
C++
C#
PHP
Python
(Visual)
Basic
Perl
Ruby
JavaScript
Visual
Basic
.NET
Lisp
Pascal
Delphi/Object
Pascal
Share
of
programming
languages
(Feb
2013)
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
24
25. #2
A
rich
language
to
express
many
scenarios
ACLs
RBAC
Whitelists
SegregaBon-‐of-‐Duty
RelaBon-‐based
Trust
ElevaBon
Device-‐based
Break
the
glass
Privacy
protecBon
ABAC
Rich
business
flows
Data
redacBon
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
25
26. " The
REST
profile
of
XACML
" OASIS
XACML
profile
" Designed
by
Remon
Sinnema
of
EMC2
#3
Developer-‐friendly
APIs
XML
over
HTTP
XML
over
HTTP
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
26
JSON
over
HTTP
JSON
over
HTTP
27. #3.
Developer-‐friendly
APIs
(cont’d)
Drop
the…
Use
curl,
Perl,
and
Python
with
the
REST
API
curl
-‐X
POST
-‐H
'Content-‐type:text/xml'
-‐T
xacml-‐request.xml
h:p://foo:8443/asm-‐pdp/pdp
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
27
28. " Use
the
JSON
profile
of
XACML
" Idea
" Remove
the
verbose
aspects
of
XACML
" Focus
on
the
key
points
" Make
a
request
easy
to
read
#4
Simplified
request/response
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
28
31. #4
JSON
&
XML
Side-‐by-‐side
comparison
0
10
20
30
40
50
Word
count
XML
JSON
0
200
400
600
800
1000
1200
1400
Char.
Count
XML
JSON
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
31
Size
of
a
XACML
request
32. " Natural
language
authoring
" AxiomaIcs
Language
for
AuthorizaIon
(ALFA)
" Research
iniIaIve
from
TSSG
" And
many
more
coming…
#5
Easy
authoring
tools
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
32
33. Provide
the
right
tools
for
Easy
Authoring
Of
XACML
policies
#5
AxiomaIcs
Language
For
AuthZ
(cont’d)
Plugs
into
Eclipse
IDE
High-‐level
syntax
Auto-‐complete
AutomaBc
TranslaBon
to
XACML
3.0
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
33
34. Wrapping
up
Benefits
for
the
developer
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
34
35. " One
consistent
authorizaIon
model
" Many
different
applicaIons
" Decide
once,
enforce
everywhere
Benefits
of
using
XACML
#1
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
35
36. " Adios
endless
if,
else
statements
" Hello
simple
if(authorized())
Benefits
of
using
XACML
#2
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
36
0
5000
10000
15000
20000
25000
30000
10
20
30
40
50
60
70
80
90
100
110
120
130
140
150
160
170
Developer
Happiness
Increase
Number
of
if
/
else
statements
terminated
Developer
Happiness
Index
37. " Security
potholes
are
a
thing
of
the
past
" XACML
is
the
concrete
that
fills
in
the
cracks
in
your
authorizaIon
wall
Benefits
of
using
XACML
#3
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
37
38. " Let
developers
do
what
they
know
best
" Offload
audiIng,
info
security
to
security
architects
&
auditors
by
externalizing
authorizaIon
#CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
38
Benefits
of
using
XACML
#4
Happy
developer
Happy
auditor
39. #CISNapa
-‐
@davidjbrossard
-‐
@axiomaIcs
39
Next
steps?
Download
XACML
SDK
Download
ALFA
plugin
Download
Eclipse
Code
in
your
favorite
language