The document discusses various techniques for discovery in federated identity management systems using Shibboleth, including traditional centralized discovery using WAYF services, decentralized approaches like service provider-centric and identity provider-centric discovery, and futuristic client-centric discovery. It focuses on contributions from the Shibboleth Development and Support Services project, including an improved WAYF implementation and support for identity provider-centric discovery through the use of session initiators in Shibboleth service providers.
This document provides an overview of integrating WebRTC capabilities into mobile applications. It begins with an introduction to WebRTC and its key components. It then discusses how to compile the WebRTC native code for Android and iOS. The document explains how to access media streams and establish peer connections using the WebRTC JavaScript API in modern browsers. It also provides information on building the WebRTC source code using Ninja build and GYP files. Overall, the document aims to explain how mobile apps can leverage WebRTC to enable real-time communications capabilities like video chat.
WebRTC enables real-time communication between web clients and can be used for video calling, file sharing, and other applications. It faces challenges on mobile due to varying device capabilities and network conditions. Developers must choose between native, web, or hybrid mobile apps to support WebRTC, balancing functionality, performance, and user experience for each platform. While the web approach works for some apps, native typically provides a better user experience and allows accessing device features.
Telstra is working to fully deploy IPv6 in its mobile network and telco cloud. So far it has enabled IPv6 on most major content providers and its mobile network. However, challenges remain around complexity in the network from value added services, network function virtualization, and the need for IPv6 support across the network underlay and overlay. Telstra's goal is the full removal of IPv4 from its network and enabling of IPv6 across all network domains including transport and fog computing as 5G networks require. There is still a long journey ahead to fully realize an IPv6-enabled mobile network and telco cloud.
A presentation about Telehealth that explains why WebRTC is a great fit for Telehealth because it's secure, encrypted, and Peer to Peer, making it possible to build HIPAA compliant video communication applications for web and mobile. From a webinar produced by WebRTC.ventures. Video archive of the webinar is available at WebRTC.ventures.
The document provides an overview of WebRTC, including:
- WebRTC allows real-time communication via voice, video and data sharing directly in web browsers.
- It has been standardized by the IETF RTCWEB working group and W3C.
- Key components include the JavaScript API, ICE for firewall/NAT traversal, DTLS-SRTP for encryption, and codecs like Opus and VP8.
- WebRTC is implemented in browsers like Chrome and Firefox but compatibility and which video codec to mandate are still issues.
This document discusses WebRTC and how it can be used with Java technologies. It begins with an introduction to WebRTC and its architecture components. It then discusses how Java fits into the WebRTC ecosystem, including using Java for signaling, connecting to SIP networks, conferencing, and mobile applications. It also covers common development issues like security, connectivity, and push notifications. The presentation concludes with a demo and additional resources.
WebRTC for Mobile - Challenges and SolutionsAmir Zmora
Running WebRTC on Mobile devices is still a challenge. There is no "one size fits all" solution. This presentation was presented by Amir Zmora at the WebRTC 2014 conference in Paris
This document provides an overview of integrating WebRTC capabilities into mobile applications. It begins with an introduction to WebRTC and its key components. It then discusses how to compile the WebRTC native code for Android and iOS. The document explains how to access media streams and establish peer connections using the WebRTC JavaScript API in modern browsers. It also provides information on building the WebRTC source code using Ninja build and GYP files. Overall, the document aims to explain how mobile apps can leverage WebRTC to enable real-time communications capabilities like video chat.
WebRTC enables real-time communication between web clients and can be used for video calling, file sharing, and other applications. It faces challenges on mobile due to varying device capabilities and network conditions. Developers must choose between native, web, or hybrid mobile apps to support WebRTC, balancing functionality, performance, and user experience for each platform. While the web approach works for some apps, native typically provides a better user experience and allows accessing device features.
Telstra is working to fully deploy IPv6 in its mobile network and telco cloud. So far it has enabled IPv6 on most major content providers and its mobile network. However, challenges remain around complexity in the network from value added services, network function virtualization, and the need for IPv6 support across the network underlay and overlay. Telstra's goal is the full removal of IPv4 from its network and enabling of IPv6 across all network domains including transport and fog computing as 5G networks require. There is still a long journey ahead to fully realize an IPv6-enabled mobile network and telco cloud.
A presentation about Telehealth that explains why WebRTC is a great fit for Telehealth because it's secure, encrypted, and Peer to Peer, making it possible to build HIPAA compliant video communication applications for web and mobile. From a webinar produced by WebRTC.ventures. Video archive of the webinar is available at WebRTC.ventures.
The document provides an overview of WebRTC, including:
- WebRTC allows real-time communication via voice, video and data sharing directly in web browsers.
- It has been standardized by the IETF RTCWEB working group and W3C.
- Key components include the JavaScript API, ICE for firewall/NAT traversal, DTLS-SRTP for encryption, and codecs like Opus and VP8.
- WebRTC is implemented in browsers like Chrome and Firefox but compatibility and which video codec to mandate are still issues.
This document discusses WebRTC and how it can be used with Java technologies. It begins with an introduction to WebRTC and its architecture components. It then discusses how Java fits into the WebRTC ecosystem, including using Java for signaling, connecting to SIP networks, conferencing, and mobile applications. It also covers common development issues like security, connectivity, and push notifications. The presentation concludes with a demo and additional resources.
WebRTC for Mobile - Challenges and SolutionsAmir Zmora
Running WebRTC on Mobile devices is still a challenge. There is no "one size fits all" solution. This presentation was presented by Amir Zmora at the WebRTC 2014 conference in Paris
This short document repeats the phrase "Managers are Managers" multiple times without providing any additional context or information. It does not have a clear topic, message, or point and simply states "Managers are Managers" over and over again.
This document summarizes the Shibboleth Development and Support Services (SDSS) project. It describes the goals of the project which include operating a development Shibboleth federation, providing Shibboleth access to services from EDINA, and general support. It also outlines the policies, members, and collateral of the SDSS federation.
20070404: UK federation and Shibboleth: Nuts And Boltsiay
The UK Federation is an access management federation for UK education that uses Shibboleth for single sign-on. It currently has 46 member organizations and 111 entities. The federation provides centralized metadata aggregation, signature and distribution services to enable trust between identity providers and service providers. Metadata scale is a challenge as the number of entities grows. The federation also provides a central discovery service to help users find their identity provider. Trust within the federation is established through metadata and digital signatures, either using a traditional PKI-based approach or an emerging approach of embedding keys directly in metadata.
20071214: An Identity Provider's Guide to the Core Attributesiay
The document discusses the core attributes that identity providers and service providers need to agree on when using federated access management with Shibboleth. It outlines some of the challenges identity providers face in balancing the needs of service providers with privacy and legal responsibilities. The document then provides guidance on technical implementation of core attributes like eduPersonScopedAffiliation, eduPersonTargetedID, and eduPersonEntitlement. It emphasizes finding a balance that satisfies requirements for many situations while protecting users' personal information.
This document provides harmful information about suicide methods. While addressing mental health issues is important, directly advising about suicide methods can negatively impact those struggling and should be avoided. Instead, conversations should focus on promoting help resources and supporting healthy coping strategies.
Application development using the wso2 developer studioWSO2
The document discusses WSO2 Developer Studio, a development tool for writing applications that can be hosted on WSO2 carbon servers. It is based on the popular Eclipse IDE and contains tools needed to configure enterprise architectures. The document provides an example of a simple carbon application artifact and outlines how Developer Studio supports ESB, registry, data services, and other tools. It also gives an overview of how the tool enables fully Maven integration and CAR-based deployment. Finally, it demonstrates Developer Studio by walking through building a banking application that uses services, processes, and registries.
If you are a consumer of project information this presentation is directed at you. The Project Control Data Warehouse is an 'open' type project and an instance of the ODWM. Thanks for taking a look!
Understanding Microsoft Partner Programs for Designers, Developers, and Agenciesgoodfriday
Come learn about the partner programs that Microsoft has to offer designers, developers, and agencies to help more quickly grow their businesses. Hear how any size organization, ranging from small startups to large international companies, can benefit from Microsoft Partner Programs.
The document discusses OpenNMS reporting enhancements. It describes the current status of reporting in OpenNMS, including performance data stored in RRD files and other data in SQL databases. It then discusses why a reporting engine would be useful, including easier customized reports, scheduling, and deployment. The document outlines how the OpenNMS reporting engine would work using JasperServer and its web service API to generate reports from OpenNMS data. Finally, it provides an example report and discusses alternatives to JasperServer before concluding with future perspectives.
Accelerating Requirements with Process-Centric Prototypingjamieraut
This session will describe an approach taken with a process-focused project that is working to liberate existing business processes from legacy technology constraints at a Top-5 U.S. Financial Institution. The speakers will discuss the prototyping tools and technologies used – focusing on those used from the Business Process Management System (BPMS) space – as well as: the various benefits of the prototyping approach, the relationship to the CSC Catalyst Solution Demonstration Lab (SDL) methodology, and obtaining and maintaining crucial client participation in a geographically diverse organization, as well as the challenges faced by the project team during the implementation of the prototyping approach. The speakers will also describe the future vision for the technical platform, with emphasis on its alignment with the industry push toward BPM and SOA.
This document provides an overview of event-driven architecture and how it is supported by the WSO2 platform. It defines key concepts like events, publishers and subscribers, and how these interact in an event-driven system. It also describes how WSO2 products like the ESB, message broker, CEP and BAM can be used to implement event-driven patterns for messaging, complex event processing, and business activity monitoring. The document concludes with a demonstration of how to build an event-driven system on WSO2 to detect delayed flight events.
Development of IMPROV: A Provisioning Solution at UNC-Chapel Hillceleste_copeland
UNC-Chapel Hill developed their own open source provisioning solution using SPML (Service Provisioning Markup Language) after their previous vendor, Sun IDM, was acquired by Oracle. They created several SPML-based services including an Onyen service, UNC Guest ID service, and resource correlation service. These services are available under an LGPL license and handle provisioning tasks for their identity management system. UNC plans to continue expanding their provisioning capabilities and integrating additional services.
The document discusses IBM's emerging technology project called OpusUna, which aims to create a "co-web" - a collaborative, media converged web. It allows real-time data and media to be shared between collaborators through a network cloud. The document demonstrates OpusUna through a morning conference mashup bringing together video conferencing and shared documents. It envisions the co-web improving enterprise decision making through better dashboards and collaborative spaces.
Combining WSO2 API Manager with WSO2 BAM for billing in the energy industryWSO2
This document discusses using WSO2 API Manager and BAM for billing in the energy industry. It provides an overview of the presenters and their roles, an agenda that includes using the API Manager for publishing APIs and billing and combining it with BAM, and a case study of an energy company's challenges in securely managing APIs and clients. The document then covers the architecture and features of API Manager that address the company's needs like access control, tracing requests, and ensuring availability and performance.
Kafka Summit NYC 2017 - The Real-time Event Driven Bank: A Kafka Story confluent
This document discusses the use of Apache Kafka as the heart of ING's event-driven architecture. It outlines how ING implemented Kafka locally at first for fraud detection, then expanded to clusters for higher availability across data centers and regions. A global event bus structure was created using mirroring to allow events to be streamed and consumed across applications in different countries and regions on a single logical event bus. Governance, metadata and data lineage are important as events are used across multiple regions and drive by regulations.
The OpenSSO roadmap outlines plans to improve ease-of-use through new task flows, introduce mobile one-time passwords and a reverse proxy, enhance monitoring capabilities, and strengthen entitlement enforcement. It also details upcoming federation capabilities for SaaS providers, a .NET Fedlet to simplify deploying service providers, and continued focus on performance and usability improvements.
This short document repeats the phrase "Managers are Managers" multiple times without providing any additional context or information. It does not have a clear topic, message, or point and simply states "Managers are Managers" over and over again.
This document summarizes the Shibboleth Development and Support Services (SDSS) project. It describes the goals of the project which include operating a development Shibboleth federation, providing Shibboleth access to services from EDINA, and general support. It also outlines the policies, members, and collateral of the SDSS federation.
20070404: UK federation and Shibboleth: Nuts And Boltsiay
The UK Federation is an access management federation for UK education that uses Shibboleth for single sign-on. It currently has 46 member organizations and 111 entities. The federation provides centralized metadata aggregation, signature and distribution services to enable trust between identity providers and service providers. Metadata scale is a challenge as the number of entities grows. The federation also provides a central discovery service to help users find their identity provider. Trust within the federation is established through metadata and digital signatures, either using a traditional PKI-based approach or an emerging approach of embedding keys directly in metadata.
20071214: An Identity Provider's Guide to the Core Attributesiay
The document discusses the core attributes that identity providers and service providers need to agree on when using federated access management with Shibboleth. It outlines some of the challenges identity providers face in balancing the needs of service providers with privacy and legal responsibilities. The document then provides guidance on technical implementation of core attributes like eduPersonScopedAffiliation, eduPersonTargetedID, and eduPersonEntitlement. It emphasizes finding a balance that satisfies requirements for many situations while protecting users' personal information.
This document provides harmful information about suicide methods. While addressing mental health issues is important, directly advising about suicide methods can negatively impact those struggling and should be avoided. Instead, conversations should focus on promoting help resources and supporting healthy coping strategies.
Application development using the wso2 developer studioWSO2
The document discusses WSO2 Developer Studio, a development tool for writing applications that can be hosted on WSO2 carbon servers. It is based on the popular Eclipse IDE and contains tools needed to configure enterprise architectures. The document provides an example of a simple carbon application artifact and outlines how Developer Studio supports ESB, registry, data services, and other tools. It also gives an overview of how the tool enables fully Maven integration and CAR-based deployment. Finally, it demonstrates Developer Studio by walking through building a banking application that uses services, processes, and registries.
If you are a consumer of project information this presentation is directed at you. The Project Control Data Warehouse is an 'open' type project and an instance of the ODWM. Thanks for taking a look!
Understanding Microsoft Partner Programs for Designers, Developers, and Agenciesgoodfriday
Come learn about the partner programs that Microsoft has to offer designers, developers, and agencies to help more quickly grow their businesses. Hear how any size organization, ranging from small startups to large international companies, can benefit from Microsoft Partner Programs.
The document discusses OpenNMS reporting enhancements. It describes the current status of reporting in OpenNMS, including performance data stored in RRD files and other data in SQL databases. It then discusses why a reporting engine would be useful, including easier customized reports, scheduling, and deployment. The document outlines how the OpenNMS reporting engine would work using JasperServer and its web service API to generate reports from OpenNMS data. Finally, it provides an example report and discusses alternatives to JasperServer before concluding with future perspectives.
Accelerating Requirements with Process-Centric Prototypingjamieraut
This session will describe an approach taken with a process-focused project that is working to liberate existing business processes from legacy technology constraints at a Top-5 U.S. Financial Institution. The speakers will discuss the prototyping tools and technologies used – focusing on those used from the Business Process Management System (BPMS) space – as well as: the various benefits of the prototyping approach, the relationship to the CSC Catalyst Solution Demonstration Lab (SDL) methodology, and obtaining and maintaining crucial client participation in a geographically diverse organization, as well as the challenges faced by the project team during the implementation of the prototyping approach. The speakers will also describe the future vision for the technical platform, with emphasis on its alignment with the industry push toward BPM and SOA.
This document provides an overview of event-driven architecture and how it is supported by the WSO2 platform. It defines key concepts like events, publishers and subscribers, and how these interact in an event-driven system. It also describes how WSO2 products like the ESB, message broker, CEP and BAM can be used to implement event-driven patterns for messaging, complex event processing, and business activity monitoring. The document concludes with a demonstration of how to build an event-driven system on WSO2 to detect delayed flight events.
Development of IMPROV: A Provisioning Solution at UNC-Chapel Hillceleste_copeland
UNC-Chapel Hill developed their own open source provisioning solution using SPML (Service Provisioning Markup Language) after their previous vendor, Sun IDM, was acquired by Oracle. They created several SPML-based services including an Onyen service, UNC Guest ID service, and resource correlation service. These services are available under an LGPL license and handle provisioning tasks for their identity management system. UNC plans to continue expanding their provisioning capabilities and integrating additional services.
The document discusses IBM's emerging technology project called OpusUna, which aims to create a "co-web" - a collaborative, media converged web. It allows real-time data and media to be shared between collaborators through a network cloud. The document demonstrates OpusUna through a morning conference mashup bringing together video conferencing and shared documents. It envisions the co-web improving enterprise decision making through better dashboards and collaborative spaces.
Combining WSO2 API Manager with WSO2 BAM for billing in the energy industryWSO2
This document discusses using WSO2 API Manager and BAM for billing in the energy industry. It provides an overview of the presenters and their roles, an agenda that includes using the API Manager for publishing APIs and billing and combining it with BAM, and a case study of an energy company's challenges in securely managing APIs and clients. The document then covers the architecture and features of API Manager that address the company's needs like access control, tracing requests, and ensuring availability and performance.
Kafka Summit NYC 2017 - The Real-time Event Driven Bank: A Kafka Story confluent
This document discusses the use of Apache Kafka as the heart of ING's event-driven architecture. It outlines how ING implemented Kafka locally at first for fraud detection, then expanded to clusters for higher availability across data centers and regions. A global event bus structure was created using mirroring to allow events to be streamed and consumed across applications in different countries and regions on a single logical event bus. Governance, metadata and data lineage are important as events are used across multiple regions and drive by regulations.
The OpenSSO roadmap outlines plans to improve ease-of-use through new task flows, introduce mobile one-time passwords and a reverse proxy, enhance monitoring capabilities, and strengthen entitlement enforcement. It also details upcoming federation capabilities for SaaS providers, a .NET Fedlet to simplify deploying service providers, and continued focus on performance and usability improvements.
This presentation from our Hong Kong User Group held on March 7, 2019 went over how the event driven transformation is driving the Solace Event Mesh vision.
The document provides tips and tricks for troubleshooting SAP Fiori applications. It discusses clearing caches, common errors like OData services not being active or authorization issues, and how to identify what backend objects like CDS views or ABAP code are being consumed by OData services. The first steps outlined are to check developer tools for errors, clear caches, and determine what type of backend objects the service uses to guide the troubleshooting process.
Introducing the WSO2 Developer Studio Tools for SOA DevelopersWSO2
WSO2 Developer Studio is an Eclipse-based integrated development environment for building applications that run on WSO2 products like Carbon servers, Axis2, and Synapse. It contains tools for configuring enterprise architectures, including an ESB editor, registry tools, and data services editor. Developer Studio allows developers to develop, deploy, debug, and test applications both on-premise and in the cloud using full Maven integration. The document demonstrates Developer Studio by walking through building a hospital application that uses various WSO2 services.
GDD Japan 2009 - Designing OpenSocial Apps For Speed and ScalePatrick Chanezon
Google Developer Days Japan 2009 - Designing OpenSocial Apps For Speed and Scale
Original slides from Arne Roomann-Kurrik & Chris Chabot with a few Zen quotes and references added by me:-)
This document outlines 10 propositions for professional software development. It discusses how feedback cycles and a DevOps culture are essential. It also emphasizes that every IT professional must master the git pull request model. Other key points include shifting work left to earlier stages, adopting cloud-native principles, and automating as many processes as possible to reduce turnaround times and handle complexity. An open mindset is vital to adapt to a quickly changing ecosystem, and hybrid multi-cloud is considered the default approach.
Kawasaki's collaboration journey at motorspeed - Engage 2017Sasja Beerendonk
The document discusses Kawasaki's collaboration journey with Silverside. It outlines Silverside's PACE methodology for planning, acquiring, and changing collaboration tools and behaviors. Examples of collaboration scenarios for Kawasaki include using communities to improve product recalls/updates and special tool ordering processes. The presentation promotes announcing and rolling out a new intranet platform to the organization and shifting behaviors from individual to team and organizational collaboration.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
1. Shibboleth Development and Support Services
WAYFs and Discovery
Where Are You From and Where Do You Want to Go Next?
Ian Young and Rod Widdowson, SDSS
JISC CM Programme meeting, Windermere, 14-15 Nov. 2005
2. Shibboleth Development and Support Services
SDSS Project Goals
• Implement a development federation …
… to support other CM projects
… to participate in Internet2 development
… to convert EDINA services
• Gain experience relevant to the creation of a
UK production federation
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
4. Shibboleth Development and Support Services
The Discovery Problem
• User’s client approaches SP
• SP has no existing session
• “something magic happens”
• Result is that the SP’s authentication request
can reach the IdP
• IdP authenticates
• IdP sends response to SP
• SP authorises
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
5. Shibboleth Development and Support Services
Authentication Request
• A Shibboleth authentication request message is
just an HTTP GET with parameters:
– requesting entity
– return address
– resource name
– time (optional)
• Simple, unsigned, format means it can be
generated and relayed easily
• SAML 2.0 AuthenticationRequest complications
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
6. Shibboleth Development and Support Services
Discovery Techniques
• Traditional (centralised)
– WAYF-centric discovery
• Decentralised
– SP-centric discovery
– IdP-centric “discovery”
• Futuristic
– Client-centric discovery
JISC CM Programme Meeting, Windermere 14–15 November 2005 3
8. Shibboleth Development and Support Services
Traditional Model
• Federation defines communication boundary
• Collection of Identity Providers
• Collection of Service Providers
• Federation metadata lists entities
• Single central WAYF service
• Works well for “federation of me”
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
9. Shibboleth Development and Support Services
Model Failures
• Multiple identities
• Sub-federations
• Ad-hoc non-federations
• Portals
• Multiple Federations
– no single federation’s WAYF is appropriate
– multi-WAYF can help
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
11. Shibboleth Development and Support Services
SDSS WAYF Contributions
• All of this work is now in Internet2 CVS HEAD
• Bundled with next minor IdP release
• Target environments:
– central WAYF for a federation, but with support for
associated federations
– custom WAYF at individual SPs
– custom WAYF for group of SPs
• Drop-in replacement for existing WAYF
JISC CM Programme Meeting, Windermere 14–15 November 2005 6
12. Shibboleth Development and Support Services
SDSS-Contributed WAYF Extensions
• Multiple metadata files
• Handles 1.1/1.2 and new SAML 2.0 metadata
• Maintains SAML discovery cookie
• Multiple configurations in one deployment:
– different metadata subsets
– different “second visit” behaviour
– different filtering and listing behaviour
– different JSPs
JISC CM Programme Meeting, Windermere 14–15 November 2005 7
19. Shibboleth Development and Support Services
SP-centric Discovery
• In many cases, better than WAYF-centric discovery
• Service Provider often knows its community of users
– Particularly true for licensed content, where a real-world
contract will exist
– Contracts trump metadata
• Many possibilities, including:
– local custom WAYF
– custom application logic (e.g., IP address as hint)
– SAML discovery cookie (in 1.3 SP)
– combination approaches
JISC CM Programme Meeting, Windermere 14–15 November 2005 13
21. Shibboleth Development and Support Services
Application Logic
• For example, IP addresses as hints
• Many service providers know customer IP
address ranges because they are used for non-
Shibboleth authorization
• Good way of detecting (probably) local users
• IP address can only be a hint
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
22. Shibboleth Development and Support Services
SP SAML Cookie
• Built-in in 1.3 SP
• Maintained as list of most-recently used IdPs
• This helps you do your own application logic
• Or, can share cookie with local custom WAYF
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
23. Shibboleth Development and Support Services
IdP-centric “Discovery”
• Shibboleth is normally SP-first, but can be used
IdP-first
• Construct an authentication request on behalf
of desired SP and send it directly to the IdP
• IdP-first access makes the discovery problem
vanish
• Example: institutional portals
• MyAthens is a sophisticated version of this
JISC CM Programme Meeting, Windermere 14–15 November 2005 15
26. Shibboleth Development and Support Services
LSE Link to EIG
https://gate-test.library.lse.ac.uk/shibboleth/HS?
target=http%3A%2F
%2Feig.sdss.ac.uk%2Feiglogin-sso%3Fx
%3D68%26y%3D9%26logout_url%3Dhttp
%253A%252F%252Fedina.ac.uk%252Feig
%252Fshibb.shtml&shire=http%3A%2F
%2Feig.sdss.ac.uk
%2FShibboleth.shire&providerId=urn
%3Amace%3Aac.uk%3Asdss.ac.uk
%3Aprovider%3Aservice%3Aeig.sdss.ac.uk
JISC CM Programme Meeting, Windermere 14–15 November 2005 18
27. Shibboleth Development and Support Services
LSE Link to EIG
• https://gate-test.library.lse.ac.uk/shibboleth/HS
– providerId=urn:mace:ac.uk:sdss.ac.uk:provider:servic
e:eig.sdss.ac.uk
– shire=http://eig.sdss.ac.uk/Shibboleth.shire
– target=http://eig.sdss.ac.uk/eiglogin-sso
(with encoded parameters of its own)
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
28. Shibboleth Development and Support Services
IdP-centric “Discovery”
• User experience improved: direct from portal to
IdP, direct from there to SP
• Can capture links from a normal transaction
• BUT can be brittle: required link may change
• SP (1.3) can assist by providing session initiator
URL with a providerId parameter indicating
IdP
• Much simpler URL, much more robust
JISC CM Programme Meeting, Windermere 14–15 November 2005 19
29. Shibboleth Development and Support Services
Session Initiators
• SP deployers can assist with IdP-centric
discovery
• 1.3 SP allows definition of “session initiators”
– each session initiator has its own URL
• Session initiator allows parameter indicating IdP
– ?providerId=<IdP entity name>
• Portal link becomes much simpler
• Portal link much less likely to break over time
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
30. Shibboleth Development and Support Services
Client-centric Discovery
• The user knows their own identity (or identities)
• They could communicate this directly to their
client
• Discovery becomes simple selection between
available identities
• Pro: probably the best user experience
• Con: you need to change or extend the browser
JISC CM Programme Meeting, Windermere 14–15 November 2005 20
31. Shibboleth Development and Support Services
SAML 2.0 ECP
• “Enhanced Client or Proxy” profile of SAML 2.0
• So far, used in mobile phones and WAP
gateways
• No desktop implementations known at present
• May be possible to implement as a browser
plug-in
• If so, may be candidate for Shibboleth 2.0
• If not, probably won’t happen any time soon
JISC CM Programme Meeting, Windermere 14–15 November 2005 21
32. Shibboleth Development and Support Services
SAML 2.0 ECP Flow
• Client approaches SP, indicating PAOS ability
• SP responds with a SAML 2.0 AuthnRequest
• ECP code is triggered by this
• ECP interacts with the user to choose an IdP
• ECP relays AuthnRequest to chosen IdP
• ECP relays response to SP
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
33. Shibboleth Development and Support Services
SAML 2.0 ECP
• Pro:
– User experience improved
– Part of SAML 2.0
• Con:
– If browser modifications required, not likely to
happen soon
– If browser plug-in is adequate, user still needs to
acquire it
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
34. Shibboleth Development and Support Services
InfoCard
• Microsoft’s code name for one component of an
“Identity Metasystem”
• Due to be shipped in Windows Vista
• Based on WS-*, particularly WS-Trust, WS-
MetadataExchange and WS-SecurityPolicy
• Can move SAML security tokens around for Shibb
• User experience is like a wallet of plastic cards
• Each card represents an identity at a particular IdP
JISC CM Programme Meeting, Windermere 14–15 November 2005 22
35. Shibboleth Development and Support Services
InfoCard References
• Kim Cameron, Identity and Access Architect,
Microsoft
– http://www.identityblog.com/
– check out the “Laws of Identity” there
• Andy Harjanto, Program Manager, Microsoft
– http://blogs.msdn.com/andyhar/
JISC CM Programme Meeting, Windermere 14–15 November 2005 X
36. Shibboleth Development and Support Services
InfoCard Flow
• Client approaches SP
• SP returns HTML page containing an <object>
tag
• Identity selection user interface triggered
• InfoCard figures out which identities could work
• User selects required identity from those
• Client relays attribute assertion from selected
IdP to the SP
JISC CM Programme Meeting, Windermere 14–15 November 2005 23
38. Shibboleth Development and Support Services
InfoCard
• Pro:
– Excellent user experience
– Eventually, really wide deployment expected
– Good candidate for support in Shibboleth 2.0
• Con:
– Memories of Passport still colour discussion
– Non-Microsoft browser story is unclear as yet
– Complex, hard to implement all of it
– Timescale for significant adoption is post-Vista
JISC CM Programme Meeting, Windermere 14–15 November 2005 25
39. Shibboleth Development and Support Services
Conclusions
• Centralised WAYF-based discovery is an essential
backstop for now
• We can improve the WAYF
– but probably not much more
• There are better alternative approaches we can
deploy now
– SPs can implement more intelligent discovery
– Institutional portals can provide shortcuts
• Even better solutions in the future (1-2 years)
JISC CM Programme Meeting, Windermere 14–15 November 2005 26
40. Shibboleth Development and Support Services
Contacts
• Talk:
– Ian: ian@iay.org.uk
– Rod: rdw@steadingsoftware.com
• SDSS project:
– Web site: http://sdss.ac.uk/
– Contact: edina@ed.ac.uk
JISC CM Programme Meeting, Windermere 14–15 November 2005 27