Here at Veruscript, we have many edge case scenarios where we need fine-grained access controls in our academic journal publishing platform.
Therefore performing authorisation to a resource by analysing any number of arbitrary attributes allows for the application to scale appropriately. Known as Attribute-Based Access Control (ABAC), these attributes are evaluated regardless of context; This could be username, role, organisation, domain, time-of-day, country, is the Queen of England, because the sky is blue, etc.
It is why Security Voters are the recommended way to check for user permissions in Symfony applications. Security Voters provide a mechanism that has a small learning curve to set up these fine-grained restrictions in Symfony applications using attributes.
In the simplest case, only a minimal amount of setup and configuration is required, the main advantage over ACLs. In the most complex case, policies can be added or modified without significant changes to the codebase.
The talk will compare different access control paradigms: ABAC, RBAC and ACL, and will look into detail one specification for ABAC - Extensible Access Control Markup Language (XACML) and how this might be implemented in Symfony, for those considering a more "enterprise" use of Security Voters.
We like the architecture of our applications to revolve around the business logic, not around technical details (and especially not around the database).
In my team at Sky Network Services we use the Clean Architecture and it has given us a great deal of benefits: the business logic is explicit, we are free to change our technical decisions, the app is easy to test, working on it is faster and scalable, it’s hard to do the wrong thing, and many more.
But it comes at a cost, of course. In this talk I’ll tell you the story of our experience with Clean Architecture and give you some tips to get the most out of it.
Example Project
https://github.com/mattia-battiston/clean-architecture-example
Downloads
Online: https://goo.gl/DTxftJ
PDF: https://goo.gl/ZAtdBN
Powerpoint: https://goo.gl/D54wdZ (but you need to install these fonts to see it properly: https://goo.gl/iH8SO5)
GraphQL is a query language for APIs and a runtime for fulfilling those queries. It gives clients the power to ask for exactly what they need, which makes it a great fit for modern web and mobile apps. In this talk, we explain why GraphQL was created, introduce you to the syntax and behavior, and then show how to use it to build powerful APIs for your data. We will also introduce you to AWS AppSync, a GraphQL-powered serverless backend for apps, which you can use to host GraphQL APIs and also add real-time and offline capabilities to your web and mobile apps. You can follow along if you have an AWS account – no GraphQL experience required!
Level: Beginner
Speaker: Rohan Deshpande - Sr. Software Dev Engineer, AWS Mobile Applications
Easy enterprise application integration with RabbitMQ and AMQPRabbit MQ
VMware vFabric RabbitMQ Technical Webinar December 2010 by VMware engineer Emile Joubert. Covers common integration patterns, and how RabbitMQ makes these easily implemented, using AMQP as a communications mechanism.
You can view a recording of this presentation on YouTube: http://www.youtube.com/user/SpringSourceDev#p/c/5956C6D9EC319817/0/ABGMjX4K0D8
GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...luisw19
Originally designed by Facebook to allow its mobile clients to define exactly what data should be send back by an API and therefore avoid unnecessary roundtrips and data usage, GraphQL is a JSON based query language for Web APIs. Since it was open sourced by Facebook in 2015, it has undergone very rapid adoption and many companies have already switch to the GraphQL way of building APIs – see http://GraphQL.org/users.
However, with some many hundreds of thousands of REST APIs publicly available today (and many thousands others available internally), what are the implications of moving to GraphQL? Is it really worth the effort of replacing REST APIs specially if they’re successful and performing well in production? What are the pros/cons of using GraphQL? What tools / languages can be used for GraphQL? What about API Gateways? What about API design?
With a combination of rich content and hands-on demonstrations, attend this session for a point of view on how address these and many other questions, and most importantly get a better understanding and when/where/why/if GraphQL applies for your organisation or specific use case.
An edge gateway is an essential piece of infrastructure for large scale cloud based services. This presentation details the purpose, benefits and use cases for an edge gateway to provide security, traffic management and cloud cross region resiliency. How a gateway can be used to enhance continuous deployment, and help testing of new service versions and get service insights and more are discussed. Philosophical and architectural approaches to what belongs in a gateway vs what should be in services will be discussed. Real examples of how gateway services, built on top of Netflix's Open source project, Zuul, are used in front of nearly all of Netflix's consumer facing traffic will show how gateway infrastructure is used in real highly available, massive scale services.
Building Cloud-Native App Series - Part 2 of 11
Microservices Architecture Series
Event Sourcing & CQRS,
Kafka, Rabbit MQ
Case Studies (E-Commerce App, Movie Streaming, Ticket Booking, Restaurant, Hospital Management)
We like the architecture of our applications to revolve around the business logic, not around technical details (and especially not around the database).
In my team at Sky Network Services we use the Clean Architecture and it has given us a great deal of benefits: the business logic is explicit, we are free to change our technical decisions, the app is easy to test, working on it is faster and scalable, it’s hard to do the wrong thing, and many more.
But it comes at a cost, of course. In this talk I’ll tell you the story of our experience with Clean Architecture and give you some tips to get the most out of it.
Example Project
https://github.com/mattia-battiston/clean-architecture-example
Downloads
Online: https://goo.gl/DTxftJ
PDF: https://goo.gl/ZAtdBN
Powerpoint: https://goo.gl/D54wdZ (but you need to install these fonts to see it properly: https://goo.gl/iH8SO5)
GraphQL is a query language for APIs and a runtime for fulfilling those queries. It gives clients the power to ask for exactly what they need, which makes it a great fit for modern web and mobile apps. In this talk, we explain why GraphQL was created, introduce you to the syntax and behavior, and then show how to use it to build powerful APIs for your data. We will also introduce you to AWS AppSync, a GraphQL-powered serverless backend for apps, which you can use to host GraphQL APIs and also add real-time and offline capabilities to your web and mobile apps. You can follow along if you have an AWS account – no GraphQL experience required!
Level: Beginner
Speaker: Rohan Deshpande - Sr. Software Dev Engineer, AWS Mobile Applications
Easy enterprise application integration with RabbitMQ and AMQPRabbit MQ
VMware vFabric RabbitMQ Technical Webinar December 2010 by VMware engineer Emile Joubert. Covers common integration patterns, and how RabbitMQ makes these easily implemented, using AMQP as a communications mechanism.
You can view a recording of this presentation on YouTube: http://www.youtube.com/user/SpringSourceDev#p/c/5956C6D9EC319817/0/ABGMjX4K0D8
GraphQL as an alternative approach to REST (as presented at Java2Days/CodeMon...luisw19
Originally designed by Facebook to allow its mobile clients to define exactly what data should be send back by an API and therefore avoid unnecessary roundtrips and data usage, GraphQL is a JSON based query language for Web APIs. Since it was open sourced by Facebook in 2015, it has undergone very rapid adoption and many companies have already switch to the GraphQL way of building APIs – see http://GraphQL.org/users.
However, with some many hundreds of thousands of REST APIs publicly available today (and many thousands others available internally), what are the implications of moving to GraphQL? Is it really worth the effort of replacing REST APIs specially if they’re successful and performing well in production? What are the pros/cons of using GraphQL? What tools / languages can be used for GraphQL? What about API Gateways? What about API design?
With a combination of rich content and hands-on demonstrations, attend this session for a point of view on how address these and many other questions, and most importantly get a better understanding and when/where/why/if GraphQL applies for your organisation or specific use case.
An edge gateway is an essential piece of infrastructure for large scale cloud based services. This presentation details the purpose, benefits and use cases for an edge gateway to provide security, traffic management and cloud cross region resiliency. How a gateway can be used to enhance continuous deployment, and help testing of new service versions and get service insights and more are discussed. Philosophical and architectural approaches to what belongs in a gateway vs what should be in services will be discussed. Real examples of how gateway services, built on top of Netflix's Open source project, Zuul, are used in front of nearly all of Netflix's consumer facing traffic will show how gateway infrastructure is used in real highly available, massive scale services.
Building Cloud-Native App Series - Part 2 of 11
Microservices Architecture Series
Event Sourcing & CQRS,
Kafka, Rabbit MQ
Case Studies (E-Commerce App, Movie Streaming, Ticket Booking, Restaurant, Hospital Management)
The presentation from our online webinar "Design patterns for microservice architecture".
Full video from webinar available here: https://www.youtube.com/watch?v=826aAmG06KM
If you’re a CTO or a Lead Developer and you’re planning to design service-oriented architecture, it’s definitely a webinar tailored to your needs. Adrian Zmenda, our Lead Dev, will explain:
- when microservice architecture is a safe bet and what are some good alternatives
- what are the pros and cons of the most popular design patterns (API Gateway, Backend for Frontend and more)
- how to ensure that the communication between services is done right and what to do in case of connection issues
- why we’ve decided to use a monorepo (monolithic repository)
- what we’ve learned from using the remote procedure call framework gRPC
- how to monitor the efficiency of individual services and whole SOA-based systems.
( ReactJS Training - https://www.edureka.co/reactjs-redux-... )
This Edureka video on React Interview Questions and Answers will help you to prepare yourself for React Interviews. Learn about the most important React interview questions and answers and know what will set you apart in the interview process.
This video helps you to learn following topics:
1. General React
2. React Components
3. React Redux
4. React Router
A detailed overview of the laravel framework, created by Awulonu Obinna and presented at: Laravel Abuja.
Author details:
Twitter – https://www.twitter.com/awulonu_obinna
Facebook – https://www.facebook.com/awulonuobinna
GitHub – https://www.github.com/obinosteve
(Stephane Maarek, DataCumulus) Kafka Summit SF 2018
Security in Kafka is a cornerstone of true enterprise production-ready deployment: It enables companies to control access to the cluster and limit risks in data corruption and unwanted operations. Understanding how to use security in Kafka and exploiting its capabilities can be complex, especially as the documentation that is available is aimed at people with substantial existing knowledge on the matter.
This talk will be delivered in a “hero journey” fashion, tracing the experience of an engineer with basic understanding of Kafka who is tasked with securing a Kafka cluster. Along the way, I will illustrate the benefits and implications of various mechanisms and provide some real-world tips on how users can simplify security management.
Attendees of this talk will learn about aspects of security in Kafka, including:
-Encryption: What is SSL, what problems it solves and how Kafka leverages it. We’ll discuss encryption in flight vs. encryption at rest.
-Authentication: Without authentication, anyone would be able to write to any topic in a Kafka cluster, do anything and remain anonymous. We’ll explore the available authentication mechanisms and their suitability for different types of deployment, including mutual SSL authentication, SASL/GSSAPI, SASL/SCRAM and SASL/PLAIN.
-Authorization: How ACLs work in Kafka, ZooKeeper security (risks and mitigations) and how to manage ACLs at scale
State is managed within the component in which variables declared in function body. State can be changed. State can be accessed using “useState” Hook in functional components and “this.state” in class components. Hook is a new feature in react. To use this expression it’s essential to have good understanding of class components. State hold information that used for UI by browser.
https://www.ducatindia.com/javatraining/
React Class Components vs Functional Components: Which is Better?Fibonalabs
Earlier, class components were the only option to add states to components and manipulate the lifecycle. However, since the introduction of React Hooks, now we can add the same functionality to function components.
API Gateways are the well suited service for microservices architecture. It provides many security and performance related features along with reliability of the system. These slides explains what is API Gateway. What is microservices architecture, its benefits and how API Gateway empower this architecture. Further more API Gateway aggregation is explained with an example.
What is REST API? REST API Concepts and Examples | EdurekaEdureka!
YouTube Link: https://youtu.be/rtWH70_MMHM
** Node.js Certification Training: https://www.edureka.co/nodejs-certification-training **
This Edureka PPT on 'What is REST API?' will help you understand the concept of RESTful APIs and show you the implementation of REST APIs'. Following topics are covered in this REST API tutorial for beginners:
Need for REST API
What is REST API?
Features of REST API
Principles of REST API
Methods of REST API
How to implement REST API?
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
Building Cloud-Native App Series - Part 1 of 11
Microservices Architecture Series
Design Thinking, Lean Startup, Agile (Kanban, Scrum),
User Stories, Domain-Driven Design
Laravel is a free, open-source PHP web framework, created by Taylor Otwell and intended for the development of web applications following the model–view–controller (MVC) architectural pattern and based on Symfony.
Authorization is the process of giving someone permission to do or have something.
Table of Content
Introduction Authorization
Common Attacker Testing Authentication
Strategies For Strong Authentication
Access Control
The presentation from our online webinar "Design patterns for microservice architecture".
Full video from webinar available here: https://www.youtube.com/watch?v=826aAmG06KM
If you’re a CTO or a Lead Developer and you’re planning to design service-oriented architecture, it’s definitely a webinar tailored to your needs. Adrian Zmenda, our Lead Dev, will explain:
- when microservice architecture is a safe bet and what are some good alternatives
- what are the pros and cons of the most popular design patterns (API Gateway, Backend for Frontend and more)
- how to ensure that the communication between services is done right and what to do in case of connection issues
- why we’ve decided to use a monorepo (monolithic repository)
- what we’ve learned from using the remote procedure call framework gRPC
- how to monitor the efficiency of individual services and whole SOA-based systems.
( ReactJS Training - https://www.edureka.co/reactjs-redux-... )
This Edureka video on React Interview Questions and Answers will help you to prepare yourself for React Interviews. Learn about the most important React interview questions and answers and know what will set you apart in the interview process.
This video helps you to learn following topics:
1. General React
2. React Components
3. React Redux
4. React Router
A detailed overview of the laravel framework, created by Awulonu Obinna and presented at: Laravel Abuja.
Author details:
Twitter – https://www.twitter.com/awulonu_obinna
Facebook – https://www.facebook.com/awulonuobinna
GitHub – https://www.github.com/obinosteve
(Stephane Maarek, DataCumulus) Kafka Summit SF 2018
Security in Kafka is a cornerstone of true enterprise production-ready deployment: It enables companies to control access to the cluster and limit risks in data corruption and unwanted operations. Understanding how to use security in Kafka and exploiting its capabilities can be complex, especially as the documentation that is available is aimed at people with substantial existing knowledge on the matter.
This talk will be delivered in a “hero journey” fashion, tracing the experience of an engineer with basic understanding of Kafka who is tasked with securing a Kafka cluster. Along the way, I will illustrate the benefits and implications of various mechanisms and provide some real-world tips on how users can simplify security management.
Attendees of this talk will learn about aspects of security in Kafka, including:
-Encryption: What is SSL, what problems it solves and how Kafka leverages it. We’ll discuss encryption in flight vs. encryption at rest.
-Authentication: Without authentication, anyone would be able to write to any topic in a Kafka cluster, do anything and remain anonymous. We’ll explore the available authentication mechanisms and their suitability for different types of deployment, including mutual SSL authentication, SASL/GSSAPI, SASL/SCRAM and SASL/PLAIN.
-Authorization: How ACLs work in Kafka, ZooKeeper security (risks and mitigations) and how to manage ACLs at scale
State is managed within the component in which variables declared in function body. State can be changed. State can be accessed using “useState” Hook in functional components and “this.state” in class components. Hook is a new feature in react. To use this expression it’s essential to have good understanding of class components. State hold information that used for UI by browser.
https://www.ducatindia.com/javatraining/
React Class Components vs Functional Components: Which is Better?Fibonalabs
Earlier, class components were the only option to add states to components and manipulate the lifecycle. However, since the introduction of React Hooks, now we can add the same functionality to function components.
API Gateways are the well suited service for microservices architecture. It provides many security and performance related features along with reliability of the system. These slides explains what is API Gateway. What is microservices architecture, its benefits and how API Gateway empower this architecture. Further more API Gateway aggregation is explained with an example.
What is REST API? REST API Concepts and Examples | EdurekaEdureka!
YouTube Link: https://youtu.be/rtWH70_MMHM
** Node.js Certification Training: https://www.edureka.co/nodejs-certification-training **
This Edureka PPT on 'What is REST API?' will help you understand the concept of RESTful APIs and show you the implementation of REST APIs'. Following topics are covered in this REST API tutorial for beginners:
Need for REST API
What is REST API?
Features of REST API
Principles of REST API
Methods of REST API
How to implement REST API?
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
Building Cloud-Native App Series - Part 1 of 11
Microservices Architecture Series
Design Thinking, Lean Startup, Agile (Kanban, Scrum),
User Stories, Domain-Driven Design
Laravel is a free, open-source PHP web framework, created by Taylor Otwell and intended for the development of web applications following the model–view–controller (MVC) architectural pattern and based on Symfony.
Authorization is the process of giving someone permission to do or have something.
Table of Content
Introduction Authorization
Common Attacker Testing Authentication
Strategies For Strong Authentication
Access Control
JavaOne 2010: Building enterprise web applications with spring 3
Spring is an open source, lightweight Java framework that has become the de facto standard of Java enterprise application development. This session will adopt a learn-by-example approach that combines the philosophy and theory behind Spring with concrete code examples. You'll be walked through building a full-featured Spring 3.0 enterprise Web application end to end. The basics of the Spring framework, design patterns, and best practices will be picked up along the way. Topic to be covered topics include: Dependency Injection, Spring MVC, Spring DAO, Spring ORM, Spring AOP, and Spring Security. This session is intended for developers at any level who are interested in writing Spring or Spring MVC Web applications.
Access ControlThe term Access Control really alludes to the contr.pdfanandshingavi23
Access Control:
The term Access Control really alludes to the control over access to framework assets after a
client\'s record qualifications and character have been confirmed and access to the framework
allowed. For instance, a specific client, or gathering of clients, may just be allowed access to
specific records subsequent to signing into a framework, while at the same time being denied
access to every single other asset.
The term Access Control is something of an equivocal term. To some it could be deciphered as
controlling the entrance to a framework from an outer source (for instance controlling the login
procedure by means of which clients access a server or desktop framework). Truth be told, such
get to control is really alluded to as Authentication or Identity Verification and is not what is
implied by Access Control in this setting.
Mandatory Access Control
Mandatory Access Control (MAC) is the strictest of all levels of control. The outline of MAC
was characterized, and is essentially utilized by the administration.
Macintosh takes a progressive way to deal with controlling access to assets. Under a MAC
implemented environment access to all asset items, (for example, information records) is
controlled by settings characterized by the framework executive. All things considered, all
entrance to asset items is entirely controlled by the working framework taking into account
framework executive designed settings. It is unrealistic under MAC implementation for clients to
change the entrance control of an asset.
Mandatory Access Control is by a wide margin the most secure access control environment yet
does not come without a cost. Firstly, MAC requires a lot of arranging before it can be
successfully executed. Once actualized it likewise forces a high framework administration
overhead because of the need to always redesign protest and record marks to suit new
information, new clients and changes in the order and arrangement of existing clients.
Required Access Control starts with security names doled out to all asset objects on the
framework. These security names contain two bits of data - an arrangement (top mystery,
classified and so on) and a classification (which is basically a sign of the administration level,
division or venture to which the article is accessible).
Additionally, every client account on the framework likewise has arrangement and classification
properties from the same arrangement of properties connected to the asset objects. At the point
when a client endeavors to get to an asset under Mandatory Access Control the working
framework checks the client\'s grouping and classifications and looks at them to the properties of
the item\'s security mark. On the off chance that the client\'s accreditations coordinate the MAC
security name properties of the item get to is permitted. It is essential to note that both the
grouping and classes must match. A client with top mystery characterization, for instance, can\'t
get to a.
Whether you build software for enterprises, mobile, or internal microservices, security is important. Standards like SAML, OIDC, and SPIFFE help you solve identity and authentication, but for them authorization is out of scope. When you need to control "who can do what" in your app, you are on your own.
To solve authorization, you may be tempted to hardcode logic against SAML assertions, scopes, or X.509 certificate attributes. But, approaches like this lead to systems that are hard to understand and painful to maintain.
This talk shows how to leverage the Open Policy Agent (which is used by companies like Netflix and Chef) to build a powerful authorization system on top of industry-standard authentication protocols. The talk showcases how decoupling leads to authorization solutions that are easier to understand while enabling fine-grained control over the app.
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...David Brossard
During Nordic APIs 2024, I discussed the different authorization approaches to securing APIs. Much like authentication (via OAuth and other) is externalized from the API, so should authorization. There are different options ranging from ABAC (attribute-based access control) to ReBAC (relationship-based access control).
This presentation talks about the OWASP challenges developers are faced with and how externalized authorization can help address them in a clean and efficient way. We also look into an example of fine-grained authorization using ALFA, the Abbreviated Language For Authorization.
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13.
Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
API Security in a Microservice ArchitectureMatt McLarty
This presentation was given at the O'Reilly Software Architecture Conference in New York on Feb. 28, 2018. It gives an overview of the new book, Securing Microservice APIs. Download available here: https://transform.ca.com/API-securing-microservice-apis-oreilly-ebook.html
Top 7 Unique WhatsApp API Benefits | Saudi ArabiaYara Milbes
Discover the transformative power of the WhatsApp API in our latest SlideShare presentation, "Top 7 Unique WhatsApp API Benefits." In today's fast-paced digital era, effective communication is crucial for both personal and professional success. Whether you're a small business looking to enhance customer interactions or an individual seeking seamless communication with loved ones, the WhatsApp API offers robust capabilities that can significantly elevate your experience.
In this presentation, we delve into the top 7 distinctive benefits of the WhatsApp API, provided by the leading WhatsApp API service provider in Saudi Arabia. Learn how to streamline customer support, automate notifications, leverage rich media messaging, run scalable marketing campaigns, integrate secure payments, synchronize with CRM systems, and ensure enhanced security and privacy.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
1. How to approach authorisation within your
Symfony or PHP application.
Adam Elsodaney
Attribute-Based Access
Control in Symfony
Symfony UK Meetup 30 August 2018
10. Implementing RBAC:
Probably the most common variant of authorization is role-based
access control (RBAC). As the name implies,
• Users are assigned roles
• Roles are assigned permissions.
• Users inherit the permission for any roles they have been assigned.
• Actions are validated for permissions.
“
https://martinfowler.com/articles/web-security-basics.html
18. …and/or permissions
inherit the permissions
from other roles via a
hierarchy.
Reject Article
Submission
PERMISSION
Approve Article
Submission
PERMISSION
Make Decision
on Submission
PERMISSION
Do WTH you want
with submissions
PERMISSION
Leave abusive Linus-
Torvalds-style comments
PERMISSION
Administrate journal
PERMISSION
Like Sylius RBAC
19.
20. $ composer require sylius/rbac
$ composer require sylius/rbac-bundle
Install for Symfony apps
Install for non-Symfony apps
21. Consider RBAC When
• Permissions are relatively static.
• Roles in your policies actually map reasonably to roles within your
domain, rather than feeling like contrived aggregations of
permissions.
• There isn't a terribly large number of permutations of permission,
and therefore roles that will have to be maintained.
• You have no compelling reason to use one of the other options.
“
https://martinfowler.com/articles/web-security-basics.html
22. Shortcomings of RBAC
1. Cannot grant permissions per-resource, only by resource type.
2. Does not scope resource properties.
24. How to Use Access Control Lists (ACLs):
In complex applications, you will often face the problem that access
decisions cannot only be based on the person (Token) who is
requesting access, but also involve a domain object that access is
being requested for. This is where the ACL system comes in.
“
https://symfony.com/doc/3.4/security/acl.html
25. ACL
ACE
his hers
ACE
ACE
ACL
ACE ACE
ACE
Access Control Lists (ACL)
First, check if the
domain object requested
has an associated ACL.
Each ACL contains one or
more Access Control
Entries (ACEs)
that defines specific
permissions for the ACL’s
resource.
26. ACL
ACE ACE
ACE
Second, check the
domain as a whole.
ACE
ACLs can be
associated
with both objects
(entities)
and domains
(classnames).
28. Using the Symfony ACL
1. Install Bundle
$ composer require symfony/acl-bundle
2. Configure
3. Initialise
29.
30. acl_entries table
• id
• class
• object identity
• security identity
• field name
• ACE order
• mask
• is granting
• granting strategy
• audit success
• audit failure
31.
32.
33.
34.
35.
36. As the boss of this website
I should be able to edit a particular message posted
In order to moderate the content
37.
38.
39. As the boss of this website
I should be able to edit
a particular message all messages posted
In order to moderate the content
40.
41.
42. Alternatives to ACLs
Using [ACLs] isn't trivial, and for simpler use cases, it may be overkill.
If your permission logic could be described by just writing some code
(e.g. to check if a Blog is owned by the current User), then consider
using voters. A voter is passed the object being voted on, which you can
use to make complex decisions and effectively implement your own
ACL. Enforcing authorization (e.g. the isGranted() part) will look
similar to what you see in this article, but your voter class will handle
the logic behind the scenes, instead of the ACL system.
“
https://symfony.com/doc/3.4/security/acl.html
44. Security Voters provide a mechanism to set up
fine-grained restrictions in Symfony applications.
The main advantage over ACLs is that they are
an order of magnitude easier to set up, configure
and use.
“
http://symfony.com/blog/new-in-symfony-2-6-simpler-security-voters
45. In Symfony, an authorisation decision will
always be based on the following:
TOKEN
When a user is authenticated
(identified) they will receive a
token from the firewall to hand
over to the access control in the
authorisation step.
We can get the user’s identity
from the token.
SET OF
ATTRIBUTES
Each attribute stands for a
certain right the user
should have.
Eg. Role, Order Number,
Email Address,Time of Day
RESOURCE
Any object for which access
control needs to be checked,
like an article or a comment
object (or a piggy bank
object containing bitcoins)
57. Finally, declare the service and it is ready to use.
In this example, the customer who make a purchase order did so without
creating an account or logging in, but would still need be able to access their
order details on the website.
58. Shortcomings of Symfony Voters
1. Not necessarily runtime capable - Still requires
writing code for access rules, unless you implement
a Voter that loads its rules from the database.
60. [What is XACML?]
XACML (eXtensible Access Control Markup Language) offers a
standardized way to achieve externalized and dynamic authorization.
This means that authorization decisions are made by an authorization
service at run-time based on policies which determine what actions a
user or service can perform on a given information asset and in a
specific context.
“
https://www.axiomatics.com/100-pure-xacml/
62. XACML Administration
Policy
Data
PAP
• Create, View, Delete policies
• Version policies on Update
• Evaluate policies before committing
Policy Administration Point (PAP)
(Very similar to the IAM in Amazon Web Services)
policy
policy set
64. PolicySet
Policy PolicySetPolicy
Rule Rule
Rule Rule
Rule Rule
Rule Rule
Policy
Policy
Policy Sets contain a collection
of Policies.
They may also contain or
reference other Policy Sets.
However, the Decision Point
will only evaluate at Policy level.
Rules are never
evaluated by themselves.
XACML 3.0 Policies
65. Targets and Rules
Part of what [the] XACML PDP [Policy Decision Point] needs to do is find a policy
that applies to a given request. To do this, XACML provides another feature called a
Target.
A Target is basically a set of simplified conditions for the Subject, Resource and Action
that must be met for a PolicySet, Policy or Rule to apply to a given request.
If all the conditions of a Target are met, then its associated PolicySet, Policy, or Rule
applies to the request.
In addition to being a way to check applicability, Target information also provides a
way to index policies, which is useful if you need to store many policies and then
quickly sift through them to find which ones apply.
“
https://www.axiomatics.com/100-pure-xacml/
66. Policy A
Request
Policy B
Policy C
Policy D
Policy E
Policy F
Policy G
A Request must be matched to a
Policy
This is done using Targets
70. XACML 3.0 Rule Example
* The XACML syntax is more verbose than what you see here.
71. Understanding XACML
combining algorithms
If a policy contains multiple
rules, and the rules return
different decisions e.g.
Permit and Deny, what should
the policy return? Permit? Deny?
Neither?
“
https://www.axiomatics.com/blog/understanding-xacml-combining-algorithms/
Policy
Rule
Rule
Rule
Rule
72. XACML 3.0 Rule-Combining
and Policy-Combining Algorithms
deny-overrides
permit-overrides
first-applicable
behaves like AccessDecisionManager Strategies in Symfony
only-one-applicable (policy only)
ordered-permit-overrides
deny-unless-permit
permit-unless-deny
ordered-deny-overrides
R1 R2 R3 D
P
D
D
P
P
D
73. XACML 3.0 Policy Example
* The XACML syntax is more verbose than what you see here.
74. Conditions
<!-- Only allow logins from 9am to 5pm -->
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-equal"
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeSelector DataType="http://www.w3.org/2001/XMLSchema#time"
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">09:00:00</AttributeValue>
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equal"
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeSelector DataType="http://www.w3.org/2001/XMLSchema#time"
AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time"/>
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">17:00:00</AttributeValue>
</Apply>
</Condition>
Allow only logins between 9am and 5pm.
75. Conditions
<!-- Only allow logins from 9am to 5pm -->
<Condition FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-greater-than-or-
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeSelector DataType="http://www.w3.org/2001/XMLSchema#t
AttributeId="urn:oasis:names:tc:xacml:1.0:en
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">09:00:00</A
</Apply>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-less-than-or-equ
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
<EnvironmentAttributeSelector DataType="http://www.w3.org/2001/XMLSchema#t
AttributeId="urn:oasis:names:tc:xacml:1.0:en
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">17:00:00</A
</Apply>
</Condition>
Allow only logins between 9am and 5pm.
Apply
Apply
and
Condition
76. current-time
time-one-
and-only:
time-less-than-or-equal:
17:00:00
Conditions
<!-- Only allow logins from 9am to 5pm -->
<Condition f="and">
<Apply f="time-greater-than-or-equal"
<Apply f="time-one-and-only">
<EnvironmentAttributeSelector
DataType="#time"
AttributeId="environment:current-time"/>
</Apply>
<AttributeValue
DataType="#time">09:00:00</AttributeValue>
</Apply>
<Apply f="time-less-than-or-equal"
<Apply f="time-one-and-only">
<EnvironmentAttributeSelector
DataType=“#time"
AttributeId="environment:current-time"/>
</Apply>
<AttributeValue
DataType=#time">17:00:00</AttributeValue>
</Apply>
</Condition>
Condition
current-time
time-one-
and-only:
time-greater-than-or-equal:
* The XACML markup above has been condensed for
brevity
09:00:00
and
78. What’s a XACML Obligation?
The XACML standard defines the concept of obligations which are
elements which can be returned along with a XACML decision (either
of Permit or Deny) in order to enrich that decision. Obligations are
triggered on either Permit or Deny. The Policy Enforcement Point
[PEP] must implement and enforce obligations. If it fails to do so, it
must deny access to the requested resource (in the case of a Permit).
“
https://www.webfarmr.eu/2015/02/tgif-xacml-whats-a-xacml-obligation/
79. Examples of Obligations
• Auditing - Log when an action was
performed on a resource.
• Security Checkup - Ask the user to review
their 2FA details after a remembered login.
• Security Lockdown - If credentials entered
incorrectly multiple times.
• Break-the-Glass Scenario - Medical
records may need to be accessed in
emergency situations, regardless of what
permissions were granted.
80. Shortcomings of XACML
• XACML syntax is very verbose.
• Is complex, though it better describes
business requirements than ACL when rules
are persisted.
• Somewhat limited resources, or non-concise.
• Perhaps overkill and Enterprise-y™ …?
83. • Symfony Voters solve 80%
of your requirements for
20% of the work.
SUMMARY
• XACML would solve 100% of your
requirements, would scale well, is
designed for runtime and is
enterprise-capable, but the
learning curve is steep, and there
are no well established tools in
PHP.
• RBAC is not compatible with single
entities.
• ACL is compatible with single
entities, but is non-trivial.
84. Thank you for listening
Adam Elsodaney
LEAD DEVELOPER
ACL Demo
https://github.com/adamelso/acland
Slides
github.com/adamelso/symfony-uk-meetup-2018-08-30-access-control
adam@veruscript.com
@ArchFizz @Veruscript
www.veruscript.com
Publish high-quality, cost-effective
journals with our publishing services