Loggin in to a website seems easy. But what seems so simple, is only easy as long as the website is based on a monolith in the background. But what happens, if there are lots of microservices at work? How do the microservices know that the user is who he is and how can this be achieved efficiently? The use of JSON Web Tokens (JWT) can be a solution.
Presentation from the 2017 microXchg Conference in Berlin.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
My presentation from Nordic APIs 2014 in Stockholm, Sweden.
How can the architecture of one API platform look like? How can you break down things to make this challenge easier?
Your Developer Portal is the primary interface that developers will have with your company’s product. So what does your developer portal say about you? We’ll share what we’ve learned at BigCommerce about redesigning a developer portal that helps your developers–and your company–meet their goals.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
My presentation from Nordic APIs 2014 in Stockholm, Sweden.
How can the architecture of one API platform look like? How can you break down things to make this challenge easier?
Your Developer Portal is the primary interface that developers will have with your company’s product. So what does your developer portal say about you? We’ll share what we’ve learned at BigCommerce about redesigning a developer portal that helps your developers–and your company–meet their goals.
Building Cloud-Native App Series - Part 11 of 11
Microservices Architecture Series
Service Mesh - Observability
- Zipkin
- Prometheus
- Grafana
- Kiali
API Management within a Microservice ArchitectureWSO2
This slide deck will discuss API management's role in a microservices ecosystem. It will discuss the purpose of edge gateways and proxies and how that complements a well defined API management layer.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
This slide deck explores the impact of MSA on API strategies and designs and the possible changes in API design and deployment, API security, control and monitoring, and CI/CD.
Watch recording: https://wso2.com/library/webinars/2018/09/apis-in-a-microservice-architecture
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
YOW2018 - Events and Commands: Developing Asynchronous MicroservicesChris Richardson
The microservice architecture functionally decomposes an application into a set of services. Each service has its own private database that’s only accessible indirectly through the services API. Consequently, implementing queries and transactions that span multiple services is challenging.
In this presentation, you will learn how to solve these distributed data management challenges using asynchronous messaging. I describe how to implement transactions using sagas, which are sequences of local transactions, coordinated using messages. You will learn how to implement queries using Command Query Responsibility Segregation (CQRS), which uses events to maintain replicas. I describe how to use event sourcing, which is an event-centric approach to business logic and persistence, in a microservice architecture.
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...HostedbyConfluent
Saxo Bank is on a growth journey and Kafka is a critical component to that success. Securing our financial event streams is a top priority for us and initially we started with an on-prem Kafka cluster secured with (the de-facto) Kerberos. However, as we modernize and scale, the demands of hybrid cloud, multiple domains, polyglot computing and Data Mesh require us to also modernize our approach to security. In this talk, we will describe how we took the default (non-production ready) Kafka OAuth implementation and productionized it to work with Kafka in Azure Cloud, including the Kafka stack and clients. By enabling both Kerberos and OAuth running on-prem and in the cloud, we now plan to gracefully retire Kerberos from our estate.
What does it take to get an application into production? Many processes, tools and automation surround that application to deliver it to the customer. As it becomes more common for development teams to autonomously deliver and run their software, the focus of the traditional operational teams shifts towards an as-a-service mindset. But how is such a team positioned within the company? And is Platform Engineering any different from Software Engineering?
In this talk I’ll share my experiences as a platform engineer and explain why I believe that every company should be conscious about why and how to setup this responsibility. I’ll also discuss the biggest challenges surrounding it - and how to tackle them.
Architecting an Enterprise API Management StrategyWSO2
A good internal and external API management strategy and architecture is key to building ecosystem platforms that lead to successful API economies in the enterprise. This workshop will look at best practices in API management using the WSO2 API Manager and Integration Platform products, which are used to rapidly implement RESTful design, enforce governance policies, safely scale solutions, orchestrate complex interaction sequences, and re-use assets. The session will also look at reference architectures and architectural recommendations of building large scale API ecosystems.
Director - Solutions Architecture at WSO2, Mifan Careem presented this session at APIdays Sydney 2015.
This slide deck explores the challenges of securing microservices, best practices to overcome them, and how WSO2 Identity Server can be used in microservice architecture.
Watch webinar recording here: https://wso2.com/library/webinars/2018/09/the-role-of-iam-in-microservices/
As an enterprise IT professional, Service provider, ISP or Systems Integrator you may be wondering where all the hype is going with blockchain?
The session will cover topics such as.
• What exactly is Enterprise Blockchain technology and why is so disruptive?
• Why are companies are embracing Blockchain technologies?
• Overview of major Enterprise Blockchains (Hyperledger, Ethereum, Quorum and R3 Corda)
• What are the industries that are ripe for disruption from Blockchain Technology?
• What is Blockchain as a Service (BaaS) and why as an IT Professional you should understand this technology.
• The top five areas that IT professionals and should learn to profit from Blockchain
MyBlockChainExperts
Building Cloud-Native App Series - Part 11 of 11
Microservices Architecture Series
Service Mesh - Observability
- Zipkin
- Prometheus
- Grafana
- Kiali
API Management within a Microservice ArchitectureWSO2
This slide deck will discuss API management's role in a microservices ecosystem. It will discuss the purpose of edge gateways and proxies and how that complements a well defined API management layer.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
This slide deck explores the impact of MSA on API strategies and designs and the possible changes in API design and deployment, API security, control and monitoring, and CI/CD.
Watch recording: https://wso2.com/library/webinars/2018/09/apis-in-a-microservice-architecture
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
The practical DevSecOps course is designed to help individuals and organisations in implementing DevSecOps practices, to achieve massive scale in security. This course is divided into 13 chapters, each chapter will have theory, followed by demos and any limitations we need to keep in my mind while implementing them.
More details here - https://www.practical-devsecops.com/
YOW2018 - Events and Commands: Developing Asynchronous MicroservicesChris Richardson
The microservice architecture functionally decomposes an application into a set of services. Each service has its own private database that’s only accessible indirectly through the services API. Consequently, implementing queries and transactions that span multiple services is challenging.
In this presentation, you will learn how to solve these distributed data management challenges using asynchronous messaging. I describe how to implement transactions using sagas, which are sequences of local transactions, coordinated using messages. You will learn how to implement queries using Command Query Responsibility Segregation (CQRS), which uses events to maintain replicas. I describe how to use event sourcing, which is an event-centric approach to business logic and persistence, in a microservice architecture.
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...HostedbyConfluent
Saxo Bank is on a growth journey and Kafka is a critical component to that success. Securing our financial event streams is a top priority for us and initially we started with an on-prem Kafka cluster secured with (the de-facto) Kerberos. However, as we modernize and scale, the demands of hybrid cloud, multiple domains, polyglot computing and Data Mesh require us to also modernize our approach to security. In this talk, we will describe how we took the default (non-production ready) Kafka OAuth implementation and productionized it to work with Kafka in Azure Cloud, including the Kafka stack and clients. By enabling both Kerberos and OAuth running on-prem and in the cloud, we now plan to gracefully retire Kerberos from our estate.
What does it take to get an application into production? Many processes, tools and automation surround that application to deliver it to the customer. As it becomes more common for development teams to autonomously deliver and run their software, the focus of the traditional operational teams shifts towards an as-a-service mindset. But how is such a team positioned within the company? And is Platform Engineering any different from Software Engineering?
In this talk I’ll share my experiences as a platform engineer and explain why I believe that every company should be conscious about why and how to setup this responsibility. I’ll also discuss the biggest challenges surrounding it - and how to tackle them.
Architecting an Enterprise API Management StrategyWSO2
A good internal and external API management strategy and architecture is key to building ecosystem platforms that lead to successful API economies in the enterprise. This workshop will look at best practices in API management using the WSO2 API Manager and Integration Platform products, which are used to rapidly implement RESTful design, enforce governance policies, safely scale solutions, orchestrate complex interaction sequences, and re-use assets. The session will also look at reference architectures and architectural recommendations of building large scale API ecosystems.
Director - Solutions Architecture at WSO2, Mifan Careem presented this session at APIdays Sydney 2015.
This slide deck explores the challenges of securing microservices, best practices to overcome them, and how WSO2 Identity Server can be used in microservice architecture.
Watch webinar recording here: https://wso2.com/library/webinars/2018/09/the-role-of-iam-in-microservices/
As an enterprise IT professional, Service provider, ISP or Systems Integrator you may be wondering where all the hype is going with blockchain?
The session will cover topics such as.
• What exactly is Enterprise Blockchain technology and why is so disruptive?
• Why are companies are embracing Blockchain technologies?
• Overview of major Enterprise Blockchains (Hyperledger, Ethereum, Quorum and R3 Corda)
• What are the industries that are ripe for disruption from Blockchain Technology?
• What is Blockchain as a Service (BaaS) and why as an IT Professional you should understand this technology.
• The top five areas that IT professionals and should learn to profit from Blockchain
MyBlockChainExperts
Dejan Podgorsek - Is Hyperledger Fabric secure enough for your Business?Hacken_Ecosystem
HackIT is an annual cybersecurity conference that gathers the best technical researchers and top players in the cybersecurity industry to explore cutting-edge technologies together. In 2018, HackIT focused on the use of blockchain technology.
Join our community:
Website - https://hacken.live/hackit-slideshare
Twitter - https://hacken.live/twitter_hackit
Facebook - https://hacken.live/facebook_hackit
Instagram - https://hacken.live/instagram_hackit
Reddit - https://hacken.live/reddit
Telegram community - https://hacken.live/tg-hackit
#hackit #cybersecurity #blockchain #hacking
Building an Effective Architecture for Identity and Access Management.pdfJorge Alvarez
La seguridad es omnipresente, en la casa, trabajo, teléfono, por lo que como individuos utilizamos diferentes mecanismos de desbloqueo: contraseñas, patrones, huellas, reconocimiento facial. ¡Tantos sistemas, proveedores de seguridad y mecanismos de desbloqueo! ¿Y ahora quién podrá ayudarnos?
Securing Web Applications with Token AuthenticationStormpath
In this presentation, Java Developer Evangelist Micah Silverman demystifies HTTP Authentication and explains how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale.
Topics Covered:
Security Concerns for Modern Web Apps
Cross-Site Scripting Prevention
Working with 'Untrusted Clients'
Securing API endpoints
Cookies
Man in the Middle (MitM) Attacks
Cross-Site Request Forgery
Session ID Problems
Token Authentication
JWTs
Working with the JJWT library
End-to-end example with Spring Boot
APIs: Intelligent Routing, Security, & ManagementNGINX, Inc.
Kevin Jones, Global Consulting Engineer from NGINX San Francisco, preseentation about how to accelerate your journey to microservices with a modernised full API lifecycle management solution. Learn how to cut costs, improve performance, and reduce load on API endpoints. This presentation, covers:
All elements of full lifecycle management including API creation, securing your backend infrastructure, managing traffic, and ongoing monitoring.
Innovative architecture that doesn't involve additional microgateways to process API calls
Differentiated pricing model that does not penalize API adoption
Stormpath Java Developer Evangelist, Micah Silverman, takes a deep dive into using JWTs to protect microservices from CSRF and more. Micah will explain how JWTs can be used to secure web applications built with Java, OAuth2 and JWTs, and 'unsafe' clients, while supporting security best practices and even improving application performance and scale.
A fast paced review of blockchain technology, applications, architectural characteristics and programming, using Ethereum as the main example.
Presented at the JAX London 2017 conference.
Standard Provenance Reporting and Scientific Software Management in Virtual L...njcar
The Virtual Hazards Impact & Risk Laboratory (VHIRL) is a scientific workflow portal that provides researchers with access to a cloud computing environment for natural hazards eResearch tools. It allows researchers to construct experiments with data from a variety of sources and execute cloud computing processes for rapid and remote simulation and analysis. The service currently includes tools for the simulation of three major hazards affecting the Asia-Pacific region: earthquakes, tsunamis and tropical cyclones.
For scientific results, the establishment of provenance is key to reproducibility and trust. Thus the need for any virtual laboratory to provide provenance information for the tasks it manages is obvious, but the appropriate way to report and manage provenance information is not always so straightforward. Many virtual laboratories and workflow systems provide bespoke provenance management with a focus on internal system use. This has clear benefits for reproducibility within the system, but it limits the interoperability of systems. For VHIRL, a provenance solution was required that was as
interoperable with other, external, provenance systems as possible.
A related common issue facing workflow tools and virtual laboratories is the need to manage software code. With this comes well-known issues associated with code sharing: licensing, source code management, version management and dependency resolution. There are a wide selection of commonly used tools to help solve these problems, for example Git and Subversion.
A key goal of VHIRL was to externalise as much information management as was reasonable. VHIRL is a virtual laboratory: it is not designed to be a data store, software repository, or records management system. A solution was required that could hand off the management of provenance records and code to external services, with links between them, other data services and VHIRL jobs where appropriate.
Scientific software can be quite complicated and systems for managing dependencies and source vary from system to system. In order to provide the least friction for authors of software, we designed a system called the Scientific Software Solution Centre (SSSC) to manage solutions to scientific problems and deliver the solution templates, code and dependencies that enable them for use in VHIRL and other Virtual Laboratories and applications.
The ColdBox cbsecurity module is a collection of modules to help secure your ColdBox applications. In this session, we will explore all the features behind CBSecurity 3. We will build an application using the module to showcase authentication, authorization, and JWT authentication.
https://coldbox-security.ortusbooks.com/
https://intothebox.org
https://cfcasts.com/
Case Studies on STORK, IDAP, & eID. Led by Zaeher Rachid, lead access management and OpenAM engineer at Paradigmo and Wouter Vandenbussche
Identity And Access Management Consultant, Global Consulting and Integration Services | Verizon Enterprise Solutions
Similar to Authorization and Authentication in Microservice Environments (20)
LeanIX Virtual Workspaces make it possible for enterprises to operate across a shared IT inventory while setting specific access rights to protect confidential data or reducing the complexity of a workspace for certain business units.
Check out our overview where we cover best practices, tips and tricks for Virtual Workspaces use cases.
How to reduce complexity by segregating your data with Virtual WorkspacesLeanIX GmbH
LeanIX Virtual Workspaces make it possible for enterprises to operate across a shared IT inventory while setting specific access rights to protect confidential data or reducing the complexity of a workspace for certain business units. LeanIX admins now have the ability to decide which users can access Fact Sheets and to segment their workspaces according to e.g. enterprise brands or business units—all while e.g. keeping a common Business Capability model intact. The new feature is based on a flexible concept using Access Control Entities (ACEs) and Access Control Lists, and a group-view is available built-in to allow for centralized analyses.
Gartner EA: The Rise of Data-driven ArchitecturesLeanIX GmbH
LeanIX CEO André Christ's presentation from the 2019 Gartner Enterprise Architecture & Technology Innovation Summit in Orlando: Changing demands on Enterprise Architects require different approaches to tooling. The need to provide fast, smart answers to challenging business questions means switching from diagram-driven to data-driven architecture. The switch takes architecture from being used by the few, to a point where your whole organization is benefiting from and using the architecture you create every day!
Application Harmonisation using Design Principles in LeanIXLeanIX GmbH
Rainer Bartsch, Senior Enterprise Architect at RWE/Innogy give insights into Application Harmonization at EA Connect Days 2018 in Bonn: The Energy Trading business has been changing from high to low margins, from long running contracts to highly volatile (intraday) markets, from a few big players to many smaller market participants and to a business model that requires us to approach new markets and opportunities around the globe.
Such constant business change, over time, results in a quite diverse IT landscape using all kinds of technologies and a hell of a lot of people to keep it running. This obviously is adverse business change but what can I do to harmonise my IT environment or prevent to get into such a situation? For sure, it doesn’t happen by accident or just by having a bunch of good developers, a set of architecture guidelines and tools!
Bartsch demonstrated RWE's approach to application harmonisation based on a business & IT commitment to deliver IT solutions against a set of 10 Design Principles. This includes LeanIX as our application inventory and two different examples on how to cover Design Principles, first as Custom Tags and second as Custom Fact Sheets.
Effective EAM: whet your appetite & deliver solutionsLeanIX GmbH
Peter Tubak, IT Architect at Messe München and Inge Hanschke, General Manager at Lean42 explored in this presentation held at EA Connect Days 2018 in Bonn how to overcome hurdles during the initial introduction of Enterprise Architecture Management at Messe München.
Lean EAM with the Microservices Add-on and the Signavio IntegrationLeanIX GmbH
Presentation by Thorsten Düvelmeyer, Solution Architect at Hermes at EA Connect Days 2018 in Bonn. Hermes started visualizing their IT landscape in LeanIX with the goal of breaking up silos and supporting a collaborative approach on optimization of their application portofolio.
To have a wider level of informationen they decided to include processses and microservices within their data and visualizations: both delivered by standard integrations.
At EA Connect Days 2018 in Bonn, LeanIX CEO André Christ talked about his vision for the future of Enterprise Architecture new features and the roadmap for LeanIX.
Application Rationalization with LeanIXLeanIX GmbH
In this presentation from EA Connect Days 2018 in Bonn you learn about the benefits of Application Rationalization and how to optimize your Application Portfolio with LeanIX.
In this presentation from EA Connect Days 2018 in Bonn you will find out how to import and export your Enterprise Architecture data to and from the LeanIX Inventory.
In this presentation from EA Connect Days 2018 in Bonn the LeanIX Microservices Integration is examined. Find out what the benefits are and how to set it up.
How to set up a Lean Standards GovernanceLeanIX GmbH
Presentation from EA Connect Days 2018 in Bonn. Learn how to set up a lean standards governance with the help of an Enterprise Architecture tool incorporating surveys, relevant reports and an integration with Technopedia.
Presentation by Thomas Schreiner, Senior Manager Enterprise Architecture Management at Fresenius at EA Connect Days 2018 in Bonn: Managing an Enterprise Architecture function with thousands of applications requires high operational efficiency, supported by a strong tool. To get the most out of LeanIX, Fresenius has built an extensive set of add-ons and enhancements, some of were presented in this talk. This includes:
- A news feed application
- Custom notifications
- Excel integration via Get & Transform, formerly “Power Query”
- Automated daily snapshots and survey downloads
- Ruby interface to navigate and operate on the full LeanIX meta model
Moving EA - from where we are to where we should beLeanIX GmbH
Presentation held by Dr. Stefan Zerbe, ITM at EA Connect Days 2018 in Bonn. While EA (enterprise architecture) is a well-known discipline many business organizations struggle with maturity of their corporate EA practice. But even companies that stopped EA activities in recent years now relaunch EA, in order to tackle challenges resulting from digital transformation, regulatory pressure and increasing IT complexity. This presentation builds on lessons learned from companies working with EA and refocuses the EA value proposition in order to meet business expectations. It highlights the importance to extent EA thinking to business units and explains collaboration modelsto engage both, business and IT architecture specialists as well as managers, in joint architecture activities based on a real project example. From a business-oriented perspective on EA, the presentation picks up the discussion regarding a new agile mindset for EA architects and presents new ideas for tool sets to support EA work in corporations.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
2. Overview
2Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Introduction
• What’s the problem anyway?
• And how exactly do JSON Web Tokens help here?
• What are JSON Web Tokens?
• Some examples
• Mind the gap
• JWS vs. JWE
4. LeanIX helps companies to manage and
optimize their IT Architecture
4Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Current IT Architecture Create Transparency Optimize IT Architecture
• Missing information (e.g.
interfaces, technologies)
• Hard to introduce new
products & sales channels
• High costs and risks
• Import existing data into
LeanIX (via Excel or API)
• Invite experts to share
their knowledge
• Use best-practice reports
to identify issues
• Define target architecture
and roadmaps
5. LeanIX is a web-based platform
to capture and share knowledge about IT
5Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Fact Sheets & Tagging
Context-based Search
API, Import & Export
Comments & Threads
IT Inventory Collaboration Platform Interactive Reporting
Activity Stream &
Notifications
Subscriptions
Print & Export (PDF)
Best Practice Reports
Interactive Adaption
12. Typical Auth Flow
12Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
UI
Auth Service
Microservice 2
Microservice 1
Microservice 3
Login
Return
OAuth
Token
Check
Oauth Validity
Send
Requests
with
Token
AuthService
13. And now with JWT
13Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
UI
Auth Service
Microservice 2
Microservice 1
Microservice 3
Login
Return
JWT
Check
Token
Validity
Send
Requests
with
Token
15. What are JSON Web Tokens (JWT)?
15Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
RFC
7519:
“JSON
Web
Token
(JWT)
is
a
compact,
URL-‐safe
means
of
representing
claims
to
be
transferred
between
two
parties.”
16. What are JSON Web Tokens (JWT)?
16Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
17. What are JSON Web TokenS (JWT)?
17Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Two Types
JSON Web Signature JSON Web Encryption
18. JSON Web Signature (RFC 7515)
18Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Three
Parts
1. Header
2. Payload
(Claims)
3. Signature
20. JWS - Payload
20Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
- Main Information Part
- Contains Information like
- Issuer (iss)
- Expiration time (exp)
- Subject (sub)
- Features
- Permissions
- …
{
"iss": "auth-service-1",
"name": "John Doe",
"admin": true,
"exp": 1487325600
}
Use as few information as possible to keep the Token small!
21. JWS - Signature
21Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
HMACSHA256(
base64UrlEncode(header) + "." + base64UrlEncode(payload),
secret
)
• Verifies origin and content of JWS Token
• Signature contains Header and Payload
23. JSON Web Encryption (RFC 7516)
23Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Five
Parts
(JWE)
1. Protected
Header
2. Encrypted
Key
3. Initialization
Vector
4. Cipher
text
5. Authentication
Tag
24. JWE Protected Header
24Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Basically the same as JWS with some minor tweaks
• Two additional Keys:
• enc -> encryption algorithm
• zip -> compression algorithm
• “alg” now describes the algorithm for encrypting CEK
• ”none” is no longer allowed
{
"alg": "RSA-OAEP",
"enc": "A256GCM“,
"typ": "JWT“
}
25. JWE Protected Header
25Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Algorithm used should be an AEAD algorithm
• Authenticated Encryption with Associated Data
• “AEAD algorithms accept two inputs, the plaintext and the
Additional Authenticated Data (AAD) value, and produce two
outputs, the cipher text and the Authentication Tag value.”
• AAD can be base64encoded JWE Protected Header
26. JWE Encrypted Key
26Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Encrypted Content Encryption Key (CEK)
• CEK = Symmetric Key used to encrypt plaintext
• CEK is used to produce cipher text and Authentication Tag
27. JWE Initialization Vector
27Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• A random numeric value used to “salt” encrypted value
• Ensures for same content, encrypted value differs
• May be left empy if enc Algorithm does not use IV
28. JWE Ciphertext
28Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Basically the same as Payload in JWS
• Is encrypted with enc algorithm
• Is encrypted using initialization vector
• But must not be JSON can be plaintext
29. JWE Authentication Tag
29Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Is also a result of enc algorithm
• Ensures integrity of cipher text
• Ensures integrity Additional Authenticated Data
30. JWE
30Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Again all parts are base64 Encoded and concatenated with dots:
BASE64URL(UTF8(JWE Protected Header)) .
BASE64URL(JWE Encrypted Key) .
BASE64URL(JWE Initialization Vector) .
BASE64URL(JWE Ciphertext) .
BASE64URL(JWE Authentication Tag)
32. JWS creation in Java
32Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
public String createJwt(User loggedInUser) {
JwtBuilder builder = Jwts.builder()
.setSubject(loggedInUser.getUsername())
.claim(„payload“, loggedInUser.getPayload())
.setId(loggedInUser.getId())
.setExpiration(calculateExpirationTime());
return builder.signWith(
SignatureAlgorithm.RS256, privateKey
)
.compact();
}
33. JWS checking in Java
33Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Claims claims = Jwts.parser()
.setSigningKey(publicKey)
.parseClaimsJws(accesTokenString)
.getBody();
Important Side Note:
- Ensure checking always uses the correct algorithm
- “none” alg header must not lead to unchecked token if signed is
expected!
https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/
34. JWS Usage in Java with Dropwizard
34Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
@Override
public Optional<User> authenticate(String accessToken) {
if (accessToken == null)
return Optional.absent();
OAuth2Token token = this.parser.parse(accessToken);
return Optional.fromNullable((User) token.getPrincipal());
}
Adapt Authenticator Class:
Use @Auth Annotation:
public Response getX(
@Auth @ApiParam(access="internal") User user
){
[…]
}
38. Mind the gap
38Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Don’ts:
• Never ever send passwords in JWT
• And also no hashes..
• You cannot control where the JWT goes
• Don’t verify token validity with Auth-Service
Dos:
• Always verify token (checksum)
• Add as few as possible but at least enough to avoid calls
to other services
40. JSON Web Encryption (JWE)
40Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Everything is unreadable to the user
• You potentially can use classified information
• Only one key needed which can be distributed easily
Pros
Cons
• Need to distribute secret to all services
• Attack vector increases
41. JSON Web Encryption (JWE)
41Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Auth Service
Microservice 2
Microservice 1
Microservice 3
Private Key
42. JSON Web Signature (JWS)
42Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Everything is readable to the user
• Only the public key needs to be distributed
• Only the Auth-Service needs high protection
• If private key is compromised exchange here and distribute pub key
Pros
Cons
• Everything is readable to the user
43. Auth Service
JSON Web Signature (JWS)
43Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
Auth Service
Microservice 2
Microservice 1
Microservice 3
Private Key
Public Key
45. Conclusion
Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• Allows to keep loose coupling of Microservices
• Secure transfer of Authorization and Authentication claims
• Further domains can be found in Single Sign On Contexts
• Easy to implement due to library availability
47. Sources
47Authorization and Authentication in Microservice Environments – Bernd Schönbach – LeanIX
• https://tools.ietf.org/html/rfc7519 RFC for JWT
• https://tools.ietf.org/html/rfc7518 RFC for JWA (used in JWS and JWE)
• https://jwt.io/
• https://www.leanix.net/
• Devil Smiley CC BY 4.0 https://www.creativetail.com
• Further Articles on JWT:
• https://blog.codecentric.de/2016/11/json-web-token-jwt-im-detail/
• https://medium.facilelogin.com/jwt-jws-and-jwe-for-not-so-dummies-b63310d201a3