Worried about who's getting access to your app? Sprinkle in XACML and get access control that is both context-aware, externalized and dynamic.
Need to add more than basic access control to your application? Existing authorization frameworks including their pros and cons, but are typically quite limited. This talk will introduce XACML, the eXtensible Access Control Markup Language, an authorization standard from OASIS that defines fine-grained access control based on attributes. The XACML standard enables much more dynamic authorization that not only focuses on the user but also on resources, actions, and the context. XACML enables policy-based and attribute-based access control.
The talk with then look at how XACML can be used to apply authorization business rules to any Java application and even beyond (.NET, Ruby...). This is known as “any-breadth authorization”. XACML also enables consistent authorization across multiple layers (presentation tier; web tier; business tier; and data tier). It becomes possible to apply the same authorization logic in a JSF page as in a jdbc connection. This is also known as “any-depth authorization”
During the talk, we will look at live examples of applications using XACML. For instance, we will demonstrate the use of XACML and Java servlets, JAX-WS web services, and APIs as a whole. Attendees will also be able to write their own XACML policies, provided they download the ALFA plugin for Eclipse, an add-on for XACML policy authoring.
In January 2013, XACML 3.0 was approved as a formal standard and there are several implementations available (open-source, free, and commercial) for developers to get started. The talk will illustrate how developers can leverage XACML to quickly apply authorization to new and existing applications. After this session, you will easily be able to add standards-based authorization to your application - and simplify your life!
Oracle REST data service is a powerful utility to publish an Oracle database into a REST based webservice. This presentation will focus on basic installation of ORDS in a Tomcat server, PLSQL apis for publishing a REST service and securing the REST endpoints
Overview of the Domain Name System (DNS).
In the early days of the Internet, hosts had a fixed IP address.
Reaching a host required to know its numeric IP address.
With the growing number of hosts this scheme became quickly awkward and difficult to use.
DNS was introduced to give hosts human readable names that would be translated into a numeric IP addresses on the fly when a requesting host tried to reach another host.
To facilitate a distributed administration of the domain names, a hierarchic scheme was introduced where responsibility to manage domain names is delegated to organizations which can further delegate management of sub-domains.
Due to its importance in the operation of the Internet, domain name servers are usually operated redundantly. The databases of both servers are periodically synchronized.
Authentication and Authorization in Asp.NetShivanand Arur
This presentation gives a little information about Why Security is important, then moving towards understanding about Authentication and Authorization and its various ways
1. Forms Authentication
2. Windows Authentication
3. Passport Authentication
Oracle REST data service is a powerful utility to publish an Oracle database into a REST based webservice. This presentation will focus on basic installation of ORDS in a Tomcat server, PLSQL apis for publishing a REST service and securing the REST endpoints
Overview of the Domain Name System (DNS).
In the early days of the Internet, hosts had a fixed IP address.
Reaching a host required to know its numeric IP address.
With the growing number of hosts this scheme became quickly awkward and difficult to use.
DNS was introduced to give hosts human readable names that would be translated into a numeric IP addresses on the fly when a requesting host tried to reach another host.
To facilitate a distributed administration of the domain names, a hierarchic scheme was introduced where responsibility to manage domain names is delegated to organizations which can further delegate management of sub-domains.
Due to its importance in the operation of the Internet, domain name servers are usually operated redundantly. The databases of both servers are periodically synchronized.
Authentication and Authorization in Asp.NetShivanand Arur
This presentation gives a little information about Why Security is important, then moving towards understanding about Authentication and Authorization and its various ways
1. Forms Authentication
2. Windows Authentication
3. Passport Authentication
This presentation discusses the top 5 reasons as well as various technology updates to provide a reasonable answer to the rather common question: "Why should one use an Oracle Database?". This "2020 "C-Edition" was first presented during the IOUG / Quest Forum Digital Event: Database & tech Week in June 2020 and subsequently updated based on feedback received.
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
Overview of DNSSEC protocol.
DNS is a pivotal infrastructure in TCP/IP based networks. An outage of the DNS system would bring entire networks to a grinding halt.
When DNS was devised in the early days of the Internet, security had no importance. Therefore, DNS is entirely unsecured which means it offers countless attack vectors to hack and crack a network.
Common attacks are DNS cache poisoning, i.e. adding false entries in DNS databases thus diverting the unsuspecting user to a malicious server and man in the middle attacks.
To secure DNS, an extension was defined in the form of DNSSEC. It uses state-of-the-art security algorithms to authenticate and digitally sign requests and responses so that a DNS resolver is able to verify legitimate DNS responses.
The adoption rate of DNSSEC is still slow, but is gradually picking up speed.
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
In this presentation I introduce the basics of Attribute-based Access Control, XACML, and why it matters to developers. I also focus on the latest XACML TC profiles - the REST profile and the JSON profile that make integration easier and faster.
The Oracle Database with Sharding is a globally distributed multi-model (relational & document) DBMS. It is built on shared-nothing architecture in which data is horizontally partitioned across databases that share no hardware or software. It provides linear scalability, fault isolation and geographic data distribution for shard-amenable applications. This presentation was presented during Sangam18 in December 2018 - original title: "Oracle Sharding 18c for Data Sovereignty and Massive Linear Scalability"
Review of the key financial benefits of Software-Defined WAN.
Enterprises are seeking to understand the financial benefits of SD-WAN as this new technology continues to grow. Dan Conde, industry analyst at ESG Research, has spent several months researching how SD-WAN is modernizing wide area networks while delivering substantial cost savings.
Join Dan Conde in this webinar to gain a better understanding of the key elements of SD-WAN that deliver performance, simplicity, and optimal access to on-premise applications and cloud services. Dan will examine the components of SD-WAN and provide a review of the key financial benefits, basic cost savings and the hidden operational benefits that SD-WAN brings to businesses.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
This Slide contain information about the SQL injection.
Types of SQL injection and some case study about the SQL injection and some technique so we prevent our system
by Darin Briskman, Technical Evangelist, AWS
Database Freedom means being able to use the database engine that’s right for you as your needs evolve. Being locked into a specific technology can prevent you from achieving your mission. Fortunately, AWS Database Migration Service makes it easy to switch between different database engines. We’ll look at how to use Schema Migration Tool with DMS to switch from a commercial database to open source. You’ll need a laptop with a Firefox or Chrome browser.
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?David Brossard
In this presentation, I cover the history of access control, from simpler models e.g. access control lists (ACL) to Role Based Access Control (RBAC) and eventually Attribute Based Access Control (ABAC). I then discuss limitations of RBAC and how ABAC provides a better alternative using attributes and policies.
RBAC & ABAC: гибридное решение для управления правами доступаCUSTIS
Выступление Вячеслава Муравлева, нашего ведущего разработчика, на международной выставке InfoSecurity Russia (20 сентября 2016 года, Москва).
Видеозапись выступления:
https://vimeo.com/183804752
This presentation discusses the top 5 reasons as well as various technology updates to provide a reasonable answer to the rather common question: "Why should one use an Oracle Database?". This "2020 "C-Edition" was first presented during the IOUG / Quest Forum Digital Event: Database & tech Week in June 2020 and subsequently updated based on feedback received.
DNSSEC - Domain Name System Security ExtensionsPeter R. Egli
Overview of DNSSEC protocol.
DNS is a pivotal infrastructure in TCP/IP based networks. An outage of the DNS system would bring entire networks to a grinding halt.
When DNS was devised in the early days of the Internet, security had no importance. Therefore, DNS is entirely unsecured which means it offers countless attack vectors to hack and crack a network.
Common attacks are DNS cache poisoning, i.e. adding false entries in DNS databases thus diverting the unsuspecting user to a malicious server and man in the middle attacks.
To secure DNS, an extension was defined in the form of DNSSEC. It uses state-of-the-art security algorithms to authenticate and digitally sign requests and responses so that a DNS resolver is able to verify legitimate DNS responses.
The adoption rate of DNSSEC is still slow, but is gradually picking up speed.
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
In this presentation I introduce the basics of Attribute-based Access Control, XACML, and why it matters to developers. I also focus on the latest XACML TC profiles - the REST profile and the JSON profile that make integration easier and faster.
The Oracle Database with Sharding is a globally distributed multi-model (relational & document) DBMS. It is built on shared-nothing architecture in which data is horizontally partitioned across databases that share no hardware or software. It provides linear scalability, fault isolation and geographic data distribution for shard-amenable applications. This presentation was presented during Sangam18 in December 2018 - original title: "Oracle Sharding 18c for Data Sovereignty and Massive Linear Scalability"
Review of the key financial benefits of Software-Defined WAN.
Enterprises are seeking to understand the financial benefits of SD-WAN as this new technology continues to grow. Dan Conde, industry analyst at ESG Research, has spent several months researching how SD-WAN is modernizing wide area networks while delivering substantial cost savings.
Join Dan Conde in this webinar to gain a better understanding of the key elements of SD-WAN that deliver performance, simplicity, and optimal access to on-premise applications and cloud services. Dan will examine the components of SD-WAN and provide a review of the key financial benefits, basic cost savings and the hidden operational benefits that SD-WAN brings to businesses.
+ Background & Basics of Web App Security, The HTTP Protocol, Web.
+ Application Insecurities, OWASP Top 10 Vulnerabilities (XSS, SQL Injection, CSRF, etc.)
+ Web App Security Tools (Scanners, Fuzzers, etc), Remediation of Web App
+ Vulnerabilities, Web Application Audits and Risk Assessment.
Web Application Security 101 was conducted by:
Vaibhav Gupta, Vishal Ashtana, Sandeep Singh from Null.
This Slide contain information about the SQL injection.
Types of SQL injection and some case study about the SQL injection and some technique so we prevent our system
by Darin Briskman, Technical Evangelist, AWS
Database Freedom means being able to use the database engine that’s right for you as your needs evolve. Being locked into a specific technology can prevent you from achieving your mission. Fortunately, AWS Database Migration Service makes it easy to switch between different database engines. We’ll look at how to use Schema Migration Tool with DMS to switch from a commercial database to open source. You’ll need a laptop with a Firefox or Chrome browser.
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?David Brossard
In this presentation, I cover the history of access control, from simpler models e.g. access control lists (ACL) to Role Based Access Control (RBAC) and eventually Attribute Based Access Control (ABAC). I then discuss limitations of RBAC and how ABAC provides a better alternative using attributes and policies.
RBAC & ABAC: гибридное решение для управления правами доступаCUSTIS
Выступление Вячеслава Муравлева, нашего ведущего разработчика, на международной выставке InfoSecurity Russia (20 сентября 2016 года, Москва).
Видеозапись выступления:
https://vimeo.com/183804752
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...David Brossard
Join a host of industry experts for this pre-conference roundtable, to hear the latest on what is being done to protect identity and ensure privacy within the cloud. This three-part interactive roundtable will open-up the dialogue on this topic, so come prepared to share information, insights and ideas.
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignDavid Brossard
In this presentation delivered at the European Identity Conference, David looks at externalized authorization, attribute-based access control (ABAC) and XACML and how it can help implement privacy regulations.
Why lasagna is better than spaghetti: baking authorization into your applicat...David Brossard
Next-generation access control is undergoing a bit of an identity crisis. Some call it eXternalized Authorization Management, others Dynamic Access Control and still others just refer to it as Attribute Based Access Control (ABAC). Until now, XACML and ABAC have been the two pillars supporting next-gen AuthZ. Gartner predicts that 70% of enterprises will adopt ABAC by 2020.
With ALFA, REST, and JSON, even the most complex authorization scenarios become extremely simple to implement. It's haute cuisine made simple. In this session, we will go hands-on with examples, live demos, coding, and delicious samples.
IDM and Automated Security Entitlement SystemsSRI Infotech
A demonstration of SRI Infotech’s unique, first-in-class in-house automated security entitlement system, combining identity management with automated data source connectors.
Protect Sensitive Data: Implementing Fine-Grained Access Control in OracleNelson Calero
Using Oracle Enterprise Edition we can restrict the access to data from different users implementing security at row-level.
This presentation will walk through the implementation of a virtual private database evaluating different aspects of its usage, reviewing the changes introduced on different Oracle versions from its original 8i implementation to 12c.
First delivered on Kscope16 conference in Chicago, including scripts to illustrate each of the alternatives.
XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...David Brossard
In this panel hosted by Ian Glazer, my colleague Gerry Gebel introduces the audience to XACML and its latest developments including REST, JSON, and more developer-friendly initiatives.
Real-Time Distributed and Reactive Systems with Apache Kafka and Apache AccumuloJoe Stein
In this talk we will walk through how Apache Kafka and Apache Accumulo can be used together to orchestrate a de-coupled, real-time distributed and reactive request/response system at massive scale. Multiple data pipelines can perform complex operations for each message in parallel at high volumes with low latencies. The final result will be inline with the initiating call. The architecture gains are immense. They allow for the requesting system to receive a response without the need for direct integration with the data pipeline(s) that messages must go through. By utilizing Apache Kafka and Apache Accumulo, these gains sustain at scale and allow for complex operations of different messages to be applied to each response in real-time.
Real time Analytics with Apache Kafka and Apache SparkRahul Jain
A presentation cum workshop on Real time Analytics with Apache Kafka and Apache Spark. Apache Kafka is a distributed publish-subscribe messaging while other side Spark Streaming brings Spark's language-integrated API to stream processing, allows to write streaming applications very quickly and easily. It supports both Java and Scala. In this workshop we are going to explore Apache Kafka, Zookeeper and Spark with a Web click streaming example using Spark Streaming. A clickstream is the recording of the parts of the screen a computer user clicks on while web browsing.
These are the presentation slides from the Axiomatics webinar on June 13. A recording of the webinar with audio can be viewed at www.axiomatics.com/videos-and-webinars
Twin Cities IAM Meet Up - May 2014 - The latest in authorization trends and s...ggebel
Within the Identity and Access Management realm, business requirements for information sharing in a secure manner continue to drive developments in the authorization technology and standardization areas. In this talk, Gerry Gebel will share updates on the current status of XACML profiles that introduced REST and JSON support to the standard. The session will also cover the newest profile called ALFA, which introduces an abstraction layer on top of the XACML language.
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...David Brossard
In this 20-minute presentation, David of the OASIS XACML TC and Axiomatics will show how XACML can be used to address fine-grained authorization, attribute-based access control, and policy-based access control using the REST, JSON, and ALFA profiles of XACML making authorization easy to create and consume.
This presentation was initially delivered at Oxford University in 2019.
Application Security in the Cloud - Best PracticesRightScale
RightScale Webinar: May 20, 2010 – This webinar presents security implementation for applications running in the Amazon Web Services (AWS) environment with the RightScale management platform, using best practices developed by HyperStratus. See the archived video at http://vimeo.com/rightscale/application-security-in-the-cloud-best-practices.
Authorization is the process of giving someone permission to do or have something.
Table of Content
Introduction Authorization
Common Attacker Testing Authentication
Strategies For Strong Authentication
Access Control
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAmazon Web Services
Governance, risk, and control of technology is critical for the performance of any organization’s assurance management process. In practice, implementation of this is a near impossible task given the constantly evolving regulatory landscape, massive amounts of incoming and outgoing data, and business units working within siloes. However, through automation, IT departments and compliance teams can efficiently support numerous audit demands imposed on organizations within highly regulated industries like Financial Services, Healthcare, and Life Science. AWS will share best practices around infrastructure design, configuration set-up, and monitoring to augment your compliance operating model so that you can easily automate updates and real-time notifications to take human error out of your compliance functions and demonstrate comprehensive governance of your business.
Learning Objectives:
• Learn what an comprehensive governance model looks like
• Learn why it's important for an organization to automate in its 3 lines of defense – operations, compliance, and internal audit
• Learn what AWS services you can enable to
Who Should Attend:
• Technology risk managers, third-party risk managers, compliance officers, information security executives
The session will address the following points:
* Introduction to security in Oracle EPM Cloud Planning
* What are the artifacts/granular level that can have security in PBC?
* What are the best practices for addressing security?
* How can you mass update security using EPM Automate, REST API, Groovy, LCM, etc.?
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...Amazon Web Services
It is critical to maintain strong identity and access policies to prevent unexpected access to your AWS resources. It is equally important to track and alert on changes. In this webinar, you will learn about the different ways you can use AWS Identity and Access Management (IAM) to control access to your AWS services and integrate your existing authentication system with AWS IAM.
We will cover how you can deploy and control your AWS infrastructure using code templates, including change management policies with AWS CloudFormation. In addition, we will explore different options for managing both your AWS access logs and your Amazon Elastic Compute Cloud (EC2) system logs using Amazon CloudWatch Logs. We will also cover how to use these logs to implement an audit and compliance validation process using services such as AWS Config, AWS CloudTrail, and Amazon Inspector.
Learning Objectives:
• Understand the AWS Shared Responsibility Model.
• Understand AWS account and identity management options and configuration.
• Learn the concept of infrastructure as code and change management using CloudFormation.
• Learn how to audit and log your AWS service usage.
• Learn about AWS services to add automatic compliance checks to your AWS infrastructure.
International Journal of Engineering Inventions (IJEI) provides a multidisciplinary passage for researchers, managers, professionals, practitioners and students around the globe to publish high quality, peer-reviewed articles on all theoretical and empirical aspects of Engineering and Science.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
In this session, learn how LogMeIn moves quickly and stays secure through the power of automation on AWS. We walk through core AWS security building blocks, such as IAM, AWS CloudTrail, AWS Config, and Amazon CloudWatch. We dive deep into LogMeIn’s approach for empowering developers on AWS while also meeting required security controls.
Similar to Authorization - it's not just about who you are (20)
Policies, Graphs or Relationships - A Modern Approach to Fine-Grained Authori...David Brossard
Authorization is becoming more important than ever as the growth in data, services, apps, and users shows no sign of slowing down. Making sure the right individuals have access to the right data under the right circumstances is paramount. In this presentation, I will discuss the different approaches to dynamic, runtime authorization.
Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...David Brossard
In this presentation, Mark Berg, my colleague at Axiomatics, presented the latest on the Abbreviated Language for Authorization (ALFA), OASIS’s standard for fine-grained authorization. You can read more at https://alfa.guide.
ALFA is a fine-grained authorization language that allows to implement any number of authorization models from RBAC to ReBAC and ABAC. It is dynamic, fully declarative, and conforms to the NIST ABAC standard.
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...David Brossard
During Nordic APIs 2024, I discussed the different authorization approaches to securing APIs. Much like authentication (via OAuth and other) is externalized from the API, so should authorization. There are different options ranging from ABAC (attribute-based access control) to ReBAC (relationship-based access control).
This presentation talks about the OWASP challenges developers are faced with and how externalized authorization can help address them in a clean and efficient way. We also look into an example of fine-grained authorization using ALFA, the Abbreviated Language For Authorization.
The Holy Grail of IAM: Getting to Grips with AuthorizationDavid Brossard
Tackling authorization in your apps and APIs shouldn't be hard. Learn how to decouple your app code from your authorization code, externalize to an authorization framework, leverage a policy language e.g. ALFA, and enable secure access to your APIs. In this presentation we compare and contrast different authorization approaches such as ABAC, ReBAC, Zanzibar, and more.
An overview of the ALFA Abbreviated Language for Authorization and how it accepts authorization requests and produces authorization decisions that are returned to a client.
As of October 2023, the OpenID Foundation has launched a new working group to tackle challenges around externalized authorization. The group brings together vendors, customers, and R&D partners to drive the design and adoption of authorization patterns.
The purpose of the AuthZEN WG is to provide standard mechanisms, protocols and formats to communicate authorization related information between components within one organization or across organizations, which may have been developed or sourced from different entities.
The chairs can be reached at openid-specs-authzen@lists.openid.net
Policy enabling your services - using elastic dynamic authorization to contro...David Brossard
APIs have become the backbone of many services nowadays - from the weather forecast to delivery notifications and photo printing services. Not only can we consume data and services more readily through those APIs but we can also mash them up into greater services. To do so, we tackled API security through OAuth and OpenID Connect. They form a good basis to handle authentication and basic authorization delegation, but there is so much more to consider from an authorization perspective. This session will discuss how security concerns can be addressed through policy-driven authorization in a way that meets the needs and expectations of application developers, owners, and auditors alike. We will show how complex access policies can be handled through a dedicated authorization microservice. With this approach, you can automate security deployment changes within the same CI/CD pipelines used for application management. Furthermore, new deployment configurations are possible, such as implementing the authorization service as a sidecar, to meet advanced performance and scale requirements. All this without changing a single line of code.
To the cloud and beyond: delivering policy-driven authorization for cloud app...David Brossard
In this presentation delivered at the European Identity Conference, I discuss how externalized dynamic authorization management based on attributes and policies (ABAC and PBAC) have evolved to cater to securing cloud capabilities such as S3, Databricks, and so on.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Neuro-symbolic is not enough, we need neuro-*semantic*
Authorization - it's not just about who you are
1. Authorization…
It’s not just about who you are
David Brossard, @davidjbrossard
Product Manager Axiomatics AB
Member of the OASIS XACML Technical Committee
2. Axiomatics 2
What’s authorization?
“The authorization function determines whether a
particular entity is authorized to perform a given
activity, typically inherited from authentication
when logging on to an application or service.”
3. 3
What happens when authorization isn’t done right?
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
New York City Health & Hospitals
Corporation Releases Electronic
Health Records
1 700 000
Citi Exposes Details of 150,000
Individuals Who Went into
Bankruptcy
150 000
6 000 000 Facebook’s Download Your
Information releases too much
information about your contacts
4. Axiomatics 4
Authorization is that necessary evil developers must do
But I want to do
app development
Daddy…
You will secure your
app first my son…
5. Axiomatics 5
But we, developers, hate spending time on security
80%
20%
Time spent developing an application
Business logic
Security
* And no this isn’t PacMan
6. Axiomatics 6
So how do developers do it today?
{nothing}
{application
frameworks}
{home-
grown}
10. Axiomatics 10
So how do you handle additional information?
Context Location Relationship
Classification Parent Delegation Guardian IP
address Device Pattern Behavior Risk
Clearance Employment Citizenship Time
Intellectual PropertyExport Control
11. Authorization should really be about…
When?What? How?Where?Who? Why?
11
Credits: all icons from the Noun Project | Invisible: Andrew Cameron, | Box: Martin Karachorov | Wrench: John O'Shea | Clock: Brandon Hopkins
Attribute-based Access Control
Welcome to…
12. Axiomatics 12
What’s an attribute?
An identifier
e.g. citizenship
A datatype
e.g. string
A category / object it describes
e.g. the user, the resource
14. Axiomatics
Behold XACML!
eXtensible Access Control Markup Language
An OASIS standard
The de facto standard for fine-grained access control
Current version: 3.0
XACML defines
A policy language
A request / response scheme
An architecture
15. 15
Three key points of XACML
Policy-based Attribute-based Technology-
neutral
Apply XACML to
Java, .NET, and more
Use policies to describe and
implement complex AuthZ
An attribute consists
of an
identifier, datatype, a
nd value
16. XACML Architecture Flow
16
Decide
Policy Decision Point
Manage
Policy Administration Point
Support
Policy Information Point
Policy Retrieval Point
Enforce
Policy Enforcement Point
Access
Document #123
Access
Document #123
Can Alice access
Document #123?
Yes, Permit
Load XACML
policies
Retrieve user
role, clearance
and document
classification
19. 3 structural elements
PolicySet
Policy
Rule
Root: either of PolicySet or Policy
PolicySets contain any number of PolicySets & Policies
Policies contain Rules
Rules contain an Effect: Permit / Deny
Combining Algorithms are used to resolve conflicts
between rules
Language Elements of XACML
21. Language Structure: Russian dolls
PolicySet, Policy &
Rule can contain
Targets
Obligations
Advice
Rules can contain
Conditions
Policy Set
Policy
Rule
Effect=Permit
Target
Target
Target
Obligation
Obligation
Obligation
Condition
22. Axiomatics 22
The one question that matters in XACML
Can Manager
Alice approve
Purchase
Order 12367?
Yes, she can!
23. • Subject
User id = Alice
Role = Manager
• Action
Action id = approve
• Resource
Resource type = Purchase Order
PO #= 12367
• Environment
Device Type = Laptop
23
Structure of a XACML Request / Response
XACML Request XACML Response
Can Manager Alice approve
Purchase Order 12367?
Yes, she can
• Result
Decision: Permit
Status: ok
The core XACML specification does not
define any specific transport /
communication protocol:
-Developers can choose their own.
-The SAML profile defines a binding to send
requests/responses over SAML assertions
25. Axiomatics
Sample Scenario – a CRM use case
A customer representative of a large financial
organization needs to access customer data
The compliance manager, the application owner, and
the chief security officer agree on certain “rules”
No one can access
data outside office
hours
Customer reps can
view accounts in
their region
Our customers can
blacklist some of our
employees
Customer reps
cannot work on
family accounts
26. XACML lets you define and group policies
Sample policies
No one can access data outside office hours
Customer reps can view accounts in their region
Customer reps cannot work on family accounts
Our customers can blacklist some of our employees
Note
XACML lets you define negative and positive rules
XACML can use any number of attributes
XACML can combine policies together and define conflict
resolutions
Policies are usually generic but can also be user-specific
27. The example reworked
Overall policy: access customer record
DENY if time < 9am OR time > 5pm
DENY if employee.location!=customer.location
DENY if customer.id belongs to employee.family
ALLOW access
28. Implement the policies using ALFA
ALFA plugin for Eclipse
Add-on to the Eclipse IDE
Write XACML using a pseudo-code called ALFA – the
Axiomatics Language for Authorization
Free download from www.axiomatics.com
Hands-on demo
30. 30
Use the same enforcement SDK across all your apps
XACML Enforcement Point SDK
31. Axiomatics
Example: use Java Servlet Filters
Protect Java web apps
public class ServletPEP implements javax.servlet.Filter{
@Override
public void destroy() {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
32. Example: use JAX-WS interceptors
Protect Java web services
Can be applied inbound and outbound
Inspect the payload of the messages
Also applicable to JAX-RS services
/*
* (non-Javadoc)
*
* @see
javax.xml.ws.handler.Handler#handleMessage(javax.xml.ws.handler.
* MessageContext)
*/
public boolean handleMessage(SOAPMessageContext context) {
}
33. Example: use AOP – annotations
Example: a Student Management Service
Create, grade, and delete students
Apply the @XacmlEnforcementPoint annotation
Annotate the POJOs with @XacmlAttribute
public interface StudentService {
@XacmlEnforcementPoint
Student createStudent();
}
class Student {
@XacmlAttribute
String name;
@XacmlAttribute
Integer age;
}
34. Other areas
Spring Security
JAAS integration
JSP taglibs
JMS
Can you name any?
Goal: provide a unified, standardized way of applying
fine-grained authorization across multiple applications
35. XACML simplifies authorization management
The authorization logic is externalized into XACML
policies
You no longer need to write Java code
If the authorization logic changes, update the policies
Strive for configuration-based authorization
E.g. via interceptors (servlet filters, JAX-WS handlers)
Configure the handlers using the target framework’s config files
(e.g. web.xml)
36. XACML saves you time
80%
20%
Before
Business
logic
Security
95%
5%
After
Business
logic
Security
37. Beyond Java
Apply the same architectural approach and XACML
policies to
.NET
Perl
Python
Ruby
Business apps
And more!
39. 39
Just a spoonful of XACML makes…
Consolidated
authorization
Enhanced
security
Business
enabler
Compliance
Expose data and APIs
to new customers
Write once,
Enforce everywhere
Consistent
authorization
enforcement
Implement
legal frameworks
40. Axiomatics
Do you want to chip in?
OASIS XACML TC
https://www.oasis-open.org/committees/xacml/
Online resources
http://www.xacml.eu
Once upon a time, access control was about who you were. What mattered was your identity or perhaps your role or group.But today, access control should be more about what you represent, what you want to do, what you want to access, for which purpose, when, where, how, and why…Credits:Invisible: Andrew Cameron, from The Noun ProjectBox: Martin Karachorov, Wrench: John O'Sheaclock: Brandon Hopkins
Policy Enforcement PointIn the XACML architecture, the PEP is the component in charge of intercepting business messages and protecting targeted resources by requesting an access control decision from a policy decision point and enforcing that decision. PEPs can embrace many different form factors depending on the type of resource being protected.Policy Decision PointThe PDP sits at the very core of the XACML architecture. It implements the XACML standard and evaluation logic. Its purpose is to evaluate access control requests coming in from the PEP against the XACML policies read from the PRP. The PDP then returns a decision – either of Permit, Deny, Not Applicable, or Indeterminate.Policy Retrieval PointThe PRP is one of the components that support the PDP in its evaluation process. Its only purpose is to act as a persistence layer for XACML policies. It can therefore take many forms such as a database, a file, or a web service call to a remote repository.Policy Information PointXACML is a policy-based language which uses attributes to express rules & conditions. Attributes are bits of information about a subject, resource, action, or context describing an access control situation. Examples of attributes are a user id, a role, a resource URI, a document classification, the time of the day, etc… In its evaluation process, the PDP may need to retrieve additional attributes. It turns to PIPs where attributes are stored. Examples of PIPs include corporate user directories (LDAP…), databases, UDDIs… The PDP may for instance ask the PIP to look up the role of a given user.Policy Administration PointThe PAP’s purpose is to provide a management interface administrators can use to author policies and control their lifecycle.
Need to clarify the location constrain. Permit is assuming that Alice location == 12367 location