The document provides an overview of common user models, authentication types, and permission patterns for building applications on the Box platform. It discusses classic user models that separate external app users from internal managed users, as well as models where all users are app users or where a service account represents the application. The document also covers authentication using JWT or OAuth2, scopes for controlling application permissions, and best practices for user, collaboration, and error handling.
Best Practices for Application Development with BoxJonathan LeBlanc
Covering the best practices for building new applications on top of Box platform, including token management, error condition and program flow, architecture, and other such topics.
Better Data with Machine Learning and ServerlessJonathan LeBlanc
Creating valuable insights out of raw data files, such as audio or video, has traditionally been a very manual and tedious process, and has produced mixed results due to an influential human element in the mix.
Thanks to enhancements in machine learning systems, coupled with the rapidly deployable nature of serverless technology as a middleware layer, we are able to create highly sophisticated data insight platforms to replace the huge time requirements that have typically been required in the past.
With this in mind, we’ll look at:
- How to build end-to-end data insight and predictor systems, built on the back of serverless and machine learning systems.
- Best practices for working with serverless technology for ferrying information between raw data files and machine learning systems through an eventing system.
- Considerations and practical examples of working with the security implications of dealing with sensitive information.
JavaScript App Security: Auth and Identity on the ClientJonathan LeBlanc
The story is always the same; if you want to create a JavaScript centric app with API and identity security, you’re told that you need to have a server-side component for handling your identity and application security. That’s simply not the case in modern development.
In this session we'll look at client-side identity, API, and token security, exploring token downscoping methodologies, key management tools, and security on the client.
Best Practices for Application Development with BoxJonathan LeBlanc
Covering the best practices for building new applications on top of Box platform, including token management, error condition and program flow, architecture, and other such topics.
Better Data with Machine Learning and ServerlessJonathan LeBlanc
Creating valuable insights out of raw data files, such as audio or video, has traditionally been a very manual and tedious process, and has produced mixed results due to an influential human element in the mix.
Thanks to enhancements in machine learning systems, coupled with the rapidly deployable nature of serverless technology as a middleware layer, we are able to create highly sophisticated data insight platforms to replace the huge time requirements that have typically been required in the past.
With this in mind, we’ll look at:
- How to build end-to-end data insight and predictor systems, built on the back of serverless and machine learning systems.
- Best practices for working with serverless technology for ferrying information between raw data files and machine learning systems through an eventing system.
- Considerations and practical examples of working with the security implications of dealing with sensitive information.
JavaScript App Security: Auth and Identity on the ClientJonathan LeBlanc
The story is always the same; if you want to create a JavaScript centric app with API and identity security, you’re told that you need to have a server-side component for handling your identity and application security. That’s simply not the case in modern development.
In this session we'll look at client-side identity, API, and token security, exploring token downscoping methodologies, key management tools, and security on the client.
Microsoft Sharepoint 2013 : The Ultimate Enterprise Collaboration PlatformEdureka!
Microsoft SharePoint 2013 is an Enterprise Collaboration Platform which offers a wide range of integrated solutions including Enterprise Content Management (ECM), Enterprise Social Networking, Business process management (BPM), Web Content Management (WCM), Business Intelligence (BI), Enterprise Search etc. Currently more than 80% of Fortune 500 companies are using Microsoft SharePoint solutions and the numbers are growing with the new Cloud Based SharePoint Online. Developers can use Cloud App Model and leverage familiar programming models and development tools to create custom solutions for Mobility, Social and Collaboration Search and Workflows.
This ppt contains the matter on yii framework.
introduction to yii framework
history behind this yii framework
developer of yii framework
technologies integrated&used in yii framework
how to install yii framework ?,
yii framework features,
performance
license terms
about mudule
MVC design pattern
advantages and disadvantages of yii framework.
yii is pronounced as yee0r ji;,acronym for it is "Yes It Is".
this is the answer for several questions
is it efficient?
is it easy to use?
is it professional?
is it right for my next project?
...
yes it is
yii is a component-based php framework for developing web applications.
it has been built with sophisticated,enterprise applications in mind
How to get started with Python web development? Here’s a guide to help you develop your web application on the world’s best server-side programming language.
https://www.sparxitsolutions.com/blog/complete-guide-of-python-web-development/
Improving Developer Onboarding Through Intelligent Data InsightsJonathan LeBlanc
A developer platform lives and dies by it's developer community. When huge problems need to be solved, it's easy to make valuable improvements, but what do you do when those are solved and you still see high bounce rates on your site, low developer application completion, and generally poor adoption of your product? This is where your data can save you.
In this talk we'll run through:
- How to track valuable developer path insights, from moments of anxiety to time to first valuable call.
- Overlaying support and ticketing information on top of developer path data to decrease developer friction.
- How to create automated analytics systems to measure success.
- When these systems should be built, before it's too late.
Live Identity Services Drilldown - PDC 2008Jorgen Thelin
Live Identity Services enables developers on any platform to choose the identity integration model that best enables their scenarios, including: web or client authentication, delegated authentication, or federated authentication. Learn how to build seamless, cobranded, and customized sign-up and sign-in experiences.
Microsoft PDC 2008 - Session BB22
Yii Framework is one of the fastest and easiest to learn PHP MVC frameworks. It has a great generator to help you build applications easier and faster. A course curriculum for Developing Web 2.0 Applications at SiliconGulf Campus - www.silicongulf.com
Get Codeigniter Developement Services From UsJoe_Mason
Incarnate Software Solutions specialized in Codeigniter web application framework. If you are Interested in Codeigniter framework applications development? Contact us today!
Our Contact Detail:
+91 9713406272/+91 9907337944
Email us info@incarnate.co.in
Web: http://incarnate.co.in/
Building Web Application Using Spring FrameworkEdureka!
Spring is the most popular open source Java application Framework. Most of the existing frameworks like Struts or Hibernate take care of one layer or a part of the application development.
As Struts take care of MVC model, Hibernate provides ease of working with databases. However, Spring Framework combines all the industry standard framework approaches (e.g. Struts and Hibernate) into one bundle.
Spring provides Dependency Injection, Aspect Oriented Programming and support for unit testing. This gives the developer time to work on main business logic rather than worrying about non-application code. Spring makes the application development fast and increases the productivity of developers.
Microsoft Sharepoint 2013 : The Ultimate Enterprise Collaboration PlatformEdureka!
Microsoft SharePoint 2013 is an Enterprise Collaboration Platform which offers a wide range of integrated solutions including Enterprise Content Management (ECM), Enterprise Social Networking, Business process management (BPM), Web Content Management (WCM), Business Intelligence (BI), Enterprise Search etc. Currently more than 80% of Fortune 500 companies are using Microsoft SharePoint solutions and the numbers are growing with the new Cloud Based SharePoint Online. Developers can use Cloud App Model and leverage familiar programming models and development tools to create custom solutions for Mobility, Social and Collaboration Search and Workflows.
This ppt contains the matter on yii framework.
introduction to yii framework
history behind this yii framework
developer of yii framework
technologies integrated&used in yii framework
how to install yii framework ?,
yii framework features,
performance
license terms
about mudule
MVC design pattern
advantages and disadvantages of yii framework.
yii is pronounced as yee0r ji;,acronym for it is "Yes It Is".
this is the answer for several questions
is it efficient?
is it easy to use?
is it professional?
is it right for my next project?
...
yes it is
yii is a component-based php framework for developing web applications.
it has been built with sophisticated,enterprise applications in mind
How to get started with Python web development? Here’s a guide to help you develop your web application on the world’s best server-side programming language.
https://www.sparxitsolutions.com/blog/complete-guide-of-python-web-development/
Improving Developer Onboarding Through Intelligent Data InsightsJonathan LeBlanc
A developer platform lives and dies by it's developer community. When huge problems need to be solved, it's easy to make valuable improvements, but what do you do when those are solved and you still see high bounce rates on your site, low developer application completion, and generally poor adoption of your product? This is where your data can save you.
In this talk we'll run through:
- How to track valuable developer path insights, from moments of anxiety to time to first valuable call.
- Overlaying support and ticketing information on top of developer path data to decrease developer friction.
- How to create automated analytics systems to measure success.
- When these systems should be built, before it's too late.
Live Identity Services Drilldown - PDC 2008Jorgen Thelin
Live Identity Services enables developers on any platform to choose the identity integration model that best enables their scenarios, including: web or client authentication, delegated authentication, or federated authentication. Learn how to build seamless, cobranded, and customized sign-up and sign-in experiences.
Microsoft PDC 2008 - Session BB22
Yii Framework is one of the fastest and easiest to learn PHP MVC frameworks. It has a great generator to help you build applications easier and faster. A course curriculum for Developing Web 2.0 Applications at SiliconGulf Campus - www.silicongulf.com
Get Codeigniter Developement Services From UsJoe_Mason
Incarnate Software Solutions specialized in Codeigniter web application framework. If you are Interested in Codeigniter framework applications development? Contact us today!
Our Contact Detail:
+91 9713406272/+91 9907337944
Email us info@incarnate.co.in
Web: http://incarnate.co.in/
Building Web Application Using Spring FrameworkEdureka!
Spring is the most popular open source Java application Framework. Most of the existing frameworks like Struts or Hibernate take care of one layer or a part of the application development.
As Struts take care of MVC model, Hibernate provides ease of working with databases. However, Spring Framework combines all the industry standard framework approaches (e.g. Struts and Hibernate) into one bundle.
Spring provides Dependency Injection, Aspect Oriented Programming and support for unit testing. This gives the developer time to work on main business logic rather than worrying about non-application code. Spring makes the application development fast and increases the productivity of developers.
PURPOSE OF THIS PROJECT:
This project is mainly used to decrease the time constrain to find all fun and food zones near to the user location.The main advantage of this application is the user can view all the fun and food zones at one place,now we have so many websites and applications which gives information only about food or fun individually.To overcome this disadvantage we developed an application which gives all the details about both fun and food zones based on user specified location so we Entitled this project as ‘FUN AND FOOD’ it is used to provide all fun and food zones near to location specified by the user.The user can view minimum details of nearest fun and food zones and user can also view the details of respective fun and food service provider.
Developing social solutions on Microsoft technologies (SP Social and Yammer)SPC Adriatics
Development of the enterprise social solutions, which merge social computing and well known enterprise csolutions is a fairly new development discipline, which gains ever more on importance and traction. It is empirically proven that the traditional data processing gets more efficient and productive with an enterprise social layer on top. Although we have large software companies leading the way with integrating social layers in their known solutions – e.g. Microsoft Dynamics CRM with Yammer – there is still a lot of need for integration of the enterprise social solutions with the different software applications in companies.
This development session will show how Microsoft’s enterprise social products (SharePoint 2013 and Yammer) – can be integrated with another solutions. It will show how to use these products as a common social layer across the software infrastructure in companies. Session will explore which development possibilities we have, which APIs can we use, how to implement the authentication. It will also show, how to bring such integrated enterprise social layer to the mobile devices.
Last but not least, it will show which of the both products can and should be used in which scenario, what are strengths of the both products, and where there can be feature overlapping.
Adis Jugo
Developing social solutions on Microsoft technologies (SP Social and Yammer)SPC Adriatics
Development of the enterprise social solutions, which merge social computing and well known enterprise csolutions is a fairly new development discipline, which gains ever more on importance and traction. It is empirically proven that the traditional data processing gets more efficient and productive with an enterprise social layer on top. Although we have large software companies leading the way with integrating social layers in their known solutions – e.g. Microsoft Dynamics CRM with Yammer – there is still a lot of need for integration of the enterprise social solutions with the different software applications in companies.
This development session will show how Microsoft’s enterprise social products (SharePoint 2013 and Yammer) – can be integrated with another solutions. It will show how to use these products as a common social layer across the software infrastructure in companies. Session will explore which development possibilities we have, which APIs can we use, how to implement the authentication. It will also show, how to bring such integrated enterprise social layer to the mobile devices.
Last but not least, it will show which of the both products can and should be used in which scenario, what are strengths of the both products, and where there can be feature overlapping.
Adis Jugo
Development of the enterprise social solutions, which merge social computing and well known enterprise csolutions is a fairly new development discipline, which gains ever more on importance and traction. It is empirically proven that the traditional data processing gets more efficient and productive with an enterprise social layer on top. Although we have large software companies leading the way with integrating social layers in their known solutions – e.g. Microsoft Dynamics CRM with Yammer – there is still a lot of need for integration of the enterprise social solutions with the different software applications in companies.
This development session will show how Microsoft’s enterprise social products (SharePoint 2013 and Yammer) – can be integrated with another solutions. It will show how to use these products as a common social layer across the software infrastructure in companies. Session will explore which development possibilities we have, which APIs can we use, how to implement the authentication. It will also show, how to bring such integrated enterprise social layer to the mobile devices.
Last but not least, it will show which of the both products can and should be used in which scenario, what are strengths of the both products, and where there can be feature overlapping.
This topic will go through current standards and future trends for building a scalable security model for distributed cloud based data. We’ll look into practices and considerations behind handing highly privileged data globally, diving into topics such as:
- How global compliance and regulations affect security practices.
- Handling data permissions, identity, and security with application access to data.
- Considerations, trends, and standards for global data availability.
Building a modern API architecture is a constant struggle between ease of development and security. JSON Web Tokens (JWTs) introduce a means of building authentication into JSON objects being transmitted through APIs.
In this session we’ll explore how JWTs work to build verifiable and trusted objects, allowing them to be combined with standards such as OAuth 2 for capturing access tokens, leading to a secure means of JavaScript SDK dev.
Creating an In-Aisle Purchasing System from ScratchJonathan LeBlanc
The future of retail is in removing the divide between the offline shopping state and the enhanced online buying experience. To create this type of enhanced retail experience, we can remove complexities in the process, such as simplifying checkout.
In this session we’ll learn how to use internet-connected microelectronics to attach to a buyer’s mobile device to provide the functionality to buy products right from the aisle.
As web enabled systems become an integral part of everything we interact with, how do we secure data in potential unsecure environments?
In this session you'll learn how to apply fundamental security precepts in potentially insecure environments. Topics include:
Securing identity and payment data through voice commands or text
Tokenization and encryption security
Triggering secure transactions from communications media
We are in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices roaming around unsecured locations, especially when they want to pay for something. Learn the secrets behind building a secure mobile backbone, as we explore how to harden security, build systems based on identity confidence, and work towards a future proofed mobile framework.
The arena of proper auth & data security standards is often some of the most misunderstood, confusing, and tricky aspects of building Node apps. Using open source auth techniques and proper data encryption standards, we’ll learn how to make intelligent decisions on creating a solid infrastructure to protect our users and data. We’ll dive into auth systems, data attack vectors, how to protect your systems, and common security pitfalls in Node.
The screencast of this presentation can be found at https://youtu.be/o3uy7dgG_n4
There is an assumption in the industry, amongst companies large and small alike, that if they store sensitive user data (and sometimes do some mild encryption) in their database, it's locked in and secured from potential attacks. People rely too heavily on their false assumptions of security, and it usually ends up costing them extensively when that is proven wrong.
In this session, Jonathan will build a foundation for identity and data security that everyone dealing with sensitive data should understand. We'll break down concepts of identity security, common attack vectors and how to protect yourself, and how to harden your web application.
Web enabled systems are now an integral part of everything we interact with, from microelectronics to voice enabled hardware, from text messages and phone calls to email, and really we’re just limited by our imaginations as to what we can connect. As we explore vast new realms of communication over mixed digital media, we have to ask ourselves how we protect our critical data within potential unsecure environments. Going beyond that, how do we protect some of our more critical data, payment information, in this same realm.
As we look at a multitude of different environments, we’ll be exploring how to secure user identity and payment information through the communication channels, covering topics like:
* Securing identity and payment data through voice commands or text.
* Tokenization and encryption security.
* Techniques for triggering secure transactions from communications media.
At the end of the session, we’ll have a stronger understanding of proper techniques for working with new communication media sources, and see how we can apply fundamental security precepts in potentially insecure environments.
Audio from the session at OSCON (Portland, OR) on July 22nd, 2015 is available at https://archive.org/details/protecting_future_mobile_payments
We are now in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices as they’re roaming around unsecured locations, especially when we want to pay for something.
In this talk we’re going to rip apart the illusion of mobile security and explore some of the most difficult to secure experiences: payments. We’ll cover the concepts of building a rich feature set to protect the user, how to encrypt all interactions, building scalable trust zones, and extending identification with wearables and biometrics.
In a world where technology is transforming with mobile devices and wearables, its key to have a solid security backbone. From having a strong password to using biometrics, companies are finding ways to help consumers protect themselves without impacting the experience. We'll take a look at the current landscape of passwords, the importance of proper systems and how we can use wearables and mobile devices to build trust systems.
You have a solid security infrastructure, all user data is encrypted, your users are protected right? As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use "letmein" or "password123" for their secure login, and will continue to be shocked when their accounts become compromised.
Passwords are not secure, they need to be replaced. In this talk we're going to explore the pitfalls of a system designed around a username and password, then dive into the ways that technology is giving us a slew of new ways to build a secure user identity system. From biometrics to wearables, hardware to tokens, we'll explore a multitude of ways that we can finally kill all passwords.
Building a Mobile Location Aware System with BeaconsJonathan LeBlanc
Audio from talk (OSCON - July 22nd, 2015): https://archive.org/details/oscon_mobile_location_aware_systems_with_beacons
What if instead of a broad location, you could have pinpoint location awareness of someone in a physical space. How could this change everything about how we interact with the physical world? In this session we will be exploring Beacon technology, which enables this, the underlying Bluetooth Smart standard, and how we can use these systems to change everything from shopping, to accessibility for the disabled, all built on top of a mobile device.
Identity in the Future of Embeddables & WearablesJonathan LeBlanc
The audio recording of this talk is available at https://archive.org/details/identity_wearables_embeddables
Ways of identifying a person to the technology around them is shifting from antiquated external body definitions, to internal body functions. In this session, we'll explore how the technology behind this embeddable and wearable movement works, exploring vein recognition biometrics, heartbeat identification, and going into embeddable body modifications as sources of identification.
The video of this presentation is available at https://www.youtube.com/watch?v=b3nB6kZQeaQ
As startups and innovation hubs push towards grand notions of technology innovation, connecting the world around them, and building towards a truly online commerce profile, there is a huge segment of the population that falters and is left behind. The underserved community represents over 1 out of every 5 people in the US, and as we explore cash heavy societies, and heavily underbanked populations worldwide, that number increases dramatically. These are markets that are massively underserved by technology and commerce, yet represent a potential hotbed of growth for any business.
As we explore this large segment of the world population, we'll dive into how the banking and commerce industries are primed for disruption to build up the underserved communities around the planet into a new digital commerce world. From digital currency to the struggling banking industry, we'll explore how we're on the cusp of a commerce revolution, one that will completely disrupt the banking industry, and our notion of technology reach worldwide.
Mobile Authentication using Biometrics & WearablesJonathan LeBlanc
Have you ever had to implement a client- or server-side authentication system and actually enjoyed it? Did you ever notice the wide landscape of mechanisms that seem to be complementary but are in fact hard to combine? As we move towards mobile-centric technology and wearables, this landscape becomes even more difficult to navigate.
Centralized group and identification mechanisms are starting to rise to fill this need, building out standards for how authentication should be implemented on emerging technology and devices. As these areas develop, the need for new security measures is also becoming paramount.
Come and join Jon Leblanc and Tim Messerschmidt from PayPal to learn about how identification, through biometrics, is being used to build the future of mobile centric devices and technology, breaking into the world of wearables. We’ll look at the security behind this technology, and see where the future of biometrics is leading us.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
3. 3Box Platform Developer Workshop
Pattern 1: Classic User Model
(Vault portals, doc submission, field worker apps)
4. 4Box Platform Developer Workshop
Classic User Model
Application needs to handle internal and external users
External: App Users
Internal: Managed Users
Content: Owned by App or Managed Users
Description: External end users of the application are App users and the internal audience are
Managed Users.
Benefits:
• Allows you to provide a custom experience for end users.
• No need to build additional functionality for internal users, they can use the Box web application.
• The App user model allows you to interact with end user accounts in a headless manner. This
means you can bring your own identity system (e.g. Auth0 / Netlify) and map the ids.
• API actions taken on behalf of users are recorded in the event stream, meaning that user events
can be stored, connected to other systems, and retained for compliance.
5. 5Box Platform Developer Workshop
Pattern 2: App User Model
(Vault portals, doc submission, field worker apps)
6. 6Box Platform Developer Workshop
App User Model
Application needs to handle internal and external users
External: App Users
Internal: App Users
Content: Owned by App Users (Internal and External)
Description: Much like the classic user model, but all users (internal and external) are App
users.
Benefits:
• Allows the creation of custom experiences for both internal and external users.
• Good for instances where the Box web app is too permissive. This guards internal behavior.
• Segmentation of content for managed accounts. This can allow a managed user to have
application specific content through an App user account as well.
• The App user model allows you to interact with end user accounts in a headless manner.
This means you can bring your own identity system (e.g. Auth0 / Netlify) and map the ids.
• API actions taken on behalf of users are recorded in the event stream, meaning that user
7. 7Box Platform Developer Workshop
Pattern 3: Service Account Model
(When existing user object models already exists)
8. 8Box Platform Developer Workshop
Service Account Model
Application needs to handle internal and external users, but a user object already exists
External: Managed by Customer’s Application
Internal: Managed Users
Content: Owned by Service Account
Description: Best used when a company user model already exists, or if you have users that
are transient in nature with content that needs to be persistent.
Benefits:
• Useful when our app user model will complicate existing applications.
• Useful in instances where there is not a good 1:1 end user / app user mapping, such as if
end users are mapped as groups.
• When the idea of folders don’t fit perfectly with the permission model the customer desires.
• Can implement the Box token exchange model to ensure that broad scoped access to the
service account doesn’t occur.
9. 9Box Platform Developer Workshop
Pattern 4: System to System Model
(Back office apps and integrations, content ingestion)
10. 10Box Platform Developer Workshop
System to System Model
No user content needs to be handled
External: N/A
Internal: N/A
Content: Owned by Service Account
Description: Service accounts are used here as the de-facto user object for system to system
interactions and back office workflows.
Benefits:
• Perfect for apps where a user construct isn’t needed (e.g. departmental or company owned
content that transcends user ownership).
• Service account auth is cleanly handled by the JWT process.
• Because a service account can be granted elevated scopes, this model allows you to tightly
control what activities that the service account can perform. This gives you complete control
of assigning permissions to different backend services.
13. 13Box Platform Developer Workshop
Managed UserApp User External User
Same as a managed user, but is
not part of the same enterprise as
the app. These are users that have
been collaborated into content by a
user in the enterprise.
A regular Box user that is part of the
same enterprise as the app. This
user account can be accessed by the
API or by logging in to box.com
Users created by an app that may
only be accessed by that app. This
user account can only be accessed
through API calls.
Types of Users Defined within Box
15. 15Box Platform Developer Workshop
JWT / OAuth 2OAuth 2 Developer Token
Short lived developer
prototyping token
Use an existing identity system
without logging into Box
Use a user’s Box login as the
identity system
Types of Auth Systems Box Platform Employs
16. 16Box Platform Developer Workshop
OAuth 2
• User types: Managed users.
• Requires that users be forwarded to
Box to log in with their Box account
to accept app permissions.
• Access token that is generated is
bound to the user who logged in.
17. 17Box Platform Developer Workshop
JWT / OAuth 2
• User types: Managed and app
users.
• Allows the use of an existing identity
management system.
• Allows the app to manage all user
and config content.
• Runs behind the scenes.
18. 18Box Platform Developer Workshop
Developer Token
• User types: None.
• Short lived (1 hour) token generated
in the application config.
• Cannot be refreshed
programmatically, only manually.
• Should only be used for quick testing
& API requests, never in production.
20. 20Box Platform Developer Workshop
Application
Scopes
What your application will have
permission to do on behalf of the
application, enterprise, and
users.
22. 22Box Platform Developer Workshop
Manage Users
/ Create / Read / Update / Delete /
Activate / Disable Users (app and
managed).
/ Change primary login, reset password,
change role for managed users and
enterprise content.
23. 23Box Platform Developer Workshop
/ Create / Read / Update / Delete groups
and group memberships for users.
Manage Groups
24. 24Box Platform Developer Workshop
/ App can programmatically control
webhooks (referred to as webhooks
v2).
/ Create / Read / Update / Delete new or
existing webhooks on files and folders.
Manage Webhooks
25. 25Box Platform Developer Workshop
Manage Enterprise
Properties
/ Read / Update enterprise attributes
and reports.
/ Edit / Delete device pinners (what
devices can use native Box
applications).
26. 26Box Platform Developer Workshop
Manage Retention Policies
/ Create / Read / Update data retention
policies.
/ Feature is tied to Box Governance
service package.
28. 28Box Platform Developer Workshop
• Creating a JWT app client with the downloaded Box application config file
https://github.com/jcleblanc/box-workshops/blob/master/app-auth/jwt-auth-config.js
• Creating a JWT app client with manually created public/private keys: https://github.com/jcleblanc/box-
workshops/blob/master/app-auth/jwt-auth-keys.js
• Manually constructing the JWT claims process (no SDK):
https://github.com/jcleblanc/box-examples/blob/master/node/samples/auth_jwt_api.js
Code Samples
Authentication and Authorization (JWT / OAuth2)
29. 29Box Platform Developer Workshop
• Create a new app user:
https://github.com/jcleblanc/box-workshops/blob/master/app-auth/create-app-user.js
• Create a new managed user:
https://github.com/jcleblanc/box-workshops/blob/master/app-auth/create-managed-user.js
• Delete a user by ID:
https://github.com/jcleblanc/box-workshops/blob/master/app-auth/delete-user.js
Code Samples
User Management
32. 32Box Platform Developer Workshop
Service Account Details
• A user account that represents your application in an
enterprise.
• Can only be accessed programmatically.
• Has its own file storage.
• Generated automatically with a new JWT application.
• By default, a service account only has access to its
own data store.
• Access to app users / managed users has to be
explicitly enabled and requested.
Access Rights
34. 34Box Platform Developer Workshop
Service Account User Account
Maintain all user an application
data within the service account.
Users will be collaborated in
on content.
User specific data is maintained
in the individual user account. All
data access requests are made on
behalf of the user.
Where to Store User and Application Data
35. 35Box Platform Developer Workshop
Storing Data in the Service Account (Overview)
• Improved data security due to tight controls
over data location and sharing
• Data retention and migration improves
following customer deletion, as the user
collaboration is simply removed.
Benefits
• Architecture complexity increases as a
separate user folder structure needs to be
maintained in the service account.
• Single point of failure.
Concerns
36. 36Box Platform Developer Workshop
Storing Data in the User Account (Overview)
• Data is retained and owned by each user.
• Simple repeatable architecture on each
user account.
Benefits
• Data retention after customer deletion
requires data migration or loss.
• App has no control over data integrity.
Concerns
38. 38Box Platform Developer Workshop
App UsersNo User Access All Users
Service account can access
its own content, app user
content, as well as content of any
users in the enterprise
Service account can access
its own content and content for
any app users it creates
Service account can only
access its own content
User Access Levels for a Service Account
39. 39Box Platform Developer Workshop
Application
Access
• Application: Only access data
and users within the JWT
app.
• Enterprise: Access data and
users within the app as well
as the entire enterprise that
the app is a part of.
40. 40Box Platform Developer Workshop
Advanced
Features
• Perform actions as users: Use
an As-User header with each
request to act on behalf of a
user. Access token passed is
for service account.
• Generate user access tokens:
Create an access token
scoped to a user account and
use that token for each
request.
41. 41Box Platform Developer Workshop
User Access Application Access Advanced Features
No User Access Application None set
App Users Only Application One or both set
App and Managed Users Enterprise One or both set
Setting User Access for the Service Account
Settings to use to get the desired level of user access for a service account
43. 43Box Platform Developer Workshop
• Uploading file to service account:
https://github.com/jcleblanc/box-workshops/blob/master/service-accounts/service-account-upload-sa.js
• Uploading file to user account using As-User header:
https://github.com/jcleblanc/box-workshops/blob/master/service-accounts/service-account-upload-
asuser.js
• Uploading file to user account using user access token:
https://github.com/jcleblanc/box-workshops/blob/master/service-accounts/service-account-upload-
usertoken.js
Code Samples
Service Accounts
46. 46Box Platform Developer Workshop
/ Waterfall permission model for folders
/ When users are collaborated in on a
folder they can view all files / folders
under that folder.
Folder Permission Model
47. 47Box Platform Developer Workshop
Common Folder Models
Duplicate Folders for each User
A folder model is created and duplicated for each user. Collaborators or groups are added at each level.
App User 1 App User 2
Config
User Data
Personnel
Operations
Config
User Data
Personnel
Operations
48. 48Box Platform Developer Workshop
Common Folder Models
Business Level Ownership
The Box enterprise admin, or appropriate
leadership level, would maintain the root folder
level.
Each business level is maintained under that
level, where major business units may have
minor units located underneath.
Enterprise Admin
Marketing
Sales
Products
Parts & Services
Engineering
50. 50Box Platform Developer Workshop
Collaboration System
• Service accounts and users start by
only being able to access content in
their own accounts.
• For those accounts to access content
from other accounts they will need to
be collaborated in on content.
• Users can be collaborated via ID,
email, or group ID.
51. 51Box Platform Developer Workshop
/ co-owner: Full access
/ editor: Full access minus invites / settings
/ previewer: Basic view and edit
/ previewer uploader: Previewer + uploader
/ uploader: Upload, basic metadata, and
view
/ viewer: Preview + download and send
links
/ viewer uploader: Viewer + uploader
Collaboration Types
56. 56Box Platform Developer Workshop
Causes of Unauthorized Errors
Access token maintenance
/ Access tokens expire after 1 hour. At that point they must be refreshed using
the refresh token.
/ The .Net, Java, and Node SDKs handle this refresh action automatically. For
any other SDK or direct API integration token expiration responses (401:
unauthorized) will need to be handled through the app.
58. 58Box Platform Developer Workshop
Causes of Insufficient Permissions Errors
User and application scoping
/ There are typically two causes of a 403:
access_denied_insufficient_permissions error, either the user an access
token is scoped for doesn’t have permission to perform an action, or the
application doesn’t.
/ For user permissions, try logging in as the user via the “Log in as this User”
option in the admin console. Attempt to access the content manually.
/ For an application, ensure that the application has the correct scopes defined
for the action that it is trying to perform.
60. 60Box Platform Developer Workshop
Causes of Not Found Errors
Access Token Scoping
/ This may be encountered when trying to work with files and folders within Box when
using a JWT / OAuth 2 based application with a service account. If the ID of the file /
folder that is being accessed has been verified as present, this error will typically be
caused by the account that the client is pointing to. For instance, if a file exists on a
user account but the access token client is scoped for the service account, then a
404 error may be produced.
/ In cases of an access token that is scoped to the wrong account, use the As-User
header or user scoped access token for user access, or a service account scoped
access token for service account files.
62. 62Box Platform Developer Workshop
Causes of Name Conflicts
Checking name uniqueness
/ File / folder names within a given folder must be uniquely named. When there is an
attempt to create a new file / folder with a name that already exists, a 409:
item_name_in_use, or a standard 409: conflict may be produced.
/ In case of a duplicate user login information being used when creating new
managed users, a 409: user_login_already_used error would be produced.
/ These errors should be handled. Possible next steps in the program flow would be
to attempt the same API request / login with revised information.
64. 64Box Platform Developer Workshop
Causes of Metadata Conflicts
Checking if metadata is already present on a file
/ If metadata for a template is already present within a file and a request to add
metadata is made, the API will return a 409: tuple_already_exists error.
/ This error should be handled in a try / catch. When found, a request to update the
existing metadata should then be made.
/ Update requests will need to use a JSON patch object.
66. 66Box Platform Developer Workshop
Causes of Rate Limiting
Check Retry-After header for amount of time until next call
/ Making requests to auth a user each time they visit. Access tokens should be stored
for future use.
/ Polling the event stream too often. Cache results when possible.
/ Producing too many requests from a single user (e.g. a service account). Limit is 10
API calls per second per user.
/ Making too many simultaneous upload requests from a single user. Limit is 4
uploads per second per user.
71. 71Box Platform Developer Workshop
/ Manually created through the app
dashboard:
https://app.box.com/developers/console
/ Cannot be adjusted programmatically
/ Produces webhook events for all
actions in an app and cannot be
bound to a file / folder.
Webhooks V1 Details
73. 73Box Platform Developer Workshop
/ Programmatically created and
maintained through the Webhooks
APIs.
/ Create, Read, Update, and Delete
endpoints.
/ Can be bound to a single file or folder
Webhooks V2 Details
79. 79Box Platform Developer Workshop
Downscoped TokenAccess Token Client-Side Code
Downscoped token is deployed to
client-side code, mobile
environment, or UI tool.
New access token that is tightly
restricted in access rights (read /
write) for a file or folder.
Standard OAuth2 access token
that is fully scoped for an
enterprise or user.
Token Downscoping Process
83. 83Box Platform Developer Workshop
Box UI Elements
• UI components build with React
(JavaScript library).
• Authentication and token agnostic:
Works with JWT and OAuth flows.
• Use type agnostic: Works with app,
managed, and external user types.
84. 84Box Platform Developer Workshop
Content Explorer
Navigate Box files and
folders within your app.
Content Picker
Select Box files and folders
within your app
Content Preview
View docs, images, videos,
3D files, and more within
your app
Content Uploader
Drag and drop files from a
device into your app / Box.
85. 85Box Platform Developer Workshop
Base Scopes for Token
/ base_explorer
/ base_picker
/ base_preview
/ base_upload
90. 90Box Platform Developer Workshop
Custom SkillsFoundational Skills
Extends upon the platform event
pump / webhook system to hook to
machine learning system with the
intent of enhancing file metadata.
Turned on manually through
Box site account. Provides
enhancements for images,
video, audio, etc.
94. 94Box Platform Developer Workshop
MiddlewareFile Upload Machine Learning
The machine learning system will
take in the contents of a Box file,
run analysis of the data, and
respond with the enhanced
metadata to the middleware layer.
The middleware layer works as an
intermediary between the Box file
and ML system. It sends the file info
the the ML system and updates the
Box file metadata with its response.
The skills process is triggered when
a new or updated file is uploaded to
Box. An event is sent to a specified
endpoint with file access
information.
Skills Workflow
Event
Metadata
Execute
Callback