This document discusses the development of an Identity and Access Management (IAM) framework for higher education and research institutions in Australia and New Zealand. It was presented at an EDUCAUSE Australasia conference. The framework is being built as an online compendium of IAM resources through a wiki to facilitate collaboration. It includes sections on IAM governance, identification, attribute aggregation, authentication, transport, relying parties, and a maturity model. Contributors are invited to provide case studies, policies, processes, and resources to further develop the framework.
This session described changes to the AIIM CIP program, reviewed the outline of the 2016 CIP exam, described how to participate in the beta program, and how to register for, prepare for, and maintain the CIP through CEUs.
With thousands of vendors in the marketplace, organizations are overwhelmed with choices around building their marketing technology stack. By evaluating tool choices according to a customer experience maturity model and aligning the results of that evaluation with the customer journey, organizations can make more intelligent choices around process gaps and acquire appropriate technologies to fill those gaps by relying on thoughtful analysis and fitness to purpose rather than being hijacked by slick vendor demonstrations. Using hands-on exercises, Seth Earley and Steve Walker will guide participants through the steps to understanding customer lifecycles and aligning stages with classes of technology in order to improve engagement. Attendees will leave with an approach for developing their own marketing technology blueprint.
FINM4100Analytics in Accounting, Finance and EconomicsShainaBoling829
FINM4100
Analytics in Accounting,
Finance and Economics
Ethical considerations and more
applications of business analytics and
technology in accounting, finance and
economics
Week 11
Lesson Learning Outcomes
1 Evaluate ethical considerations regarding FinTech
and the use of analytics in Accounting, finance and
economics
2 Investigate case studies
3 Find potential solutions to ethical, privacy and legal
issues related to the finance sector and its use of data
4 More applications of analytics in finance
Glossary1: Data Ethics
• Data Ethics relates to
- Responsible use of data
- The value placed on data by competing parties
- The purpose and interests of data processing
• It is about the right to keep your personal data protected
• It is about transparency & accountability
https://dataethics.eu/data-ethics-principles/
One implication is that Individual humans should have control of their data.
T
h
is
P
h
o
to
b
y
U
n
k
n
o
w
n
A
u
th
o
r is
lic
e
n
s
e
d
u
n
d
e
r C
C
B
Y
-N
D
https://dataethics.eu/data-ethics-principles/
http://paul-barford.blogspot.com/2010/06/ss-holds-out.html
https://creativecommons.org/licenses/by-nd/3.0/
Where we are at…
• More and more accounting and finance organisations are
adopting AI and analytics
• There’s already an 80 - 90% reduction in time taken to do
usual tasks
• The roles of professionals in this area are changing as
repetitive tasks are automated
• Technology is changing the way we deal with compliance
• Ethical questions are arising daily
https://bernardmarr.com/artificial-intelligence-in-accounting-and-finance/
This Photo by Unknown Author is licensed under CC BY-SA-NC
https://technofaq.org/posts/2019/09/cyber-security-trends-to-watch-out-for-organizations-to-stay-ahead/
https://creativecommons.org/licenses/by-nc-sa/3.0/
This Photo by Unknown Author is licensed under CC BY-SA
Where we are heading..
• Near real-time insights
• Algorithms will transform ideas around compliance and
reduce fraud costs and lead to….
• More flexible work arrangements and different roles
• Possible need to hire an ethics expert
•
• The redefining of ethical conduct in business
https://www.thebluediamondgallery.com/tablet/b/business-ethics.html
https://creativecommons.org/licenses/by-sa/3.0/
Case Study: Google a bank?
• It hasn’t been easy for all financial institutions to keep up with new
technology and demand for convenient services
• Consequently…. Amazon, Apple and Google have started to offer services
normally offered by big banks
• Example: Google Pay
• The issue: Google is an advertising company with ads representing 71% of
its revenue sources in 2019.
• Given Google’s history of collecting Terrabytes of data from your location,
emails, shopping and song preferences
• Q: Do we really trust Google as a bank?
T
h
is
P
h
o
to
b
y
U
n
k
n
o
w
n
A
u
th
o
r is
lic
e
n
s
e
d
u
n
d
e
r C
C
B
Y
-N
C
-N
D
https://techcrunc ...
Content analytics is using rules, mathematical, statistical, and semantic models to automate how content is captured, analyzed, and governed over its lifecycle
This session described changes to the AIIM CIP program, reviewed the outline of the 2016 CIP exam, described how to participate in the beta program, and how to register for, prepare for, and maintain the CIP through CEUs.
With thousands of vendors in the marketplace, organizations are overwhelmed with choices around building their marketing technology stack. By evaluating tool choices according to a customer experience maturity model and aligning the results of that evaluation with the customer journey, organizations can make more intelligent choices around process gaps and acquire appropriate technologies to fill those gaps by relying on thoughtful analysis and fitness to purpose rather than being hijacked by slick vendor demonstrations. Using hands-on exercises, Seth Earley and Steve Walker will guide participants through the steps to understanding customer lifecycles and aligning stages with classes of technology in order to improve engagement. Attendees will leave with an approach for developing their own marketing technology blueprint.
FINM4100Analytics in Accounting, Finance and EconomicsShainaBoling829
FINM4100
Analytics in Accounting,
Finance and Economics
Ethical considerations and more
applications of business analytics and
technology in accounting, finance and
economics
Week 11
Lesson Learning Outcomes
1 Evaluate ethical considerations regarding FinTech
and the use of analytics in Accounting, finance and
economics
2 Investigate case studies
3 Find potential solutions to ethical, privacy and legal
issues related to the finance sector and its use of data
4 More applications of analytics in finance
Glossary1: Data Ethics
• Data Ethics relates to
- Responsible use of data
- The value placed on data by competing parties
- The purpose and interests of data processing
• It is about the right to keep your personal data protected
• It is about transparency & accountability
https://dataethics.eu/data-ethics-principles/
One implication is that Individual humans should have control of their data.
T
h
is
P
h
o
to
b
y
U
n
k
n
o
w
n
A
u
th
o
r is
lic
e
n
s
e
d
u
n
d
e
r C
C
B
Y
-N
D
https://dataethics.eu/data-ethics-principles/
http://paul-barford.blogspot.com/2010/06/ss-holds-out.html
https://creativecommons.org/licenses/by-nd/3.0/
Where we are at…
• More and more accounting and finance organisations are
adopting AI and analytics
• There’s already an 80 - 90% reduction in time taken to do
usual tasks
• The roles of professionals in this area are changing as
repetitive tasks are automated
• Technology is changing the way we deal with compliance
• Ethical questions are arising daily
https://bernardmarr.com/artificial-intelligence-in-accounting-and-finance/
This Photo by Unknown Author is licensed under CC BY-SA-NC
https://technofaq.org/posts/2019/09/cyber-security-trends-to-watch-out-for-organizations-to-stay-ahead/
https://creativecommons.org/licenses/by-nc-sa/3.0/
This Photo by Unknown Author is licensed under CC BY-SA
Where we are heading..
• Near real-time insights
• Algorithms will transform ideas around compliance and
reduce fraud costs and lead to….
• More flexible work arrangements and different roles
• Possible need to hire an ethics expert
•
• The redefining of ethical conduct in business
https://www.thebluediamondgallery.com/tablet/b/business-ethics.html
https://creativecommons.org/licenses/by-sa/3.0/
Case Study: Google a bank?
• It hasn’t been easy for all financial institutions to keep up with new
technology and demand for convenient services
• Consequently…. Amazon, Apple and Google have started to offer services
normally offered by big banks
• Example: Google Pay
• The issue: Google is an advertising company with ads representing 71% of
its revenue sources in 2019.
• Given Google’s history of collecting Terrabytes of data from your location,
emails, shopping and song preferences
• Q: Do we really trust Google as a bank?
T
h
is
P
h
o
to
b
y
U
n
k
n
o
w
n
A
u
th
o
r is
lic
e
n
s
e
d
u
n
d
e
r C
C
B
Y
-N
C
-N
D
https://techcrunc ...
Content analytics is using rules, mathematical, statistical, and semantic models to automate how content is captured, analyzed, and governed over its lifecycle
Enterprise Knowledge - Taxonomy Design Best Practices and MethodologyEnterprise Knowledge
This presentation, origninally presented at the Knowledge Management Institute's KM Symposium on March 27, 2014, addresses the concepts of business taxonomy value, taxonomy design methodology, and taxonomy design best practices. It is intended as an introductory deck for anyone seeking guidance on taxonomy design efforts.
In moving towards cloud services, security concerns are often cited as reasons to delay or even abandon the transition. This presentation highlights some basic steps to take to analyse and assess what risk might exist and how to mitigate this. In short, the security concerns regarding cloud deployments will exist in your privately managed data centre environments as well. Outsourcing your service to a Cloud provider does not mean you pass on your liability to your own customers nor responsibility of managing your systems and services.
Privacy is the right to be left alone, or freedom from interference or intrusion. Due to advancement in technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged.
Keeping a holistic PCI compliance approach alive
PCI as a Framework
*Setting ourselves in context
*Setting ourselves up for success
*Selling / Framing / Evolving
Off-Book Benefits
Some of the Opportunities
*Getting plenty of ‘C level’ support
*With friends like these
Most Office 365 organizations think they are safe because they are ‘only’ using collaboration in the cloud. Think again.
Join Concept Searching for a 15 minute webinar that describes the challenge of cyber security and shows you how we solve it. conceptClassifier for Office 365 identifies unknown security or confidential exposures in real-time from diverse repositories. Identification of not only standard descriptors but also organizationally defined vocabulary are also be identified. Once identified they are routed to a repository and removed from unauthorized access and portability.
Use stand-alone or integrate with your security package. We invite you to see how it works.
KM Implementation Framework for Special LibraryAlwi Yunus
The implementation of KM in Special Libraries are of prime role as special libraries are learning center for organization. Users are in need of input from them in the course of their work.
This presentation explains Information Governance. Learn what it takes to improve the value of information, manage information risks, and reduce information costs.
Delivered at Trend Micro's Executive briefing events Sydney and Melbourne 5-6 June 2017 on Australia's new Mandatory Data Breach Notification legislation. YoutubeVideo available at https://youtu.be/j5nmY916H7k
Cloud Security Summit - InfoSec World 2014Bill Burns
Cloud Security trends, practical tips and lessons learned. Implementing holistic security controls to protect business data, Trends that will affect data security, and advice to security startups and companies evaluating them.
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
Enterprises react more often to threats than to vulnerabilities since threats are more visible and frightening. So it seems to go with data protection -- our enterprises seem intent on getting the latest gizmos to protect against the most visible threats. We should, instead, be thinking about the overall structure of vulnerabilities and what structure of protections it implies. This presentation shows an enterprise-architectural view of vulnerabilities that can endanger our data and suggests a rational program of protections that can minimize them. It’s not flashy, but it is effective.
David C. Frier, CISSP, Security Practice Leader, CIBER New York
David Frier is the Security Practice Lead for CIBER, Inc. the global IT consultancy with the local presence. Now in the 32nd year of his IT career, he has performed consulting work in the areas of Enterprise Architecture, Disaster Recovery, SOX Audit (as the auditOR), SAS 70 and ISO 17799 Audit (as the auditEE), mission critical operations, enterprise encryption solutions, and Data Leakage Prevention (DLP). David holds the CISSP and CRISC certifications.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Enterprise Knowledge - Taxonomy Design Best Practices and MethodologyEnterprise Knowledge
This presentation, origninally presented at the Knowledge Management Institute's KM Symposium on March 27, 2014, addresses the concepts of business taxonomy value, taxonomy design methodology, and taxonomy design best practices. It is intended as an introductory deck for anyone seeking guidance on taxonomy design efforts.
In moving towards cloud services, security concerns are often cited as reasons to delay or even abandon the transition. This presentation highlights some basic steps to take to analyse and assess what risk might exist and how to mitigate this. In short, the security concerns regarding cloud deployments will exist in your privately managed data centre environments as well. Outsourcing your service to a Cloud provider does not mean you pass on your liability to your own customers nor responsibility of managing your systems and services.
Privacy is the right to be left alone, or freedom from interference or intrusion. Due to advancement in technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged.
Keeping a holistic PCI compliance approach alive
PCI as a Framework
*Setting ourselves in context
*Setting ourselves up for success
*Selling / Framing / Evolving
Off-Book Benefits
Some of the Opportunities
*Getting plenty of ‘C level’ support
*With friends like these
Most Office 365 organizations think they are safe because they are ‘only’ using collaboration in the cloud. Think again.
Join Concept Searching for a 15 minute webinar that describes the challenge of cyber security and shows you how we solve it. conceptClassifier for Office 365 identifies unknown security or confidential exposures in real-time from diverse repositories. Identification of not only standard descriptors but also organizationally defined vocabulary are also be identified. Once identified they are routed to a repository and removed from unauthorized access and portability.
Use stand-alone or integrate with your security package. We invite you to see how it works.
KM Implementation Framework for Special LibraryAlwi Yunus
The implementation of KM in Special Libraries are of prime role as special libraries are learning center for organization. Users are in need of input from them in the course of their work.
This presentation explains Information Governance. Learn what it takes to improve the value of information, manage information risks, and reduce information costs.
Delivered at Trend Micro's Executive briefing events Sydney and Melbourne 5-6 June 2017 on Australia's new Mandatory Data Breach Notification legislation. YoutubeVideo available at https://youtu.be/j5nmY916H7k
Cloud Security Summit - InfoSec World 2014Bill Burns
Cloud Security trends, practical tips and lessons learned. Implementing holistic security controls to protect business data, Trends that will affect data security, and advice to security startups and companies evaluating them.
How to Boost your Cyber Risk Management Program and Capabilities?PECB
The webinar explores how understanding your organization in crisis due to an exploitation of risk can develop the organization’s resilience and team in the drive for a stronger level of compliance maturity.
Main points covered:
• Information Security maturity
• ROPI
• Risk Management
• Incident Response
• Forensic Readiness
• Table Top Exercises
• Training
• Legislation
Presenter:
Our presenter for this webinar is Peter Jones, an experienced management professional, digital forensic analyst, cybersecurity professional, ISO 27001 and ISO 17025 auditor and University Lecturer. Peter has a wealth of experience and expertise which incorporates knowledge from being an academic and a practitioner in relation to best practice, data management, cyber security, digital system security and digital forensics, where he has conducted thousands of examinations on behalf of law enforcement and the private sector. Peter has extensive information technology and telecommunications experience which ranges from retail to enterprise environments including supporting the BBC with their hit drama series, ‘Silent Witness’.
Link the the YouTube video: https://youtu.be/aREo4l-pDgc
Enterprises react more often to threats than to vulnerabilities since threats are more visible and frightening. So it seems to go with data protection -- our enterprises seem intent on getting the latest gizmos to protect against the most visible threats. We should, instead, be thinking about the overall structure of vulnerabilities and what structure of protections it implies. This presentation shows an enterprise-architectural view of vulnerabilities that can endanger our data and suggests a rational program of protections that can minimize them. It’s not flashy, but it is effective.
David C. Frier, CISSP, Security Practice Leader, CIBER New York
David Frier is the Security Practice Lead for CIBER, Inc. the global IT consultancy with the local presence. Now in the 32nd year of his IT career, he has performed consulting work in the areas of Enterprise Architecture, Disaster Recovery, SOX Audit (as the auditOR), SAS 70 and ISO 17799 Audit (as the auditEE), mission critical operations, enterprise encryption solutions, and Data Leakage Prevention (DLP). David holds the CISSP and CRISC certifications.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
1. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
An Identity and Access Management
Framework for Australian and New
Zealand Higher Education and
Research
Rodney McDuff and Patricia McMillan
The University of Queensland
EDUCAUSE AUSTRALASIA, PERTH, 6 MAY 2009
2. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
CONTENTS
Background
What are we doing?
An introduction to the IAM framework
How you can participate
Wiki, discussion list, blog
3. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
SOME THOUGHTS ON IDENTITY
4. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
BACKGROUND
An initiative of the CAUDIT Standing
Committee on Technical Standards
Grew out of the MAPS Project
(Middleware Action Plan & Strategy)
5. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
WHY IDENTITY AND ACCESS MANAGEMENT?
IAM ranks among the most important
issues facing CIOs and IT Directors on
CAUDIT and EDUCAUSE annual
surveys.
6. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
WHAT ARE WE BUILDING?
An online compendium of IAM resources
A wiki designed to grow through community
contributions
Information providing the benefit of the
community's prior experiences
A common language and shared vision
A framework for prioritising actions
7. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
WHAT THE COMPENDIUM CONTAINS
Business case for IAM
Glossary
Framework for the spectrum of IAM
processes
Advice – evaluating technologies;
federating with other organisations
A set of resources
8. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
SOME THOUGHTS ON IDENTITY
The real meditation is the meditation
on one’s identity. You try it. You try
finding out why you’re you and not
somebody else. And who in the blazes
are you anyhow?
• Ezra Pound, US poet, 1885-1972
9. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Identity and Access Management Lifecycle is?
• A sequence of orchestrated business
processes
– Performed by many actors
– Governed by some set of policies
– Implemented using some array of
technologies
• All so that an individual can gain authorized
access to some set of resources
10. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Identity and Access Management Lifecycle is?
• Prior to this point….
– Many processes have been performed by many actors
– Most individuals and relying parties are not familiar with these actors
or their roles
– Some of these actors may not understand their own roles
– And how they fit into the bigger IAM picture.
• Need a way to allow interested parties to understand the bigger picture
• Need an IAM framework to illuminate:
– Relationships across the spectrum of business processes
– Governing policies,
– Technologies
– Actors and their roles
• Need a maturity model to:
– define what improved IAM means for your organisation
– prioritise actions.
11. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
AN INTRODUCTION TO THE FRAMEWORK
• The CTSC IAM framework is based on a logical timeline of
significant processes in the life-cycle of an IAM event
• 6 classes of IAM processes
• To help classify and simplify IAM ideas and concepts
12. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Governance and Policy
• IAM Governance is the management, control, and orchestration of
IAM business processes guided by
– The policies & business requirements of the organisation.
– The policies & business requirements of Trust Federations.
– Local, national and (possibly) international legislation.
• Answers such questions as:
– How are the enterprise's IAM business requirements to be achieved?
– How may the enterprise's policies constrain or shape this achievement?
– Who within the enterprise is responsible for the various IAM processes and
sub-processes?
– When are these processes enacted?
• IAM Governance also needs to benchmark itself
– so that it may evolve and mature to meet the IAM requirements of the
enterprise.
• IAM Governance is the most important of the six classes.
– Unfortunately its usually the most neglected.
13. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Identification and Credentialing
• The “digital identity” of an entity is at the crux of IAM.
– Its is also a complex entity in itself.
• A “digital identity”* consists a set of claims made by one “digital
subject” about itself or another “digital subject“
• A “digital subject” is a person or thing represented or existing in the
digital realm which is being described or dealt with".
• A “subject” is the central substance or core of a thing as opposed to
its attributes.
• It is this “subject” that needs to be identified.
• Once identified:
– Sets of claims and attributes can be accrued and pinned to it.
– Credentials can be issued to it
– To proving the binding “subject” and its “digital identity” to some level
of assurance.
*Kim Cameron's Laws of Identity <http://www.identityblog.com/?p=354>
14. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Attribute Aggregation
• As soon as a subject is identified it can start to accrue
attributes.
– Usually first are subject's personal details
– first-name, surname, gender, …
– Enterprise attributes soon to follow.
• Attributes are stored in information store called System of
Record
– An enterprise may have several SORs.
– HR, SIS, Library, PABX, …
– Digital Identity is inevitably scattered across a number of
SORs.
• To combat this a system like metadirectory or virtual
directory can be deployed to construct a consolidated view
of the shattered digital identities.
15. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Authentication and Assertions
• Authentication is the act of proving possession and control of the
authentication credentials
– Used to assure the identity of an end entity to a relying party.
– Also binds the subject to its digital identity for the duration of the
transaction.
• Authentication based on the familiar 3 factor metaphor:
– Something you know -- a secret, such as a password or PIN.
– Something you have -- such as a physical token .
– Something you are -- a biometric evaluation.
• Many authN technologies
– Each have pros & cons protecting against attacks.
– Enterprise must choose appropriate technologies based onS:
– Risk assessment of erroneous access to a particular resource.
– Ease of use of the technology to individuals.
• When subject authenticates a assertion is normally constructed.
– May range from a simple “OK” response, …
– To a digitally signed SAML assertion.
16. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Transport
• Once an assertion has been constructed it must be transported to the
relying party so it can consume it.
– Possibly to make an informed authorisation decision
• However it is quite possible that during its transport:
– Assertion may be tampered with.
– Its content revealed to unauthorised parties.
• Relying parties needs to understand the LoA provided by the transport
mechanism
– Understand the risks associated with consuming assertion.
• In some cases this transport is trivial and LoA maybe high.
– Eg. Assertion generator and consumer on same server.
• In other case it may not be so high
– Eg. Transport of assertion over network.
– RP may need to consider the assertion's security, confidentiality,
and integrity.
17. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Relying Parties and Resources
• Once an assertion has been transported to a relying
party it must process it according to:
– The information contained within (or implied by) the
assertion based on a shared semantic understanding
of the attributes and claims within.
– The ability to verify the truth of the assertion based on
the understanding of the IAM business
processes, policies and technologies that led to its
construction and their LoA which manifests
trustworthiness.
– Its own business plan, processes, risk analysis and
requirements as well as its obligation, if any, to other
parties such as actors in the IAM process.
• Relying parties shoulder most of the risk burden in IAM
transactions.
18. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
Identity and Access Management Compendium
• Organised in to 6 volumes inline with the 6 classes
• Each volume explains how this aspect of IAM fits into the
framework
• Addresses issues such as
– Policy considerations
– Risk assessment, risk management and LoAs
– Relevant standards
– Evaluating technology solutions
– Maturity model
– Federating with other organisations
– Communication and education
– Resources for further information
19. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
WHAT YOU CAN CONTRIBUTE
Case studies on IAM within your organisation,
whether these deal with business, process,
policy, or technology aspects;
Policy considerations and risk management
related to IAM;
Good IAM processes and practices extending
to all parts of an enterprise;
How to evaluate technology solutions;
Pointers to useful resources on IAM;
Comments and feedback as sections are
added.
20. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
HOW TO CONTRIBUTE
https://wiki.caudit.edu.au/confluence/dashboard.action
Email patricia.mcmillan@uq.edu.au to
be added to the mailing list and wiki.
Regular blog entries will pose issues
and questions to keep the discussion
going.
21. An IAM Framework for Australian and New Zealand Higher Education and Research May 2009
SOME THOUGHTS ON IDENTITY
Americans may have no identity, but
they do have wonderful teeth.
• Jean Baudrillard, French semiologist