SlideShare a Scribd company logo

CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, REST, and JSON

CloudIDSummit
CloudIDSummit

This document discusses lasagna and why it is better than spaghetti. It begins with a brief history of pasta, noting how lasagna kicked spaghetti out. It then suggests that code can feel like spaghetti and introduces the idea of using attributes and policies to control access in a more organized way, similar to the layers in lasagna. Finally, it promotes putting authorization at different layers in applications, similar to the layers in baking lasagna.

Technology
1 of 31
Download to read offline
Why lasagna is better than spaghetti Building  authoriza/on  into  your  apps,   APIs,  and  DB  using  JSON,  REST  &  ALFA   ©  Axioma/cs  2014  -­‐  @axioma/cs  
Before  we  begin,  a  liPle  draw   Drop  in  your  card  at  the  Axioma/cs  booth  for  a   chance  to  win  a  Bose  bluetooth  speaker   ©  Axioma/cs  2014  -­‐  @axioma/cs  
A  liPle  history  of  pasta   Meet  Sally   And  her  precious  one   And  so  lasagna  kicked   spaghe6  out  ©  Axioma/cs  2014  -­‐  @axioma/cs  
Doesn’t  your  code  feel  like  spagheS?   ©  Axioma/cs  2014  -­‐  @axioma/cs   (if/then/else mixology)
A  liPle  history  of  access  control   Based  on:  Hilbert  and  Lopez,  2011   86   87   88   89   90   91   92   93   94   95   96   97   98   99   00   01   02   03   04   05   06   07   300   250   200   150   100   50   0   ~93%  digital   ~0,7%  digital   DAC   MAC   RBAC   ABAC   Increasing  access     control  challenges   ©  Axioma/cs  2014  -­‐  @axioma/cs  
What’s  Our  Secret  Ingredient?   APributes…   APributes…   APributes…  
APribute-­‐Based  Access  Control   Who…   What…   Where…   When…   Why…   APributes  can  describe  everything  (not  just  who)   How…  
The  Secret  Sauce?     Policy-­‐Based  Access  Control   Centralized…   Easy  to  audit…   eXtensible…  Standardized…   APribute-­‐based…  
XACML  –  eXtensible  Access  Control   =   +   (ABAC)   (PBAC)  
XACML   supports   Schrodinger's   cat   Paul Madsen’s
Bake  in  layers   ©  Axioma/cs  2014  -­‐  @axioma/cs   Authoriza/on  at  the  right  place   Business  /er…  API  /er…   Data  /er…  Web  app  /er…  Presenta/on  /er…  
Data  Tier   Bake  once,  enjoy  everywhere   PresentaJon  Tier   API  &  WS  Tier   Business  Tier   eXternalized   AuthorizaJon   Service  
How  does  Chef   Gebel  take  it  to   the  next  level?   I  use  ALFA,   100%   XACML   I  use  JSON   and  REST  too   –  easy  on  the   developers  
THE  ALFA   PLUGIN  FOR   ECLIPSE   Authoriza/on’s  KitchenAid   ©  Axioma/cs  2014  -­‐  @axioma/cs  
What’s  ALFA   •  Abbreviated  Language  for  Authoriza/on   •  OASIS   –  Axioma/cs  language  donated  to  OASIS  XACML   –  In  the  process  of  standardiza/on   •  Goals   –  Makes  XACML  policies  easier  to  write   –  Simplifies  XACML  structure   –  Enhances  possibili/es   •  Audience   –  Aimed  at  developers  ini/ally   –  Very  popular  with  business  analysts   ©  Axioma/cs  2014  -­‐  @axioma/cs  
What’s  the  ALFA  plugin?   •  Add-­‐on  to  Eclipse,  the  popular  IDE   •  Lets  you  write  ALFA  easily   –  Auto-­‐complete   –  Syntax  checking   –  Syntax  coloring   •  Converts  ALFA  into  XACML  3.0  policies  on  the  fly   •  Lets  you  test  your  policies   ©  Axioma/cs  2014  -­‐  @axioma/cs   Available  for   free  from   Axioma/cs  
An  example:  the  insurance  use  case   •  Authoriza/on  requirement   –  A  customer  can  view  his/her  own  policies  and  the  policies  of  a  spouse   that  are  not  marked  as  private   •  Iden/fy  the  aPributes   –  User  type;  ac/on;  policy  owner;  policy  private  flag;  spouse;  object   type;  user  iden/ty   •  Rework  the  rule   –  A  user  with  type==customer  can  do  ac/on==view  on  object  of   type==policy…   •  if  and  only  if  policyOwner  ==  userId  or,   •  If  and  only  if  policyPrivateFlag==false    &&  policy.owner==user.spouse   •  Implement  in  ALFA   ©  Axioma/cs  2014  -­‐  @axioma/cs  
THE  JSON  PROFILE   OF  XACML   Delicious  &  Healthy   ©  Axioma/cs  2014  -­‐  @axioma/cs  
Objec/ves   •  Lightweight  nota/on   •  Get  rid  of  the  verboseness  of  XML   •  Easy  to  write   •  Broader  support  for  languages  (JS,  Python…)   •  Remove  the  XACML  /  XML  redundancy   •  Infer  certain  things  e.g.  datatypes   ©  Axioma/cs  2014  -­‐  @axioma/cs  
The  JSON  Profile  -­‐  Basics   •  The  profile  is  a  close  mirror  of  the  XML  XACML   request  /  response   •  It  is  possible  to  omit  informa/on  and  use   inference   –  Reasonable  defaults   –  E.g.  String  is  not  specified.   •  Default  category  names   –  AccessSubject,  Resource,  Ac/on,  Environment   ©  Axioma/cs  2014  -­‐  @axioma/cs  
Example  in  HTML/Javascript   <script language="javascript"> var jsonRequest = new Object(); jsonRequest.Request = new Object(); jsonRequest.Request.AccessSubject = new Object(); // jsonRequest.Request.AccessSubject.Attribute var userId = new Object(); userId.AttributeId="userId"; userId.Value="John"; var role = new Object(); role.AttributeId="role"; role.Value="manager"; jsonRequest.Request.AccessSubject.Attribute = [userId,role]; </script> ©  Axioma/cs  2014  -­‐  @axioma/cs  
Size  of  a  XACML  request   ©  Axioma/cs  2014  -­‐  @axioma/cs   0   10   20   30   40   50   Word  count   XML   JSON   0   200   400   600   800   1000   1200   1400   Char.  Count   XML   JSON  
THE  REST  PROFILE  OF  XACML     The  perfect  way  to  serve  your  lasagna   ©  Axioma/cs  2014  -­‐  @axioma/cs  
Why  a  “REST”  profile?   •  No  standard  transport  protocol  in  XACML  core   •  Different  implementa/ons  have  different   SOAP  wrappings   •  SOAP  in  itself  is  losing  in  popularity   •  Provide  easy  means  to  send  authoriza/on   request   ©  Axioma/cs  2014  -­‐  @axioma/cs  
Pos/ng  the  JSON  Request  in  Javascript   var xmlHttp = null; function authorize() { var xacmlRequest = document.getElementById( "xacmlrequest" ).value; var Url = "https://localhost:5443/axio/authorize"; xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = ProcessRequest; xmlHttp.withCredentials = true; xmlHttp.open( "POST", Url, false ); xmlHttp.setRequestHeader("Accept","application/xacml+json"); xmlHttp.setRequestHeader("Content-Type","application/xacml+json"); xmlHttp.setRequestHeader("Authorization","Basic cGVwOnBhc3N3b3Jk"); xmlHttp.send( JSON.stringify(xacmlRequest) );©  Axioma/cs  2014  -­‐  @axioma/cs  
And  now,   let’s  bake!  
Ok,  so  it’s   /me  to   wrap  up  
Forget  spagheS.  Whip  up  lasagna!   ©  Axioma/cs  2014  -­‐  @axioma/cs   (Sorry  Sergio  Leone)   REST  +  ALFA  +  JSON   A  recipe  for  success   Don’t  forget  to  pair  the  pasta  with  an  elegant   wine.  Ask  @ggebel,  our  head  sommelier,  for   recommenda/ons  
Summary   Acronym   Name   DescripJon   EAM   eXternalized   Authoriza/on   Management   The  act  of  cleanly  separa0ng  business  logic   from  authoriza0on  logic  and  maintaining  each   one  independently   ABAC   APribute-­‐based  access   control   An  authoriza0on  model  whereby  parameters   about  the  user,  resource,  ac0on,  and   environment  can  be  used  to  determine  access   PBAC   Policy-­‐based  access   control   An  authoriza0on  model  which  uses  a<ributes   combined  together  inside  policies  to  define   granted  or  denied  access   XACML   eXtensible  Access  Control   Markup  Language   The  standard  implementa0on  of  ABAC  and   PBAC  –  done  by  OASIS.  
References   •  REST  profile  of  XACML   •  JSON  profile  of  XACML   •  ALFA  profile  of  XACML   è Available  on  the  OASIS  XACML  TC  website   oasis-­‐open.org/commiPees/tc_home.php?wg_abbrev=xacml   ©  Axioma/cs  2014  -­‐  @axioma/cs  
Grazie a tutti i tutte David  Brossard   Axioma/cs  –  the  leaders  in  ABAC  &  PBAC   @davidjbrossard   @axioma/cs   hPp://developers.axioma/cs.com   ©  Axioma/cs  2014  -­‐  @axioma/cs  

Recommended

Why lasagna is better than spaghetti: baking authorization into your applicat...
Why lasagna is better than spaghetti: baking authorization into your applicat...Why lasagna is better than spaghetti: baking authorization into your applicat...
Why lasagna is better than spaghetti: baking authorization into your applicat...David Brossard
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases WSO2
 
Oracle api gateway overview
Oracle api gateway overviewOracle api gateway overview
Oracle api gateway overviewOracle Corporation
 
API Gateway - OFM Canberra October 2014
API Gateway - OFM Canberra October 2014API Gateway - OFM Canberra October 2014
API Gateway - OFM Canberra October 2014Joelith
 
Site templates, site life cycle management and Modern SharePoint
Site templates, site life cycle management and Modern SharePointSite templates, site life cycle management and Modern SharePoint
Site templates, site life cycle management and Modern SharePointAlbert-Jan Schot
 
Serverless for Developers
Serverless for DevelopersServerless for Developers
Serverless for DevelopersSébastien ☁ Stormacq
 
Message-Driven Architecture on AWS
Message-Driven Architecture on AWSMessage-Driven Architecture on AWS
Message-Driven Architecture on AWSjeromevdl
 
Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Mindfire Solutions
 

Recommended

Why lasagna is better than spaghetti: baking authorization into your applicat...
Why lasagna is better than spaghetti: baking authorization into your applicat...Why lasagna is better than spaghetti: baking authorization into your applicat...
Why lasagna is better than spaghetti: baking authorization into your applicat...David Brossard
 
Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases Uncovering XACML to solve real world business use cases
Uncovering XACML to solve real world business use cases WSO2
 
Oracle api gateway overview
Oracle api gateway overviewOracle api gateway overview
Oracle api gateway overviewOracle Corporation
 
API Gateway - OFM Canberra October 2014
API Gateway - OFM Canberra October 2014API Gateway - OFM Canberra October 2014
API Gateway - OFM Canberra October 2014Joelith
 
Site templates, site life cycle management and Modern SharePoint
Site templates, site life cycle management and Modern SharePointSite templates, site life cycle management and Modern SharePoint
Site templates, site life cycle management and Modern SharePointAlbert-Jan Schot
 
Serverless for Developers
Serverless for DevelopersServerless for Developers
Serverless for DevelopersSébastien ☁ Stormacq
 
Message-Driven Architecture on AWS
Message-Driven Architecture on AWSMessage-Driven Architecture on AWS
Message-Driven Architecture on AWSjeromevdl
 
Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Webservices in SalesForce (part 1)
Webservices in SalesForce (part 1)Mindfire Solutions
 
Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...
Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data... Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...
Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...Big Data Spain
 
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User Experience
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User ExperiencePWA & AMP (PWAMP) - Making the Bot Experience as Good as the User Experience
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User ExperienceMax Prin
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The CloudAnna Brzezińska
 
REST Enabling your Oracle Database (2018 Update)
REST Enabling your Oracle Database (2018 Update)REST Enabling your Oracle Database (2018 Update)
REST Enabling your Oracle Database (2018 Update)Jeff Smith
 
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charity
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charityIntegrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charity
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charityKrzysztof Sobkowiak
 
Services Apps Iand Flex Applications
Services Apps Iand Flex ApplicationsServices Apps Iand Flex Applications
Services Apps Iand Flex ApplicationsSumit Kataria
 
Architecting Web Services
Architecting Web ServicesArchitecting Web Services
Architecting Web ServicesLorna Mitchell
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...Aman Kohli
 
Testable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascriptTestable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascriptTimothy Oxley
 
SPARQLing Services
SPARQLing ServicesSPARQLing Services
SPARQLing ServicesLeigh Dodds
 
Integrating with SAP FIX and HL7
Integrating with SAP FIX and HL7Integrating with SAP FIX and HL7
Integrating with SAP FIX and HL7WSO2
 
Architecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web APIArchitecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web APISHAKIL AKHTAR
 
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los Baños
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los BañosAMIMOTO: WordPress + Amazon Web Services University of the Philippines Los Baños
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los BañosKel
 
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...chbornet
 
Ext Js
Ext JsExt Js
Ext JsCorey Butler
 
Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Roberto Polli
 
Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Team per la Trasformazione Digitale
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCloudIDSummit
 
JAX-RS.next
JAX-RS.nextJAX-RS.next
JAX-RS.nextMichal Gajdos
 
Cocoon OSGi CocoonGT2007
Cocoon OSGi CocoonGT2007Cocoon OSGi CocoonGT2007
Cocoon OSGi CocoonGT2007Daniel Fagerstrom
 
CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 

More Related Content

Similar to CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, REST, and JSON

Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...
Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data... Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...
Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...Big Data Spain
 
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User Experience
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User ExperiencePWA & AMP (PWAMP) - Making the Bot Experience as Good as the User Experience
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User ExperienceMax Prin
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The CloudAnna Brzezińska
 
REST Enabling your Oracle Database (2018 Update)
REST Enabling your Oracle Database (2018 Update)REST Enabling your Oracle Database (2018 Update)
REST Enabling your Oracle Database (2018 Update)Jeff Smith
 
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charity
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charityIntegrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charity
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charityKrzysztof Sobkowiak
 
Services Apps Iand Flex Applications
Services Apps Iand Flex ApplicationsServices Apps Iand Flex Applications
Services Apps Iand Flex ApplicationsSumit Kataria
 
Architecting Web Services
Architecting Web ServicesArchitecting Web Services
Architecting Web ServicesLorna Mitchell
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...Aman Kohli
 
Testable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascriptTestable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascriptTimothy Oxley
 
SPARQLing Services
SPARQLing ServicesSPARQLing Services
SPARQLing ServicesLeigh Dodds
 
Integrating with SAP FIX and HL7
Integrating with SAP FIX and HL7Integrating with SAP FIX and HL7
Integrating with SAP FIX and HL7WSO2
 
Architecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web APIArchitecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web APISHAKIL AKHTAR
 
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los Baños
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los BañosAMIMOTO: WordPress + Amazon Web Services University of the Philippines Los Baños
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los BañosKel
 
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...chbornet
 
Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Roberto Polli
 
Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Team per la Trasformazione Digitale
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCloudIDSummit
 

Similar to CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, REST, and JSON (20)

Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...
Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data... Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...
Big Data Web applications for Interactive Hadoop by ENRICO BERTI at Big Data...
 
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User Experience
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User ExperiencePWA & AMP (PWAMP) - Making the Bot Experience as Good as the User Experience
PWA & AMP (PWAMP) - Making the Bot Experience as Good as the User Experience
 
Business Applications Integration In The Cloud
Business Applications Integration In The CloudBusiness Applications Integration In The Cloud
Business Applications Integration In The Cloud
 
REST Enabling your Oracle Database (2018 Update)
REST Enabling your Oracle Database (2018 Update)REST Enabling your Oracle Database (2018 Update)
REST Enabling your Oracle Database (2018 Update)
 
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charity
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charityIntegrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charity
Integrate (Yourself) with the Apache Software Foundation - 33rd Degree 4charity
 
Services Apps Iand Flex Applications
Services Apps Iand Flex ApplicationsServices Apps Iand Flex Applications
Services Apps Iand Flex Applications
 
Architecting Web Services
Architecting Web ServicesArchitecting Web Services
Architecting Web Services
 
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
 
Testable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascriptTestable client side_mvc_apps_in_javascript
Testable client side_mvc_apps_in_javascript
 
SPARQLing Services
SPARQLing ServicesSPARQLing Services
SPARQLing Services
 
Integrating with SAP FIX and HL7
Integrating with SAP FIX and HL7Integrating with SAP FIX and HL7
Integrating with SAP FIX and HL7
 
Architecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web APIArchitecting &Building Scalable Secure Web API
Architecting &Building Scalable Secure Web API
 
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los Baños
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los BañosAMIMOTO: WordPress + Amazon Web Services University of the Philippines Los Baños
AMIMOTO: WordPress + Amazon Web Services University of the Philippines Los Baños
 
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...
JHipster Conf 2018 : Connect your JHipster apps to the world of APIs with Ope...
 
Ext Js
Ext JsExt Js
Ext Js
 
Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?
 
Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?Interoperability rules for an European API ecosystem: do we still need SOAP?
Interoperability rules for an European API ecosystem: do we still need SOAP?
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization Standards
 
JAX-RS.next
JAX-RS.nextJAX-RS.next
JAX-RS.next
 
Cocoon OSGi CocoonGT2007
Cocoon OSGi CocoonGT2007Cocoon OSGi CocoonGT2007
Cocoon OSGi CocoonGT2007
 

More from CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 

More from CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 

Recently uploaded

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

CIS14: Baking Fine-Grained Authorization Into Your Apps and APIs using ALFA, REST, and JSON

  • 1. Why lasagna is better than spaghetti Building  authoriza/on  into  your  apps,   APIs,  and  DB  using  JSON,  REST  &  ALFA   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 2. Before  we  begin,  a  liPle  draw   Drop  in  your  card  at  the  Axioma/cs  booth  for  a   chance  to  win  a  Bose  bluetooth  speaker   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 3. A  liPle  history  of  pasta   Meet  Sally   And  her  precious  one   And  so  lasagna  kicked   spaghe6  out  ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 4. Doesn’t  your  code  feel  like  spagheS?   ©  Axioma/cs  2014  -­‐  @axioma/cs   (if/then/else mixology)
  • 5. A  liPle  history  of  access  control   Based  on:  Hilbert  and  Lopez,  2011   86   87   88   89   90   91   92   93   94   95   96   97   98   99   00   01   02   03   04   05   06   07   300   250   200   150   100   50   0   ~93%  digital   ~0,7%  digital   DAC   MAC   RBAC   ABAC   Increasing  access     control  challenges   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 6. What’s  Our  Secret  Ingredient?   APributes…   APributes…   APributes…  
  • 7. APribute-­‐Based  Access  Control   Who…   What…   Where…   When…   Why…   APributes  can  describe  everything  (not  just  who)   How…  
  • 8. The  Secret  Sauce?     Policy-­‐Based  Access  Control   Centralized…   Easy  to  audit…   eXtensible…  Standardized…   APribute-­‐based…  
  • 9. XACML  –  eXtensible  Access  Control   =   +   (ABAC)   (PBAC)  
  • 10. XACML   supports   Schrodinger's   cat   Paul Madsen’s
  • 11. Bake  in  layers   ©  Axioma/cs  2014  -­‐  @axioma/cs   Authoriza/on  at  the  right  place   Business  /er…  API  /er…   Data  /er…  Web  app  /er…  Presenta/on  /er…  
  • 12. Data  Tier   Bake  once,  enjoy  everywhere   PresentaJon  Tier   API  &  WS  Tier   Business  Tier   eXternalized   AuthorizaJon   Service  
  • 13. How  does  Chef   Gebel  take  it  to   the  next  level?   I  use  ALFA,   100%   XACML   I  use  JSON   and  REST  too   –  easy  on  the   developers  
  • 14. THE  ALFA   PLUGIN  FOR   ECLIPSE   Authoriza/on’s  KitchenAid   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 15. What’s  ALFA   •  Abbreviated  Language  for  Authoriza/on   •  OASIS   –  Axioma/cs  language  donated  to  OASIS  XACML   –  In  the  process  of  standardiza/on   •  Goals   –  Makes  XACML  policies  easier  to  write   –  Simplifies  XACML  structure   –  Enhances  possibili/es   •  Audience   –  Aimed  at  developers  ini/ally   –  Very  popular  with  business  analysts   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 16. What’s  the  ALFA  plugin?   •  Add-­‐on  to  Eclipse,  the  popular  IDE   •  Lets  you  write  ALFA  easily   –  Auto-­‐complete   –  Syntax  checking   –  Syntax  coloring   •  Converts  ALFA  into  XACML  3.0  policies  on  the  fly   •  Lets  you  test  your  policies   ©  Axioma/cs  2014  -­‐  @axioma/cs   Available  for   free  from   Axioma/cs  
  • 17. An  example:  the  insurance  use  case   •  Authoriza/on  requirement   –  A  customer  can  view  his/her  own  policies  and  the  policies  of  a  spouse   that  are  not  marked  as  private   •  Iden/fy  the  aPributes   –  User  type;  ac/on;  policy  owner;  policy  private  flag;  spouse;  object   type;  user  iden/ty   •  Rework  the  rule   –  A  user  with  type==customer  can  do  ac/on==view  on  object  of   type==policy…   •  if  and  only  if  policyOwner  ==  userId  or,   •  If  and  only  if  policyPrivateFlag==false    &&  policy.owner==user.spouse   •  Implement  in  ALFA   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 18. THE  JSON  PROFILE   OF  XACML   Delicious  &  Healthy   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 19. Objec/ves   •  Lightweight  nota/on   •  Get  rid  of  the  verboseness  of  XML   •  Easy  to  write   •  Broader  support  for  languages  (JS,  Python…)   •  Remove  the  XACML  /  XML  redundancy   •  Infer  certain  things  e.g.  datatypes   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 20. The  JSON  Profile  -­‐  Basics   •  The  profile  is  a  close  mirror  of  the  XML  XACML   request  /  response   •  It  is  possible  to  omit  informa/on  and  use   inference   –  Reasonable  defaults   –  E.g.  String  is  not  specified.   •  Default  category  names   –  AccessSubject,  Resource,  Ac/on,  Environment   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 21. Example  in  HTML/Javascript   <script language="javascript"> var jsonRequest = new Object(); jsonRequest.Request = new Object(); jsonRequest.Request.AccessSubject = new Object(); // jsonRequest.Request.AccessSubject.Attribute var userId = new Object(); userId.AttributeId="userId"; userId.Value="John"; var role = new Object(); role.AttributeId="role"; role.Value="manager"; jsonRequest.Request.AccessSubject.Attribute = [userId,role]; </script> ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 22. Size  of  a  XACML  request   ©  Axioma/cs  2014  -­‐  @axioma/cs   0   10   20   30   40   50   Word  count   XML   JSON   0   200   400   600   800   1000   1200   1400   Char.  Count   XML   JSON  
  • 23. THE  REST  PROFILE  OF  XACML     The  perfect  way  to  serve  your  lasagna   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 24. Why  a  “REST”  profile?   •  No  standard  transport  protocol  in  XACML  core   •  Different  implementa/ons  have  different   SOAP  wrappings   •  SOAP  in  itself  is  losing  in  popularity   •  Provide  easy  means  to  send  authoriza/on   request   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 25. Pos/ng  the  JSON  Request  in  Javascript   var xmlHttp = null; function authorize() { var xacmlRequest = document.getElementById( "xacmlrequest" ).value; var Url = "https://localhost:5443/axio/authorize"; xmlHttp = new XMLHttpRequest(); xmlHttp.onreadystatechange = ProcessRequest; xmlHttp.withCredentials = true; xmlHttp.open( "POST", Url, false ); xmlHttp.setRequestHeader("Accept","application/xacml+json"); xmlHttp.setRequestHeader("Content-Type","application/xacml+json"); xmlHttp.setRequestHeader("Authorization","Basic cGVwOnBhc3N3b3Jk"); xmlHttp.send( JSON.stringify(xacmlRequest) );©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 26. And  now,   let’s  bake!  
  • 27. Ok,  so  it’s   /me  to   wrap  up  
  • 28. Forget  spagheS.  Whip  up  lasagna!   ©  Axioma/cs  2014  -­‐  @axioma/cs   (Sorry  Sergio  Leone)   REST  +  ALFA  +  JSON   A  recipe  for  success   Don’t  forget  to  pair  the  pasta  with  an  elegant   wine.  Ask  @ggebel,  our  head  sommelier,  for   recommenda/ons  
  • 29. Summary   Acronym   Name   DescripJon   EAM   eXternalized   Authoriza/on   Management   The  act  of  cleanly  separa0ng  business  logic   from  authoriza0on  logic  and  maintaining  each   one  independently   ABAC   APribute-­‐based  access   control   An  authoriza0on  model  whereby  parameters   about  the  user,  resource,  ac0on,  and   environment  can  be  used  to  determine  access   PBAC   Policy-­‐based  access   control   An  authoriza0on  model  which  uses  a<ributes   combined  together  inside  policies  to  define   granted  or  denied  access   XACML   eXtensible  Access  Control   Markup  Language   The  standard  implementa0on  of  ABAC  and   PBAC  –  done  by  OASIS.  
  • 30. References   •  REST  profile  of  XACML   •  JSON  profile  of  XACML   •  ALFA  profile  of  XACML   è Available  on  the  OASIS  XACML  TC  website   oasis-­‐open.org/commiPees/tc_home.php?wg_abbrev=xacml   ©  Axioma/cs  2014  -­‐  @axioma/cs  
  • 31. Grazie a tutti i tutte David  Brossard   Axioma/cs  –  the  leaders  in  ABAC  &  PBAC   @davidjbrossard   @axioma/cs   hPp://developers.axioma/cs.com   ©  Axioma/cs  2014  -­‐  @axioma/cs