CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.
CloudStack Identity and Access Management (IAM)Min Chen
The document discusses CloudStack's plans to implement an Identity and Access Management (IAM) service. It describes CloudStack's current limited IAM capabilities and the goal to provide a pluggable IAM service. The proposed architecture includes hosting an independent IAM server and integrating an IAM plugin with CloudStack via adapter interfaces. The plugin would support new IAM APIs and policies to control access at the user, group, and resource levels. Example use cases are provided to demonstrate how the IAM service could enable cross-account access policies and role-based access controls.
IdP, SAML, OAuth are new acronyms for identity in the cloud. SAML is used for federated authentication between an identity provider (IdP) like Active Directory and a service provider (SP) like Office 365. The IdP authenticates the user and sends a SAML token with claims to the SP. OAuth streamlines authentication for mobile by issuing short-lived access tokens instead of passing full credentials or SAML assertions between each service. It allows authorization without passwords and tokens can be revoked, reducing risks of compromised apps. Office 365 uses Azure Active Directory as an IdP with SAML or OAuth to authenticate users from an on-premises Active Directory via federation or synchronization.
Uncovering XACML to solve real world business use cases WSO2
This document discusses XACML (eXtensible Access Control Markup Language), which is an OASIS standard for access control policy language and request/response protocol. It describes key XACML concepts like policy-based access control and attribute-based access control. The document then outlines some advantages of XACML, challenges in using it, and provides examples of how XACML can be used for real-world use cases like controlling access to SOAP/REST APIs, web applications, and databases. Specific business use cases demonstrated include X.509 certificate-based authorization, externalizing authorization for a portal, and building a centralized entitlement system.
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
How can you get your Atlassian products to use the same authentication and sign-on as the rest of your enterprise apps? We'll show you strategies for accomplishing this with the minimum amount of pain.
Mark Lassau, JIRA Developer
Why lasagna is better than spaghetti: baking authorization into your applicat...David Brossard
Next-generation access control is undergoing a bit of an identity crisis. Some call it eXternalized Authorization Management, others Dynamic Access Control and still others just refer to it as Attribute Based Access Control (ABAC). Until now, XACML and ABAC have been the two pillars supporting next-gen AuthZ. Gartner predicts that 70% of enterprises will adopt ABAC by 2020.
With ALFA, REST, and JSON, even the most complex authorization scenarios become extremely simple to implement. It's haute cuisine made simple. In this session, we will go hands-on with examples, live demos, coding, and delicious samples.
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
In this presentation I introduce the basics of Attribute-based Access Control, XACML, and why it matters to developers. I also focus on the latest XACML TC profiles - the REST profile and the JSON profile that make integration easier and faster.
OAuth Authorization flows in salesforceKishore B T
OAuth Authorization flows in salesforce
1. Creating Connected App and Managing Connected App usage
2. Oauth web server flow (walkthrough with postman)
3. Oauth JWT Bearer token flow (walkthrough with postman)
4. Oauth JWT Bearer token flow (apex code walkthrough to integrate one salesforce org to another using JWT bearer flow)
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.
CloudStack Identity and Access Management (IAM)Min Chen
The document discusses CloudStack's plans to implement an Identity and Access Management (IAM) service. It describes CloudStack's current limited IAM capabilities and the goal to provide a pluggable IAM service. The proposed architecture includes hosting an independent IAM server and integrating an IAM plugin with CloudStack via adapter interfaces. The plugin would support new IAM APIs and policies to control access at the user, group, and resource levels. Example use cases are provided to demonstrate how the IAM service could enable cross-account access policies and role-based access controls.
IdP, SAML, OAuth are new acronyms for identity in the cloud. SAML is used for federated authentication between an identity provider (IdP) like Active Directory and a service provider (SP) like Office 365. The IdP authenticates the user and sends a SAML token with claims to the SP. OAuth streamlines authentication for mobile by issuing short-lived access tokens instead of passing full credentials or SAML assertions between each service. It allows authorization without passwords and tokens can be revoked, reducing risks of compromised apps. Office 365 uses Azure Active Directory as an IdP with SAML or OAuth to authenticate users from an on-premises Active Directory via federation or synchronization.
Uncovering XACML to solve real world business use cases WSO2
This document discusses XACML (eXtensible Access Control Markup Language), which is an OASIS standard for access control policy language and request/response protocol. It describes key XACML concepts like policy-based access control and attribute-based access control. The document then outlines some advantages of XACML, challenges in using it, and provides examples of how XACML can be used for real-world use cases like controlling access to SOAP/REST APIs, web applications, and databases. Specific business use cases demonstrated include X.509 certificate-based authorization, externalizing authorization for a portal, and building a centralized entitlement system.
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
How can you get your Atlassian products to use the same authentication and sign-on as the rest of your enterprise apps? We'll show you strategies for accomplishing this with the minimum amount of pain.
Mark Lassau, JIRA Developer
Why lasagna is better than spaghetti: baking authorization into your applicat...David Brossard
Next-generation access control is undergoing a bit of an identity crisis. Some call it eXternalized Authorization Management, others Dynamic Access Control and still others just refer to it as Attribute Based Access Control (ABAC). Until now, XACML and ABAC have been the two pillars supporting next-gen AuthZ. Gartner predicts that 70% of enterprises will adopt ABAC by 2020.
With ALFA, REST, and JSON, even the most complex authorization scenarios become extremely simple to implement. It's haute cuisine made simple. In this session, we will go hands-on with examples, live demos, coding, and delicious samples.
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
In this presentation I introduce the basics of Attribute-based Access Control, XACML, and why it matters to developers. I also focus on the latest XACML TC profiles - the REST profile and the JSON profile that make integration easier and faster.
OAuth Authorization flows in salesforceKishore B T
OAuth Authorization flows in salesforce
1. Creating Connected App and Managing Connected App usage
2. Oauth web server flow (walkthrough with postman)
3. Oauth JWT Bearer token flow (walkthrough with postman)
4. Oauth JWT Bearer token flow (apex code walkthrough to integrate one salesforce org to another using JWT bearer flow)
Spring Security is a framework for authentication and authorization in Java applications. It provides components for authentication filters, providers, and managers as well as user details services. Basic authentication uses HTTP basic auth with a username and password encoded in the request header. Form authentication displays a login form and uses CSRF protection. Custom authentication allows multiple auth types by implementing custom auth providers, users, grants, and handlers. The documentation covers getting started, architecture, basic auth, form auth, and custom auth configurations and demos.
The document discusses security challenges in cloud computing and how Security Assertion Markup Language (SAML) can address them. It provides an overview of cloud computing models and trends. It then outlines key security challenges like single sign-on, authentication, identity management, and access to data in heterogeneous cloud environments. The document explains the basic concepts and components of SAML like assertions, protocols, bindings, and profiles. It provides examples of how SAML can enable single sign-on, distributed transactions, authorization, and secure web services. Finally, it discusses how SAML can specifically address security challenges in cloud computing through identity federation, trust domains, token translation, and delegated authentication.
This document discusses Azure API Management and how it can help create a successful API program. It outlines key components like developer engagement, analytics, and security. It also describes the logical architecture of API Management and how it can host APIs from any platform or framework. Several demos are included that showcase features like adding the API Management service, creating APIs and products, configuring policies, and using OAuth 2.0 for security.
BDD Approach with Karate Framework in Service Testskloia
This document discusses using the Karate framework for behavior driven development (BDD) in service tests. It provides an overview of test approaches in software like test driven development, data driven development, acceptance test driven development and BDD. It also discusses what web services and web service testing are. The document then introduces the Karate framework, describing that it is open-source, supports mocks, performance and UI tests, and uses BDD. It provides an example of using Karate to test an LDAP authentication scenario and outlines Karate's capabilities like hooks, transforms, loops, authentication handling and more. The document concludes with a demo and Q&A contact details.
Security enforcement of Java Microservices with Apiman & KeycloakCharles Moulliard
This document summarizes approaches for securing Java microservice applications at different levels:
1) The endpoint level using frameworks like Spring Security or interceptors to apply authentication and authorization.
2) The web container level by applying constraints to restrict access to resources based on roles.
3) An external API management layer that acts as a proxy, enforcing centralized policies before requests reach endpoints.
Sign up for Stormpath: https://api.stormpath.com/register
More from Stormpath: https://stormpath.com/blog
Join Stormpath Java Developer Evangelist Micah Silverman for a technical overview of the common pain points with Java authentication. We'll cover how to solve them with Stormpath in a Spring Boot application, and demonstrate how to quickly add a complete user management system to your Spring Boot app. By the end of this webinar, you’ll be on your way to a fully functioning Spring Boot app backed by Stormpath.
Topics Covered:
Authentication Pain Points in Java Stormpath, Spring Boot, and Your Architecture
Demo:
Auth in Spring Boot, with these features:
A complete user registration and login system
Pre-built login screens
Password reset workflows
Group-based authorization
Advanced user features: API authentication, Single Sign-On, social login, and more Technical Q&A
API as-a-Product with Azure API Management (APIM)Bishoy Demian
Transitions from a single App or a closed system to an open ecosystem that drives innovation and delivers value-add Apps and services for your end-users. Monetise your data with minimal hassle & cost. Reach your end-users on any platform. Enable your IoT strategy with a strong cloud-based API platform.
Using Azure API Management, you can build a modern interactive developer portal for your APIs. Learn about your API usage patterns with analytics. Secure access, and manage subscriptions with quotas and throttling.
My slides from the Identity Protocol Smackdown session at Gartner Catalyst 2013. Ignite format - 20 slides, 15 seconds per slide. There are auto-builds on a few slides, so download and view in PowerPoint for the best experience.
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2Vinu Gunasekaran
This document summarizes a webinar about integrating Azure Active Directory B2C (AAD B2C) with applications using the Microsoft Authentication Libraries (MSAL). It discusses how MSAL can be used to acquire tokens to call protected APIs and validate tokens in web APIs and applications. It provides an overview of using MSAL in .NET Core web apps to sign users in with AAD B2C, redeem authorization codes to acquire tokens, and implement token caching for silent authentication. The document demonstrates how to build a .NET Core web app that signs users in with AAD B2C using MSAL.
In this webinar, we will walk through how we can utilize password less authentication method in Azure AD by means of which you skip the password and do all your identity verification on your phone.
Contents of Hands on with ASP.NET MVC book. This book gives complete insight of how to develop and End To End Application using MVC right from the scratch. In this book I have also covered MVC 6 upcoming version apart from MVC 5 and MVC 4. Best thing about this book, it is drafted in such a way, that even college passouts who have no knowledge of MVC, will grasp the concepts easily and see the implementation live.
Secure API Services in Node with Basic Auth and OAuth2Stormpath
In this presentation, Lead Developer Evangelist Randall Degges will go over how API authentication works via HTTP Basic Auth and OAuth2 (Client Credentials), and will show you how to secure an Express.js API service with both of them using Stormpath!
Single Page Apps bring a unique set of concerns to authentication and user management. Robert Damphousse, lead Javascript engineer at Stormpath, will show you how to use Stormpath to secure an Angular.js app with any backend: Java, Node, PHP, .NET and more!
Robert will deep dive into Angular.js authentication best practices and an extended technical example. Join us!
Topics Covered:
- Authentication in Single Page Apps (SPA)
- Using JWTs instead of Session IDs
- Secure Cookie storage
- Cross-Origin Resource Sharing
- Where does Stormpath fit in your architecture?
- End-to-end example with Angular.js + Express.js
- Password-based registration and login
- How to secure your API endpoints
- Implement User Authorization
- Design for a frictionless User Experience
APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are right to be concerned about API security.
In this SlideShare, you'll learn:
-The top API security concerns
-How the IT industry is dealing with those concerns
-How Anypoint Platform ensures the three qualifications needed to keep APIs secure
OAuth 2.0 is an open standard for authorization that enables apps to securely access APIs on behalf of users. It has become widely adopted for consumer apps but presents challenges for enterprise use cases. The presentation discusses adapting OAuth 2.0 for enterprises by supporting administrative authorization, mobile SSO federation, and server-to-server flows that exchange credentials or assertions for API tokens to enable API federation and password-less access across clouds. Future directions include further standardizing assertion flows and mobile app federation.
Combining customer-facing apps on Heroku with employee-facing apps on Salesforce enables a whole new generation of connected and intelligent experiences. There are four primary ways to do this integration: Heroku Connect, Canvas, Apex / Process Callouts, and the Salesforce REST APIs. Using code and architectural examples, we'll walk through these different methods. You will walk away knowing when you should use each and how to use them.
This document discusses setting up and managing a BYOD program using Kaseya's mobile access tools. It describes defining allowed data sources for users to access, including websites, documents, and email. Sources can be segmented by Active Directory groups. The document also covers configuring document repositories, setting permissions, and using direct or relayed access. It emphasizes leveraging single sign-on via NTLM authentication and using logs to monitor access and troubleshoot issues.
Agenda:
What is BPM?
BPM Benefits and Usage Fields
Camunda BPM Engine
Business Process Model and Notation
BPMN 2.0 Elements
What is Camunda?
Technical Architecture
Why Camunda
Demo
Join us as we provide an overview of how to integrate to Salesforce using the built-in tools, and look at integration on the different layers of Salesforce (User Interface, Data Logic, and Database). We'll be providing tips, best practices, and real-life examples.
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.
Yoshiyuki Tabata from Hitachi presented on API specifications and tools that help engineers construct high-security API systems. He discussed standards like OAuth 2.0, OIDC, PKCE, and OAuth MTLS. Useful features for testing include decoding tokens to check validity, and calling authorization server endpoints to validate access control. Implementing these features in mock servers and clients allows engineers to efficiently test if high-security requirements are met before production.
Spring Security is a framework for authentication and authorization in Java applications. It provides components for authentication filters, providers, and managers as well as user details services. Basic authentication uses HTTP basic auth with a username and password encoded in the request header. Form authentication displays a login form and uses CSRF protection. Custom authentication allows multiple auth types by implementing custom auth providers, users, grants, and handlers. The documentation covers getting started, architecture, basic auth, form auth, and custom auth configurations and demos.
The document discusses security challenges in cloud computing and how Security Assertion Markup Language (SAML) can address them. It provides an overview of cloud computing models and trends. It then outlines key security challenges like single sign-on, authentication, identity management, and access to data in heterogeneous cloud environments. The document explains the basic concepts and components of SAML like assertions, protocols, bindings, and profiles. It provides examples of how SAML can enable single sign-on, distributed transactions, authorization, and secure web services. Finally, it discusses how SAML can specifically address security challenges in cloud computing through identity federation, trust domains, token translation, and delegated authentication.
This document discusses Azure API Management and how it can help create a successful API program. It outlines key components like developer engagement, analytics, and security. It also describes the logical architecture of API Management and how it can host APIs from any platform or framework. Several demos are included that showcase features like adding the API Management service, creating APIs and products, configuring policies, and using OAuth 2.0 for security.
BDD Approach with Karate Framework in Service Testskloia
This document discusses using the Karate framework for behavior driven development (BDD) in service tests. It provides an overview of test approaches in software like test driven development, data driven development, acceptance test driven development and BDD. It also discusses what web services and web service testing are. The document then introduces the Karate framework, describing that it is open-source, supports mocks, performance and UI tests, and uses BDD. It provides an example of using Karate to test an LDAP authentication scenario and outlines Karate's capabilities like hooks, transforms, loops, authentication handling and more. The document concludes with a demo and Q&A contact details.
Security enforcement of Java Microservices with Apiman & KeycloakCharles Moulliard
This document summarizes approaches for securing Java microservice applications at different levels:
1) The endpoint level using frameworks like Spring Security or interceptors to apply authentication and authorization.
2) The web container level by applying constraints to restrict access to resources based on roles.
3) An external API management layer that acts as a proxy, enforcing centralized policies before requests reach endpoints.
Sign up for Stormpath: https://api.stormpath.com/register
More from Stormpath: https://stormpath.com/blog
Join Stormpath Java Developer Evangelist Micah Silverman for a technical overview of the common pain points with Java authentication. We'll cover how to solve them with Stormpath in a Spring Boot application, and demonstrate how to quickly add a complete user management system to your Spring Boot app. By the end of this webinar, you’ll be on your way to a fully functioning Spring Boot app backed by Stormpath.
Topics Covered:
Authentication Pain Points in Java Stormpath, Spring Boot, and Your Architecture
Demo:
Auth in Spring Boot, with these features:
A complete user registration and login system
Pre-built login screens
Password reset workflows
Group-based authorization
Advanced user features: API authentication, Single Sign-On, social login, and more Technical Q&A
API as-a-Product with Azure API Management (APIM)Bishoy Demian
Transitions from a single App or a closed system to an open ecosystem that drives innovation and delivers value-add Apps and services for your end-users. Monetise your data with minimal hassle & cost. Reach your end-users on any platform. Enable your IoT strategy with a strong cloud-based API platform.
Using Azure API Management, you can build a modern interactive developer portal for your APIs. Learn about your API usage patterns with analytics. Secure access, and manage subscriptions with quotas and throttling.
My slides from the Identity Protocol Smackdown session at Gartner Catalyst 2013. Ignite format - 20 slides, 15 seconds per slide. There are auto-builds on a few slides, so download and view in PowerPoint for the best experience.
Azure AD B2C Webinar Series: Identity Protocols OIDC and OAuth2 part 2Vinu Gunasekaran
This document summarizes a webinar about integrating Azure Active Directory B2C (AAD B2C) with applications using the Microsoft Authentication Libraries (MSAL). It discusses how MSAL can be used to acquire tokens to call protected APIs and validate tokens in web APIs and applications. It provides an overview of using MSAL in .NET Core web apps to sign users in with AAD B2C, redeem authorization codes to acquire tokens, and implement token caching for silent authentication. The document demonstrates how to build a .NET Core web app that signs users in with AAD B2C using MSAL.
In this webinar, we will walk through how we can utilize password less authentication method in Azure AD by means of which you skip the password and do all your identity verification on your phone.
Contents of Hands on with ASP.NET MVC book. This book gives complete insight of how to develop and End To End Application using MVC right from the scratch. In this book I have also covered MVC 6 upcoming version apart from MVC 5 and MVC 4. Best thing about this book, it is drafted in such a way, that even college passouts who have no knowledge of MVC, will grasp the concepts easily and see the implementation live.
Secure API Services in Node with Basic Auth and OAuth2Stormpath
In this presentation, Lead Developer Evangelist Randall Degges will go over how API authentication works via HTTP Basic Auth and OAuth2 (Client Credentials), and will show you how to secure an Express.js API service with both of them using Stormpath!
Single Page Apps bring a unique set of concerns to authentication and user management. Robert Damphousse, lead Javascript engineer at Stormpath, will show you how to use Stormpath to secure an Angular.js app with any backend: Java, Node, PHP, .NET and more!
Robert will deep dive into Angular.js authentication best practices and an extended technical example. Join us!
Topics Covered:
- Authentication in Single Page Apps (SPA)
- Using JWTs instead of Session IDs
- Secure Cookie storage
- Cross-Origin Resource Sharing
- Where does Stormpath fit in your architecture?
- End-to-end example with Angular.js + Express.js
- Password-based registration and login
- How to secure your API endpoints
- Implement User Authorization
- Design for a frictionless User Experience
APIs have become a strategic necessity for your business. They facilitate agility and innovation. However, the financial incentive associated with this agility is often tempered with the fear of undue exposure of the valuable information that these APIs expose. With data breaches now costing $400m or more, senior IT decision makers are right to be concerned about API security.
In this SlideShare, you'll learn:
-The top API security concerns
-How the IT industry is dealing with those concerns
-How Anypoint Platform ensures the three qualifications needed to keep APIs secure
OAuth 2.0 is an open standard for authorization that enables apps to securely access APIs on behalf of users. It has become widely adopted for consumer apps but presents challenges for enterprise use cases. The presentation discusses adapting OAuth 2.0 for enterprises by supporting administrative authorization, mobile SSO federation, and server-to-server flows that exchange credentials or assertions for API tokens to enable API federation and password-less access across clouds. Future directions include further standardizing assertion flows and mobile app federation.
Combining customer-facing apps on Heroku with employee-facing apps on Salesforce enables a whole new generation of connected and intelligent experiences. There are four primary ways to do this integration: Heroku Connect, Canvas, Apex / Process Callouts, and the Salesforce REST APIs. Using code and architectural examples, we'll walk through these different methods. You will walk away knowing when you should use each and how to use them.
This document discusses setting up and managing a BYOD program using Kaseya's mobile access tools. It describes defining allowed data sources for users to access, including websites, documents, and email. Sources can be segmented by Active Directory groups. The document also covers configuring document repositories, setting permissions, and using direct or relayed access. It emphasizes leveraging single sign-on via NTLM authentication and using logs to monitor access and troubleshoot issues.
Agenda:
What is BPM?
BPM Benefits and Usage Fields
Camunda BPM Engine
Business Process Model and Notation
BPMN 2.0 Elements
What is Camunda?
Technical Architecture
Why Camunda
Demo
Join us as we provide an overview of how to integrate to Salesforce using the built-in tools, and look at integration on the different layers of Salesforce (User Interface, Data Logic, and Database). We'll be providing tips, best practices, and real-life examples.
Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...Amazon Web Services
Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.
Yoshiyuki Tabata from Hitachi presented on API specifications and tools that help engineers construct high-security API systems. He discussed standards like OAuth 2.0, OIDC, PKCE, and OAuth MTLS. Useful features for testing include decoding tokens to check validity, and calling authorization server endpoints to validate access control. Implementing these features in mock servers and clients allows engineers to efficiently test if high-security requirements are met before production.
Preparing for Data Residency and Custom DomainsAtlassian
Atlassian customers have long requested the ability to control where they host their content in Atlassian Cloud. They’ve also long desired the ability to configure their cloud products to be accessible via a custom domain. These features are coming soon to Jira and Confluence Cloud! What will this mean for Marketplace app developers?
Join Nuwan Ginige, Principal Product Manager on the Cloud Platform team, as he walks through how the evolution of Atlassian’s cloud platform has shaped the development of these capabilities. Learn how these changes will impact Marketplace apps, and how you can get involved in app vendor early access progress before general availability.
AWS Certificate Manager (ACM) Private Certificate Authority (CA) is a managed private CA service that helps you easily and securely manage the lifecycle of your private certificates. In this session, learn how ACM Private CA extends ACM’s certificate management capabilities to private certificates and enables you to centrally manage public and private certificates. We also demonstrate how ACM Private CA enables you to create a Private CA and use it to create and deploy private certificates for your AWS resource and internal resources. We also discuss case studies demonstrating how customers use ACM Private CA to automate security and certificate management.
Community call: Develop multi tenant apps with the Microsoft identity platformMicrosoft 365 Developer
Building an application that can be provisioned and used in multiple Azure AD tenants goes far beyond just flipping a switch in your app configuration. The developer has to undertake application provisioning, decide on a provisioning strategy, push changes to customers, manage identities flowing from multiple tenants, collect essential information from authentication signals, learn to differentiate the different types of users they will encounter and understand the key differences from the B2B scenarios. In this community call, Kalyan Krishnan reviews the steps and considerations required to develop, configure, provision, and manage multi-tenant applications.
For more information, visit https://aka.ms/identityplatform
Everything you always wanted to know about API Management (but were afraid to...Massimo Bonanni
Azure API Management is an Azure service that allows developers to implement a consistent and secure access layer to their APIs. It provides features like throttling to prevent DOS attacks, JWT token validation for security, and a developer portal for API documentation and testing. The key components of API Management include the API gateway, publisher portal, developer portal, and policies for pre/post processing requests. Products are used to surface APIs to developers through subscriptions.
What if security became the reason to move an application to the cloud? Historically, security has been a necessary afterthought. Today, with AWS, security is moving from obligation to advantage. Here, you'll get a glimpse of tools and techniques that enterprise customers are using today to secure their AWS environments at scale.
Complex architectures for authentication and authorization on AWSBoyan Dimitrov
In this talk we discuss key architecture patterns for designing authentication and authorization solutions in complex microservices environments. We focus on the key advantages and capabilities of AWS Cognito User Pools and Federated Identities and explore how this service can address the challenges of implementing client to service, service to service and service to infrastructure auth.
In addition, we discuss patterns and best practices around building a highly available and resilient decentralised authorization solution for microservices environments based on OIDC. We present a simple RBAC implementation together with fine-grained permissions and end to end automation.
The document discusses CQRS (Command Query Responsibility Segregation) and event sourcing patterns for building distributed applications. CQRS separates commands, which change data, from queries, which read data. Event sourcing records all state changes as a sequence of immutable events. This allows reconstructing any past state and enables easy distribution of data. The document provides examples of how event sourcing and CQRS can be implemented using event stores, event projections, and read models to support both commands and queries independently.
[Hands-on] CQRS(Command Query Responsibility Segregation) 와 Event Sourcing 패턴 실습Oracle Korea
Cloud Native Application과 Microservice과 관련된 주제를 꾸준히 본 밋업에서 다루고 있는데요, 이번에는 Microservice 구현 패턴 중 독립성 확보와 확장성 관점에서 클라우드 시대에 적절한 모델인 CQRS와 Event Sourcing에 대해서 설명하고, 단계별 샘플 소스를 통해서 구현체의 모습과 메커니즘을 알아봅니다.
Dave Carroll Application Services Salesforcedeimos
The document discusses enterprise grade business application services provided through the Force.com platform as a service (PaaS). It provides an overview of Force.com's capabilities including building any type of business application, flexibility to integrate with other systems, security, and trust due to many customers and developers using the platform. Key aspects of Force.com covered include the multi-tenant architecture, APIs for development, and security options like single sign-on and two-factor authentication.
Trusted by Default: The Forge Security & Privacy ModelAtlassian
Security and trust have become increasingly important requirements for our customers in Cloud. We’re working to make it easier for you to build and maintain secure apps for Atlassian products.
In this session, Engineering Team Lead Dugald Morrow and Principal Product Manager Joël Kalmanowicz will explain how security and trust have been baked into the Forge framework and the benefits the platform can offer you and your users. Learn how much less work it can be to build trusted apps customers will love on Forge by going deep on the safeguards we’re putting in place.
Developers or attendees with some software security experience will get the most out of this session.
With a complete new Identity/Access Management Suite on the Oracle market,
one might forget the good old SSO server, bundled with each and every IAS server.
Although it has some out-of-the-box capabilities like WNA and X509 certificate support,
it can be quite hard to set up an authentication scheme just the way you (or your customers) like it.
Using a case study, this presentation discusses how you can extend Oracle’s Single
Sign On (SSO) server to your needs. It will discuss :
- Integration & authentication with smartcard passports (eID)
- Authentication with digital certificates
- Implementing fallback authentication schemes
- Integration with SSL terminators and reverse proxies
- DIY federated authentication
- writing your own SSO plugin
The solutions presented are part of AXI NV/BV's portfolio.
Secure and Optimize APIs using Azure API ManagementBizTalk360
In this presentation, Microsoft MVP & BizTalk360 Senior Software Engineer Sunny Sharma gives a deep look into Securing & Optimizing APIs using Azure API Management.
Policy enabling your services - using elastic dynamic authorization to contro...David Brossard
This document discusses policy-based authorization approaches for APIs and microservices. It describes the limitations of traditional token-based authorization using SAML and OAuth and proposes a policy-based approach using the ALFA language. ALFA allows declarative attribute-based policies that can consider identity, action, resource attributes and relationships to make dynamic authorization decisions. The document recommends enforcing authorization at API gateways and data sources using a centralized or distributed policy decision engine. It demonstrates how ALFA policies can be used to authorize and redact fields in API responses.
The document discusses automating security governance in the cloud. It recommends establishing foundational security controls by leveraging native AWS services for identity, visibility, and encryption. It also advocates implementing continuous compliance by automating assessments using AWS Config and other services. The "governance layer cake" model involves assessing AWS services, implementing baseline controls, and adding workload-specific controls to provide automated yet flexible governance that scales with the cloud.
The document provides an overview of security services available on the Cloud Foundry platform including UAA (Universal Authentication and Authorization) and Credhub.
UAA provides identity and access management capabilities including single sign-on (SSO), OAuth 2.0/OpenID Connect protocols, and user authentication and authorization. Credhub provides secure credential management through generation, storage, and rotation of credentials.
The document discusses how Spring applications can leverage these services through UAA's identity broker and Spring CredHub client to integrate SSO and manage credentials in a Cloud Foundry deployment. Demo sections show examples of UAA for SSO and Credhub for credential management.
For more info: http://scn.sap.com/community/sso.
SAP Single Sign-On enables companies to eliminate the need for multiple passwords and user IDs. Centralize and simplify the way users log on to systems and applications. Lower the risks of unsecured login information, reduce help desk calls, and help ensure the confidentiality and security of personal and company data.
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com.
Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
This document introduces a new identity security system called Sierra Border Security V1.0. It discusses how the assumptions around internet and enterprise security have changed over time as the perimeter has expanded with new technologies. The key challenges mentioned are that identity is now too weak and disconnected to protect organizations at scale. The proposed new system aims to evolve authentication beyond single-factor to continuous multi-factor authentication using standards-based interactions. It will leverage big data and intelligence for dynamic access control and move to identity-based security definitions.
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
This document discusses authentication and security across devices, operating systems, applications, and networks. It covers a variety of authentication mechanisms like fingerprints, facial recognition, PINs, and security hardware. It also discusses the FIDO protocol for passwordless authentication and its ability to securely authenticate users across different devices and applications. The growing number of connected devices makes scalable authentication a challenge, but solutions like FIDO aim to simplify authentication without compromising security.
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism.
With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments.
How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
This document discusses building an enterprise identity provider (IdP) to address security, scalability, and governance of federated identity and access management. It describes what an enterprise IdP is and its benefits, including being a federated identity service, security token service, providing a 360 degree view of identity, and more. It outlines considerations for building an enterprise IdP such as for scalability, ROI, durability, and longevity. Potential pitfalls are also discussed like responsibility issues, skills gaps, lack of time and sponsorship. Planning recommendations include committing to a strategic IAM view, formalizing an IAM program, selling the idea of an enterprise IdP, and leveraging strategic partners.
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them?
In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
This session will review digital identity’s transition from vulnerable authentication methods and what Microsoft and others are doing to address the hard problems associated with managing and protecting digital identities.
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
Brian Katz discusses how IoT and identity management are important for mobile enterprises. He notes that IoT strategies must include connectivity APIs, sensors to collect data, and tools to manage identity across endpoints. Effective IoT implementation generates large amounts of data from connected devices that companies need to properly manage and secure. There are also challenges around data ownership, privacy, lack of standards, and security that businesses must address when incorporating IoT technologies.
A "from the trenches" view into how GE is using federation standards to abstract & harden our growing cloud WAM platform. Topics covered: GE's approach to OpenID Connect for cross platform authentication (web, mobile), 2) GE's API management platform for API publishing, subscription & security, 3) how the two work together, 4) lessons learned & areas for improvement.
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
The document discusses securing the Internet of Things. It begins by describing common constraints of IoT devices like limited RAM, flash, and CPU capabilities. It then summarizes lessons learned from real-world attacks on IoT systems, including limited software update mechanisms, missing key management, inappropriate access control, lack of communication security, and vulnerability to physical attacks. The document advocates following security best practices like integrating software updates, using modern OS concepts, automated key management, and considering physical attacks in threat analyses. It also describes ARM's contributions to improving IoT security through its mbed platform, libraries, and involvement in standards organizations.
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
This talk will review the breadth of the Internet of Things (IoT), the challenges of Identity Management and the IoT and the impact to Industrial Enterprise.
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
Are you in a situation where you have two business units (maybe because of a merger) that have their own Federation solutions and now you need to share access to SaaS resources among the 2 workforces. But you don't want to have to setup to separate SaaS connections to the same vendor and you want to manage this connection on premises instead of in the Cloud. We can help with that, come see how!
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?
CIS 2015 The Ethics of Personal Data - Robin WiltonCloudIDSummit
We're all more conscious than we were 2 years ago, about how much data is collected about us, and how revealing it can be. The commercial and government direction of travel is clear: more data, more mining, more monetization. And if personal data fuels the information economy, who'd want to stop that? But can we get the economic benefits, without selling our digital souls in the process?
- Is there a data equivalent to the ""polluter pays"" principle? And if not, is there an alternative?
- Ethical data handling sounds great in principle, but can it be practical?
- How can organizations put ethical data handling into practice?
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
2. Enterprise Auth APIs
§ What?
§ Standard
IAM
APIs
for
the
enterprise
§ Why?
§ Separa6on
of
concerns
§ How?
§ IAM
exper6se
and
good
so<ware
engineering
3. Familiar?
Internet
OAuth
Server
Auth
Agent
API
API
API
App
Access
Tokens
SAML
Server
SAML
Asser6ons
Mutual
Authen6ca6on
Client
Side
SSL
HTML
Basic
HTML
Basic
User
App
Sec
Developers
Kerberos
App
4. Desiderata something that is needed or wanted
§ Standardized
solu6on
across
applica6ons
§ Consistent
user
experience
§ Loose
coupling
to
IAM
systems
§ New
auth
methods,
minimal/no
app
changes
§ Enforce
policy
§ More
control
and
granularity
5. Enterprise Auth API
Internet
OAuth
Server
Auth
Agent
API
SAML
Server
SAML
Asser6ons
Mutual
Authen6ca6on
Over
SSL
HTML
Basic
HTML
Basic
User
App
Sec
Developers
API
API
App
Enterprise
Auth
API/SDK
Enterprise
Auth
API
Core
Impl
Kerberos
App
6. Example : Get AuthenIcated User’s Details
thisMustBeSimpler
()
{
SecurityContext
securityContext=SecurityContextHolder.getContext();
if
(securityContext
!=
null)
{
Authen6ca6on
authen6ca6on=securityContext.getAuthen6ca6on();
if
(authen<ca<on
!=
null)
{
if
(authen<ca<on.getPrincipal()
instanceof
EnterpriseUserDetails)
{
EnterpriseUserDetails
userDetails=(EnterpriseUserDetails)
authen6ca6on.getPrincipal();
String
sessionId=userDetails.getServerSessionId();
}
}
}
}
7. With an Enterprise Auth API
Authen<ca<onInfo
{
isAuthen<cated();
getUserId();
getUserName();
getRoles();
getUserDetails();
}
nowThisIsMuchBeLer()
{
Authen6ca6onInfo
authnInfo
=
Authen<ca<onInfo.newInstance();
UserDetails
userDetails=authnInfo
.getUserDetails();
String
sessionId=userDetails.getServerSessionId();
}
8. A Couple More Examples
Federator
{
federate(aLributes,
endpoint);
}
Authoriza<onInfo
{
hasRole(role);
getRoles();
}
10. GeQng Started
§ Derive
from
exis6ng
use-‐cases
§ Talk
to
applica6on
developers
§ Beware
of
an6
paXerns
-‐
bullet
point
engineering,
abstrac6on
inversion
§ Build
on
top
of
modular
Auth
framework
§ Spring
Security,
Shiro,
my-‐favorite-‐framework
§ Simplify
and
constrain
§ Enterprise
specific
rules
11. Make it Modular and Portable
§ No
kitchen
sink
of
all
APIs
to
integrate
with
§ Separate
API
and
impl
modules
§ Consumers
depend
on
API
§ Swap
out
underlying
impl
§ Integra6on
in
other
languages
§ Dis6ll
into
a
web
service
layer
§ Language
specific
SDK
13. Return on Investments
§ De
facto
standard
auth
API
in
the
Enterprise
§ Mix
and
match
several
IAM
systems
§ No
vendor
lock
in
§ Rapid
prototype
development
§ Quick
applica6on
integra6on
§ Improved
upon
our
applica6on
security
prac6ce
§ Detec6on
and
remedia6on
14. What’s Important...
§ Façade
away
auth
frameworks
and
IAM
systems
§ Enhance
and
constrain
3rd
party
components
with
organiza6on
rules
§ Make
it
modular,
portable
and
easy
to
use
§ Keep
up
with
the
IAM
industry