The document discusses 10 ways that APIs can be used to change the world. It suggests using APIs to help make the world more generous by powering philanthropic services, to advance scientific research by providing APIs for scientific publications and data, to make great content more widely available by allowing remixing and reusing of content, and to put energy and environmental data as well as government and human knowledge data in the hands of developers to build useful applications. Overall it argues that APIs can be used to create new resources and empower people by opening up access to important data.
Copyright, Open Source and APIs (towards an Interface Commons)3scale
The document discusses copyright and APIs, noting that while recent court rulings have established that APIs cannot be copyrighted, there remains uncertainty and a lack of clarity. It suggests that rather than asserting copyright over APIs, the community would be better served by sharing interfaces through an "interface commons" that encourages open reuse and attribution. Doing so could speed innovation by reducing coding work and improving interoperability between systems.
Introduction to API development, the advantages and the challenges of this model. Delivered as a part of the ASPgems' innovation upgrade talks at Sanitas
This document classifies and describes different types of APIs. It discusses web service APIs like REST and SOAP, library-based APIs that interface with programming languages like JavaScript, class-based APIs for platforms like Java and Android, OS APIs that allow access to system functions and hardware, and object remoting APIs like CORBA. Examples are provided for many API types. The document is intended to provide an overview of the various ways that software applications can communicate through defined programming interfaces.
Building Successful API Programs in Higher Education3scale
In this webinar, hosted on August 27, 2015, Steven Willmott discusses the benefits of API development in higher education.
APIs are not exclusive to for-profit organizations. In higher education—from statewide university and college systems to smaller private institutions—schools like Notre Dame and Brigham Young University have built highly successful API programs.
3scale Webinar #1 on how to Unleash the Power of your API.
1. An API ? What for ?
2. The core value of APIs - Real life examples
3. The benefits of having a “managed” API
4. The 3scale solution and its added value
Full video of the webinar including demonstration of the 3scale API Management Solution:
http://www.viddler.com/explore/3scale/videos/11/
The document discusses 10 ways that APIs can be used to change the world. It suggests using APIs to help make the world more generous by powering philanthropic services, to advance scientific research by providing APIs for scientific publications and data, to make great content more widely available by allowing remixing and reusing of content, and to put energy and environmental data as well as government and human knowledge data in the hands of developers to build useful applications. Overall it argues that APIs can be used to create new resources and empower people by opening up access to important data.
Copyright, Open Source and APIs (towards an Interface Commons)3scale
The document discusses copyright and APIs, noting that while recent court rulings have established that APIs cannot be copyrighted, there remains uncertainty and a lack of clarity. It suggests that rather than asserting copyright over APIs, the community would be better served by sharing interfaces through an "interface commons" that encourages open reuse and attribution. Doing so could speed innovation by reducing coding work and improving interoperability between systems.
Introduction to API development, the advantages and the challenges of this model. Delivered as a part of the ASPgems' innovation upgrade talks at Sanitas
This document classifies and describes different types of APIs. It discusses web service APIs like REST and SOAP, library-based APIs that interface with programming languages like JavaScript, class-based APIs for platforms like Java and Android, OS APIs that allow access to system functions and hardware, and object remoting APIs like CORBA. Examples are provided for many API types. The document is intended to provide an overview of the various ways that software applications can communicate through defined programming interfaces.
Building Successful API Programs in Higher Education3scale
In this webinar, hosted on August 27, 2015, Steven Willmott discusses the benefits of API development in higher education.
APIs are not exclusive to for-profit organizations. In higher education—from statewide university and college systems to smaller private institutions—schools like Notre Dame and Brigham Young University have built highly successful API programs.
3scale Webinar #1 on how to Unleash the Power of your API.
1. An API ? What for ?
2. The core value of APIs - Real life examples
3. The benefits of having a “managed” API
4. The 3scale solution and its added value
Full video of the webinar including demonstration of the 3scale API Management Solution:
http://www.viddler.com/explore/3scale/videos/11/
This document provides an overview of API testing tools and methods. It defines APIs and REST, describes how API testing works, lists common API testing tools like Postman, and outlines different types of API tests including functionality, reliability, load, and security testing. Examples are given of the GET, POST, PUT, and DELETE HTTP methods along with response status codes. A live demo of an API is presented at the end.
This document provides an overview of API testing tools and methods. It defines APIs and REST, describes how API testing works, lists common API testing tools like Postman, and outlines different types of API tests including functionality, reliability, load, and security testing. Examples are given of the GET, POST, PUT, and DELETE HTTP methods along with response status codes. A live demo of an API is presented at the end.
Comparing the current PowerBI version and the Azure ML Lab for basic predictive models. A 101 session accompanied by live demos (not attached). Difinity conference New Zealand
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Erkang Zheng
Explores the challenges of DevSecOps from both an organizational culture and a technical implementation angle. Shares the security manifesto that drives the security team mindset and operating model at LifeOmic, and how JupiterOne leverages data, graph, and query to answer security and compliance questions in an automated, code-driven way. Including asset inventory, cloud resource visibility, permission reviews, vulnerability analysis, artifacts and evidence collection.
AI APIs as a Catalyst for Machine Learning InitiativesNicholas Walsh
This document discusses using AI APIs to catalyze machine learning initiatives. It begins with an introduction to machine learning and common blockers organizations face in implementing ML projects. It then discusses how AI APIs can help by providing pre-trained models through simple APIs, avoiding the need to hire ML experts or manage infrastructure. Finally, it provides a playbook for getting started with an ML initiative, including establishing business problems, preparing data pipelines, selecting technologies, and accessing resources for learning.
Architect's Guide to Building an API Programclatimer
This talk explores the motivation for creating APIs, common approaches organizations take when building an API program, the types of standards that architects should strive to put in place, and common pitfalls that organizations encounter.
Attacking and defending GraphQL applications: a hands-on approachDavide Cioccia
DevSecCon Seatlle 2019 - Workshop
The workshop is meant for developers, architects and security folks. During the workshop we will learn how to setup a GraphQL project, define a schema, create Query, Mutation and Subscription for a "fake" social network. We will learn what are the main security issues to consider when developing a GraphQL application:
Introspection: information disclosure
/graphql as a single point of failure (DoS attacks)
IDOR
Broken Access control
Injections
Once we get familiar with the issues, we will explain how to avoid it and/or fix it.
The document discusses principles of REST API design, including:
- Describing different levels of REST maturity from RPC over HTTP to hypermedia-driven stateless services.
- Explaining benefits of REST such as scalability, cacheability and loose coupling between components.
- Recommending best practices like using HTTP verbs to represent actions on resources and providing standard response codes.
API Management Workshop (at Startupbootcamp Berlin)3scale
These are the slides from the API Management Workshop, held at the Startupbootcamp Berlin on October 17.
We covered benefits of APIs for an organisation (regardless of size, sector, stage or purpose) and gave examples of successful deployment of APIs.
We then described the typical API lifecycle:
plan/design > build/integrate > operate/manage > share/engage.
We covered many best practices and tools for each stage and gave practical demos about how to secure and manage APIs.
Talk given for CTUs Open Informatics Program. Focuses on the shift from Browser focused web pages to APIs and Applications (Apps) - covering trends, business models, architecture and the emerging Internet Operating System
Copy of the slides from the Advanced Web Development Workshop presented by Ed Bachta, Charlie Moad and Robert Stein of the Indianapolis Museum of Art during the Museums and the Web 2008 conference in Montreal
The document discusses considerations for implementing a single sign-on (SSO) strategy. It recommends first agreeing on terminology, then assessing the current authentication and authorization landscape. The document outlines a vision of SSO utopia and compares approaches of building an in-house SSO solution versus purchasing a vendor framework. It proposes a roadmap including defining terms, assessing vendors, integrating new and existing applications, and production deployment.
This document provides an overview of an Oracle SOA training course. It discusses why SOA is important, what it is, examples of real-world SOA applications, and the technical components that will be covered in the training including the Oracle SOA Suite, BPEL, and ESB. The training will explain SOA concepts and principles and teach how to develop SOA applications and services using Oracle's SOA tools and platforms.
API and Platform Strategies to Win in Global and Local MarketsAxway
Learn why an API strategy is critical to business success in the business landscape from project, program, product, platform to ecosystems, and economy. Real examples of platform and API strategies will inspire you to implement a concrete plan across your organization.
Creating a World-Class RESTful Web Services APIDavid Keener
Companies like Amazon, Google and Yahoo have published web services API's that empower developers to create mash-ups, add-ons and full-scale applications. The creation of such API's, however, is not exclusively the domain of large, multi-national corporations. Learn how to architect, build and field a well-designed and scalable RESTful web services API that will allow your business to leverage the capabilities of the developer community. This presentation includes real-life examples from the Grab Networks RESTful API, which provides access to information about the hundreds of thousands of news videos available through Grab Networks' distribution network.
IBM Connections Customizer: From Zero To HeroLetsConnect
Come to this session and follow Customizer exercises to create real apps in IBM Connections Cloud. Don’t worry – all you need is your laptop and browser and you’re all set – no special set up, very light on broadband … what’s not to like? Initially we will walk you through some lo-code/no-code exercises to show how easy it is to get customizations up and running in IBM Connections. Then we can move on to some more challenging exercises but ultimately all the code and solutions are provided – no pressure. Attend this session to get comfortable with IBM Connections Customizer and its app dev model… well worth an hour of your time any day!
Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009Aduci
Most of the APIs available to developers today have been coded for robust web server integration with little thought of incorporation into light weight mobile applications. This talk will look at the pitfalls of using these APIs directly and methods of incorporating APIs, such as Amazon, eBay, Google and other API sets into mobile and lightweight applications, while maintaining a quality user experience.
First we will review the challenges of incorporating these APIs including;
* Retrieval of large data sets
* Multiple round trip communications
* Security issues of calls
* Display of information
For each of these challenges we will show specific examples with sample functionality, API flows, and XML blocks. Some examples will include web user authentication techniques, media retrieval lists, and interface usability issues.
Once we understand the challenges of incorporating various web APIs we will then look at techniques for handling APIs properly including caching methods, large data set handling, paging, filtering, just in time techniques, information on demand and speed testing. Throughout we will look at pseudo code, and detailed examples of real life examples.
With the proper techniques mobile applications can take advantage of a wide array of third party and home grown APIs without degradation of performance, memory, and overall usability.
The document summarizes an agenda for an API development roundtable discussion. It introduces the speakers and establishes discussion rules. It then provides an overview of APIs, including their evolution, growth, use cases, security considerations, and adoption across industries. A quick poll is taken on companies' API maturity. Key concerns around API development like security, performance, and ownership models are discussed. Current tools and strategies used are reviewed. The document recaps the discussion and thanks participants.
Simple Data Movement Patterns: Legacy Application to Cloud-Native Environment...VMware Tanzu
SpringOne Platform 2019
Session Title: Simple Data Movement Patterns: Legacy Application to Cloud-Native Environment and Apache Geode
Speaker: James Bedenbaugh, Advisory Data Solutions Architect, Pivotal; Zachary Hansen, Data Transformation Solutions Architect, Pivotal
Youtube: https://youtu.be/7ds0YZNlhmE
This document provides an overview of APIs, API management, integration, and API security. It discusses why organizations adopt APIs to accelerate mobile app development, foster reuse, and allow external developers to innovate. The document outlines components of API management like the API gateway and developer portal. It also discusses how SOA, ESB, and APIs can converge in the API facade pattern to provide simple interfaces to complex systems. The presentation demonstrates this pattern using WSO2 API Manager and ESB and discusses API security techniques like OAuth for identity delegation.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
This document provides an overview of API testing tools and methods. It defines APIs and REST, describes how API testing works, lists common API testing tools like Postman, and outlines different types of API tests including functionality, reliability, load, and security testing. Examples are given of the GET, POST, PUT, and DELETE HTTP methods along with response status codes. A live demo of an API is presented at the end.
This document provides an overview of API testing tools and methods. It defines APIs and REST, describes how API testing works, lists common API testing tools like Postman, and outlines different types of API tests including functionality, reliability, load, and security testing. Examples are given of the GET, POST, PUT, and DELETE HTTP methods along with response status codes. A live demo of an API is presented at the end.
Comparing the current PowerBI version and the Azure ML Lab for basic predictive models. A 101 session accompanied by live demos (not attached). Difinity conference New Zealand
Overcoming the old ways of working with DevSecOps - Culture, Data, Graph, and...Erkang Zheng
Explores the challenges of DevSecOps from both an organizational culture and a technical implementation angle. Shares the security manifesto that drives the security team mindset and operating model at LifeOmic, and how JupiterOne leverages data, graph, and query to answer security and compliance questions in an automated, code-driven way. Including asset inventory, cloud resource visibility, permission reviews, vulnerability analysis, artifacts and evidence collection.
AI APIs as a Catalyst for Machine Learning InitiativesNicholas Walsh
This document discusses using AI APIs to catalyze machine learning initiatives. It begins with an introduction to machine learning and common blockers organizations face in implementing ML projects. It then discusses how AI APIs can help by providing pre-trained models through simple APIs, avoiding the need to hire ML experts or manage infrastructure. Finally, it provides a playbook for getting started with an ML initiative, including establishing business problems, preparing data pipelines, selecting technologies, and accessing resources for learning.
Architect's Guide to Building an API Programclatimer
This talk explores the motivation for creating APIs, common approaches organizations take when building an API program, the types of standards that architects should strive to put in place, and common pitfalls that organizations encounter.
Attacking and defending GraphQL applications: a hands-on approachDavide Cioccia
DevSecCon Seatlle 2019 - Workshop
The workshop is meant for developers, architects and security folks. During the workshop we will learn how to setup a GraphQL project, define a schema, create Query, Mutation and Subscription for a "fake" social network. We will learn what are the main security issues to consider when developing a GraphQL application:
Introspection: information disclosure
/graphql as a single point of failure (DoS attacks)
IDOR
Broken Access control
Injections
Once we get familiar with the issues, we will explain how to avoid it and/or fix it.
The document discusses principles of REST API design, including:
- Describing different levels of REST maturity from RPC over HTTP to hypermedia-driven stateless services.
- Explaining benefits of REST such as scalability, cacheability and loose coupling between components.
- Recommending best practices like using HTTP verbs to represent actions on resources and providing standard response codes.
API Management Workshop (at Startupbootcamp Berlin)3scale
These are the slides from the API Management Workshop, held at the Startupbootcamp Berlin on October 17.
We covered benefits of APIs for an organisation (regardless of size, sector, stage or purpose) and gave examples of successful deployment of APIs.
We then described the typical API lifecycle:
plan/design > build/integrate > operate/manage > share/engage.
We covered many best practices and tools for each stage and gave practical demos about how to secure and manage APIs.
Talk given for CTUs Open Informatics Program. Focuses on the shift from Browser focused web pages to APIs and Applications (Apps) - covering trends, business models, architecture and the emerging Internet Operating System
Copy of the slides from the Advanced Web Development Workshop presented by Ed Bachta, Charlie Moad and Robert Stein of the Indianapolis Museum of Art during the Museums and the Web 2008 conference in Montreal
The document discusses considerations for implementing a single sign-on (SSO) strategy. It recommends first agreeing on terminology, then assessing the current authentication and authorization landscape. The document outlines a vision of SSO utopia and compares approaches of building an in-house SSO solution versus purchasing a vendor framework. It proposes a roadmap including defining terms, assessing vendors, integrating new and existing applications, and production deployment.
This document provides an overview of an Oracle SOA training course. It discusses why SOA is important, what it is, examples of real-world SOA applications, and the technical components that will be covered in the training including the Oracle SOA Suite, BPEL, and ESB. The training will explain SOA concepts and principles and teach how to develop SOA applications and services using Oracle's SOA tools and platforms.
API and Platform Strategies to Win in Global and Local MarketsAxway
Learn why an API strategy is critical to business success in the business landscape from project, program, product, platform to ecosystems, and economy. Real examples of platform and API strategies will inspire you to implement a concrete plan across your organization.
Creating a World-Class RESTful Web Services APIDavid Keener
Companies like Amazon, Google and Yahoo have published web services API's that empower developers to create mash-ups, add-ons and full-scale applications. The creation of such API's, however, is not exclusively the domain of large, multi-national corporations. Learn how to architect, build and field a well-designed and scalable RESTful web services API that will allow your business to leverage the capabilities of the developer community. This presentation includes real-life examples from the Grab Networks RESTful API, which provides access to information about the hundreds of thousands of news videos available through Grab Networks' distribution network.
IBM Connections Customizer: From Zero To HeroLetsConnect
Come to this session and follow Customizer exercises to create real apps in IBM Connections Cloud. Don’t worry – all you need is your laptop and browser and you’re all set – no special set up, very light on broadband … what’s not to like? Initially we will walk you through some lo-code/no-code exercises to show how easy it is to get customizations up and running in IBM Connections. Then we can move on to some more challenging exercises but ultimately all the code and solutions are provided – no pressure. Attend this session to get comfortable with IBM Connections Customizer and its app dev model… well worth an hour of your time any day!
Incorporating Web Services in Mobile Applications - Web 2.0 San Fran 2009Aduci
Most of the APIs available to developers today have been coded for robust web server integration with little thought of incorporation into light weight mobile applications. This talk will look at the pitfalls of using these APIs directly and methods of incorporating APIs, such as Amazon, eBay, Google and other API sets into mobile and lightweight applications, while maintaining a quality user experience.
First we will review the challenges of incorporating these APIs including;
* Retrieval of large data sets
* Multiple round trip communications
* Security issues of calls
* Display of information
For each of these challenges we will show specific examples with sample functionality, API flows, and XML blocks. Some examples will include web user authentication techniques, media retrieval lists, and interface usability issues.
Once we understand the challenges of incorporating various web APIs we will then look at techniques for handling APIs properly including caching methods, large data set handling, paging, filtering, just in time techniques, information on demand and speed testing. Throughout we will look at pseudo code, and detailed examples of real life examples.
With the proper techniques mobile applications can take advantage of a wide array of third party and home grown APIs without degradation of performance, memory, and overall usability.
The document summarizes an agenda for an API development roundtable discussion. It introduces the speakers and establishes discussion rules. It then provides an overview of APIs, including their evolution, growth, use cases, security considerations, and adoption across industries. A quick poll is taken on companies' API maturity. Key concerns around API development like security, performance, and ownership models are discussed. Current tools and strategies used are reviewed. The document recaps the discussion and thanks participants.
Simple Data Movement Patterns: Legacy Application to Cloud-Native Environment...VMware Tanzu
SpringOne Platform 2019
Session Title: Simple Data Movement Patterns: Legacy Application to Cloud-Native Environment and Apache Geode
Speaker: James Bedenbaugh, Advisory Data Solutions Architect, Pivotal; Zachary Hansen, Data Transformation Solutions Architect, Pivotal
Youtube: https://youtu.be/7ds0YZNlhmE
This document provides an overview of APIs, API management, integration, and API security. It discusses why organizations adopt APIs to accelerate mobile app development, foster reuse, and allow external developers to innovate. The document outlines components of API management like the API gateway and developer portal. It also discusses how SOA, ESB, and APIs can converge in the API facade pattern to provide simple interfaces to complex systems. The presentation demonstrates this pattern using WSO2 API Manager and ESB and discusses API security techniques like OAuth for identity delegation.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
OpenMetadata Community Meeting - 5th June 2024OpenMetadata
The OpenMetadata Community Meeting was held on June 5th, 2024. In this meeting, we discussed about the data quality capabilities that are integrated with the Incident Manager, providing a complete solution to handle your data observability needs. Watch the end-to-end demo of the data quality features.
* How to run your own data quality framework
* What is the performance impact of running data quality frameworks
* How to run the test cases in your own ETL pipelines
* How the Incident Manager is integrated
* Get notified with alerts when test cases fail
Watch the meeting recording here - https://www.youtube.com/watch?v=UbNOje0kf6E
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
1. Seattle | September 16-17, 2019
Decentralized Authorization
SITARAMAN
LAKSHMINARAYANAN
2. Seattle | September 16-17, 2019
Am I Authorized to speak about this topic? OR whoami ?
• Subject – Sitaraman ( Ram) Lakshminarayanan
• Resources – I work for Pure Storage as Sr Security Architect
• Actions – Author-Web Services Security, Co-Author ASP.NET Security
• Other Attributes: Twitter: @Lsitaraman , Exp : 20 Years, Can speak Role
Based and Fine Grained Authorization semantics among other things.
3. Seattle | September 16-17, 2019
Why talk about Authorization here?
• Security Teams are always in the mix between – Developers / Operations /
Customers/ PM’s.
• Let’s not just ask questions, provide solutions.
• Just pointing in the right direction is a big favor to developers.
4. Seattle | September 16-17, 2019
What is Authorization?
Subject – User / Application
Resource – Web App, API, or any feature of your App
Action – Read , Write, Delete, Approve, Deny, etc.
Is the User (Subject) allowed to Perform the said action on a Resource?
5. Seattle | September 16-17, 2019
Role Based Access Control – one form of AuthZ
Role
Resources
Actions
Group
6. Seattle | September 16-17, 2019
Developer’s view of Implementing RBAC
If Role == “Manager|Admin”
{
return True;
}
Something along those lines..
- Rules are hard coded in the code.
- Implementation varies between Teams / Stack
7. Seattle | September 16-17, 2019
Dev-Sec-Ops
Developer- Implements AuthZ logic
Security – wants to verify if you can enforce “need to know” basis / Least
privilege.
Ops – wants to make sure everything is running / deployment doesn’t take
hours, etc.
8. Seattle | September 16-17, 2019
When Security Team reviews the code/deployment?
Security: Can I change what this Role- Manager or Admin can do ?
Developer : ?? Why??
Security:
1. Our Policy
2. Its too high of privileges for Role- XYZ ( e.g. Manager)
3. Separation of Duties
9. Seattle | September 16-17, 2019
How would a Developer Re-design RBAC?
Role
Permission
Group
Permission
Resource+Action
10. Seattle | September 16-17, 2019
Back to Security
Security – Super Excited !!.. At least I was when I did this in 2004
11. Seattle | September 16-17, 2019
Operations – How to deploy this in Production?
On Call person who has to deploy/ debug Apps permissions have to
1. Add Resources / Permissions
2. Create new Roles
3. Map Roles to Permissions
Its usually 10’s of pages of doc per Application.
Listen to talk about Security & Dev Ops by @IanColdwalter BSidesNOVA
2019
https://www.youtube.com/watch?time_continue=2&v=OlAFuiDCqbM
12. Seattle | September 16-17, 2019
Operations Person?
Imagine managing/configuring Roles, Permissions, Resources for multiple
apps
13. Seattle | September 16-17, 2019
Did Centralized AuthZ model work?
1. Hard coded apps to centralized authorization services
2. App developers have to understand AuthZ Service to better take
advantage of centralized service.
3. Changing permissions/policies is not easy
4. It actually slows down time to deploy.
14. Seattle | September 16-17, 2019
What If?
1. We externalize authorization from code
2. Provide developers full control of how they want to write their AuthZ
Rules
3. Give Security Teams option to customize the authZ rules/policies
4. Does not Involve too much operational overhead
5. Reduces time to deploy?
6. Consistent way to enforce policies across various languages/stack
15. Seattle | September 16-17, 2019
Intro to Open Policy Agent
Client/App- makes REST API call to get Decisions from OPA
OPA – makes Policy Decision – Evaluating Input Data against
Policies
OPA Policies are written in Rego outside of Code
16. Seattle | September 16-17, 2019
OPA and Rego
1. Rego is a query language
2. OPA Policies are written in Rego
3. SQL for Authorization – You write your AuthZ rules in a consistent
manner.
18. Seattle | September 16-17, 2019
OPA – Other benefits
• Provides an Interface to get Decision Logs through API / Web Hooks
• Provides an option to get Telemetry about OPA itself ( up /down)
• Policies can be distributed as Bundles ( Bundles = Rego file, Data file)
19. Seattle | September 16-17, 2019
OPA – Interactions from Developer Point of View
22. Seattle | September 16-17, 2019
Key takeaways
• Externalize Authorization from your code – As product / Service
• During Security Reviews – ask If Authorization can be externalized from
code
• Use Open Policy Agent to standardize on how to write AuthZ rules.
• Integrate with SIEM for decisions- allow/deny.
• Establish a pattern across your Product/Service for consistent authZ.
Authorization does not happen without a proper Authentication.
Check out– SPIFFE /SPIRE for Secure Introduction of Identities