This document discusses federated identity and how it allows different companies to provide access to resources based on a user's identity asserted by another company. It describes how WS-Federation is an industry standard that defines mechanisms for security realms to federate. Key components of federated identity systems are discussed, including identity providers, security token services, relying parties, and security tokens that contain claims about a user. Architectural advantages of federated identity like single sign-on and flexibility in building applications are highlighted. Windows Identity Foundation and Active Directory Federation Services are presented as frameworks for building federated identity applications.
This presentation will give you short and not very technical overview about claims-based authentication.
The claims-based authentication will be the way to almost all Microsoft web-based platforms around. It is more complex than old username-password method but also more secure and general.
This presentation will give you short and not very technical overview about claims-based authentication.
The claims-based authentication will be the way to almost all Microsoft web-based platforms around. It is more complex than old username-password method but also more secure and general.
Sellel kevadel on juurde tulnud võimalused rentida Microsofti pilveteenuseid läbi tavaliste ostukanalite. Aleksei räägib kuidas seminaril jutuks olnud teenuseid osta kaotamata investeeringut senistesse litsentsidesse.
Mobile device management (MDM) is not beyond the realms of possibility. Security is high on the hierachy of mobility needs. If you are thinking of deploying MDM, do so. Start with the basic essentials and then add features. These 8 configurations will cover 90% of your mobility security needs.
One of the challenges to building any RESTful API is having a well thought out authentication and authorization strategy. Cross cutting concerns like authentication, security, and logging are always challenging and involves many stakeholders.
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...CloudIDSummit
Adam Dawes, Product Manager, Google
Jonathan Beri, Developer Advocate, Google
There’s never been a better time to become a relying party, and Google offers two tools to help developers do just that. Google Identity Toolkit makes it easy for a site to outsource its authentication system (including password login) and become a relying party to the most popular identity providers. Google+ Sign-In can create more engaging experiences in your app and drive more usage across devices.
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...CA Technologies
This session explores common challenges and solutions associated with Identity and Access Management for SaaS, including topics such as federation vs form fill for single sign on, identity lifecycle management best practices and retaining data when de-provisioning. It also covers what to look for as a SaaS consumer and what to build as a SaaS inventor. Seating is limited and available first come-first served.
For more information, please visit http://cainc.to/Nv2VOe
CIS14: Why Federated Access Needs a Federated IdentityCloudIDSummit
Matt Tatro, Denise Lores, Wade Ellery
Radiant Logic
How creating a federated identity service gives you a single unified view of ALL identities and their context to improve your federated access, WAM and application deployment.
Sellel kevadel on juurde tulnud võimalused rentida Microsofti pilveteenuseid läbi tavaliste ostukanalite. Aleksei räägib kuidas seminaril jutuks olnud teenuseid osta kaotamata investeeringut senistesse litsentsidesse.
Mobile device management (MDM) is not beyond the realms of possibility. Security is high on the hierachy of mobility needs. If you are thinking of deploying MDM, do so. Start with the basic essentials and then add features. These 8 configurations will cover 90% of your mobility security needs.
One of the challenges to building any RESTful API is having a well thought out authentication and authorization strategy. Cross cutting concerns like authentication, security, and logging are always challenging and involves many stakeholders.
CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identi...CloudIDSummit
Adam Dawes, Product Manager, Google
Jonathan Beri, Developer Advocate, Google
There’s never been a better time to become a relying party, and Google offers two tools to help developers do just that. Google Identity Toolkit makes it easy for a site to outsource its authentication system (including password login) and become a relying party to the most popular identity providers. Google+ Sign-In can create more engaging experiences in your app and drive more usage across devices.
Common Challenges of Identity Management and Federated Single Sign-On in a Sa...CA Technologies
This session explores common challenges and solutions associated with Identity and Access Management for SaaS, including topics such as federation vs form fill for single sign on, identity lifecycle management best practices and retaining data when de-provisioning. It also covers what to look for as a SaaS consumer and what to build as a SaaS inventor. Seating is limited and available first come-first served.
For more information, please visit http://cainc.to/Nv2VOe
CIS14: Why Federated Access Needs a Federated IdentityCloudIDSummit
Matt Tatro, Denise Lores, Wade Ellery
Radiant Logic
How creating a federated identity service gives you a single unified view of ALL identities and their context to improve your federated access, WAM and application deployment.
Enterprise & Web based Federated Identity Management & Data Access Controls Kingsley Uyi Idehen
This presentation breaks down issues associated with federated identity management and protected resource access controls (policies). Specifically, it uses Virtuoso and RDF to demonstrate how this longstanding issue has been addressed using the combination of RDF based entity relationship semantics and Linked Open Data.
A Development session led by Technical Enablement Lead Bert Van Beeck
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
An IAM for Beginner's session presented by Dr. Matthias Tristl, ForgeRock Senior Instructor
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Make sure you exercise due diligence when selecting a cloud service provider.
Make sure the cloud environment supports the regulatory requirements of your industry and data.
Conduct data classification to understand the sensitivity of your data before moving to the cloud.
Clearly define who owns the data and how it will be “returned” to you and the timing in the event you cancel your agreement.
Understand if you are leveraging the cloud in IaaS, PaaS, SaaS or other model.
Cloud Security is critical to Data Security and Application Resilience against CyberAttacks. This talk looks at Security Best Practices that need to be practised.
This talk was presented at AWS Community Day Bengaluru 2019 by Amar Prusty, Cloud-Data Center Consultant Architect, DXC Technology
SharePointFest 2013 Washington DC - SPT 103 - SharePoint 2013 Extranets: How ...Brian Culver
How will SharePoint 2013 allow organizations to collaborate and share knowledge with clients and partners? SharePoint empowers organization to build extranet sites and partner portals inexpensively and securely. Learn about the Product Catalog site template and how you can to use it. Learn about the new improvements in SharePoint 2013 regarding extranets. Learn how SharePoint 2013 can help your organization open its doors to its clients and partners securely.
Common Data Service – A Business Database!Pedro Azevedo
In this session I tried to explain to SQL Community what is Common Data Service, it's a new Database or only a service to allow Power Users to create applications.
How to deploy SharePoint 2010 to external users?rlsoft
A presentation about all the different aspects to be aware of when deploying SharePoint 2010 as an extranet platform, as well as the available options for network topologies and authentication methods.
As organizations shift control of their infrastructure and data to the cloud, it is critical that they rethink their application security efforts. This can be accomplished by ensuring applications are designed to take advantage of built-in cloud security controls and configured properly in deployment.
Attend this webcast to gain insight into the security nuances of the cloud platform and risk mitigation techniques. Topics include:
• Common cloud threats and vulnerabilities
• Exposing data with insufficient Authorization and Authentication
• The danger of relying on untrusted components
• Distributed Denial of Service (DDoS) and other application attacks
• Securing APIs and other defensive measures
Slides der Präsentation von Jörg Vosse, Citrix, am Citrix Day 2014 von Digicomp:
Citrix ShareFile ist für Unternehmen konzipiert und für Mobilanwender optimiert. Im Gegensatz zu unsicheren Consumer- und anderen einfachen Dateifreigabetools bietet ShareFile Funktionen für eine sichere Synchronisierung und Freigabe von Unternehmensdateien.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
3. Federated identity
• Federation – A federation is a collection of realms that have established a
producer-consumer relationship whereby one realm can provide authorized
access to a resource it manages based on an identity, and possibly associated
attributes, that are asserted in another realm*.
TL;DR: A company can give access to a resource based on an identity asserted by
another company.
• Identity – The identity of an individual is the set of information associated
with that individual in a particular computer system.**
Can be extended to system entities, such as computers/service accounts.
The term "principal" is used to refer to system entities/individuals in computer systems.
** S. T. Kent and L. I. Millett, editors, Who Goes There? Authentication Through the
Lens of Privacy, The National Academies Press, 2003
* Web Services Federation Language (WS-Federation), Version 1.1, December 2006
4. The problem at hand
User
Collaboration website
https://collaboration.partner.com
My company
(Realm)
Partner company
(Realm)
5. The classic approach
• Partner company maintains a user database for its application
• Each user from our company is assigned an account for partner's application
• Typical login: username/password
• Many partner websites -> many usernames/passwords
• Challenging to maintain these userIDs
User quits the company, internal account closed. What about accounts in all
partnering companies' applications?
Challenging to keep track of who has access to what
No central management of Ids
• Federated identity to the rescue!
6. WS-Federation
• Web Services Federation Language
Contributors: Microsoft, IBM, Novell, Verisign and more.
Industry standard, freely available.
Builds upon WS-Security and WS-Trust.
• Defines mechanisms to allow different security realms to federate
• Focused on web services
• Also includes specification for Web (Passive) Requestors
Enables the WS-Federation protocol to be run through a web browser
Involves real people!
We'll be focusing on the web scenario.
7. The building blocks
• Trust - Trust is the characteristic that one entity is willing to rely upon a
second entity to execute a set of actions and/or to make set of assertions*
about a set of subjects and/or scopes.
• Claims based identity
• Claim – A claim is a declaration made by an entity (e.g. name, identity, key,
group, privilege, capability, etc).
• Means to (securely) communicate identity information between realms
• Security Token – A security token represents a collection (one or more) of
claims.
* Claim and assertion are synonyms
8. Important roles
• Identity Provider (IP) – An Identity Provider is an entity that acts as an
authentication service to end requestors and a data origin authentication
service to service providers.
• Security Token Service (STS) - A Security Token Service is a Web service
that provides issuance and management of security tokens.
• Relying Party – A Web application or service that consumes Security
Tokens issued by a Security Token Service.
9. Security token
• Contains claims about the user
Typical claims: Username, user's name, e-mail address, groups (for authz)
• Signed by STS
RP can verify that it was issued by a trusted STS
Tamper-proof
• Lifetime (valid from/to)
• Intended for a particular RP
• Can also be encrypted -> only the intended RP can decrypt it
• Can be on different formats, often SAML
13. Architectural advantages
• Separates authentication logic from application
• Enables single-sign-on for a suite of applications
Provides a seamless experience across stand-alone applications
• Yields great flexibility when building e.g. an online bank
Different services can be provided through separate applications
Simplifies releases
Makes it easier for multiple teams to work in parallell
Opens the possibility to host different applications in separate environments
E.g. some apps hosted locally, some apps hosted in the cloud
Simplifies integration of third party applications
Facilitates privacy-by-design, carefully selecting claims provided to various
applications
14. How we used to do things
Authentication
Accounts/payment
Stocks/fund
Debit/credit cards
Loans
Personal finance
Sample online banking application
15. How we can do things now
Sample online banking application suite
Authentication
IP/STS Personal finance
Accounts/payment
Stocks/fund
Debit/credit cards
Loans
RPs
16. A few challenges
• Providing flexibility in common functionality
Handling change to "shared" menus etc.
• Care must be taken with regards to session management
17. Building federated identity systems
• We need minimum three things, an IP, an STS, and an RP
• The RP usually contains the features (customer value). Everyone wants this!
• IPs and STSs, you build because you have to (though some of us thinks it's
great fun)
• Want to spend as much time as possible on building the fun stuff – features.
• Authentication as a service?
18. Windows Identity Foundation
• Framework for building identity-aware applications
• Included in the .NET Framework 4.5
Available as a separate library before .NET 4.5
• Provides APIs for building Relying Parties and STSs
Provides a programming model for working with claims based identity
• Provides out-of-the-box functionality for RPs
19. AD FS
• Active Directory Federation Services
• AD-integrated STS
• Included in Windows Server 2008/2012
• Enables federation of AD-identities
• Seamless experience for users
21. ACS
• Windows Azure Active Directory Access Control (aka ACS)
• Cloud based service
• Facilitates authentication and manages authorization of users
• Supports several identity providers
AD FS
Windows Live ID / Google / Yahoo! / Facebook
• Windows Identity Foundation integration
Digital Identity – A digital representation of a principal (or group of principals) that is unique to that principal (or group), and that acts as a reference to that principal (or group). For example, an email address MAY be treated as a digital identity, just as a machine’s unique IP address MAY also be treated as a digital identity, or even a generated unique identifier. In the context of this document, the term identity is often used to refer to a digital identity. A principal may have multiple digital identities,