Migration vers les Solutions Libres/Open Sourcesserge sonfack
Présentation du Libre , de l Open Source et de l Open Hard/Creative Commons.
Développement des types de migration et technique de migration vers le libre
Présentation des exemples de migration avec les econnomies réalisées
Migration vers les Solutions Libres/Open Sourcesserge sonfack
Présentation du Libre , de l Open Source et de l Open Hard/Creative Commons.
Développement des types de migration et technique de migration vers le libre
Présentation des exemples de migration avec les econnomies réalisées
Railsplitter is a framework which significantly reduces development cost to expose a hierarchical data model as a production quality Create, Read, Update, and Delete (CRUD) web service. Railsplitter adopts JSON API [10] as the standard for the service definition given its focus on consumption by front-end developers. Inherent in the design of JSON API are capabilities that reduce the number of round trips from client to server to fetch or update data. Updates on disparate models can happen in a single request allowing the server to build atomicity guarantees. Rather than starting from scratch with a domain-specific language (DSL) to describe a data model, Railsplitter adopts Java Persistence API (JPA) [6] - a modeling definition that is rich and has a long tenure of proven provider implementations. Unlike other approaches, Railsplitter addresses the fundamental needs of flexible, model driven authorization, interoperability with client side applications, and test automation.
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...MITRE ATT&CK
From ATT&CKcon 4.0
By Olaf Harton, FalconForce
"Modern security teams have been engineering solid detections for a while now. All this great output also needs to be managed well.
* How can we make sure that the detections we have spent a lot of time developing are deployed and are running in production in the same way as they were designed?
* How can we assure our detection and prevention controls are still working and are detecting the attacks they have been designed to cover?
We will show how we have built a robust and flexible development and deployment process using cloud technnologies. This process allows us to quickly and easily implement new detection controls, test them across multiple environments, and deploy them in a controlled and consistent manner.
We will discuss how security teams can reap the benefits of using detection-as-code, and how this can help achieving a single source of truth for their detection logic. Adopting this approach enables teams to use automation and unit testing to manage and validate their detection controls across multiple environments and ensure proper documentation. By adopting a detection-as-code approach, teams can gain the confidence that comes from knowing that their detections and mitigations work as intended."
SWORD (Simple Web-service Offering Repository Deposit) will take forward the Deposit protocol developed by a small working group as part of the JISC Digital Repositories Programme by implementing it as a lightweight web-service in four major repository software platforms: EPrints, DSpace, Fedora and IntraLibrary. The existing protocol documentation will be finalised by project partners and a prototype ‘smart deposit’ tool will be developed to facilitate easier and more effective population of repositories.
Middleware Security for Apache CXF, Camel, ActiveMQ and Karaf as well as others continue to be an ongoing concern especially around Authentication, Authorization, Data at Rest and Data in Transit. The session will include a presentation and demonstrations of implementing Authentication (AuthN) and Authorization (AuthZ) as well as other security topics.
OSMC 2021 | inspectIT Ocelot: Dynamic OpenTelemetry Instrumentation at RuntimeNETWAYS
If you want to trace or extract specific data from a Java application with OpenTelemetry, you usually have to modify the application’s code. However, this is often not possible, especially with bought-in software. We would like to show, how the open source inspectIT Ocelot Java agent can be used to dynamically inject OpenTelemetry code at runtime for extracting specific application and business data – and all this without having to adapt the application itself.
Railsplitter is a framework which significantly reduces development cost to expose a hierarchical data model as a production quality Create, Read, Update, and Delete (CRUD) web service. Railsplitter adopts JSON API [10] as the standard for the service definition given its focus on consumption by front-end developers. Inherent in the design of JSON API are capabilities that reduce the number of round trips from client to server to fetch or update data. Updates on disparate models can happen in a single request allowing the server to build atomicity guarantees. Rather than starting from scratch with a domain-specific language (DSL) to describe a data model, Railsplitter adopts Java Persistence API (JPA) [6] - a modeling definition that is rich and has a long tenure of proven provider implementations. Unlike other approaches, Railsplitter addresses the fundamental needs of flexible, model driven authorization, interoperability with client side applications, and test automation.
Detection as Code, Automation, and Testing: The Key to Unlocking the Power of...MITRE ATT&CK
From ATT&CKcon 4.0
By Olaf Harton, FalconForce
"Modern security teams have been engineering solid detections for a while now. All this great output also needs to be managed well.
* How can we make sure that the detections we have spent a lot of time developing are deployed and are running in production in the same way as they were designed?
* How can we assure our detection and prevention controls are still working and are detecting the attacks they have been designed to cover?
We will show how we have built a robust and flexible development and deployment process using cloud technnologies. This process allows us to quickly and easily implement new detection controls, test them across multiple environments, and deploy them in a controlled and consistent manner.
We will discuss how security teams can reap the benefits of using detection-as-code, and how this can help achieving a single source of truth for their detection logic. Adopting this approach enables teams to use automation and unit testing to manage and validate their detection controls across multiple environments and ensure proper documentation. By adopting a detection-as-code approach, teams can gain the confidence that comes from knowing that their detections and mitigations work as intended."
SWORD (Simple Web-service Offering Repository Deposit) will take forward the Deposit protocol developed by a small working group as part of the JISC Digital Repositories Programme by implementing it as a lightweight web-service in four major repository software platforms: EPrints, DSpace, Fedora and IntraLibrary. The existing protocol documentation will be finalised by project partners and a prototype ‘smart deposit’ tool will be developed to facilitate easier and more effective population of repositories.
Middleware Security for Apache CXF, Camel, ActiveMQ and Karaf as well as others continue to be an ongoing concern especially around Authentication, Authorization, Data at Rest and Data in Transit. The session will include a presentation and demonstrations of implementing Authentication (AuthN) and Authorization (AuthZ) as well as other security topics.
OSMC 2021 | inspectIT Ocelot: Dynamic OpenTelemetry Instrumentation at RuntimeNETWAYS
If you want to trace or extract specific data from a Java application with OpenTelemetry, you usually have to modify the application’s code. However, this is often not possible, especially with bought-in software. We would like to show, how the open source inspectIT Ocelot Java agent can be used to dynamically inject OpenTelemetry code at runtime for extracting specific application and business data – and all this without having to adapt the application itself.
What is the point of small housing associations.pptxPaul Smith
Given the small scale of housing associations and their relative high cost per home what is the point of them and how do we justify their continued existance
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
Russian anarchist and anti-war movement in the third year of full-scale warAntti Rautiainen
Anarchist group ANA Regensburg hosted my online-presentation on 16th of May 2024, in which I discussed tactics of anti-war activism in Russia, and reasons why the anti-war movement has not been able to make an impact to change the course of events yet. Cases of anarchists repressed for anti-war activities are presented, as well as strategies of support for political prisoners, and modest successes in supporting their struggles.
Thumbnail picture is by MediaZona, you may read their report on anti-war arson attacks in Russia here: https://en.zona.media/article/2022/10/13/burn-map
Links:
Autonomous Action
http://Avtonom.org
Anarchist Black Cross Moscow
http://Avtonom.org/abc
Solidarity Zone
https://t.me/solidarity_zone
Memorial
https://memopzk.org/, https://t.me/pzk_memorial
OVD-Info
https://en.ovdinfo.org/antiwar-ovd-info-guide
RosUznik
https://rosuznik.org/
Uznik Online
http://uznikonline.tilda.ws/
Russian Reader
https://therussianreader.com/
ABC Irkutsk
https://abc38.noblogs.org/
Send mail to prisoners from abroad:
http://Prisonmail.online
YouTube: https://youtu.be/c5nSOdU48O8
Spotify: https://podcasters.spotify.com/pod/show/libertarianlifecoach/episodes/Russian-anarchist-and-anti-war-movement-in-the-third-year-of-full-scale-war-e2k8ai4
Many ways to support street children.pptxSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
Understanding the Challenges of Street ChildrenSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
1. i4M Lab
1
ΕΛΛΑΚ Μονάδες Αριστείας (ΜΑ. ΕΛΛΑΚ)
Σχολείο Ανοικτού Κώδικα ΕΛ / ΛΑΚ: e-Identity & e-Government
(Hλεκτρονική ταυτότητα στη Δημόσια Διοίκηση και Τοπική Αυτοδιοίκηση)
UAegean Center of Excellence (CoE) – Open Source Software in Transport
and Shipping
University of the Aegean
Dpt of Financial and Management Engineering & Dpt of Shipping and Transportation Services
Session: II
Stelios Lelis , i4M Lab, UAegean
Harris Papadakis, i4M Lab, UAegean
@ i-nformation M-anagement Lab
i4M Lab
2. i4M Lab
Ταυτότητα Σεμιναρίου
Το Πανεπιστήμιο Αιγαίου, στα πλαίσια του έργου Μονάδες Αριστείας
Ελεύθερου Λογισμικού / Λογισμικού Ανοικτού Κώδικα (ΕΛ/ΛΑΚ)1,
διοργανώνει Σχολείο Ανοικτού Κώδικα ΕΛ / ΛΑΚ με θέμα «e-Identity &
e-Government (Hλεκτρονική ταυτότητα στη Δημόσια Διοίκηση και
Τοπική Αυτοδιοίκηση)».
1 Το υποέργο Μονάδες Αριστείας ΕΛ/ΛΑΚ υλοποιείται στο πλαίσιο του έργου «Ηλεκτρονικές Υπηρεσίες για την Ανάπτυξη και
Διάδοση του Ανοιχτού Λογισμικού» του Προγράμματος «Ψηφιακή Σύγκλιση». Το έργο συγχρηματοδοτείται από το ΕΤΠΑ.
2
4. i4M Lab
Online tools και άλλα
Βασική αναφορά για την ύλη του μαθήματος
https://openeclass.aegean.gr/courses/OPENSOURCE102/
Επικοινωνία
seminar e-mailing list: e-identity-iss-community@googlegroups.com
Αποθετήριο κώδικα ISS
https://github.com/adanar/SSS-2.0
Ομάδα διδασκαλίας και συντονισμού
Στέλιος Λέλης
Χάρης Παπαδάκης
Πέτρος Καβάσαλης
4
5. i4M Lab
STORK2.0 INTERCONNECTION SUPPORTING
SERVICE ARCHITECTURE, APPLICATION
PROTOCOL INTERFACES, HANDS-ON
EXPERIENCE
Session II
5
6. i4M Lab
Session II: agenda
Security Assertion Markup Language (SAML)
ISS Architecture - APIs
ISS Hands-on Experience
6
7. i4M Lab
Session II: agenda
Security Assertion Markup Language (SAML)
ISS Architecture - APIs
ISS Hands-on Experience
7
8. i4M Lab
SAML – Security Assertion Markup Language
An XML-based, open-standard data format for
exchanging authentication and authorization data between parties.
Parties (IdPs, SPs, PEPSes, etc.) exchange SAML documents that
contain SAML assertions
A SAML assertion contains a packet of security information
“Assertion A was issued at time t by issuer R regarding
subject S provided conditions C are valid”
On the basis of assertions, SPs make access control decisions – in other
words it can decide whether to provide access to the service to the user.
SAML documents are signed and their origin cross-checked (circle of
trust)
8
9. i4M Lab
SAML Assertion Statements
Assertions contain three types of statements
Authentication statements
o Assert to the SP that the principal did indeed authenticate with the identity provider
at a particular time using a particular method of authentication
Attribute statements
o Asserts that a subject is associated with certain attributes.
Authorization decision statements
o Asserts that a subject is permitted to perform action A on resource R given
evidence E (intentionally limited)
9
10. i4M Lab
SAML Protocols
A SAML protocol describes how certain SAML elements (including
assertions) are packaged within SAML request and response elements,
and gives the processing rules that SAML entities must follow when
producing or consuming these elements.
SAML protocol is a simple request-response protocol
Autehtncitation Query – Authentication Response
Attribute Query – Attribute Response
Authorization Decision Query - Authorization Decision Response
10
11. i4M Lab
SAML Bindings
A SAML binding is a mapping of a SAML protocol message onto
standard messaging formats and/or communications protocols.
SAML SOAP Binding
o specifies how a SAML message is encapsulated in a SOAP envelope, which itself
is bound to an HTTP message
Reverse SOAP (PAOS) Binding
HTTP Redirect (GET) Binding
HTTP POST Binding
o specifies how a SAML message is posted to the party, which itself is bound to an
HTTP message
HTTP Artifact Binding
SAML URI Binding
11
12. i4M Lab
STORK2.0 SAML Protocol
Extension of the standard SAML2.0 protocol
Mandatory QAA Level (Quality Authentication Assurance)
Optional eIDSectorShare, eIDCrossSectorShare, eIDCrossBorderShare
whether an eId can be shared
Optional <RequestAttribtues> element to allow additional STORK attributes
to be rrequested
Additional attributes necessary for processing the authentication
12
16. i4M Lab
STORK2.0 PAL – Personal Attribute List
Simple object representation of the attributes information transferred
trough SAML documents
Utilized internally at PEPS, Demo SP, Demo AP and ISS
Methods for setting and getting attributes
public PersonalAttribute put(final String key, final PersonalAttribute val)
public void add(final PersonalAttribute value)
public PersonalAttribute get(final Object key)
IPersonalAttributeList getMandatoryAttributes() …
PersonalAttribute: representation of an attribute
Fields: name, value, complexValue, required, status, friendlyName
16
17. i4M Lab
Session II: agenda
Security Assertion Markup Language (SAML)
ISS Architecture - APIs
ISS Hands-on Experience
17
18. i4M Lab
Struts 2.0 framework
Supporting Service 2.0 is a Struts 2.0-based web application
Struts 2.0 is a pull-MVC framework based on Actions. Actions are have
trigger points and results actions
Example:
<action name="ValidateToken" class="eu.stork.ss.specific.json.RetrieveDummySP">
<result name="success" type="redirectAction">
<param name="actionName">CountrySelector</param>
</result>
<result name="error">/errorPage.jsp</result>
</action>
action name : Name of the action. Part of the trigger URL (http://server/webapp/ValidateToken)
Class: the corresponding class containing the execute method to be activated when the corresponding
action is triggered.
Result name: what happened on success and failure
Success: automatic struts redirection-to-action trigger
Failure: display a JSP page
19. i4M Lab
Supporting Service operation lifecycle
<!-- Step1: Validate token, create session and set token -->
<action name="ValidateToken“ class="eu.stork.ss.specific.json.RetrieveDummySP">
<result name="success" type="redirectAction"><param name="actionName">CountrySelector</param>
</result>
<result name="error">/errorPage.jsp</result></action>
<!-- Step3: Validate user selection and create SAML (session must contain TOKEN and PAL) -->
<action name="ValidateSelection" class="eu.stork.ss.ValidateSelection">
<result name="success">/samlRedirect.jsp</result>
<result name="error">/errorPage.jsp</result> </action>
#Sp return url sp.return=https://stork2.atlantis-group.gr/SP/ServiceRedirect
<!-- Step4: Validate SAML, save values to PAL (session must contain TOKEN and PAL) -->
<action name="ServiceRedirect" class="eu.stork.ss.ServiceRedirect">
<result name="success" type="chain"><param name="actionName">ReturnToken</param>
</result><result name="error">/redirect.jsp</result></action>
<!-- Step5: Provided a PAL we save the values and redirect to the SP -->
<action name="ReturnToken" class="eu.stork.ss.specific.json.SaveDummySP">
<result name="success">/tokenRedirect.jsp</result>
<result name="error">/errorPage.jsp</result></action>
20. i4M Lab
Step1:
Validate token, create session and set token
Action Name: ValidateToken
Abstract action class: eu.stork.ss.RetreivePersonalAttributeList
Specific class: eu.stork.ss.specific.xx.RetrieveDummySP
Method of interest: IPersonalAttributeList
retrievePersonalAttributeList(String token)
Retrieve configuration information
Perform SP communication and retrieve requested attributes
Construct the corresponding PAL
Let’s look into the code!
21. i4M Lab
Step3:
Validate user selection and create SAML
Action Name: ValidateSelection
Action class: eu.stork.ss.ValidateSelection
Constructs the Authentication Request (Main class to represent a request to
the STORK service)
Uses the STORK SAML engine to encode the PAL into the SAML document
Retrieves PEPS URL from configuration file
Sends the request to PEPS (STORK) through user redirection
(samlRedirect.jsp)
22. i4M Lab
Step4:
Validate SAML, save values to PAL
Action Name: ServiceRedirect
Action class: eu.stork.ss.ServiceRedirect
Receives the SAML document which contains the reply from STORK
Checks whether the response contains some error code
Otherwise, decodes the document, retrieving all necessary information, esp.
the PAL
PAL now also contains the requested attribute values
23. i4M Lab
Step5:
Provided a PAL we save the values and
redirect to the SP
Action Name: ReturnToken
Abstract action class: eu.stork.ssSavePersonalAttributeList
Specific class: eu.stork.ss.specific.xx.SaveDummySP
Method of interest: String savePersonalAttributeList(String token,
IPersonalAttributeList pal)
Constructs the SP request message from PAL
Performs the necessary communication to the SP
Retrieves the SP reply
Redirects the user to the corresponding URL (success or failure)
Let’s look into the code!
24. i4M Lab
Session II: agenda
Security Assertion Markup Language (SAML)
ISS Architecture - APIs
ISS Hands-on Experience
24
