UAA, as a core component of Cloud Foundry, is responsible for authenticating and authorizing requests between platform users (e.g. those that push apps) and platform components (e.g. the cloud controller). But when it came to doing auth for the apps you push and the end users of those apps, using the built-in UAA wasn't the best fit, and you could easily end up shooting yourself in the foot. Until now. This talk will guide you though UAA's new multi-tenancy features, and show you how to use the built-in UAA to create arbitrary authorization scenarios for your products without the danger of affecting the security of the core platform. With this level of freedom, you'll have complete and fine-grained control over who is allowed to access your product's components, and how those components are allowed to interact with one another.
This talk is about how to secure your frontend+backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your frontend application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication using frameworks like Angular JS on the frontend and Spring Security on the backend.
Video available at https://skillsmatter.com/skillscasts/6058-stateless-authentication-for-microservices
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia
Have you ever wondered how single-sign-on on sites like Google and Facebook works? Are you a fan of stateless application architectures? Do you want to learn how to put together a modern security approach for your next Spring Boot project? If the answer is yes, to anything above, then this session is for you. Dmitry will explain what is OAuth 2.0 and JWT, why are they popular, and how to integrate them in Java project.
As part of MobiliYa Spread Knowledge Initiative Presentation Series.
Agenda
1.Intro -Auth-Authentication & Authorization & SSO
2.OAuth2 in Depth
3.Where does JWT fit in ?
4.How to do stateless Authorization using OAUTH2 & JWT ?
5.Some Sample Code ? How easy is it to implement ?
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails.
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider. In this session Alvaro will explore standards like OAuth and JWT to achieve a stateless, token-based authentication and authorisation. He will explore the existing impl More specifically, the demonstration will be made using Spring Security REST, a popular Grails plugin written by Álvaro.
Authentication is normally a stateful service. Most of the implementations rely on the HTTP session, thus introducing state as the session is an in-memory data structure in the application server.
In the microservices era, most of the companies are developing such called RESTful services, where one of the principles is to create stateless systems. In such scenario, authentication should be stateless too.
There is a standard specification to secure web application and API's, that is being adopted massively by the industry: OAuth 2. The specification doesn't explicitly cover how to make a stateless implementation. And most of the existing ones depend on some sort of external storage (such as a DB) to store the tokens generated for a later validation.
Fortunately, there is another specification by the IETF called JSON Web Token, that can be combined with OAuth 2 to achieve a stateless authentication system.
In the session, Alvaro will explain the core concepts of OAuth 2, as well as JWT and how can them be used together to achieve the last 2 letters of REST: State Transfer.
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
OAuth 2.0 is an open authentication and authorization protocol which enables applications to access each others data. This talk will presents how to implement the OAuth2 definitions to secure RESTful resources developed using JAX-RS in the Java EE platform.
This talk is about how to secure your frontend+backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your frontend application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication using frameworks like Angular JS on the frontend and Spring Security on the backend.
Video available at https://skillsmatter.com/skillscasts/6058-stateless-authentication-for-microservices
Modern Security with OAuth 2.0 and JWT and Spring by Dmitry BuzdinJava User Group Latvia
Have you ever wondered how single-sign-on on sites like Google and Facebook works? Are you a fan of stateless application architectures? Do you want to learn how to put together a modern security approach for your next Spring Boot project? If the answer is yes, to anything above, then this session is for you. Dmitry will explain what is OAuth 2.0 and JWT, why are they popular, and how to integrate them in Java project.
As part of MobiliYa Spread Knowledge Initiative Presentation Series.
Agenda
1.Intro -Auth-Authentication & Authorization & SSO
2.OAuth2 in Depth
3.Where does JWT fit in ?
4.How to do stateless Authorization using OAUTH2 & JWT ?
5.Some Sample Code ? How easy is it to implement ?
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails.
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider. In this session Alvaro will explore standards like OAuth and JWT to achieve a stateless, token-based authentication and authorisation. He will explore the existing impl More specifically, the demonstration will be made using Spring Security REST, a popular Grails plugin written by Álvaro.
Authentication is normally a stateful service. Most of the implementations rely on the HTTP session, thus introducing state as the session is an in-memory data structure in the application server.
In the microservices era, most of the companies are developing such called RESTful services, where one of the principles is to create stateless systems. In such scenario, authentication should be stateless too.
There is a standard specification to secure web application and API's, that is being adopted massively by the industry: OAuth 2. The specification doesn't explicitly cover how to make a stateless implementation. And most of the existing ones depend on some sort of external storage (such as a DB) to store the tokens generated for a later validation.
Fortunately, there is another specification by the IETF called JSON Web Token, that can be combined with OAuth 2 to achieve a stateless authentication system.
In the session, Alvaro will explain the core concepts of OAuth 2, as well as JWT and how can them be used together to achieve the last 2 letters of REST: State Transfer.
Securing RESTful APIs using OAuth 2 and OpenID ConnectJonathan LeBlanc
Constructing a successful and simple API is the lifeblood of your developer community, and REST is a simple standard through which this can be accomplished. As we construct our API and need to secure the system to authenticate and track applications making requests, the open standard of OAuth 2 provides us with a secure and open source method of doing just this. In this talk, we will explore REST and OAuth 2 as standards for building out a secure API infrastructure, exploring many of the architectural decisions that PayPal took in choosing variations in the REST standard and specific implementations of OAuth 2.
OAuth 2.0 is an open authentication and authorization protocol which enables applications to access each others data. This talk will presents how to implement the OAuth2 definitions to secure RESTful resources developed using JAX-RS in the Java EE platform.
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
SpringOne Platform 2016
Speaker: David Ferriera; Director, Cloud Technology, Forgerock
Microservices architecture elevates the challenges for Authentication and Authorization management. When a single frontend request can result in many backend microservices calls, it is important to balance security and performance. ForgeRock provides a standards-based blueprint that provides a flexible solution for making these choices while protecting your Cloud Foundry services end to end.
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
Gluecon 2012 presentation on using OAuth 2.0 with mobile applications to utilize social logins. "Is that a token in your phone in your pocket or are you just glad to see me? OAuth 2.0 and Mobile Devices"
http://www.springio.net/stateless-authentication-for-microservices/
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth and JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails. More specifically, the demonstration will be made using Spring Security REST, a popular Grails plugin written by Álvaro.
OAuth 2.0 is an open authentication and authorization protocol which enables applications to access each others data. This talk will presents how to implement the OAuth2 definitions to secure RESTful resources developed using JAX-RS in the Java EE platform.
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
The adoption of Mobile and Cloud applications drives API traffic across domains. OAuth 2.0 is being implemented in complex enterprise environments where new authorization endpoints are combined with various existing identity components, in various configurations.
Handshakes are federated to help provide a single sign-on experience across applications and enhance adoption. Mediation between tokens at the edge of each domain helps extend existing data to new channels. Core grant types, extension grant types, custom schemes, standards, patterns and use cases – let us count the ways in which API access control is applied.
This presentation will examine the role of API management infrastructure in API Security, API Access Control and API Federation and its interaction with enterprise infrastructure, social identity and application developers.
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Discussed the general OAuth2 features. Reviewer OAuth2 Roles and Grand Flows
Authorization code grant flow
Implicit grant flow
Resource owner password credentials grant flow
Client credentials grant flow
Reviewed access resource flow and token refresh.
see video: https://www.youtube.com/watch?v=UPsVD-A7gP0
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
This talk is about how to secure your frontend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications, when your frontend application is running on a browser and not securely from the server, there are few things you need to consider.
We will explore standards like OAuth or JWT to achieve a stateless, token-based authentication using frameworks like Angular JS on the frontend and Spring Security on the backend.
Note: images are courtesy of Shutterstock.com
Enterprise API adoption has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed.
This session focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question - and you need to deal with it quite carefully to identify and isolate the tradeoffs. Security is not an afterthought. It has to be an integral part of any development project - so as for APIs. API security has evolved a lot in last five years. This talk covers best practices in building an API Security Ecosystem with OAuth 2.0, UMA, SCIM, XACML and LDAP.
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
As products and companies move towards IoT model, users and machines alike need to interact with various APIs. Securing these APIs in a connected world can be a challenge faced by many. Fortunately, there are open standards addressing even the most complex of use cases - OAuth, OpenID and OpenID Connect happen to be widely adopted and have a growing support across many API and Identity Providers. In this session I'll talk about these standards, and walk through common use cases/flows from an API Provider as well as consumer's side. We will explore how these standards come together to not only secure the APIs, but also manage identity.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
The Ultimate Guide to Mobile API SecurityStormpath
Join Stormpath Developer Evangelist Edward Jiang to learn more about the common ways developers authenticate users in their mobile apps, what to watch out for when building your backend API and mobile apps, and how to integrate a secure user datastore to manage your users and authentication.
OAuth 2.0
Oauth2.0 is an “authorization” framework for web applications. It permits selective access to a user’s resource without disclosing the password to the website which asks for the resource.
Agenda for the session:
What is Oauth 2.0
Oauth 2.0 Terminologies
Oauth workflow
Exploiting Oauth for fun and profit
Reference
REST Service Authetication with TLS & JWTsJon Todd
Many companies are adopting micro-services architectures to promote decoupling and separation of concerns in their applications. One inherent challenge with breaking applications up into small services is that now each service needs to deal with authenticating and authorizing requests made to it. We present a clean way to solve this problem Json Web Tokens (JWT) and TLS using Java.
Websites and applications are implementing social single sign-on to allow users to login using trusted authentication providers such as Google, Facebook, and even Salesforce. Join us to learn how to configure the OpenID Connect authentication provider to allow users to authenticate at Google to access a Salesforce environment. We'll also look at how you can relieve yourself of the burden of password management by having your web app login users via Salesforce.
Дмитрий Хоревич "Cloud native security with UAA \ Как защитить микросервисы с...Tanya Denisyuk
Вопросы безопасности в больших корпоративных приложениях всегда стоят на первом плане. В монолитной архитектуре эти вопросы решаются достаточно единообразно, так как приложение является единым целым. Но сложности начинаются, когда мы решаем перейти к микросервисной архитектуре. Ведь по сути мы имеем дело с несколькими приложениями, доступ к которым нужно контролировать. В докладе мы обсудим:
· Какие существуют подходы обеспечения безопасности микросервисных приложений
· Их достоинства и недостатки
· Как защитить микросервесы с помощью CloudFoundry User Account and Authentication (UAA) Server
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
SpringOne Platform 2016
Speaker: David Ferriera; Director, Cloud Technology, Forgerock
Microservices architecture elevates the challenges for Authentication and Authorization management. When a single frontend request can result in many backend microservices calls, it is important to balance security and performance. ForgeRock provides a standards-based blueprint that provides a flexible solution for making these choices while protecting your Cloud Foundry services end to end.
The OAuth 2.0 authorization framework enables a third-party
application to obtain limited access to an HTTP service, either on
behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing
the third-party application to obtain access on its own behalf.
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
Gluecon 2012 presentation on using OAuth 2.0 with mobile applications to utilize social logins. "Is that a token in your phone in your pocket or are you just glad to see me? OAuth 2.0 and Mobile Devices"
http://www.springio.net/stateless-authentication-for-microservices/
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth and JWT to achieve a stateless, token-based authentication and authorization using Spring Security in Grails. More specifically, the demonstration will be made using Spring Security REST, a popular Grails plugin written by Álvaro.
OAuth 2.0 is an open authentication and authorization protocol which enables applications to access each others data. This talk will presents how to implement the OAuth2 definitions to secure RESTful resources developed using JAX-RS in the Java EE platform.
API Security & Federation Patterns - Francois Lascelles, Chief Architect, Lay...CA API Management
The adoption of Mobile and Cloud applications drives API traffic across domains. OAuth 2.0 is being implemented in complex enterprise environments where new authorization endpoints are combined with various existing identity components, in various configurations.
Handshakes are federated to help provide a single sign-on experience across applications and enhance adoption. Mediation between tokens at the edge of each domain helps extend existing data to new channels. Core grant types, extension grant types, custom schemes, standards, patterns and use cases – let us count the ways in which API access control is applied.
This presentation will examine the role of API management infrastructure in API Security, API Access Control and API Federation and its interaction with enterprise infrastructure, social identity and application developers.
Companion slides for Stormpath CTO and Co-Founder Les REST API Security Webinar. This presentation covers all the RESTful best practices learned building the Stormpath APIs. This webinar is full of best practices learned building the Stormpath API and supporting authentication for thousands of projects. Topics Include:
- HTTP Authentication
- Choosing a Security Protocol
- Generating & Managing API Keys
- Authorization & Scopes
- Token Authentication with JSON Web Tokens (JWTs)
- Much more...
Stormpath is a User Management API that reduces development time with instant-on, scalable user infrastructure. Stormpath's intuitive API and expert support make it easy for developers to authenticate, manage and secure users and roles in any application.
Discussed the general OAuth2 features. Reviewer OAuth2 Roles and Grand Flows
Authorization code grant flow
Implicit grant flow
Resource owner password credentials grant flow
Client credentials grant flow
Reviewed access resource flow and token refresh.
see video: https://www.youtube.com/watch?v=UPsVD-A7gP0
http://www.justin.tv/hackertv/49975/Tech_Talk_1_Leah_Culver_on_OAuth
Tech talk about OAuth, and open standard for API authentication. Originally broadcast on Justin.tv.
This talk is about how to secure your frontend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications, when your frontend application is running on a browser and not securely from the server, there are few things you need to consider.
We will explore standards like OAuth or JWT to achieve a stateless, token-based authentication using frameworks like Angular JS on the frontend and Spring Security on the backend.
Note: images are courtesy of Shutterstock.com
Enterprise API adoption has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed.
This session focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question - and you need to deal with it quite carefully to identify and isolate the tradeoffs. Security is not an afterthought. It has to be an integral part of any development project - so as for APIs. API security has evolved a lot in last five years. This talk covers best practices in building an API Security Ecosystem with OAuth 2.0, UMA, SCIM, XACML and LDAP.
Securing your APIs with OAuth, OpenID, and OpenID ConnectManish Pandit
As products and companies move towards IoT model, users and machines alike need to interact with various APIs. Securing these APIs in a connected world can be a challenge faced by many. Fortunately, there are open standards addressing even the most complex of use cases - OAuth, OpenID and OpenID Connect happen to be widely adopted and have a growing support across many API and Identity Providers. In this session I'll talk about these standards, and walk through common use cases/flows from an API Provider as well as consumer's side. We will explore how these standards come together to not only secure the APIs, but also manage identity.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
The Ultimate Guide to Mobile API SecurityStormpath
Join Stormpath Developer Evangelist Edward Jiang to learn more about the common ways developers authenticate users in their mobile apps, what to watch out for when building your backend API and mobile apps, and how to integrate a secure user datastore to manage your users and authentication.
OAuth 2.0
Oauth2.0 is an “authorization” framework for web applications. It permits selective access to a user’s resource without disclosing the password to the website which asks for the resource.
Agenda for the session:
What is Oauth 2.0
Oauth 2.0 Terminologies
Oauth workflow
Exploiting Oauth for fun and profit
Reference
REST Service Authetication with TLS & JWTsJon Todd
Many companies are adopting micro-services architectures to promote decoupling and separation of concerns in their applications. One inherent challenge with breaking applications up into small services is that now each service needs to deal with authenticating and authorizing requests made to it. We present a clean way to solve this problem Json Web Tokens (JWT) and TLS using Java.
Websites and applications are implementing social single sign-on to allow users to login using trusted authentication providers such as Google, Facebook, and even Salesforce. Join us to learn how to configure the OpenID Connect authentication provider to allow users to authenticate at Google to access a Salesforce environment. We'll also look at how you can relieve yourself of the burden of password management by having your web app login users via Salesforce.
Дмитрий Хоревич "Cloud native security with UAA \ Как защитить микросервисы с...Tanya Denisyuk
Вопросы безопасности в больших корпоративных приложениях всегда стоят на первом плане. В монолитной архитектуре эти вопросы решаются достаточно единообразно, так как приложение является единым целым. Но сложности начинаются, когда мы решаем перейти к микросервисной архитектуре. Ведь по сути мы имеем дело с несколькими приложениями, доступ к которым нужно контролировать. В докладе мы обсудим:
· Какие существуют подходы обеспечения безопасности микросервисных приложений
· Их достоинства и недостатки
· Как защитить микросервесы с помощью CloudFoundry User Account and Authentication (UAA) Server
Learn how to monitor and manage your serverless APIs in production. We show you how to set up Amazon CloudWatch alarms, interpret CloudWatch logs for Amazon API Gateway and AWS Lambda, and automate common maintenance and management tasks on your service.
Transform your datacenter by enabling business and IT to deploy, manage and govern applications across clouds. Decouple and manage compute, storage and networking resources as secured APIs, with SOA Software’s API Management platform. Get started with an API driven software-defined datacenter (SDDC).
As software development teams transition to cloud-based architectures and adopt agile processes, the tools they need to support application development in this new world will change. In this session, we'll take you the transition that Amazon made to a service-oriented architecture over a decade ago, and introduce you to some of the processes and tools that we built and adopted along the way. We’ll share what lessons we’ve learned, explain how we’ve achieved better agility and reliability in our software development and deployment processes, and present an overview of tools we’ve used to help get us there that have since become services such as AWS CodeCommit, AWS CodePipeline, AWS CodeDeploy, and more.
AWS re:Invent 2016: Building SaaS Offerings for Desktop Apps with Amazon AppS...Amazon Web Services
Amazon AppStream 2.0 is an application streaming service that provides users with instant access to their applications from anywhere, on any connected device. Delivering desktop apps from the cloud allows enterprises to manage user access easily and keep apps current; ISVs can reach more users across more devices. In this session, we cover best practices for streaming desktop applications from the AWS Cloud with Amazon AppStream 2.0, and show you how you can address advanced topics such as user authentication, security, and managing an application catalog.
Discover how to build APIs using the Apigee API Services toolkit. Deep dive into Apigee's API Serives solution, API design and management technology including OAuth and security, persistence & caching, Node.js and more.
As software development teams transition to cloud-based architectures and adopt agile processes, the tools they need to support application development in this new world will change. In this session, we'll take you the transition that Amazon made to a service-oriented architecture over a decade ago, and introduce you to some of the processes and tools that we built and adopted along the way. We’ll share what lessons we’ve learned, explain how we’ve achieved better agility and reliability in our software development and deployment processes, and present an overview of tools we’ve used to help get us there that have since become services such as AWS CodeCommit, AWS CodePipeline, AWS CodeDeploy, and more.
Similar to Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA (20)
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Understanding Nidhi Software Pricing: A Quick Guide 🌟
Choosing the right software is vital for Nidhi companies to streamline operations. Our latest presentation covers Nidhi software pricing, key factors, costs, and negotiation tips.
📊 What You’ll Learn:
Key factors influencing Nidhi software price
Understanding the true cost beyond the initial price
Tips for negotiating the best deal
Affordable and customizable pricing options with Vector Nidhi Software
🔗 Learn more at: www.vectornidhisoftware.com/software-for-nidhi-company/
#NidhiSoftwarePrice #NidhiSoftware #VectorNidhi
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
E-commerce Application Development Company.pdfHornet Dynamics
Your business can reach new heights with our assistance as we design solutions that are specifically appropriate for your goals and vision. Our eCommerce application solutions can digitally coordinate all retail operations processes to meet the demands of the marketplace while maintaining business continuity.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
4. About Me
• Spring user since version 2.0 (2007)
• Joined Pivotal October 2013
• Based in Toronto, Canada
• Working on Pivotal CF Services
– Mobile Services API Gateway
– Pivotal SSO
– Spring Cloud Services
• Committer on UAA
5. About UAA
• User Account and Authorization server
• Secures all CF components
• OAuth2 and OpenID Connect
• SCIM API for user management in internal
user database
• Integration with SAML 2.0 and LDAP
• OAuth2 client registration API
6. About OAuth2
• Delegated Authorization
• 4 Actors
– The Authorization Server
– User
– Client
– Resource Server
• Clients act on behalf of users
– Authorization Code Grant
– Resource Owner Password Grant
– Implicit Grant
• Clients act on their own
– Client Credentials Grant
8. OAuth2 In Cloudfoundry
• Apps Manager
– Go to apps.cfdomain in the browser
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
9. OAuth2 In Cloudfoundry
• Apps Manager
– Apps manager redirects you to UAA
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
Not logged
in!
10. OAuth2 In Cloudfoundry
• Apps Manager
– Apps manager redirects you to UAA
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
11. OAuth2 In Cloudfoundry
• Apps Manager
– UAA asks for username and password
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
Please log in
12. OAuth2 In Cloudfoundry
• Apps Manager
– User logs in
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
Here is the
username and
password
13. OAuth2 In Cloudfoundry
• Apps Manager
– UAA redirects back to Apps Manager with a one
time code
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
Here is an
authorization
code
14. OAuth2 In Cloudfoundry
• Apps Manager
– UAA redirects back to Apps Manager with a one
time code
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
Here is an
authorization
code
15. OAuth2 In Cloudfoundry
• Apps Manager
– Apps Manager gives the code back to UAA
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
Here is the same
authorization code
16. OAuth2 In Cloudfoundry
• Apps Manager
– UAA exchanges the code for an access token
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
The code is the same,
here is a token
17. OAuth2 In Cloudfoundry
• Apps Manager
– Apps manager uses the access token to access
the CC API
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
/v2/apps -H
“Authorization: bearer
eyJhbGci…”
18. OAuth2 In Cloudfoundry
• Apps Manager
– Apps manager renders the page
UAA
(login.)
Apps
Manager
(apps.)
Cloud
Controller
(api.)
Browser
Here is the the
pretty screen,
finally!
19. OAuth2 In Cloudfoundry
• Apps Manager
– Authorization Code Grant
– Typical of web applications
– Apps manager webapp is the client
29. OAuth2 In Cloudfoundry
• Autoscaling Service (PCF)
UAA
(login.)
Cloud
Controller
(api.)
Autoscaler
Time to check
status!
30. OAuth2 In Cloudfoundry
• Autoscaling Service (PCF)
UAA
(login.)
Cloud
Controller
(api.)
Autoscaler
Here is my
client_id and
client_secret
31. OAuth2 In Cloudfoundry
• Autoscaling Service (PCF)
UAA
(login.)
Cloud
Controller
(api.)
Autoscaler
Here is a token
32. OAuth2 In Cloudfoundry
• Autoscaling Service (PCF)
UAA
(login.)
Cloud
Controller
(api.)
Autoscaler
/v2/apps/1234/stats
-H “Authorization: bearer eyJhbGci…”
33. OAuth2 In Cloudfoundry
• Autoscaling Service (PCF)
UAA
(login.)
Cloud
Controller
(api.)
Autoscaler
CPU at
80%!
34. OAuth2 In Cloudfoundry
• Autoscaling Service (PCF)
UAA
(login.)
Cloud
Controller
(api.)
Autoscaler
PUT /v2/apps/1234
-H “Authorization: bearer eyJhbGci…”
-d ‘{"instances":2}’
35. OAuth2 In Cloudfoundry
• Autoscaling Service (PCF)
UAA
(login.)
Cloud
Controller
(api.)
Autoscaler
OK, creating
more
instances
36. OAuth2 In Cloudfoundry
• Autoscaling Service (PCF)
– Client Credentials Grant
– Typical of apps that act without a user’s
involvement
– Autoscaling Service is the client
37. OAuth2 In Cloudfoundry
• The CF platform has many more examples of
using OAuth2
• UAA is the key
– Manages users
– Manages clients
– Grants and verifies access tokens
38. UAA is the perfect fit for
Cloud Native Security*
39. UAA for Cloud Native Security
• *In CF there’s more to security than just UAA
– Network security / security groups
– Cross container traffic / trusted workloads
– No End to end TLS
• UAA is for application-level security
• It works for us, so it’ll work for you*
40. So you want to secure your apps
• Example
– You want to host your API application on Cloud
Foundry
my-cloudfoundry.cn
41. So you want to secure your apps
• Example
– You want to host your API application on Cloud
Foundry
my-cloudfoundry.cn
my-api
42. So you want to secure your apps
• Example
– It will be accessed by a web app hosted on CF
my-cloudfoundry.cn
my-api
my-
webapp
browser
43. So you want to secure your apps
• Example
– It will be accessed through a mobile app as well
my-cloudfoundry.cn
my-api
my-
webapp
browser
Mobile
app
44. So you want to secure your apps
• Perfect! Use UAA
my-cloudfoundry.cn
my-api
my-
webapp
browser
Mobile
app
UAA
45. So you want to secure your apps
• Perfect! Use UAA
– Client for web app authcode grant
46. So you want to secure your apps
• Perfect! Use UAA
– Client for web app authcode grant
– Client for mobile app password grant
47. So you want to secure your apps
• Perfect! Use UAA
– Client for web app authcode grant
– Client for mobile app password grant
– API app token verification JWT signature
48. So you want to secure your apps
• Perfect! Use UAA
– Client for web app authcode grant
– Client for mobile app password grant
– API app token verification JWT signature
• API app can validate token on its own
49. Who are your end users?
• SpaceDevelopers, OrgManagers
– Platform users, no problem
50. Who are your end users?
• SpaceDevelopers, OrgManagers
– Platform users, no problem
• That sales guy
– Not a platform user, PROBLEM
51. Who are your end users?
jsmith jsmyth
cf set-space-role
jsmyth the-org the-space SpaceDeveloper
oops
52. Who are your end users?
jsmith jsmyth
My app is too
slow
53. Who are your end users?
jsmith jsmyth
cf login –u jsmyth ...
cf scale sales-api –m 10G
I can fix that!
54. The Principle of Least Privilege
• You (or the application, process, module, etc)
should have the minimum level of access
required for performing their job
55. The Principle of Least Privilege
• You (or the application, process, module, etc)
should have the minimum level of access
required for performing their job
• Salesguy should not have been added to the
platform UAA
57. So you want to secure your products
• Example
– You want to build a product that’s packaged as a
CF service
my-cloudfoundry.cn
my-service
58. So you want to secure your products
• Example
– When apps bind to the service…
my-cloudfoundry.cn
my-service my-app
cf bind-service
59. So you want to secure your products
• Example
– Create an oauth client
my-cloudfoundry.cn
my-service my-app
UAA
POST
/oauth/client
60. So you want to secure your products
• Example
– Create an oauth client
my-cloudfoundry.cn
my-service my-app
UAA 201: Created
61. my-cloudfoundry.cn
So you want to secure your products
• Example
– So that the app to service communication can be
secured by OAuth2 client credentials grant
my-service my-app
UAA
The client_id and
client_secret are in
VCAP_SERVICES
62. my-cloudfoundry.cn
So you want to secure your products
• Example
– So that the app to service communication can be
secured by OAuth2 client credentials grant
my-service my-app
UAA
GET /api/foo
-H ‘Authorization:
bearer eyJhbGci…’
63. So you want to secure your products
• Perfect! Use UAA
– App to app communication client credentials
– Token verification JWT signature
– Every app gets their own credentials
• Super secure right?
64. How do you create clients in UAA?
• POST /oauth/clients
– Token must have scope clients.write
• Creating clients with authorities
– Eg the app gets a token with my-service.read
scope
– Requires clients.write and uaa.admin
• So give your service admin credentials?
71. The Principle of Least Privilege
• You (or the application, process, module, etc)
should have the minimum level of access
required for performing their job
72. The Principle of Least Privilege
• You (or the application, process, module, etc)
should have the minimum level of access
required for performing their job
• Giving admin level credentials to applications
is dangerous
74. How do you deploy your own UAA?
• cf push cloudfoundry-identity-uaa.war
• Yaml config
• Bootstrap users
• Provision DB
• Do the above manually, or as part of a Bosh
deployment
75. Running your own UAA
• Pros:
– Principle of least privilege
– You can fork it
• Cons:
– Overhead
– Manual upgrades
– “yak shaving” a bosh release
76. Running your own UAA
• Pros:
– Principle of least privilege
• Systems secured by your UAA cannot affect systems
secured by the platform UAA
77. Running your own UAA
• Pros:
– Principle of least privilege
Your UAA
78. Running your own UAA
• Pros:
– Principle of least privilege
Your UAA
Platform UAA
79. Running your own UAA
• Pros:
– Principle of least privilege
Your UAA
Platform UAA
Impossible!
80. Running your own UAA
• Pros:
– Principle of least privilege
– You can fork it
• Cons:
– Overhead
– Manual upgrades
– “yak shaving” a bosh release
82. What is Multitenant UAA
• CF v208 +
• The built-in UAA with subdomains
• Subdomain maps to Identity Zone
• Total segregation between Identity Zones
• API for creating Identity Zones
• Existing API stays the same
83. Zone administrators
• UAA users with god-like powers in an identity
zone
• Requires scope zone.[zone-id].admin
• Instead of targeting zone via subdomain, use
X-Identity-Zone-Id header
– POST uaa.domain.com/oauth/clients create a
client in the UAA zone
– POST uaa.domain.com/oauth/clients -H “X-
Identity-Zone-Id:12345” create a client in the
Identity Zone with id 12345
84. Multitenant UAA
• Pros:
– Principle of least privilege
– API calls for creating a new tenant (aka Identity
Zone)
– Zone administrators instead of bootstrap users
• Cons:
– Overhead
– Manual upgrades
– “yak shaving” a bosh release
– You can’t fork it
86. Multitenant UAA with UAAC
• Setup can be cumbersome
– When acting as zone admin with X-Identity-Zone-
Id header, you can only uaac curl
• Once you have an admin client in the zone,
uaac works great
• Future enhancements
– Creating initial users / clients when the Identity
Zone is created
– -z global option to target a zone via header
87. Summary
• UAA is great for securing Cloud Native
Applications
• Always use the principle of least privilege
– Don’t add non-platform users to the platform
– Don’t give out platform admin abilities to other
apps
• You can deploy your own UAA
– but multitenant UAA is an API call away
• Tooling needs to catch up
– But once you get that admin client set up, its easy