The document proposes adding federated identity management to OpenStack to allow users to authenticate using existing credentials from an identity provider. This would simplify credential management for users and developers. It describes components like an OpenStack gateway that would handle authentication and attribute validation, mapping identities to local tenants and roles. Next steps discussed include a live demo, getting feedback, and incorporating this into a future OpenStack release.
Managing Enterprise Services through Service Versioning & Governance - Impact...Prolifics
Speakers: Brian Bubonic, Huntington National Bank; Emil Thomas, Prolifics
Description: Huntington National Bank is a Midwestern bank headquartered in Columbus, Ohio. Over the past one year, Huntington has been trying to enforce service governance by using IBM SOA products and also by adopting more stricter policies and standards around design, development and usage of the services. With an estimated 500 plus enterprise services to be in Production by the end of 2012 and with challenging requirements to evolve services continually for the various consuming applications, this is no mean feat. In this presentation, we will showcase the challenges faced in the journey, the approaches taken and the benefits achieved with enterprise service versioning and enforcing service governance to achieve enterprise service agility.
Deja-Vu Solutions Limited has expertise in providing variety of services and solutions which includes web development, content development, data entry, and IT consulting under one roof.
Our vision focuses on customer satisfaction and provides our clients the competitive advantage through innovative use of technology and employee expertise. We thrive to achieve long-term relations with clients through success. We have time and again anticipated and exceeded customer expectations.
Managing Enterprise Services through Service Versioning & Governance - Impact...Prolifics
Speakers: Brian Bubonic, Huntington National Bank; Emil Thomas, Prolifics
Description: Huntington National Bank is a Midwestern bank headquartered in Columbus, Ohio. Over the past one year, Huntington has been trying to enforce service governance by using IBM SOA products and also by adopting more stricter policies and standards around design, development and usage of the services. With an estimated 500 plus enterprise services to be in Production by the end of 2012 and with challenging requirements to evolve services continually for the various consuming applications, this is no mean feat. In this presentation, we will showcase the challenges faced in the journey, the approaches taken and the benefits achieved with enterprise service versioning and enforcing service governance to achieve enterprise service agility.
Deja-Vu Solutions Limited has expertise in providing variety of services and solutions which includes web development, content development, data entry, and IT consulting under one roof.
Our vision focuses on customer satisfaction and provides our clients the competitive advantage through innovative use of technology and employee expertise. We thrive to achieve long-term relations with clients through success. We have time and again anticipated and exceeded customer expectations.
These are slides from a talk I gave on 19 April, 2012, at the Object Management Group's (OMG's) Real-Time Workshop in Paris, France. The purpose of the talk was to describe the ways in which building applications is different from building platforms and systems, especially with respect to patterns of communication. Specifically, the recognized messaging patterns make sense at an application layer but are often too limiting and brittle within the software infrastructure itself.
Interested in learning more about the technical architecture of DuraCloud? Curious about how it runs in the cloud? This presentation details the technical underpinnings of DuraCloud.
Presented by:
Bill Branan, DuraCloud Lead Developer, DuraSpace
Where and when to use the Oracle Service Bus (OSB)Guido Schmutz
The Oracle Service Bus (OSB) is part of the Oracle SOA Suite 11g and stands in the center of modern process- and integration-solutions. The lightweight, stateless and high-performant architcture of the OSB turns it into an excellent tool for doing transformation and routing of messages. This presentation explains where and when the usage of the OSB makes sense but also shows the limits of the OSB.
Jorg-Peter Elbers delivers presentation at IP Expo 2012 in London about how expanding OpenFlow SDN protocol beyond the data centre will lead to more efficient cloud networking environments and business innovation.
“Apache Hadoop, Now and Beyond”, Jim Walker, Director of Product Marketing, Hortonworks
Hadoop is an open source project that allows you to gain insight from massive amounts of structured and unstructured data quickly and without significant investment. It is shifting the way many traditional organizations think of analytics and business models. While it is deigned to take advantage of cheap commodity hardware, it is also perfect for the cloud as it is built to scale up or down without system interruption. In this presentation, Jim Walker will provide an overview of Apache Hadoop and its current state of adoption in and out of the cloud.
New applications are increasingly built on distributed service architectures, including mobile and cloud-based services which increase the complexity and interdependency of the systems to be tested.
Teams are forced to do performance test earlier in the application lifecycle, before the application is complete or stable with the increased pressure to operate more efficiently, produce valuable results more quickly, and operate with fewer resources.
Learn how Service Virtualization is a critical enabler to allow testers to get started with performance testing from the first sprint.
We will demonstrate how Service Virtualization is an easy-to-use solution that integrated with multiple performance testing tools, resulting in an almost seamless solution for performance engineering and validation.
This presentation gives an overview about WSO2's technology platform as of Q2 2009. It gives an update about the ESB, the Web Services Application Server, Business Process Server as well as the re-branded Governance Registry and Identity Server.
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
This session will help you understand what cloud security is and how to implement it in your enterprise. It will discuss the technical aspects of cloud security and how we can help you secure the cloud while ensuring sensitive information always remains behind the firewall.
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
This session will help you understand what cloud security is and how to implement it in your enterprise. It will discuss the technical aspects of cloud security and how we can help you secure the cloud while ensuring sensitive information always remains behind the firewall.
These are slides from a talk I gave on 19 April, 2012, at the Object Management Group's (OMG's) Real-Time Workshop in Paris, France. The purpose of the talk was to describe the ways in which building applications is different from building platforms and systems, especially with respect to patterns of communication. Specifically, the recognized messaging patterns make sense at an application layer but are often too limiting and brittle within the software infrastructure itself.
Interested in learning more about the technical architecture of DuraCloud? Curious about how it runs in the cloud? This presentation details the technical underpinnings of DuraCloud.
Presented by:
Bill Branan, DuraCloud Lead Developer, DuraSpace
Where and when to use the Oracle Service Bus (OSB)Guido Schmutz
The Oracle Service Bus (OSB) is part of the Oracle SOA Suite 11g and stands in the center of modern process- and integration-solutions. The lightweight, stateless and high-performant architcture of the OSB turns it into an excellent tool for doing transformation and routing of messages. This presentation explains where and when the usage of the OSB makes sense but also shows the limits of the OSB.
Jorg-Peter Elbers delivers presentation at IP Expo 2012 in London about how expanding OpenFlow SDN protocol beyond the data centre will lead to more efficient cloud networking environments and business innovation.
“Apache Hadoop, Now and Beyond”, Jim Walker, Director of Product Marketing, Hortonworks
Hadoop is an open source project that allows you to gain insight from massive amounts of structured and unstructured data quickly and without significant investment. It is shifting the way many traditional organizations think of analytics and business models. While it is deigned to take advantage of cheap commodity hardware, it is also perfect for the cloud as it is built to scale up or down without system interruption. In this presentation, Jim Walker will provide an overview of Apache Hadoop and its current state of adoption in and out of the cloud.
New applications are increasingly built on distributed service architectures, including mobile and cloud-based services which increase the complexity and interdependency of the systems to be tested.
Teams are forced to do performance test earlier in the application lifecycle, before the application is complete or stable with the increased pressure to operate more efficiently, produce valuable results more quickly, and operate with fewer resources.
Learn how Service Virtualization is a critical enabler to allow testers to get started with performance testing from the first sprint.
We will demonstrate how Service Virtualization is an easy-to-use solution that integrated with multiple performance testing tools, resulting in an almost seamless solution for performance engineering and validation.
This presentation gives an overview about WSO2's technology platform as of Q2 2009. It gives an update about the ESB, the Web Services Application Server, Business Process Server as well as the re-branded Governance Registry and Identity Server.
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
This session will help you understand what cloud security is and how to implement it in your enterprise. It will discuss the technical aspects of cloud security and how we can help you secure the cloud while ensuring sensitive information always remains behind the firewall.
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
This session will help you understand what cloud security is and how to implement it in your enterprise. It will discuss the technical aspects of cloud security and how we can help you secure the cloud while ensuring sensitive information always remains behind the firewall.
As more applications are being developed as a set of microservices, containers and platforms such as Kubernetes make many things much easier, but still leave untouched many operational issues such as traffic management and visibility, service authentication, security and policy. Istio, is a new service mesh that attempts to address many of these. We will discuss the architecture of Istio and the benefits it may offer to new microservice-based systems in a multicloud world.
How To Track Performance and Fault in a Multi-layer, Software-Defined Network...CA Technologies
Software-Defined Networking (SDN) adds virtual and logical layers to the underlying physical network. In order to understand monitoring requirements for performance and fault management, you need to have the multi-layer metadata readily available for reconciliation. In this session, we will go through some scenarios and workflows to demonstrate how CA Technologies solutions solves these problems.
For more information, please visit http://cainc.to/Nv2VOe
Hosted by PolarSeven Cloud Consulting - http://polarseven.com
Our monthly AWS User Group Sydney presentation night.
http://www.meetup.com/AWS-Sydney/
Introductions and Whats New AWS - by PolarSeven
» Whats new - Efs and step functions,
» AWS Filesystems - understanding how EBS and Instance store are implemented
Session 1 - Westcon:
http://au.westcon.com/
Learn about the new types of Reserved Instances that are now available, the importance of optimising your environment before purchasing RI's and making sure that once purchased they are correctly utilised.
Session 2 - Brocade:
http://www.brocade.com/en.html
When using your AWS resources, network optimisation and traffic inspection remains a challenge, in this session we'll look at how to get visibility for your internet traffic and secure your website.
Early Draft: Service Mesh allows developers to focus on business logic while the crosscutting network data layer code is handled by the Service Mesh. This is a boon because this code can be tricky to implement and hard to test all of the edge cases. Service Mesh takes this a few steps further than AOP or Servlet Filters or custom language-specific frameworks because it works regardless of the underlying programming language being used which is great for polyglot development shops. Thus standardizing how these layers work, while allowing teams to pick the best tools or languages for the job at hand. Kubernetes and Istio Service Mesh automate best practices for DevSecOps needs like: failover, scale-out, scalability, health checks, circuit breakers, rate limiters, metrics, observability, avoiding cascading failure, disaster recovery, and traffic routing; supporting CI/CD and microservices architecture.
Istio’s ability to automate and maintaining zero trust networks is its most important feature. In the age of high-profile data breaches, security is paramount. Companies want to avoid major brand issues that impact the bottom line and shrink market capitalization in an instant. Istio allows a standard way to do mTLS and auto certificate rotation which helps prevent a breach and limits the blast radius if a breach occurs. Istio also takes the concern of mTLS from microservices deployments and makes it easy to use taking the burden off of application developers.
Governance 2.0: A New Look at SOA Governance in The Age of Cloud and MobileCA API Management
As enterprises extend their IT reach into the cloud and across mobile devices, the need for controlling who gets access to what information becomes more complex. As application data and functionality gets exposed over the Internet enterprises are going to face greater compliance scrutiny, new challenges in identity verification, increased emphasis in SLA conformance, monitoring challenges that span cloud applications and application, policy and interface lifecycle needs that extend to mobile devices and SaaS integrations. This Webinar given by Layer 7 Technologies and HP Software will look at new approaches and best practices for handling Governance across SOA, Mobile and Cloud.
Visit www.layer7tech.com to learn more.
In this webinar, we will review all important information for sponsors packages, add-ons, venue details, and how to become a sponsor.
Webinar recording: https://youtu.be/kUjMTNoX6yM
A few quick points for those who may be attending an OpenStack Summit for the first time. We are excited to see you in Barcelona, Spain October 25-28, 2016.
An overview of the 1H2016 OpenStack Marketing Plan shared with the marketing community during our regular calls. Learn more at https://wiki.openstack.org/wiki/Governance/Foundation/Marketing#Open_Marketing_Meetings_2016
The Foundation marketing team put together a high level overview of 2H 2015 plans in order to get input from the marketing community and provide more information on how marketers can take advantage of the work, as well as get involved and contribute.
This is a content overview of the important information and details for sponsors of the upcoming OpenStack Summit in Tokyo, Japan taking place October 27 - 30.
You can watch a recording of the webinar here: https://openstack.webex.com/openstack/ldr.php?RCID=d48605b7ca9fdccd990ab20eb9334be8
OpenStack celebrates its fifth birthday, July 19, 2015, and this presentation provides an update on the community momentum, as well as what's next. #openstack5bday
At OpenStack Day CEE 2015, we discuss the latest user survey results, some real-world OpenStack case studies and how new users and cloud operators can get involved with the community.
1. Adding Federated Identity
Management to OpenStack
David Chadwick
University of Kent
Open Stack Summit
University of Kent 1
18/10/2012
2. Why Do It?
• Makes it easier for users
– Less credentials to remember/manage
– Provides single sign on
• Makes it easier for system developers
– Don’t need to develop secure credential storage or
authentication mechanisms and protocols
• Provides much more flexibility
– Allows any type of authentication mechanism to be easily
incorporated since it is “out of scope” of the federation protocol
• Can make it more secure
– Users can have one set of strong credentials, so less likely to
share them, forget them etc.
– No longer a honeypot of credentials to be stolen by attackers
• Makes it easier for operations staff
– No need to register new users, replace lost or forgotten
credentials, remove old users
Open Stack Summit
University of Kent 2
18/10/2012
3. Limitations
• Still need a way to finely differentiate users for
authorisation purposes
• Still need to be able to ban abusive users
• Probably need to use a web browser for the
actual step of user authentication
• More steps involved in protocols, and in user
interface
• Most federated identity management systems
today are open to phishing attacks from evil
service providers who redirect user to a clone IdP
– Use zero knowledge proof authn mechanism
– Have intelligent client that does not require
redirection
Open Stack Summit
University of Kent 3
18/10/2012
4. Attribute
+ Authn
Attribute
DB
Authn
DB FIM Components
DB
Federation
IdP AA AS Directory
Service
RIS Credn
At AM CVS Validation
Ag Policy
OpenStack
User/ Gateway
Client
TIS TVS
Access
Control
Cloud Cloud Cloud
Authz Policy
Service
Provider 1
Open Stack Summit
Service
Provider 2
...
University of Kent
Service
Provider n
(PDP)
4
18/10/2012
Policy DB
5. Acronyms
• AA – Attribute Authority.
• AM – Attribute Mapper
• AS – Authentication Service.
• AtAg – Intelligent component of the client (Attribute
Aggregator)
• CSP – Cloud Service
• CVS – Credential Validation Service
• Dir – Directory Service
• IDP – Identity Provider
• OG – OpenStack Gateway (Currently the role played by
Keystone)
• PDP – Policy Decision Point
• RIS – Request Issuing Service
• TIS – Token Issuing Service
• TVS – Token Validation Service
Open Stack Summit
University of Kent 5
18/10/2012
6. Guiding Principles
• Keep it simple for CSPs
– Bulk of security done by OG (user authn and attribute validation)
• Each CSP keeps it existing tenants/accounts and roles for authz and trusts
OG to correctly issue them to users
– Are thousands of IdPs/AAs, millions of attributes so OG must map between these and
CSP tenants/roles
– Mapping must be configurable in OG, e.g. through policies or config files
• OG has a set of trust relationships with a set of external IdPs, ASs and AAs
– All IdP/AA issued attributes/roles must be globally identifiable so OG knows how to map
these into the local tenants/roles
• User knows which cloud service he wishes to use, so this is his first port of
call
– User does not need to know about OG. CSP can dynamically change OG. CSP can
dynamically change its role requirement policy
• Most IdPs rely on UN/PW so are open to phishing attacks
– Introduce an intelligent client which is not phishable. It performs a directory
lookup on the issuer in order to obtain its metadata and make a direct request
to it (research topic)
Open Stack Summit
University of Kent 6
18/10/2012
7. Single IdP, Simple Client
OG Internal Services
User Client CSP PDP Dir OG AM RIS CVS TIS TVS IDP
0 1
2
3
4
5
6 7
8
9
10
11
12 12
13
14
15
16 17
18
19
20
21
23 22
24 25
30 26
27
28
29 29
Open Stack Summit
University of Kent 7
18/10/2012
8. Next Steps
• Live Demo ?
• How to get public comment and feedback?
• How to incorporate this into future OpenStack
release ?
• Beta release is now available for testing and
feedback. Who would like a copy?
Open Stack Summit
University of Kent 8
18/10/2012
9. Step 0
C:Python27Scripts>python swift -F -A
http://persistence.kent.ac.uk:80/v2.0/ list textFiles
Ret
Open Stack Summit
University of Kent 9
18/10/2012
10. Step 6
C:Python27Scripts>python swift -F -A
http://persistence.kent.ac.uk:80/v2.0/ list textFiles
You have access to the following realm(s):
{ 0 } Kent Proxy Identity Service
{ 1 } Big Bank
Enter the number corresponding to the realm you
want to use:
Ret
Open Stack Summit
University of Kent 10
18/10/2012
12. Step 19
C:Python27Scripts>python swift -F -A
http://persistence.kent.ac.uk:80/v2.0/ list textFiles
You have access to the following realm(s):
{ 0 } Kent Proxy Identity Service
{ 1 } Big Bank
Enter the number corresponding to the realm you
want to use: 1
You have access to the following tenant(s):
{ 0 } Visa User's Cloud Services
Enter the number corresponding to the tenant you
want to use:
Open Stack Summit Ret
University of Kent 12
18/10/2012
13. Step 29
C:Python27Scripts>python swift -F -A
http://persistence.kent.ac.uk:80/v2.0/ list textFiles
You have access to the following realm(s):
{ 0 } Kent Proxy Identity Service
{ 1 } Big Bank
Enter the number corresponding to the realm you want to use: 1
You have access to the following tenant(s):
{ 0 } Visa User's Cloud Services
Enter the number corresponding to the tenant you want to use: 0
August2012.txt
July2012.txt
September2012.txt
C:Python27Scripts>
Open Stack Summit
University of Kent 13
18/10/2012
Ret