Single Sign-On (SSO) allows users to securely store credentials in a centralized database and access services using common authentication protocols. gSSO is an open source SSO framework written in C that provides a secure credential storage system and implements common authentication methods like OAuth, SASL, and HTTP Digest. It allows applications to initiate authentication operations without directly accessing credentials. The gSSO architecture separates components like the credential database, access control plugins, and authentication method plugins to provide a flexible yet secure SSO solution.
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it quite easy to get away with. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating system and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure. Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, I demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed.
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
Critical security vulnerabilities in the Apache Struts software has enabled hackers to compromise corporate Web servers, putting sensitive corporate data at risk.
Microsoft Ignite session: Explore adventures in the underland: forensic techn...Paula Januszkiewicz
Cybercrime is a very lucrative business not just because of the potential financial return, but because it quite easy to get away with. Sometimes hackers get caught, but most of the time they still run free. When it comes to operating system and after-attack traces, it is not that bad as all traces are gathered in one place – your infrastructure. Even though hackers use techniques to remain on the loose, it is possible by using forensic techniques to gather evidence in order to demonstrate what actually happened. During this super intense session, I demonstrated techniques used by hackers to hide traces and forensic techniques that indicate how these activities were performed.
Apache struts vulnerabilities compromise corporate web servers Jeff Suratt
Critical security vulnerabilities in the Apache Struts software has enabled hackers to compromise corporate Web servers, putting sensitive corporate data at risk.
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
OSSIM v4.5 is here! With a focus on ease of use, better error control, and suggestions to make your security visibility more complete, OSSIM v4.5 works hard to save you time. Join us for this FREE user training session to learn more about what's new in OSSIM v4.5:
Streamline workflows: The more intuitive, easy to use, and consistent user interface helps you accomplish daily tasks in less time
Reduce blindspots: OSSIM v4.5 alerts you of network assets that aren't sending events to OSSIM so you can quickly add them
Avoid service disruptions: OSSIM v4.5 proactively alerts you of impending errors related to disk space utilization, IDS packet capture issues, etc.
Plus, we'll give an overview of how you can improve threat detection and simplify incident response with the AlienVault Labs Threat Intelligence feed included in AlienVault Unified Security Management™ USM).
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
Being able to audit and monitor user activity across a Windows Server based Network and heterogeneous network is key to knowing what is going on in your Windows environment and heterogeneous environment. Monitoring user activity is vital in helping mitigate increasing insider threats.
Enterprise Network Design and Deployment Sandeep Yadav
This presentation presents insights, and perspectives from Cisco Security Research highlights the challenges that defenders face in detecting and blocking attackers who employ a rich and ever-changing arsenal of tools
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
For a long time, many organizations could make a safe enough bet relying on antivirus and firewall to protect against threats. However, today’s sophisticated attackers and malware are adept at evading those defenses. In this presentation from her on-demand webinar, enterprise security MVP, Paula Januszkiewicz, puts on her hacker cap and walks you through:
- Techniques of bypassing the antivirus mechanisms
- Tactics used today by malware that allows it to run
- Prevention methods to avoid being attacked by the newest cybercriminals’ innovations
- Why least privilege security is essential for defending against hackers
BeyondTrust’s PowerBroker for Windows Product Manager, Jason Silva, caps off this webinar by showing attendees how eliminating admin rights and elevating rights to secure applications only, can help augment traditional antivirus solutions and keep you protected against more sophisticated threats.
You can find the full webinar recording here: https://www.beyondtrust.com/resources/webinar/hacker-techniques-bypassing-existing-antivirus-solutions-build-defense-least-privilege/
A walk through Windows firewall and Netsh commandsRhydham Joshi
Presentation slides explores various options of windows firewall and Netsh command line utility.
It explains about enabling logging feature for allowed/blocked logs, understanding different options for inbound and outbound connection and interpretation of logs for detecting anomalies in Windows O.S.
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
In this presentation from her webinar, Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,explores common ‘infrastructure sins’.
Security audits are the best opportunity to become familiar with the common (and uncommon) Windows security mistakes made by sys admins. Unfortunately, too often the common mistakes are extremely serious and can present an easy inroad to catastrophic security event. But where do you start? Learn from Paula in this presentation, or check out the full webinar here:
https://www.beyondtrust.com/resources/webinar/avoiding-10-deadliest-common-sins-securing-windows/?access_code=bc633e62b0095c6ed17684297ee49db4
Now and right here, you can meet diverse watchfaces for Gear Fit2
If you find anything inspiring, share your thoughts
We are looking for your design depicting ‘Sports & Dynamic’.
Isabelle Bader Centre for the Performing Artsartsking
On July 12th, 2012 the Kingston Arts Council hosted a Pecha Kucha with the future tenants of the Tett Centre for Creativity and Learning. A Pecha Kucha is a simple presentation fomat: 20 slides, 20 seconds each. This presentation by Gordon Smith introduces the Isabel Bader Centre project. The Isabel Bader Centre for the Performing Arts is currently being built beside the Tett Centre and the these two buildings will create a vibrant arts cluster.
www.artskingston.ca
www.pecha-kucha.org
how to make architecture graduation project Eman Ateek
Its a presentation made by me for architecture senior year students about how to get a concept to your project , how to start your drawing , tricks and tips about how to manage the project .
all in highlight titles .
OSSIM User Training: Detect and Respond to Threats More Quickly with OSSIM v4.5AlienVault
OSSIM v4.5 is here! With a focus on ease of use, better error control, and suggestions to make your security visibility more complete, OSSIM v4.5 works hard to save you time. Join us for this FREE user training session to learn more about what's new in OSSIM v4.5:
Streamline workflows: The more intuitive, easy to use, and consistent user interface helps you accomplish daily tasks in less time
Reduce blindspots: OSSIM v4.5 alerts you of network assets that aren't sending events to OSSIM so you can quickly add them
Avoid service disruptions: OSSIM v4.5 proactively alerts you of impending errors related to disk space utilization, IDS packet capture issues, etc.
Plus, we'll give an overview of how you can improve threat detection and simplify incident response with the AlienVault Labs Threat Intelligence feed included in AlienVault Unified Security Management™ USM).
Monitoring Privileged User Actions for Security and Compliance with SureLog: ...Ertugrul Akbas
Being able to audit and monitor user activity across a Windows Server based Network and heterogeneous network is key to knowing what is going on in your Windows environment and heterogeneous environment. Monitoring user activity is vital in helping mitigate increasing insider threats.
Enterprise Network Design and Deployment Sandeep Yadav
This presentation presents insights, and perspectives from Cisco Security Research highlights the challenges that defenders face in detecting and blocking attackers who employ a rich and ever-changing arsenal of tools
Hacker techniques for bypassing existing antivirus solutions & how to build a...BeyondTrust
For a long time, many organizations could make a safe enough bet relying on antivirus and firewall to protect against threats. However, today’s sophisticated attackers and malware are adept at evading those defenses. In this presentation from her on-demand webinar, enterprise security MVP, Paula Januszkiewicz, puts on her hacker cap and walks you through:
- Techniques of bypassing the antivirus mechanisms
- Tactics used today by malware that allows it to run
- Prevention methods to avoid being attacked by the newest cybercriminals’ innovations
- Why least privilege security is essential for defending against hackers
BeyondTrust’s PowerBroker for Windows Product Manager, Jason Silva, caps off this webinar by showing attendees how eliminating admin rights and elevating rights to secure applications only, can help augment traditional antivirus solutions and keep you protected against more sophisticated threats.
You can find the full webinar recording here: https://www.beyondtrust.com/resources/webinar/hacker-techniques-bypassing-existing-antivirus-solutions-build-defense-least-privilege/
A walk through Windows firewall and Netsh commandsRhydham Joshi
Presentation slides explores various options of windows firewall and Netsh command line utility.
It explains about enabling logging feature for allowed/blocked logs, understanding different options for inbound and outbound connection and interpretation of logs for detecting anomalies in Windows O.S.
Avoiding the 10 Deadliest and Most Common Sins for Securing WindowsBeyondTrust
In this presentation from her webinar, Enterprise Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,explores common ‘infrastructure sins’.
Security audits are the best opportunity to become familiar with the common (and uncommon) Windows security mistakes made by sys admins. Unfortunately, too often the common mistakes are extremely serious and can present an easy inroad to catastrophic security event. But where do you start? Learn from Paula in this presentation, or check out the full webinar here:
https://www.beyondtrust.com/resources/webinar/avoiding-10-deadliest-common-sins-securing-windows/?access_code=bc633e62b0095c6ed17684297ee49db4
Now and right here, you can meet diverse watchfaces for Gear Fit2
If you find anything inspiring, share your thoughts
We are looking for your design depicting ‘Sports & Dynamic’.
Isabelle Bader Centre for the Performing Artsartsking
On July 12th, 2012 the Kingston Arts Council hosted a Pecha Kucha with the future tenants of the Tett Centre for Creativity and Learning. A Pecha Kucha is a simple presentation fomat: 20 slides, 20 seconds each. This presentation by Gordon Smith introduces the Isabel Bader Centre project. The Isabel Bader Centre for the Performing Arts is currently being built beside the Tett Centre and the these two buildings will create a vibrant arts cluster.
www.artskingston.ca
www.pecha-kucha.org
how to make architecture graduation project Eman Ateek
Its a presentation made by me for architecture senior year students about how to get a concept to your project , how to start your drawing , tricks and tips about how to manage the project .
all in highlight titles .
JT Performing Arts Center (JTPAC) - The first multi-centric cultural stage in Kerala, JTPac has been committed since its inception in 2009 to promote and preserve the country’s rich and vibrant traditions in music, dance, folk and theatre.
JT Pac is the only star member of International Society for the Performing Arts.
The centre was launched by Malayalam Film actor Padmashri Mohanlal and Choice Group Chairman Jose Thomas, fulfilling their commitment to preserve art and culture in the days to come.
The design of concert hall itself inspires the performers and excites the audience. It is recognized by artists, patrons and the media alike to be among South India’s foremost venues for performing arts.
A magnificent performance centre with 617 seat capacity, so ergonomically designed for the vantage view from all points with box seats , the air conditioned arena is replete with a spaced out lobby, cafeteria and hang-out joints. The right place to get inspired and interact.
A key aspect of JTPac is that it is amongst a handful few Performing Arts Centers across the globe, committed to offering fellowships. A not-for-profit organization, we support 14 Artists - as of this fiscal year- who need financial or medical aid.
Our approach : to be sustainable in our sensitivity to the field of arts and dedicate wholeheartedly to inspire change in the field of culture is being perceived. This, of course will be done through a transparent operational model, where trust , credibility and efficiency will be the benchmarks.
Our people : Dedicated core team with best intellectual and temperamental make up to nurture and guide the creative talent while effectively managing the multi-layered operational structure to yield results. Ingenious and committed, they work with artists, sponsors, associate s and well –wishers to power this noble vision ahead.
5 selective types of architecture design process, what are the stages in each types and what does it have in common?
and using diagrammatic approach to elaborate these founding
For additional summary of the slides:
http://asasku.blogspot.com/2009/03/design-process-part-2.html
This slide show is in conjunction with my design portfolio. This showcases my Thesis project as a cumulative example of the variation in acquired skills, and practices.
Application Explosion How to Manage Productivity vs SecurityLumension
Windows users today are more application oriented than ever, but that hunger often leads them to unsafe choices. In this presentation you’ll learn about the attributes of both free and commercial application security tools. You’ll also learn the key steps you need to follow to effectively accommodate user application needs without giving malefactors a foot in the door to your enterprise.
Tools and Mechanisms for Network Security in an Organization.
Physical Security, Administrative Security and Technical Security measures have been described.
Security Testing Tools are Nessus, THC Hydra, Kismet, Nikto, WireShark and NMAP.
Ron Munitz - The Ultimate Android Security Checklist - Codemotion Rome 2015Codemotion
Ron Munitz - Codemotion Rome 2015
In this session I will present the essential security measures for Application Developers, show how to reverse engineer purely protected apps, and discuss what common security guidelines will and will not work against untrusted, rooted devices. The session will include the confessions of an evil, yet good attacker, and will unleash some serious security flaws you have probably never considered in your app development.
Samsung ARTIK 050 (ARTIK ZERO) Modules Data SheetRyo Jin
Samsung ARTIK is an end-to-end, integrated IoT Platform that transforms the process of developing, launching and managing connected products. The ARTIK 050 module is specifically built to provide secure IoT connectivity for products across vertical markets, including smart home, smart lighting, smart building, manufacturing, and health and wellness.
Introduction to Watch Face Development with Tizen StudioRyo Jin
These materials describe how to develop Gear watch apps for Gear S2 and S3 devices via Tizen Studio, which you can distribute commercially and for free via the Galaxy Apps store.
Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan DriverRyo Jin
At XDC2016 Day 1, Samsung R&D talking about Tizen 3.0's Window System Integration Layer of OpenGLES/EGL & Vulkan Driver. Lots of technical details there for those interested in Vulkan and friends.
Panduan Penggunaan Perangkat Wearable TizenRyo Jin
Panduan Penggunaan Perangkat Wearable Tizen ini dibuat dengan tujuan untuk memberi tutorial bagi pengguna baru yang masih asing dengan Tizen khususnya pengguna baru smartwatch yang mulai digemari. Platform wearable yang dipakai adalah Samsung Gear S2 yaitu smartwatch samsung pertama yang menggunakan TIZEN sebagai OS-nya.
Buku berjudul "Cara Menggunakan Smartphone Tizen" ini memberi tutorial bagi penggua baru yang masih asing dengan OS Tizen. Smartphone yang dipakai adalah smartphone komersial Tizen pertama yaitu Samsung Z1.
Tizen experiences explosive growth as #1 platform for IoT
It became a leading independent open platform for all segments
IoT interoperability is the key for rapid growth of Digital Economy
Tizen is guided by Open InterConnect Consortium
Tizen itself is establishing as an Open Independent Project
Tizen Micro profile is an open platform for low-end IoT devices to utilize the Internet and extend their value with Web technology. Tizen Micro profile provides the minimal S/W stack that is necessarily required on IoT devices. It will be common for the every IoT devices in Tizen and address Tizen as OS of Everything.
Tizen merupakan open source project untuk sistem operasi yang berbasis modifikasi Linux Kernel dan WebKit runtime. Dengan Tizen, kita dapat menjalankan aplikasi diatas Smartphone, Wearable ataupun complaisance devices yang mengusung OS Tizen.
Buku Panduan Dasar Pemrograman Tizen dibuat dengan maksud dan tujuan untuk membantu para developer pemula atau developer yang sudah memiliki ketrampilan memprogram aplikasi mobile baik itu Windows Phone, Android ataupun iOS dalam membuat aplikasi mobile diatas platform Tizen.
The Story of Enlightenment, EFL, Tizen and WaylandRyo Jin
Carsten Haitzler (Rasterman) presented at FOSDEM 2016 about Enlightenment on Wayland. As part of that, with Samsung's Tizen environment using Enlightenment, they too are after Wayland as being the superior solution to X11.
There has been an increased support for various profiles and devices on Tizen. As Tizen is a multi/cross platform, device integration will be the main factor of a fluid interface between devices. Whether it is Mobile, Wearable, or TV the scalability and usability will be accessible. These features will allow the users to gain: (1) Easy Access, (2) Content Mash-up, and (3) Multi Device Control. This presentation will introduce the "Tizen Pass" which cover Cross device User Experience & features of Tizen convergence service FW.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
3. What is the problem that Single Sign-on systems are aiming to solve?
Source: xkcd.com/1200
4. What is gSSO?
● A system for storing sensitive user data (credentials is the term for it) securely*
● Provides implementations of common** operations and authentication protocols that use those
credentials and the API to access it
● Written entirely in C using Glib and its class and object system (Gobject)
● License: LGPL 2.1+
* the word 'securely' will be explained in a moment
** what exactly is meant by 'common' operations will also be explained in a moment
5. What is 'security' as understood by gSSO? (1/2)
Credentials are stored in a database, and the database must be stored on disk so that only gsso can
access it
– The details of such secure storage are handled by plugins
– By default classic Unix permissions on the database file are used
– The database can also be encrypted on disk using ecryptfs
– Other platform security mechanisms can be utilized by writing additional plugins
6. What is 'security' as understood by gSSO? (2/2)
Access to each credential must be allowed only to explicitly listed applications
– Each credential has an access control list
– Checks against this list are performed by an access control plugin
– The default plugin is using filesystem paths to perform checks
– There is also a plugin that is using SMACK labels
– There is also support for access controlling applications, if they are not standalone binaries, but
scripts that run in a runtime
7. What are the common operations that use credentials?
● Applications do not access credentials directly (again, this is good for security)
● Applications initiate an operation on a credential from a list of allowed operations (mechanisms)
● List of allowed methods/mechanisms is stored together with the credential in a database
● Method is a class implemented by a plugin
● Mechanisms are functions of a method
With that said, the methods fall broadly into two categories:
● Offline (do not send anything over the network)
● Online (usually, authentication protocols to get access to some service)
8. Offline methods
● The simplest method: store and retrieve a username/password pair
– Can be used for password management, or when the password is sent directly over the network
(not a good idea!)
– Implemented by 'password' plugin
● X.509
– Handles operations with X.509 certificates such as sign, verify, encrypt and decrypt, without
exposing the related keys to applications
● Generic encryption/decryption engine
– The key is never exposed to the applications
● Front-end to specialized security hardware (such as a trusted execution engine or a smart card)
– Provides a common API to applications, so they don't have to implement a hardware specific API
9. Online methods
● OAuth version 1 and 2
– Very popular mechanism for authorizing applications to access online services. Used by Google,
Facebook, Twitter, Microsoft, LinkedIn, Amazon, Yahoo,... pretty much everybody.
– Typically involves showing the user a webpage which asks if the user trusts some application to
access some data from a service, and if the user does, the application gets a magic access string
(a 'token')
– GSSO implements the client side of OAuth 1 and 2 RFC standards fully, even though they are
rather large :)
● SASL
– A set of mechanisms for challenge/response based authentication
– Used in IMAP, SMTP, XMPP, LDAP, IRC,...
– GSSO implements the most common mechanisms
● HTTP Digest authentication