This talk is about the story of password and identity management on the web.
It make an overview about passwod handling, single sign-on solution, OAuth and the future of it for the web, thanks Mozilla Persona and Docker.io Linux Containers.
It also present OAuth.io , a solution to solve framgementation.
OAuth 2.0 for developers - the technology you need but never really learned. This presentation acts as a simple, easy to digest, introduction to the OAuth 2.0 protocol as well as a practical guide for administrators of IBM Connections and developers developing solutions for IBM Connections.
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
An introduction to the OAuth 2.0 protocol for developers and information on how to register apps in on-prem IBM Connections and IBM Connections Cloud. A narrated recording of the demo is available on Youtube here >> http://www.youtube.com/watch?v=Sqt8KZ0jnC4
OAuth is taking off as a standard way for apps and websites to handle authentication. But OAuth is a fast moving spec that can be hard to pin down.
Why should you use OAuth and what are the business and operational benefits? What's the story with all of the different versions and which one should you choose?
Watch this webinar with Apigee's CTO Gregory Brail and Sr. Architect Brian Pagano for 'big picture straight talk' on these OAuth questions and more.
OAuth 2.0 for developers - the technology you need but never really learned. This presentation acts as a simple, easy to digest, introduction to the OAuth 2.0 protocol as well as a practical guide for administrators of IBM Connections and developers developing solutions for IBM Connections.
Introduction to OAuth 2.0 - the technology you need but never really learnedMikkel Flindt Heisterberg
An introduction to the OAuth 2.0 protocol for developers and information on how to register apps in on-prem IBM Connections and IBM Connections Cloud. A narrated recording of the demo is available on Youtube here >> http://www.youtube.com/watch?v=Sqt8KZ0jnC4
OAuth is taking off as a standard way for apps and websites to handle authentication. But OAuth is a fast moving spec that can be hard to pin down.
Why should you use OAuth and what are the business and operational benefits? What's the story with all of the different versions and which one should you choose?
Watch this webinar with Apigee's CTO Gregory Brail and Sr. Architect Brian Pagano for 'big picture straight talk' on these OAuth questions and more.
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...apidays
Learning the OAuth Dance (Without Stepping on Anyone's Toes)
Anabella Spinelli, Former QA & Future Developer, Typeform
Apply to be a speaker here - https://apidays.typeform.com/to/J1snsg
A presentation advocating the implementation of unobtrusive badges when distributing your content to blogs and social networks held at webwatch at ebay UK in August 2007.
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
How can you get your Atlassian products to use the same authentication and sign-on as the rest of your enterprise apps? We'll show you strategies for accomplishing this with the minimum amount of pain.
Mark Lassau, JIRA Developer
Serverless OAuth: Authorizing Third-Party Applications to Your Serverless API...Amazon Web Services
By using serverless architectures, startups, and enterprises are building and running modern applications and services with increased agility and simplified scalability, all without managing a single server. Many applications need to manage user identities and support customers signing up and signing in. In this workshop, you create a complete serverless web application backed by a serverless microservice using Amazon API Gateway, AWS Lambda, and Amazon DynamoDB, implementing security controls and best practices at each layer. We also integrate social identity federation with Facebook and Google sign-in options to create a universal user directory with secure identity management and granular role-based access control for your application.
Basic auth for your web services sucks for several reasons. OAuth is a standard protocol for doing token based auth, similar to how flickr auths their desktop apps. OAuth is also an ideal companion to openid, as it doesn't require a local username/password. In this talk we'll take a closer look at how OAuth is built up, as well as look into how you can easily use OAuth for your own APIs, with examples in Catalyst well as Jifty and pure mod_perl.
Data Synchronization Patterns in Mobile Application DesignEric Maxwell
Data synchronization and offline capabilities are key to creating successful mobile applications and there are many factors to consider.
– What data format should you use?
– How do you manage security?
– How do you efficiently manage syncing data to hundreds of applications independently?
In this session, you’ll learn about various factors that drive answers to these questions. You’ll also learn from live code and interactive demonstrations how to use SSL and OAUTH2 to securely synchronize JSON data with a remote REST service and how to use synchronization tokens to efficiently keep your clients up to date. There will be client examples included for both the iOS and Android platforms, but you’ll be able to apply these concepts to any client, regardless of your platform.
OAuth is an open standard for authorization. OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials but it became a big mess.
เข้าใจแนวทางในเลือกใช้งานความสามารถทางด้าน AI ของ Azure ที่สามารถนำไปรวมกับระบบขององค์กร
เช่น การอ่านข้อความจากรูปภาพผ่านแอพพลิเคชั่น
โดยคุณธีรเศรษฐ์ จิรภัทร์ชาญเดช
Microsoft MVP (Visual Studio and Dev Tech)
Torii is an authentication service library for use with Ember.js for managing client-side login flows, specifically with third-party OAuth.
http://githbu.com/vestorly/torii
This is the first presentation on the series "Introduction to OAuth 2.0". OAuth 2.0 solves the pressing security problem of avoiding password anti-pattern when allowing delegated authorization.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
More Related Content
Similar to OAuth with OAuth.io : solving the OAuth Fragmentation for Identity Management on the Web
APIdays Paris 2018 - Learning the OAuth Dance (Without Stepping on Anyone's T...apidays
Learning the OAuth Dance (Without Stepping on Anyone's Toes)
Anabella Spinelli, Former QA & Future Developer, Typeform
Apply to be a speaker here - https://apidays.typeform.com/to/J1snsg
A presentation advocating the implementation of unobtrusive badges when distributing your content to blogs and social networks held at webwatch at ebay UK in August 2007.
Authentication across the Atlassian Ecosystem - AtlasCamp 2011Atlassian
How can you get your Atlassian products to use the same authentication and sign-on as the rest of your enterprise apps? We'll show you strategies for accomplishing this with the minimum amount of pain.
Mark Lassau, JIRA Developer
Serverless OAuth: Authorizing Third-Party Applications to Your Serverless API...Amazon Web Services
By using serverless architectures, startups, and enterprises are building and running modern applications and services with increased agility and simplified scalability, all without managing a single server. Many applications need to manage user identities and support customers signing up and signing in. In this workshop, you create a complete serverless web application backed by a serverless microservice using Amazon API Gateway, AWS Lambda, and Amazon DynamoDB, implementing security controls and best practices at each layer. We also integrate social identity federation with Facebook and Google sign-in options to create a universal user directory with secure identity management and granular role-based access control for your application.
Basic auth for your web services sucks for several reasons. OAuth is a standard protocol for doing token based auth, similar to how flickr auths their desktop apps. OAuth is also an ideal companion to openid, as it doesn't require a local username/password. In this talk we'll take a closer look at how OAuth is built up, as well as look into how you can easily use OAuth for your own APIs, with examples in Catalyst well as Jifty and pure mod_perl.
Data Synchronization Patterns in Mobile Application DesignEric Maxwell
Data synchronization and offline capabilities are key to creating successful mobile applications and there are many factors to consider.
– What data format should you use?
– How do you manage security?
– How do you efficiently manage syncing data to hundreds of applications independently?
In this session, you’ll learn about various factors that drive answers to these questions. You’ll also learn from live code and interactive demonstrations how to use SSL and OAUTH2 to securely synchronize JSON data with a remote REST service and how to use synchronization tokens to efficiently keep your clients up to date. There will be client examples included for both the iOS and Android platforms, but you’ll be able to apply these concepts to any client, regardless of your platform.
OAuth is an open standard for authorization. OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials but it became a big mess.
เข้าใจแนวทางในเลือกใช้งานความสามารถทางด้าน AI ของ Azure ที่สามารถนำไปรวมกับระบบขององค์กร
เช่น การอ่านข้อความจากรูปภาพผ่านแอพพลิเคชั่น
โดยคุณธีรเศรษฐ์ จิรภัทร์ชาญเดช
Microsoft MVP (Visual Studio and Dev Tech)
Torii is an authentication service library for use with Ember.js for managing client-side login flows, specifically with third-party OAuth.
http://githbu.com/vestorly/torii
This is the first presentation on the series "Introduction to OAuth 2.0". OAuth 2.0 solves the pressing security problem of avoiding password anti-pattern when allowing delegated authorization.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Welocme to ViralQR, your best QR code generator.ViralQR
Welcome to ViralQR, your best QR code generator available on the market!
At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies.
Our Vision
We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide.
Our Achievements
Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes.
Our Services
At ViralQR, here is a comprehensive suite of services that caters to your very needs:
Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses.
Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding.
Pricing and Packages
Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service.
Why choose us?
ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations.
Comprehensive Analytics
Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country.
So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!
46. Single Sign-On
Single sign-on (SSO) is a property of
access control of multiple related,
but independent software systems.
47. The promise of SSO:
- UX with frictionless sign in and higher conversion
- Reduced IT costs
- Retrieving data with user’s consent but without annoying
forms
- Reduced password leak risks
80. I have support
for Photo.
service, ...
Printer.service
needs Resource
Photo.service
has Resource
81. I have support
for Photo.
service, ...
Printer.service
needs Resource
Photo.service
has Resource
Note: choice of
supported resource
providers has also to
be made by printer.
service
101. Single Sign-On
conclusion
- OpenID (URLs) is a group of companies that trust
each other to be an identity provider (IDP)
OpenID let the choice to the user of the IDP
- Facebook connect (Facebook Connect was the single
sign on of Facebook affiliate ecosystem)
- OAuth : the OAuth provider know the user AND the
application. The End user application choose the IDP
the end user can connect with.
102. OpenID
OAuth
SAML
Dates from
2005
2006
2001
Current version
OpenID 2.0
OAuth 2.0
SAML 2.0
API
Single sign-on
Single sign-on authorization
for enterprise
Main purpose for consumers
between
users
applications
Protocols used
XRDS, HTTP
JSON, HTTP
SAM, XML,
HTTP, SOAP
105. OAuth 1.0
(2007)
OAuth provides a method for clients to access server
resources on behalf of a resource owner (such as a
different client or an end- user). It also provides a
process for end-users to authorize third-party access to
their server resources without sharing their credentials
(typically, a username and password pair), using useragent redirections.
http://tools.ietf.org/html/rfc5849
106. Context :
- php 4
- no https
- Google involved
- not Open ID
OAuth 1.0
(2007)
Pain:
- Signatures
- Broken libraries
- Extensions
- Crappy specifications
From Eran Hammer #FuckOauth
OAuth 2.0 - Looking Back and Moving On
113. Authentication and Signatures
- Stop cryptographic requirements of
signing requests with the client ID and
secret and replaces signatures with
requiring HTTPS for all
communications between browsers,
clients and the API.
114. User Experience and Alternative Authorization
Flows
OAuth 2 supports a better user experience for
native applications, and supports extending
the protocol to provide compatibility with
future device requirements.
115. Performance at Scale
- Many steps require state management and temporary
credentials, which require shared storage and are
difficult to synchronize across data centers.
- requires that the API server has access to the
application's ID and secret, which often breaks the
architecture of most large providers where the
authorization server and API servers are completely
separate.
116. - OAuth 2.0 (Two-legged)
Client credential
Resource user password
- OAuth 2.0 (Three-legged)
- OAuth 2.0 (Refresh token)
Scopes are often not implemented the good way,
following the specs.
Sometimes spaces are not set, names are different
from providers….
#OAuthBible
120. Eran Hammer has quit the
OAuth 2.0 Board.
He is building Oz.
121. Solutions to Consume OAuth ?
- The IETF specs
- The OAuth Bible
- Open source libraries (omniauth
for ruby, requests or foauth for
python, passport for node.js…)
- Janrain, Dailycred
- OAuth.io