The document discusses implementing security and availability requirements for a banking API system using open source software. It describes using the 3scale API management platform and Keycloak identity management software together to meet authentication, authorization, access control, availability, and standards compliance requirements. Patches were submitted to these open source projects to enhance their features and better support the banking use case.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
The new RAML 1.0 specification provides new features and additional flexibilty that makes it easier to design and create great APIs. In this session we will review some best practices for RESTful APIs and show how to add these features to your own APIs using the RAML specification. We will also cover common design patterns and address FAQs such as how to use annotations and add metadata to APIs.
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
The new RAML 1.0 specification provides new features and additional flexibilty that makes it easier to design and create great APIs. In this session we will review some best practices for RESTful APIs and show how to add these features to your own APIs using the RAML specification. We will also cover common design patterns and address FAQs such as how to use annotations and add metadata to APIs.
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdKai Wähner
Microservice architectures are not free lunch! Microservices need to be decoupled, flexible, operationally transparent, data aware and elastic. Most material from last years only discusses point-to-point architectures with inflexible and non-scalable technologies like REST / HTTP. This video takes a look at cutting edge technologies like Apache Kafka, Kubernetes, Envoy, Linkerd and Istio to implement a cloud-native service mesh to solve these challenges and bring microservices to the next level of scale, speed and efficiency.
Key takeaways:
- Apache Kafka decouples services, including event streams and request-response
- Kubernetes provides a cloud-native infrastructure for the Kafka ecosystem
- Service Mesh helps with security and observability at ecosystem / organization scale
- Envoy and Istio sit in the layer above Kafka and are orthogonal to the goals Kafka addresses
Blog post: http://www.kai-waehner.de/blog/2019/09/24/cloud-native-apache-kafka-kubernetes-envoy-istio-linkerd-service-mesh
Video recording of this slide deck: https://youtu.be/Us_C4RFOUrA
Hear from the product team about Apigee's key products and technology. Learn how customers use Apigee to grow reach with mobile apps, accelerate development and create new products through APIs, and gain end-to-end visibility into business and operations by analyzing 360 degrees of information.
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
https://www.youtube.com/watch?v=YmIAatr3Who
Presented at Cloud and AI DevFest GDG Montreal on September 27, 2019.
Are you looking to get more flexibility out of your CICD platform? Interested how GitOps fits into the mix? Learn how Argo CD, Workflows, and Events can be combined to craft custom CICD flows. All while staying Kubernetes native, enabling you to leverage existing observability tooling.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
SpringOne 2021
Session Title: API Gateway How-To: The Many Ways to Apply the Gateway Pattern
Speakers: Alberto C. Ríos, Staff Engineer at VMware; Shruti B, Software Engineer at VMware"
Integrating Apache Kafka Into Your Environmentconfluent
Watch this talk here: https://www.confluent.io/online-talks/integrating-apache-kafka-into-your-environment-on-demand
Integrating Apache Kafka with other systems in a reliable and scalable way is a key part of an event streaming platform. This session will show you how to get streams of data into and out of Kafka with Kafka Connect and REST Proxy, maintain data formats and ensure compatibility with Schema Registry and Avro, and build real-time stream processing applications with Confluent KSQL and Kafka Streams.
This session is part 4 of 4 in our Fundamentals for Apache Kafka series.
Although security and identity management is a crucial aspect for any application, its implementation can be difficult. Worse, it’s often neglected, poorly implemented, and intrusive in the code. Recently, identity management servers have appeared that allow one to outsource and delegate all aspects of authentication and authorization, such as https://auth0.com/. Of these servers, one of the most promising is Keycloak—open source, flexible, agnostic of any technology and is easily deployable and adaptable in its own infrastructure.
Spring Boot on Amazon Web Services with Spring Cloud AWSVMware Tanzu
SpringOne 2021
Session Title: Spring Boot on Amazon Web Services with Spring Cloud AWS
Speakers: Maciej Walkowiak, Software Consultant at Independent; Matej Nedic, Software engineer at Ingemark
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Watch this talk here: https://www.confluent.io/online-talks/how-apache-kafka-works-on-demand
Pick up best practices for developing applications that use Apache Kafka, beginning with a high level code overview for a basic producer and consumer. From there we’ll cover strategies for building powerful stream processing applications, including high availability through replication, data retention policies, producer design and producer guarantees.
We’ll delve into the details of delivery guarantees, including exactly-once semantics, partition strategies and consumer group rebalances. The talk will finish with a discussion of compacted topics, troubleshooting strategies and a security overview.
This session is part 3 of 4 in our Fundamentals for Apache Kafka series.
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
1. In the era of mobile, OAuth 2.0 is the protocol of the choice. 2. However, RFC6749 is a framework and needs to be profiled appropriately for use cases.
3. FAPI WG @ OIDF is taking such task for Financial APIs and securing it using RFC7636, JWT Client Authentication/TLS Client Authentication, OpenID Connect, etc.
4. FAPI WG is collaborating with many stakeholders including financial institutions and fintech companies, etc.
5. Read only security profile going to OIDF votes.
6. Overview of the requirements for Read Only and Write Access security profiles are discussed.
Building Cloud-Native App Series - Part 11 of 11
Microservices Architecture Series
Service Mesh - Observability
- Zipkin
- Prometheus
- Grafana
- Kiali
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
apidays LIVE LONDON - The Road to Embedded Finance, Banking and Insurance with APIs
Toward certifying Financial-grade API profile with Keycloak
Yoshiyuki Tabata, Software Engineer at Hitachi, Ltd.
Service Mesh with Apache Kafka, Kubernetes, Envoy, Istio and LinkerdKai Wähner
Microservice architectures are not free lunch! Microservices need to be decoupled, flexible, operationally transparent, data aware and elastic. Most material from last years only discusses point-to-point architectures with inflexible and non-scalable technologies like REST / HTTP. This video takes a look at cutting edge technologies like Apache Kafka, Kubernetes, Envoy, Linkerd and Istio to implement a cloud-native service mesh to solve these challenges and bring microservices to the next level of scale, speed and efficiency.
Key takeaways:
- Apache Kafka decouples services, including event streams and request-response
- Kubernetes provides a cloud-native infrastructure for the Kafka ecosystem
- Service Mesh helps with security and observability at ecosystem / organization scale
- Envoy and Istio sit in the layer above Kafka and are orthogonal to the goals Kafka addresses
Blog post: http://www.kai-waehner.de/blog/2019/09/24/cloud-native-apache-kafka-kubernetes-envoy-istio-linkerd-service-mesh
Video recording of this slide deck: https://youtu.be/Us_C4RFOUrA
Hear from the product team about Apigee's key products and technology. Learn how customers use Apigee to grow reach with mobile apps, accelerate development and create new products through APIs, and gain end-to-end visibility into business and operations by analyzing 360 degrees of information.
Designing a complete ci cd pipeline using argo events, workflow and cd productsJulian Mazzitelli
https://www.youtube.com/watch?v=YmIAatr3Who
Presented at Cloud and AI DevFest GDG Montreal on September 27, 2019.
Are you looking to get more flexibility out of your CICD platform? Interested how GitOps fits into the mix? Learn how Argo CD, Workflows, and Events can be combined to craft custom CICD flows. All while staying Kubernetes native, enabling you to leverage existing observability tooling.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
SpringOne 2021
Session Title: API Gateway How-To: The Many Ways to Apply the Gateway Pattern
Speakers: Alberto C. Ríos, Staff Engineer at VMware; Shruti B, Software Engineer at VMware"
Integrating Apache Kafka Into Your Environmentconfluent
Watch this talk here: https://www.confluent.io/online-talks/integrating-apache-kafka-into-your-environment-on-demand
Integrating Apache Kafka with other systems in a reliable and scalable way is a key part of an event streaming platform. This session will show you how to get streams of data into and out of Kafka with Kafka Connect and REST Proxy, maintain data formats and ensure compatibility with Schema Registry and Avro, and build real-time stream processing applications with Confluent KSQL and Kafka Streams.
This session is part 4 of 4 in our Fundamentals for Apache Kafka series.
Although security and identity management is a crucial aspect for any application, its implementation can be difficult. Worse, it’s often neglected, poorly implemented, and intrusive in the code. Recently, identity management servers have appeared that allow one to outsource and delegate all aspects of authentication and authorization, such as https://auth0.com/. Of these servers, one of the most promising is Keycloak—open source, flexible, agnostic of any technology and is easily deployable and adaptable in its own infrastructure.
Spring Boot on Amazon Web Services with Spring Cloud AWSVMware Tanzu
SpringOne 2021
Session Title: Spring Boot on Amazon Web Services with Spring Cloud AWS
Speakers: Maciej Walkowiak, Software Consultant at Independent; Matej Nedic, Software engineer at Ingemark
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
Watch this talk here: https://www.confluent.io/online-talks/how-apache-kafka-works-on-demand
Pick up best practices for developing applications that use Apache Kafka, beginning with a high level code overview for a basic producer and consumer. From there we’ll cover strategies for building powerful stream processing applications, including high availability through replication, data retention policies, producer design and producer guarantees.
We’ll delve into the details of delivery guarantees, including exactly-once semantics, partition strategies and consumer group rebalances. The talk will finish with a discussion of compacted topics, troubleshooting strategies and a security overview.
This session is part 3 of 4 in our Fundamentals for Apache Kafka series.
Discussed the capabilities, advantages and disadvantages of Keycloak, made a basic understanding of how it can be applied and integrated into various systems.
Speaker - Ihor Didyk, Software Engineer, GlobalLogic.
1. In the era of mobile, OAuth 2.0 is the protocol of the choice. 2. However, RFC6749 is a framework and needs to be profiled appropriately for use cases.
3. FAPI WG @ OIDF is taking such task for Financial APIs and securing it using RFC7636, JWT Client Authentication/TLS Client Authentication, OpenID Connect, etc.
4. FAPI WG is collaborating with many stakeholders including financial institutions and fintech companies, etc.
5. Read only security profile going to OIDF votes.
6. Overview of the requirements for Read Only and Write Access security profiles are discussed.
Building Cloud-Native App Series - Part 11 of 11
Microservices Architecture Series
Service Mesh - Observability
- Zipkin
- Prometheus
- Grafana
- Kiali
apidays LIVE LONDON - Toward certifying Financial-grade API profile with Keyc...apidays
apidays LIVE LONDON - The Road to Embedded Finance, Banking and Insurance with APIs
Toward certifying Financial-grade API profile with Keycloak
Yoshiyuki Tabata, Software Engineer at Hitachi, Ltd.
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays
December 14, 15 & 16, 2022
Securing APIs in Open Banking - FAPI and its implementation to OSS
Takashi Norimatsu, Senior Engineer at Hitachi, Ltd.
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
Why Assertion-based Access Token is preferred to a Handle-based one?
Yoshiyuki Tabata, Software Engineer at Hitachi
Hitachi ID Suite overview of security features and enhancements in 9.0. Also showcasing new mobile UI for web apps.
See more at: http://hitachi-id.com/docs/pres.html
This presentation will illustrate what is the common issues when the API is made publicly available, how API gateway can be utilized to enhance security, performance improvement can be accomplished by using API gateway.
This covers security with APIc/gateway. It goes over high-level concepts and what IBM APIc can offer, this covers 2018, and v10 of the product
Note: this is from a presentation from a year or so ago, with some updates to the link
The Whys and Hows of Deploying a Secure RPA SolutionOption3
Segregation of Duties, Maintaining Platform Security, Managing Change Management & Audit and Securing Data Access and Credentials are just some of the challenges of securing a Robotic Process Automation Deployment
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
As APIs continue to drive digital transformation efforts in the enterprise and support innovative customer experiences, securing them has never been more important.
Principal Regional Solution Architect, Philippe Dubuc introduces how to leverage OpenID Connect, OAuth2 and new emerging standards to protect APIs at API Days Paris on 11 December, 2018. In addition, Philippe goes over how the Intelligent Ping Identity Platform can be used to protect APIs in a pro-active way and how AI can help to protect against attacks.
Learn more: http://ow.ly/2Ojm30n1rCT
Analysts and leading industry surveys have found more and more banks, even in countries with an absence of open banking regulation, have prioritized implementing open banking to fast-track digital transformation and achieve business goals. This means, to stand out in the crowd in mature open banking ecosystems, and to secure a lasting competitive advantage as an early adopter in new markets, banks should select open banking technology that delivers advanced capabilities and scalability backed by a strong vision and industry-understanding.
In this release webinar, you will learn how WSO2 Open Banking 2.0 improves the way we help your developers and business teams create, quickly deploy, manage and monetize APIs that add real value for your internal teams, partners, and consumers. We will also help you understand how our technology can be best deployed as a part of a successful open banking strategy.
10/5(火)にNode-RED User Group Japan主催で開催された勉強会 「Node-RED UG Hacktoberfest 2021 説明会」での発表スライドです。
- 動画: https://youtu.be/dl_4MxT94l0
- 勉強会サイト: https://node-red.connpass.com/event/223770/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.