Sign In with Apple: A Zero Code Integration Approach Using WSO2 Identity ServerWSO2
This deck will explore how you can integrate “Sign in with Apple” with your enterprise software using a zero-code approach. It discusses what is “Sign in with Apple”, what CIAM challenges does “Sign in with Apple” pose, and how you can leverage WSO2 Identity Server to integrate with “Sign in with Apple”.
Watch the on-demand webinar here: https://wso2.com/library/webinars/2019/07/sign-in-with-apple-a-zero-code-integration-approach-using-wso2-identity-server/
How to Build a Successful API Program: Best Practices For the CarrierCA API Management
More and more carriers are looking to API publishing as a way of offering new services to developers building mobile apps and cloud services. But launching an API publishing program inevitably raises questions about:
• How to maintain security when exposing internal systems and processes to external developers
• How to manage developers, weeding out the bad and rewarding the good
• How carriers can monetize their APIs
• How existing IT investments can be leveraged to maximize performance and ROI
• How building community among developers can drive revenue and minimize operating costs
This talk will give carriers the critical guidance they need to build a successful API strategy.
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.
Mobile SDK: Considerations & Best Practices LivePerson
Mobile SDKs are a great way to make your service or API easily consumable by the large number of developers out there looking for state of the art tools to make their apps stand out in the competitive marketplaces, but building a stable, compatible and successful SDK is quite a challenge.
In this talk we the technical and design challenges involved in developing an efficient mobile SDK that is highly compatible with its host mobile app, and the various considerations we took into account and the lessons we’ve learned while designing and building LivePerson’s native mobile SDK.
Building an SSO platform in php (Zendcon 2010)Ivo Jansch
A presentation explaining how to build Single Sign On functionality in PHP using standards such as OpenID, OAuth and SAML. Delivered on November 4, 2010 at Zendcon in Santa Clara
Presentation on Intuit's new (beta) QuickBooks Payments API. Prepared for and presented to a developer audience at the QuickBooks Connect Hackathon, Oct 20, 2014.
Sign In with Apple: A Zero Code Integration Approach Using WSO2 Identity ServerWSO2
This deck will explore how you can integrate “Sign in with Apple” with your enterprise software using a zero-code approach. It discusses what is “Sign in with Apple”, what CIAM challenges does “Sign in with Apple” pose, and how you can leverage WSO2 Identity Server to integrate with “Sign in with Apple”.
Watch the on-demand webinar here: https://wso2.com/library/webinars/2019/07/sign-in-with-apple-a-zero-code-integration-approach-using-wso2-identity-server/
How to Build a Successful API Program: Best Practices For the CarrierCA API Management
More and more carriers are looking to API publishing as a way of offering new services to developers building mobile apps and cloud services. But launching an API publishing program inevitably raises questions about:
• How to maintain security when exposing internal systems and processes to external developers
• How to manage developers, weeding out the bad and rewarding the good
• How carriers can monetize their APIs
• How existing IT investments can be leveraged to maximize performance and ROI
• How building community among developers can drive revenue and minimize operating costs
This talk will give carriers the critical guidance they need to build a successful API strategy.
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.
Mobile SDK: Considerations & Best Practices LivePerson
Mobile SDKs are a great way to make your service or API easily consumable by the large number of developers out there looking for state of the art tools to make their apps stand out in the competitive marketplaces, but building a stable, compatible and successful SDK is quite a challenge.
In this talk we the technical and design challenges involved in developing an efficient mobile SDK that is highly compatible with its host mobile app, and the various considerations we took into account and the lessons we’ve learned while designing and building LivePerson’s native mobile SDK.
Building an SSO platform in php (Zendcon 2010)Ivo Jansch
A presentation explaining how to build Single Sign On functionality in PHP using standards such as OpenID, OAuth and SAML. Delivered on November 4, 2010 at Zendcon in Santa Clara
Presentation on Intuit's new (beta) QuickBooks Payments API. Prepared for and presented to a developer audience at the QuickBooks Connect Hackathon, Oct 20, 2014.
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
TrustBearer's Brian Kelly gave this presentation during the Identity Management track at the Virginia Security Summit in Richmond, VA. It compares SAML to OpenID and explains how different authentication methods can be used with either of these Single Sign On standards.
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.
.NET Fest 2019. Kevin Dockx. OpenID Connect In DepthNETFest
You've used OpenID Connect. You know a thing or two about OAuth. But have you ever wondered how to achieve Single Sign-On between Angular & ASP.NET Core MVC apps, and automated Single Sign-Out? How, and why, to work with reference tokens? How to create a custom grant, and for what use case that might be a good idea?
In this in-depth session we'll cover all of these topics, extensively using IdentityServer4 in the process. Note that some previous knowledge on securing ASP.NET Core applications with OpenID Connect is a must.
This presentation was given at the Card Tech Secure Tech (CTST) Conference on May 5, 2009 in New Orleans, LA. Brian Kelly was on a panel with Gilles Lisimaque, Siddharth Bajaj and Michael Poitner to discuss emerging technologies in Smart Cards, Tokens & Digital Identity
My participation at Cloud Skills Challenge with the knowledge acquired when studying the AI modules at Discover AI challenge and a solution developed to detect facemasks in videos.
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
The bring-your-own-device (BYOD) trend is in full swing as the growth of mobile devices within the enterprise explodes. How do you enable secure data access for mobile applications? How do you deal with user authentication? How do you allow broader adoption of enterprise applications on user owned devices? CA and Layer 7 outline solutions to these issues, explore different approaches to mobile security, and use case studies to illustrate how others have solved these problems.
This workshop was all about:
• The latest mobile trends and opportunities
• Emerging mobile risks and how these can be addressed
• A reference architecture for secure enterprise mobility
Why Streethawk re-wrote ibeacon handling on AndroidDavid Jones
iBeacons are reasonable easy on iOS devices if you have less that 20 beacons. To use the same beacon hardware on Android is not so easy unless you commit to a single Beacon vendor.
We wanted to leverage multiple (unlimited!???) beacon vendors on iOS and Android and needed to write a brand agnostic
Three trends are changing the calculus of authentication: Increased use of modern identity proofing broader adoption of adaptive authentication, and local mobile biometrics.
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...Brian Campbell
Identity is ubiquitous. Regardless of the kind of applications you develop you will, at some point, almost certainly have to deal with identifying users of the app. Yet it's seldom a central part of the app’s value proposition and rarely a core competency for developers. Wouldn’t it be nice to outsource user authentication and free yourself from the liability and complexity of storing and managing passwords? OpenID Connect, just ratified earlier this year and backed by some big industry names, is emerging as the go to standard way to do exactly that. Connect allows you to easily and securely get an answer to the question: “What is the identity of the person currently using this browser or native app?” Unlike some of it’s predecessors, however, Connect has roots spanning the consumer, SaaS and enterprise space and is better suited to serve a diverse set of deployments. Come find out more about Connect in this talk from a seasoned veteran of the prestigious basement conference rooms at GlueCon.
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
Adam Lewis, Office of the CTO, Motorola
RESTful APIs, WS-* / SOAP APIs, Proprietary APIs, protocols beyond APIs, OAuth for Authentication, Federated Authorization Servers across security domains, Token Translation between SAML and JWT, SSO across native applications, all running across Windows desktops and Android mobile computing platforms… and the glue to tie all that together? Are you kidding? Tune-in to this technical chat on a real-life case study of a small but dedicated band of engineers’ attempts to harmonize identity in a very un-harmonized world.
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
Why do we use mobile devices? Simple – they’re easy to use and very convenient. So, why do we make it so hard for mobile consumers to do business with us by confronting them with multiple login screens and passwords? While security is essential to protecting mobile usage, convenience cannot be sacrificed.
With the release of the CA Layer 7 Mobile Access Gateway 2.0 and its Mobile SDK, organizations can now achieve faster mobile consumer engagement, end-to-end mobile app security and convenient mobile Single Sign-On (SSO). In this webinar, Tyson Whitten and Leif Bildoy of CA Technologies explore the why and how of mobile SSO and the Mobile Access Gateway.
You will learn
• The mobile app choices you need to make to enable better consumer engagement
• The connectivity and security implications of these choices
• The mobile security solutions that balance security and convenience
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
API Horror Stories from an Unnamed Coworking Company
Phil Sturgeon, DevRel at Stoplight
In this month's call, Loki Meyburg, Program Manager for Microsoft Teams discusses single sign-on (SS0) in Microsoft Teams, including:
-What is single sign-on (SSO)
-Authentication in 2019
-Single sign-on for Teams tabs today!
-Getting starting with SSO
Watch the recording here - https://youtu.be/91Sb5lz3STI
TrustBearer - Virginia Security Summit - Web Authentication Strategies - Apri...TrustBearer
TrustBearer's Brian Kelly gave this presentation during the Identity Management track at the Virginia Security Summit in Richmond, VA. It compares SAML to OpenID and explains how different authentication methods can be used with either of these Single Sign On standards.
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
In the past Enterprise Mobility Management (EMM) has focused primarily on MDM, MAM and MCM. Recently there has been a lot of focus on the fourth pillar of EMM - Mobile Identity Management (MIM). This session will cover the primary use cases and discuss current solutions available for managed/un-managed, internal/public and mobile/web apps for iOS/Android devices.
.NET Fest 2019. Kevin Dockx. OpenID Connect In DepthNETFest
You've used OpenID Connect. You know a thing or two about OAuth. But have you ever wondered how to achieve Single Sign-On between Angular & ASP.NET Core MVC apps, and automated Single Sign-Out? How, and why, to work with reference tokens? How to create a custom grant, and for what use case that might be a good idea?
In this in-depth session we'll cover all of these topics, extensively using IdentityServer4 in the process. Note that some previous knowledge on securing ASP.NET Core applications with OpenID Connect is a must.
This presentation was given at the Card Tech Secure Tech (CTST) Conference on May 5, 2009 in New Orleans, LA. Brian Kelly was on a panel with Gilles Lisimaque, Siddharth Bajaj and Michael Poitner to discuss emerging technologies in Smart Cards, Tokens & Digital Identity
My participation at Cloud Skills Challenge with the knowledge acquired when studying the AI modules at Discover AI challenge and a solution developed to detect facemasks in videos.
Layer 7 Mobile Security Workshop with CA Technologies and Forrester Research ...CA API Management
The bring-your-own-device (BYOD) trend is in full swing as the growth of mobile devices within the enterprise explodes. How do you enable secure data access for mobile applications? How do you deal with user authentication? How do you allow broader adoption of enterprise applications on user owned devices? CA and Layer 7 outline solutions to these issues, explore different approaches to mobile security, and use case studies to illustrate how others have solved these problems.
This workshop was all about:
• The latest mobile trends and opportunities
• Emerging mobile risks and how these can be addressed
• A reference architecture for secure enterprise mobility
Why Streethawk re-wrote ibeacon handling on AndroidDavid Jones
iBeacons are reasonable easy on iOS devices if you have less that 20 beacons. To use the same beacon hardware on Android is not so easy unless you commit to a single Beacon vendor.
We wanted to leverage multiple (unlimited!???) beacon vendors on iOS and Android and needed to write a brand agnostic
Three trends are changing the calculus of authentication: Increased use of modern identity proofing broader adoption of adaptive authentication, and local mobile biometrics.
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...Brian Campbell
Identity is ubiquitous. Regardless of the kind of applications you develop you will, at some point, almost certainly have to deal with identifying users of the app. Yet it's seldom a central part of the app’s value proposition and rarely a core competency for developers. Wouldn’t it be nice to outsource user authentication and free yourself from the liability and complexity of storing and managing passwords? OpenID Connect, just ratified earlier this year and backed by some big industry names, is emerging as the go to standard way to do exactly that. Connect allows you to easily and securely get an answer to the question: “What is the identity of the person currently using this browser or native app?” Unlike some of it’s predecessors, however, Connect has roots spanning the consumer, SaaS and enterprise space and is better suited to serve a diverse set of deployments. Come find out more about Connect in this talk from a seasoned veteran of the prestigious basement conference rooms at GlueCon.
CIS13: Identity as a Matter of Public Safety: A Case Study in Secure API Acce...CloudIDSummit
Adam Lewis, Office of the CTO, Motorola
RESTful APIs, WS-* / SOAP APIs, Proprietary APIs, protocols beyond APIs, OAuth for Authentication, Federated Authorization Servers across security domains, Token Translation between SAML and JWT, SSO across native applications, all running across Windows desktops and Android mobile computing platforms… and the glue to tie all that together? Are you kidding? Tune-in to this technical chat on a real-life case study of a small but dedicated band of engineers’ attempts to harmonize identity in a very un-harmonized world.
Mobile SSO: Give App Users a Break from Typing PasswordsCA API Management
Why do we use mobile devices? Simple – they’re easy to use and very convenient. So, why do we make it so hard for mobile consumers to do business with us by confronting them with multiple login screens and passwords? While security is essential to protecting mobile usage, convenience cannot be sacrificed.
With the release of the CA Layer 7 Mobile Access Gateway 2.0 and its Mobile SDK, organizations can now achieve faster mobile consumer engagement, end-to-end mobile app security and convenient mobile Single Sign-On (SSO). In this webinar, Tyson Whitten and Leif Bildoy of CA Technologies explore the why and how of mobile SSO and the Mobile Access Gateway.
You will learn
• The mobile app choices you need to make to enable better consumer engagement
• The connectivity and security implications of these choices
• The mobile security solutions that balance security and convenience
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
API Horror Stories from an Unnamed Coworking Company
Phil Sturgeon, DevRel at Stoplight
In this month's call, Loki Meyburg, Program Manager for Microsoft Teams discusses single sign-on (SS0) in Microsoft Teams, including:
-What is single sign-on (SSO)
-Authentication in 2019
-Single sign-on for Teams tabs today!
-Getting starting with SSO
Watch the recording here - https://youtu.be/91Sb5lz3STI
ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWSAWS User Group Kochi
AWS Community Day Kochi 2019 - Technical Session
Enterprise grade security for web and mobile applications on AWS by Robin Varghese , Chief Architect - TCS
A Code Signing Certificate is a digital signature technology allows authorized software publishers to sign their software code, script and content to authenticate their identification over internet.
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
Developing on Force.com means finding the right line between building apps that scale, and features that are customizable for an individual company's needs. Join us to see a ticket-scanning app that we built for all our customers to use. We'll show how we use "button-click" development to expand it to meet each specific customer's needs.
Apache Milagro Presentation at ApacheCon Europe 2016Brian Spector
Apache Milagro (incubating) establishes a new internet security framework purpose-built for cloud-connected app-centric software and IoT devices that require Internet scale. Milagro's purpose is to provide a secure, free, and positive open source alternative to centralised and proprietary monolithic trust providers such as commercial certificate authorities and the certificate backed cryptosystems that rely on them.
Milagro is an open source, pairing-based cryptographic platform that delivers solutions for device and end user authentication, secure communications and fintech / blockchain security; issues challenging Cloud Providers and their customers. It does this without the need for certificate authorities, putting into place a new category of service providers called Distributed Trust Authorities (D-TA®).
Milagro's M-Pin® protocol, and its existing open-source MIRACL® implementation on which MILAGRO is built, is already in use by Experian, NTT, Ingram Micro, and Gov.UK and rolled out to perform at Internet scale for Zero Password® multi-factor authentication and certificate-less HTTPS / secure channel.
iOS Code Signing Certificate that must have iOS developers to ensure integrity of software code, applications, .exe, etc. Easy guide on iOS code signing security.iOS Code Signing Certificate that must have iOS developers to ensure integrity of software code, applications, .exe, etc. Easy guide on iOS code signing security.
Similar to iOS In-App-Purchase verifying receipt locally in Swift (20)
To understand deep hart of Swift Programming, try programming Shogi - Jpanaese Chess - to find out the pros and cons of Swift language. Still experimental implementation but there some interesting stories and can be shared with audience.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
3. Kaz Yoshikawa
• Electricwoods LLC / Digital Lynx Systems Inc.
• e-mail: kyoshikawa@electricwoods.com
• twitter: @codelynx1
• Working History
• Adobe Systems (Tokyo)
• Lionbridge (Tokyo)
• Quark (Tokyo / Denver)
• Hummingbird Communications (Mt. View, USA)
• Fact International (Vancouver, Canada)
• Perle Systems (Toronto, Canada), etc.
5. Verifying receipts via server
• There are many articles about how to verify receipt through your trusted
server
• iOSの月額課金レシート検証をサーバーサイドで行うときのTipsまとめ
• iOS In-App Purchase実装で必ず知っておきたい隠れた罠
• Apple App Store Receipt Validation with Swift and Go
• Validating in-app purchases in your iOS app
• レシートのverifyとSandbox
• 自動購読課金について【iOS編】
6. Verifying receipts locally
• Very few articles available:
• Suggestions like:
• Use “ASN1C” to access ASN.1 format
• Verify the receipt is signed by Apple
• Use OpenSSL
• They do not show any working code.
• Hey ! show me the code.
7. Disclaimer
• This presentation material is not for:
• How to write secure code
• How to prevent from code cracking
• Discouraging to write less secure code
8. Steps to verify
• Obtain Apple’s root certificate
• Your app receive a receipt
• Verify if the receipt is signed by Apple
• Extract purchases from the receipt
• Verify if a purchase is expired or cancelled
• Unlock contents if necessary
9. Obtain Apple’s root
certificate
Apple Root Certificates
Apple Inc. Root Certificate
Apple Computer, Inc. Root Certificate
Apple Root CA - G2 Root Certificate
Apple Root CA - G3 Root Certificate
Apple Intermediate Certificates
Apple IST CA 2 - G1 Certficate
Apple IST CA 4 - G1 Certficate
Apple IST CA 5 - G1 Certficate
Apple IST CA 8 - G1 Certficate
Application Integration Certificate
Application Integration 2 Certificate
Application Integration - G3 Certificate
Developer Authentication Certificate
Developer ID Certificate
Software Update Certificate
Timestamp Certificate
WWDR Certificate (Expiring 02/07/23)
WWDR Certificate (Expiring 02/14/16)
Worldwide Developer Relations - G2 Certificate
Apple PKI
Apple established the Apple PKI in support of the generation, issuance, distribution,
revocation, administration, and management of public/private cryptographic keys that are
contained in CA-signed X.509 Certificates.
https://www.apple.com/certificateauthority/
10. Find hash (sha256) of the
“AppleIncRootCertificate.cer”
$ shasum -a 256 AppleIncRootCertificate.cer
b0b1730ecbc7ff4505142c49f1295e6eda6bcaed7e2c68c5be91b5a11001f024
AppleIncRootCertificate.cer
Use this to ensure AppleIncRootCertificate.cer is genuine
11. Load the Root Certificate
var appleIncRootCertificate: Data {
if let url = Bundle.main.url(forResource: "AppleIncRootCertificate",
withExtension: "cer"),
let data = try? Data(contentsOf: url) {
// make sure the certificate is not fake one
let sha256 = Data(base64Encoded:
"sLFzDsvH/0UFFCxJ8Slebtpryu1+LGjFvpG1oRAB8CQ=")
if data.sha256 == sha256 {
return data
}
}
fatalError("error: failed to read the certificate.")
}
Check hash against hardcoded base64 hash value
14. Check if it is signed by Apple
let pkcs7 = try PKCS7(data: reciptData)
let appleX509cert = try X509Certificate(data: self.appleIncRootCertificate)
guard let appleKey = appleX509cert.publicKey?.key
else { print("x509 public key not found."); return }
print(appleKey as NSData)
// check if one of these certificates is signed by apple
let signedByApple: Bool = {
print("certificates:")
for certificate in pkcs7.certificates {
if let signedKey = certificate.publicKey?.key {
print(signedKey as NSData)
if signedKey == appleKey {
return true
}
}
}
return false
}()
15. Check all purchases
if let inAppPurchases = receipt.inAppPurchases {
for purchase in inAppPurchases {
guard let productIdentifier = purchase.productId else { continue }
print(productIdentifier)
print(purchase.purchaseDate ?? "n/a")
print(purchase.originalPurchaseDate ?? "n/a")
print(purchase.cancellationDate ?? "n/a")
print(purchase.expiresDate ?? "n/a")
// ...
}
}
What to check is not covered by this presentation.