Google Apps - SSO and Identity Management at the University of Cambridge

•Download as KEY, PDF•

0 likes•2,365 views

Slides from a talk on SSO and Identity Management for Google Apps at the University of Cambridge. Presented at the Google Apps for Education UK User Group meeting on 15th February 2011 at Loughborough University (http://guug11.lboro.ac.uk/)

Technology Business

SSO and Identity Management:

What we did
Jon Warbrick
University of Cambridge Computing Service
jw35@cam.ac.uk / @jw35

The University
of Cambridge
100+ departments
32 colleges
40,000 users

“A loose afﬁliation
of warring ﬁefdoms”

Handy building blocks
• University Computing Service
• that doesn’t set policy
• User Administration Database
• Raven: Web Authentication system
• including a Shibboleth IdP
• A 2008 UCS trial of Google Apps

What do we want?

A Calendar!
Perhaps other things, later...

General Plan
• Google Apps for Education
• but just Calendar
• Use cam.ac.uk domain
• Web SSO using Raven
• Automatically available to everyone
• Minimum ongoing staff involvement
• Rollout September, for October, 2010

Web authentication
SAML SSO
service

gAuth

gAuth

• Based on Google example Java SAML code
• SAML, but not Shibboleth
• Java Webapp, runs in Tomcat
• Also displays T&Cs page, and email
reminder ﬁrst time through
• And some other things ...

Account creation

gAuth

Provisioning
API

Account management
gAuth
Raven feed
User admin.
database
reconcile- reconcile-
admin google

Status: Google
•[Unknown]
•Current
•Blacklisted
•Cancelled
•[Deleted]

Implementation

• gAuth: Java webapp in Tomcat
• Batch processing: Java run by cron (!)
• (Live/stanby) pair of VMs on Xen cluster
• Local Postgress database; Slony1 replication
• Manual service address transition

Deployed October 2010
Number of Accounts

http://www-uxsup.csx.cam.ac.uk/~jw35/google-usage/

Deployed October 2010
Unique users per day

http://www-uxsup.csx.cam.ac.uk/~jw35/google-usage/

Plain sailing?
• Pre-existing cam.ac.uk domain
• Conﬂicting accounts
• ‘g’ ‘o’ ‘o’ ‘g’ ‘l’ ‘e’ not allowed in domain
names
• iPhones
• Support. Don’t forget the support

Any questions?
Jon Warbrick
University of Cambridge Computing Service
jw35@cam.ac.uk / @jw35

The document discusses Selendroid, a tool for automating tests on mobile web and native Android applications. It begins with an overview of Selenium and the need for mobile test automation. Selendroid is introduced as an open source tool that allows controlling Android devices and applications using the WebDriver protocol. It supports testing native and hybrid mobile applications as well as mobile web. Key features highlighted include compatibility with the JSON wire protocol, no app modification requirement, and support for gestures, grid infrastructure and an inspector tool.

Web performance testing with web driver

Michael Klepikov

This document discusses integrating web performance testing into WebDriver by leveraging the WebDriver API. It proposes adding logging capabilities to WebDriver to collect performance metrics during tests without needing to integrate separate testing systems. This would allow performance data to be collected as a natural part of functional tests, improving the developer experience. The document includes examples of how to enable logging in WebDriver and access the performance log data after a test.

R2DBC - Good Enough for Production?

Olexandra Dmytrenko

Lotusphere 2007 AD401 LEVERAGING AJAX FRAMEWORKS TO BUILD IBM LOTUS DOMINO WE...

dominion

This document discusses leveraging Ajax frameworks like Dojo to build IBM Lotus Domino web applications. It introduces Ajax, how it allows asynchronous data loading to improve performance and the user experience over traditional full-page loads. It also covers using JSON with Domino views to asynchronously load view data without reloading the entire page. The document recommends Dojo as an Ajax framework that can be used to build Ajax capabilities into Domino web apps for better user interfaces and performance.

JavaScript innovaties: ECMAScript 6 & 7

Rick Beerendonk

[Dutch] In juni is ECMAScript 6 definitief. Laten we alle vernieuwingen eens op een rij zetten middels sprekende voorbeelden en demos: Scope, const, destructuring, arrow functions, map, set, modules, classes, etc. Tevens behandelen we mogelijkheden om ECMAScript 6 code om te zetten naar versie 5, zodat de code ook uitvoerbaar is in oudere omgevingen. ES6 browser ondersteuning in bijvoorbeeld Windows 10’s Internet Explorer is er al gedeeltelijk, maar vereisen soms wat extra instellingen. We behandelen welke. Ook de Visual Studio ondersteuning wordt bekeken. Tot slot een vooruitblik op ECMAScript 7.

Testing Single Page Webapp

Akshay Mathur

This document provides an overview and agenda for a session on testing single-page web applications. It introduces the concepts of traditional and modern web applications, and how they differ in terms of page construction and the challenges they pose for testing. It then discusses technologies like Node.js, headless browsers, CasperJS and Splinter that help enable testing of dynamic DOM in single-page apps from outside the browser or without opening the browser. The agenda involves demonstrating how to test a UI using these tools by invoking tests from the Python console or command line.

Next Generation Web Development Techniques with Cloud Foundry

Malachi Smith

Building solutions with the SharePoint Framework - introduction

Waldek Mastykarz

Мы предлагаем курс из 2 лекций по React: - Первая лекция: React Basics - Вторая лекция: Dive into React На первой лекции мы расскажем, что такое React и его плюсы/минусы по отношению к другим решениям. Второй вебинар, более практический, опишет, как писать приложения с использованием библиотеки React.

Building solutions with the SharePoint Framework - deep-dive

Waldek Mastykarz

The Dark Side of Single Page Applications

Dor Kalev

Deep Dive building solutions on the SharePoint Framework - SPS Brussels 2016

Waldek Mastykarz

Life of a startup - Sjoerd Mulder - Codemotion Amsterdam 2017

Codemotion

Building a minimum viable product in 3 months is easy. Scaling it towards a reactive system that can handle thousands of requests per second and deploying new versions without causing a denial of service is another challenge. Find out how at Crobox we scaled from a single machine (and point of failures) towards the high-available server cluster we are now running. On this journey you can also learn how we solved challenges with monitoring, logging and deployments.

Introduction to ajax

Pihu Goel

This document provides an introduction to AJAX (Asynchronous JavaScript and XML). It defines AJAX as a set of web development techniques using technologies like JavaScript, XML, HTML and CSS to create asynchronous web applications. AJAX allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes, without reloading the entire page. This is done using the XMLHttpRequest object in JavaScript. The document discusses the basics of how AJAX works, its advantages like improved interactivity and speed, as well as some disadvantages like dependency on JavaScript and security issues.

Increasing performance with Elixir Tasks

Jeffrey Chan

Async js

Alexandr Skachkov

ClojureScript: I can't believe this is JavaScript

Eric Normand

Build Web Applications

Tom Crombez

Web 2.0 & Ajax Basics

Abhishek Nagar

This document discusses Web 2.0 and AJAX technologies. It defines Web 2.0 as focusing on user participation, sharing, and collaboration using technologies like blogs, wikis, and AJAX. AJAX is defined as using asynchronous JavaScript and XML to update parts of a web page asynchronously without reloading the entire page. Examples of popular AJAX applications are given like Gmail and Google Maps. The technologies used in AJAX like XMLHttpRequest are discussed along with the asynchronous request-response process and browser support. Security considerations for both server-side and client-side AJAX applications are also covered.

ColdFusion in Transit action

ColdFusionConference

This document summarizes a presentation given by Theonic Way of Fig Leaf consulting about their work redesigning the Washington Metropolitan Area Transit Authority (WMATA) website. It discusses the background of the current WMATA website, visions and solutions for the new site, and a demo of features like trip planning, alerts and the content management system. The new site uses a ColdFusion, Node.js and CommonSpot CMS architecture to improve responsiveness, integrate APIs and enable content authors.

Overview of AJAX

Roshith S Pai

AJAX allows web pages to asynchronously update parts of a page without reloading the entire page. It uses a combination of XMLHttpRequest objects, JavaScript, DOM, and XML to exchange small amounts of data with a server in the background. This improves speed, usability, and interactivity compared to conventional web pages that reload the full page for any new content. Some examples of sites using AJAX are Google Maps, Gmail, YouTube, and Facebook.

Ajax Patterns : Periodic Refresh & Multi Stage Download

Eshan Mudwel

Periodic refresh and multi-stage download are design patterns for updating content. Periodic refresh checks the server at regular intervals for new information and notifies users. Multi-stage download loads basic functionality initially and additional components in the background over time to improve the user experience for both fast and slow connections. Examples include ESPN scoreboards, Gmail notifications, and Microsoft Start.com.

Advantages and disadvantages of an ajax based client application

Placinta Alin

Ajax is a technique for building interactive web applications where certain parts of a web page are updated without reloading the entire page. The key benefits of Ajax include reducing response times, allowing asynchronous data retrieval and updates, and making web applications feel more like desktop applications. Some common uses of Ajax include autocomplete functions, live searches, and chat applications. While Ajax provides benefits like improved interfaces and responsiveness, it also has disadvantages such as pages being hard to bookmark and search engines not indexing dynamically updated content. Developers must also consider browser compatibility, network latency, and security issues when implementing Ajax.

Ajax Presentation

jrdoane

Ajax allows for asynchronous updating of parts of a web page without reloading the entire page. It was originally defined using XML and JavaScript but no longer requires either. While Ajax can improve functionality and reduce bandwidth usage, it also has drawbacks like not updating browser history and potentially overloading servers. Ajax works best for dynamic content updates on sites like Gmail, Google Maps, and social media sites but should not be relied on exclusively in case JavaScript fails. Developers need backup plans for when Ajax-reliant features do not function properly.

Lagom framework

명주 김

Introduction to ajax

Venkat Pinagadi

Role WP3 roadmapping

Sten Govaerts

This document summarizes the status and next steps for several work packages (WP3) related to the CAM project. It discusses: 1. Testing a remote interwidget communication infrastructure using XMPP with a focus on benchmarking performance and user evaluations. 2. Developing the CAM infrastructure including a relational database, converting data to CAM schemas, and evaluating version 2 of the CAM schema while implementing additional bindings. 3. The CAM dashboard being in an early stage with a focus on implementing more visualizations for evaluation and collecting requirements. 4. Surveying different authentication and authorization solutions like OAuth, OpenID, and Shibboleth with a focus on evaluating OpenID and OAuth and mapping scenarios

The Thick Front-End

Jeff Dickey

The document discusses the need for "thick-client" single-page applications using JavaScript frameworks like AngularJS. It argues that traditional progressive enhancement approaches ruin applications by not taking advantage of modern browser capabilities. Single-page apps have advantages like simple architecture, speed, and keeping state on the client-side. While they have challenges like separate projects and initial loading, there are solutions to issues like SEO. Tooling exists to help with builds, testing, and deployment of front-end code. The overall message is that browsers are now powerful platforms and application architecture should reflect that.

Google Apps @ Cambridge - What we did

Jon Warbrick

Google Apps was deployed at the University of Cambridge to provide calendar functionality to over 40,000 users across 100 departments and 32 colleges. A Java-based single sign-on application called gAuth was created to integrate Google authentication with the University's existing Raven authentication system. While rollout went smoothly, ongoing issues included conflicting accounts and support responsibilities. Usage grew steadily, with unique daily and monthly users increasing since the October 2010 launch.

Android lessons you won't learn in school

Michael Galpin

This document discusses several lessons about Android development that are not typically covered in school. It covers architectural changes in Android over time, security best practices, techniques for logging user activity and crash reports, strategies for building hybrid mobile-web applications, considerations for creating mobile SDKs, and approaches for testing Android apps on multiple device configurations.

What's hot

Writing Scalable React Applications: Introduction

Klika Tech, Inc

Building solutions with the SharePoint Framework - deep-dive

Waldek Mastykarz

The Dark Side of Single Page Applications

Dor Kalev

Deep Dive building solutions on the SharePoint Framework - SPS Brussels 2016

Waldek Mastykarz

Life of a startup - Sjoerd Mulder - Codemotion Amsterdam 2017

Codemotion

Introduction to ajax

Pihu Goel

Increasing performance with Elixir Tasks

Jeffrey Chan

Async js

Alexandr Skachkov

ClojureScript: I can't believe this is JavaScript

Eric Normand

Build Web Applications

Tom Crombez

Web 2.0 & Ajax Basics

Abhishek Nagar

ColdFusion in Transit action

ColdFusionConference

Overview of AJAX

Roshith S Pai

Ajax Patterns : Periodic Refresh & Multi Stage Download

Eshan Mudwel

Advantages and disadvantages of an ajax based client application

Ajax Presentation

Lagom framework

Introduction to ajax

Role WP3 roadmapping

The Thick Front-End

What's hot (20)

Writing Scalable React Applications: Introduction

Building solutions with the SharePoint Framework - deep-dive

The Dark Side of Single Page Applications

Deep Dive building solutions on the SharePoint Framework - SPS Brussels 2016

Life of a startup - Sjoerd Mulder - Codemotion Amsterdam 2017

Introduction to ajax

Increasing performance with Elixir Tasks

Async js

ClojureScript: I can't believe this is JavaScript

Build Web Applications

Web 2.0 & Ajax Basics

ColdFusion in Transit action

Overview of AJAX

Ajax Patterns : Periodic Refresh & Multi Stage Download

Advantages and disadvantages of an ajax based client application

Ajax Presentation

Lagom framework

Introduction to ajax

Role WP3 roadmapping

The Thick Front-End

Similar to Google Apps - SSO and Identity Management at the University of Cambridge

Google Apps @ Cambridge - What we did

Jon Warbrick

Android lessons you won't learn in school

Michael Galpin

Devfest09 App Engine Java

Chris Schalk

Web service的自动化测试 soap ui的介绍

bqconf

The document discusses web services and testing tools. It defines web services as using XML and HTTP to allow applications to communicate over the web. SOAP is a messaging protocol that uses XML for exchanging information between systems. soapUI is a tool for testing web services, allowing users to test SOAP and REST services and simulate requests. It supports testing of services, mocking services for testing, and testing of integrations, security, and governance.

Azure and web sites hackaton deck

Alexey Bokov

This document discusses cloud computing and Microsoft Azure. It provides an overview of what a cloud is and statistics on the growth of cloud adoption over time. It then discusses Microsoft Azure's global presence and growth metrics. Examples are given of companies using Azure, including their objectives, tactics and results. Key features of Azure Websites are outlined. Traffic Manager and its use for load balancing and disaster recovery are explained. Finally, some tasks for a hackathon on Azure are proposed.

DEFCON 23 - Nadeem Douba - Using WebKit to Own the Web

Felipe Prado

Nadeem Douba presents BurpKit, a tool that integrates the WebKit rendering engine with Burp Suite to provide modern browser capabilities for web penetration testing. BurpKit allows security tools to parse and interpret JavaScript, dynamically render content, and interact with the DOM. It was implemented using JavaFX's WebView and bridges between Burp Suite and WebKit. Demostrations show the GUI, DOM interaction capabilities, and integration with Burp Suite extensions. The conclusion encourages contributions to make BurpKit the standard for evolving security tools to match the modern web.

DEFCON-23-Nadeem-Douba-BurpKit

Nadeem Douba

Nadeem Douba presents BurpKit, a tool that integrates the WebKit rendering engine with Burp Suite to allow security tools to dynamically render and interact with web pages like modern browsers. BurpKit uses JavaFX's implementation of WebKit to provide a real-time rendering tab in Burp Suite that supports JavaScript. It also includes a bidirectional bridge between Burp Suite and WebKit to allow interaction with the DOM. Demos show features like DOM manipulation, XSS tracking, and Burp extensions. The goal of BurpKit is to evolve security tools to keep up with the increasing complexity of web applications.

In-house web automation?

Adam Christian

This document discusses various tools and approaches for automating web application testing. It covers infrastructure options like using boxes, VMs, and cloud services. It also discusses frameworks for test automation including Windmill, Selenium, WatiR, and others. The document provides examples of continuous integration tools like Hudson and ways to approach test coverage, maintenance of the automation environment, and expanding the infrastructure over time. It emphasizes that test automation can help development and QA teams while increasing reliability.

Developing in the Cloud

Ryan Cuprak

Configuring and maintaining a continuous integration environment is quite a bit of work. It requires ongoing resources both in terms of manpower and hardware infrastructure. As an application evolves so does the number of ongoing projects. The challenge is creating a scalable continuous integration environment which does not impede development and can handle the complexities of Java EE testing. This session covers how to setup and configure a cloud-based continuous integration environment for Java EE applications. The presentation will focus on demonstrating how to use Atlassian Bamboo running on AWS to build and test a Maven/Gradle Java EE project that uses Arquillian for testing. Topics that will be covered include creating a custom AWS VM for use with Bamboo, creating an Amazon VPC (Virtual Private Cloud) along with test database using Amazon RDS. The presentation will delve into the specifics of testing EJBs, WebSocket endpoints, RESTful web services, as well as performing load testing in this environment. Security, cost control, and build monitoring will be covered as well.

Streams API (Web Engines Hackfest 2015)

Igalia

The document discusses streams API, which enables asynchronous I/O processing by reading and writing data chunks. It can pipe data between streams and supports automatic transformations. The spec defines ReadableStream, WritableStream, and TransformStream interfaces. It is useful for tasks like loading video segments or sending messages over websockets. The implementation in browsers uses JavaScript builtins tied to WebIDL to define the API in a maintainable and performant way while avoiding memory issues, though it requires care around security.

Extending GWT

isurusndr

GWT is a free and open source framework that allows developers to create complex JavaScript front-end applications using Java. It handles cross-browser issues and supports features like OOP designs, reusable UI components, localization, and mixing native JavaScript with Java code. GWT provides UiBinder for binding UI components using an HTML-like markup language at compile time. Alternatively, some companies define UI bindings at runtime using XML defined at the server-side with component definitions in XSDs and dynamically generated factory classes. The document provides examples of defining a sample UI component and binding.

Getting Started with Serverless Architectures

Amazon Web Services

Serverless architectures let you build and deploy applications and services with infrastructure resources that require zero administration. In the past, you had to provision and scale servers to run your application code, install and operate distributed databases, and build and run custom software to handle API requests. Now, AWS provides a stack of scalable, fully-managed services that eliminates these operational complexities. In this session, you will learn about the benefits of serverless architectures and the basics of the serverless stack AWS provides. We will also walk through how you can use serverless architectures for everything from data processing to mobile and web backends. AWS DevDay San Francisco, June 21, 2016. Presenter: Jeremy Edberg, Co-Founder, CloudNative, & AWS Community Hero

JavaScript in Universal Windows Platform apps

Timmy Kokke

Google web toolkit gwt training

FuturePoint Technologies

This document outlines the topics covered in a comprehensive Google Web Toolkit (GWT) training course. The course introduces Ajax concepts and the GWT framework. It covers organizing GWT projects, using GWT with Java, building user interfaces, handling events, and advanced UI topics. The course also addresses server-side considerations like making RPC calls and deploying applications. Additional topics include GWT utilities, history/bookmarks, JSON, JavaScript integration, performance best practices, and developing custom widgets. The goal is for students to learn how to use GWT to build Ajax applications that address challenges like connectivity and performance. The training provider, Futurepointtech, offers various technical courses and can be contacted for more information.

Capybara-Webkit

bostonrb

This document discusses capybara-webkit, a tool for testing JavaScript in Ruby applications. It allows testing JavaScript functionality in a headless browser without many of the downsides of Selenium, like being slow. Capybara-webkit uses the WebKit rendering engine and is much faster than alternatives like rack-test or Selenium. It provides output from console.log statements and detects JavaScript errors. The document covers how to set up capybara-webkit, its advantages over other options, and some limitations like its dependency on Qt.

Ajax

baabtra.com - No. 1 supplier of quality freshers

This document provides an overview of AJAX (Asynchronous JavaScript and XML) including what it is, how it works, advantages, and examples of companies that use it. AJAX allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes, improving interactivity and performance. It uses a combination of technologies including JavaScript, XML, and server-side solutions. AJAX aims to reduce page reloads and bandwidth usage by updating only parts of a page as needed.

Modern websites in 2020 and Joomla

George Wilson

George Wilson presented on modern cloud architecture and automation for websites built with content management systems like Joomla. He demonstrated how to automate the deployment of a Joomla site on AWS using just 7 commands and a configuration file. This included uploading the code, creating the application version, and provisioning the environment. Wilson discussed the rise of using CLIs and APIs to manage websites and their content programmatically. Documenting APIs with OpenAPI/Swagger was presented as a best practice. While these techniques may not apply to all Joomla sites, Wilson argued they are relevant for many sites in Joomla's target markets that prioritize agility and automation.

jQuery On Rails

Jonathan Sharp

The document discusses using jQuery to create a consistent user experience across multiple server-side frameworks. It describes challenges like supporting different technologies, integrating enterprise data, and providing low-cost upgrades. The solution presented uses jQuery and semantic HTML markup to define reusable UI components. These components can then be rendered and initialized on page load to transform the DOM and add interactivity. The approach aims to improve productivity by enabling rapid prototyping of the UI and easy integration of backend enterprise data services.

Devfest09 Cschalk Gwt

Chris Schalk

GWT HJUG Presentation

Derrick Bowen

Similar to Google Apps - SSO and Identity Management at the University of Cambridge (20)

Google Apps @ Cambridge - What we did

Android lessons you won't learn in school

Devfest09 App Engine Java

Web service的自动化测试 soap ui的介绍

Azure and web sites hackaton deck

DEFCON 23 - Nadeem Douba - Using WebKit to Own the Web

DEFCON-23-Nadeem-Douba-BurpKit

In-house web automation?

Developing in the Cloud

Streams API (Web Engines Hackfest 2015)

Extending GWT

Getting Started with Serverless Architectures

JavaScript in Universal Windows Platform apps

Google web toolkit gwt training

Capybara-Webkit

Ajax

Modern websites in 2020 and Joomla

jQuery On Rails

Devfest09 Cschalk Gwt

GWT HJUG Presentation

More from Jon Warbrick

Dunbar's Number, and what it means to the UIS

Jon Warbrick

The 'New [University of Cambridge] Map

Jon Warbrick

This document discusses the "New" University Map created by Jon Warbrick at the University of Cambridge. It provides links to the map website and overview information. The map uses OpenStreetMap data and can be rendered through APIs for OpenLayers, Leaflet, and Google Maps. The document requests that any uses of the map data credit OpenStreetMap and the University Computing Service and provide feedback on errors or other issues.

Syndicated content on your web pages

Jon Warbrick

This document discusses the challenges of syndicating third-party content on web pages. It covers potential issues with fetching content from other sites, including slow load times, server loads, and failures. It also addresses problems interpreting content due to encoding issues and rendering HTML tags. Finally, it examines security risks of promiscuously including third-party JavaScript that could take control of a page. The document emphasizes the complexity of safely syndicating external content.

Lessons fro IPv6 day, 2011

Jon Warbrick

IPv6 day in 2011 was a global trial of the new Internet Protocol IPv6. Major websites participated to demonstrate preparedness for increased Internet growth. The University of Cambridge participated and found that IPv6 requests were low level at around 1-3% for most services. Tunnels like 6to4 caused some issues as they allowed addresses not on the local network. The event concluded that IPv6 day was essentially a non-event, and therefore a success, demonstrating readiness for the full transition.

An introduction to Version Control Systems

Jon Warbrick

Version control systems allow users to track changes to documents and code over time, maintain revision histories, and collaborate on projects. They provide features like check-outs that allow editing working copies, commits to save changes to repositories, diffs to view differences between versions, and merging of changes from multiple branches. Version control is well-suited for software source code management and collaborative work, but not as effective for tasks like bug tracking or large media files.

Lessons from IPv6 Day

Jon Warbrick

On June 8, 2011, many major websites and internet service providers participated in a global trial of IPv6 to demonstrate readiness for the new internet protocol. The trial showed that major sites could support IPv6, enabling continued growth of the internet. However, the document also notes challenges observed during the trial, such as issues with automatic configuration, firewalls not recognizing IPv6 addresses, and problems with tunneling techniques used to allow IPv6 connectivity over IPv4 networks.

(Why) Passwords don't work

Jon Warbrick

Web Authenication with Shibboleth - a view from the Flat East

Jon Warbrick

This document provides an overview of web authentication with Shibboleth. It discusses how traditionally each website had its own user authentication, but organization-wide single sign-on systems like university portals provided a solution. However, these were not suitable for accessing resources outside the organization. Shibboleth was designed as an open standard web authentication system that supports multiple identity providers, inter-organization use, privacy, anonymity, and multiple attributes. The document outlines some common misconceptions about Shibboleth and provides examples of how it can be used for e-journals, standard web plugins, and authorization decisions.

State of the Raven

Jon Warbrick

More from Jon Warbrick (9)

Dunbar's Number, and what it means to the UIS

The 'New [University of Cambridge] Map

Syndicated content on your web pages

Lessons fro IPv6 day, 2011

An introduction to Version Control Systems

Lessons from IPv6 Day

(Why) Passwords don't work

Web Authenication with Shibboleth - a view from the Flat East

State of the Raven

Recently uploaded

PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx

christinelarrosa

Christine's Product Research Presentation.pptx

christinelarrosa

Dandelion Hashtable: beyond billion requests per second on a commodity server

Antonios Katsarakis

This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).

JavaLand 2024: Application Development Green Masterplan

Miro Wengner

"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk

Fwdays

At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience

Y-Combinator seed pitch deck template PP

c5vrf27qcz

Containers & AI - Beauty and the Beast!?!

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real. Keywords: AI, Containeres, Kubernetes, Cloud Native Event Link: https://meine.doag.org/events/cloudland/2024/agenda/#agendaId.4211

"$10 thousand per minute of downtime: architecture, queues, streaming and fin...

Fwdays

Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless. As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency. We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.

Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians

Neo4j

inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill

LizaNolte

HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable. In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed: Key Takeaways: Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement. Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers. Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.

The Microsoft 365 Migration Tutorial For Beginner.pptx

operationspcvita

Leveraging the Graph for Clinical Trials and Standards

Neo4j

AppSec PNW: Android and iOS Application Security with MobSF

Ajin Abraham

Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application. This talk covers: Using MobSF for static analysis of mobile applications. Interactive dynamic security assessment of Android and iOS applications. Solving Mobile app CTF challenges. Reverse engineering and runtime analysis of Mobile malware. How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.

"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba

Fwdays

This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application. In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy. We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.

Essentials of Automations: Exploring Attributes & Automation Parameters

Safe Software

Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they? Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality. You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.

"Choosing proper type of scaling", Olena Syrota

Fwdays

Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf

leebarnesutopia

So… you want to become a Test Automation Engineer (or hire and develop one)? While there’s quite a bit of information available about important technical and tool skills to master, there’s not enough discussion around the path to becoming an effective Test Automation Engineer that knows how to add VALUE. In my experience this had led to a proliferation of engineers who are proficient with tools and building frameworks but have skill and knowledge gaps, especially in software testing, that reduce the value they deliver with test automation. In this talk, Lee will share his lessons learned from over 30 years of working with, and mentoring, hundreds of Test Automation Engineers. Whether you’re looking to get started in test automation or just want to improve your trade, this talk will give you a solid foundation and roadmap for ensuring your test automation efforts continuously add value. This talk is equally valuable for both aspiring Test Automation Engineers and those managing them! All attendees will take away a set of key foundational knowledge and a high-level learning path for leveling up test automation skills and ensuring they add value to their organizations.

AI in the Workplace Reskilling, Upskilling, and Future Work.pptx

Sunil Jagani

ScyllaDB Tablets: Rethinking Replication

ScyllaDB

ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.

"What does it really mean for your system to be available, or how to define w...

Fwdays

Recently uploaded (20)

PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx

Christine's Product Research Presentation.pptx

Dandelion Hashtable: beyond billion requests per second on a commodity server

JavaLand 2024: Application Development Green Masterplan

"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor Ivaniuk

Y-Combinator seed pitch deck template PP

Containers & AI - Beauty and the Beast!?!

"$10 thousand per minute of downtime: architecture, queues, streaming and fin...

Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians

inQuba Webinar Mastering Customer Journey Management with Dr Graham Hill

The Microsoft 365 Migration Tutorial For Beginner.pptx

Leveraging the Graph for Clinical Trials and Standards

AppSec PNW: Android and iOS Application Security with MobSF

"NATO Hackathon Winner: AI-Powered Drug Search", Taras Kloba

Essentials of Automations: Exploring Attributes & Automation Parameters

"Choosing proper type of scaling", Olena Syrota

Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdf

AI in the Workplace Reskilling, Upskilling, and Future Work.pptx

ScyllaDB Tablets: Rethinking Replication

"What does it really mean for your system to be available, or how to define w...

Google Apps - SSO and Identity Management at the University of Cambridge

1. SSO and Identity Management: What we did Jon Warbrick University of Cambridge Computing Service jw35@cam.ac.uk / @jw35

2. The University of Cambridge 100+ departments 32 colleges 40,000 users “A loose afﬁliation of warring ﬁefdoms”

3. Handy building blocks • University Computing Service • that doesn’t set policy • User Administration Database • Raven: Web Authentication system • including a Shibboleth IdP • A 2008 UCS trial of Google Apps

4. What do we want? A Calendar! Perhaps other things, later...

5. General Plan • Google Apps for Education • but just Calendar • Use cam.ac.uk domain • Web SSO using Raven • Automatically available to everyone • Minimum ongoing staff involvement • Rollout September, for October, 2010

6. Web authentication

7. Web authentication

8. Web authentication SAML SSO service gAuth

9. Web authentication SAML SSO service gAuth

10. Web authentication SAML SSO service gAuth

11. gAuth • Based on Google example Java SAML code • SAML, but not Shibboleth • Java Webapp, runs in Tomcat • Also displays T&Cs page, and email reminder ﬁrst time through • And some other things ...

12. Account creation gAuth

13. Account creation gAuth

14. Account creation gAuth Provisioning API

15. Account creation gAuth Provisioning API

16. Non-web authentication

17. Non-web authentication

18. Account management gAuth Raven feed User admin. database reconcile- reconcile- admin google Status: Google •[Unknown] •Current •Blacklisted •Cancelled •[Deleted]

19. Implementation • gAuth: Java webapp in Tomcat • Batch processing: Java run by cron (!) • (Live/stanby) pair of VMs on Xen cluster • Local Postgress database; Slony1 replication • Manual service address transition

20. Deployed October 2010 Number of Accounts http://www-uxsup.csx.cam.ac.uk/~jw35/google-usage/

21. Deployed October 2010 Unique users per day http://www-uxsup.csx.cam.ac.uk/~jw35/google-usage/

22. Plain sailing? • Pre-existing cam.ac.uk domain • Conﬂicting accounts • ‘g’ ‘o’ ‘o’ ‘g’ ‘l’ ‘e’ not allowed in domain names • iPhones • Support. Don’t forget the support

23. Any questions?

24. Any questions? Jon Warbrick University of Cambridge Computing Service jw35@cam.ac.uk / @jw35

Editor's Notes

Introduce self\nQuestions welcome as-and-when\nA SSO and IdM case study. About May->September 2010\n
University of Cambridge is an unusual place - some of this may not apply to you\n
We do have some useful building blocks\nNote that we didn&#x2019;t use Shib (will explain why later)\n
Have e-mail, websites\nDon&#x2019;t have Docs equivalent, or chat, but don&#x2019;t have any demand either\nDo have demand for a calendar - go for that as &#x2018;extended pilot&#x2019;\n
Use of cam.ac.uk domain a nod to possible future gmail\n
ANNIMATION\ngAuth is an &#x2018;invisible&#x2019; service, hence dotted outline\nAll this is &#x2018;old&#x2019; hat&#x2019; web redirection authentication\nMost of this is invisible to users\n
ANNIMATION\ngAuth is an &#x2018;invisible&#x2019; service, hence dotted outline\nAll this is &#x2018;old&#x2019; hat&#x2019; web redirection authentication\nMost of this is invisible to users\n
ANNIMATION\ngAuth is an &#x2018;invisible&#x2019; service, hence dotted outline\nAll this is &#x2018;old&#x2019; hat&#x2019; web redirection authentication\nMost of this is invisible to users\n
ANNIMATION\ngAuth is an &#x2018;invisible&#x2019; service, hence dotted outline\nAll this is &#x2018;old&#x2019; hat&#x2019; web redirection authentication\nMost of this is invisible to users\n
ANNIMATION\ngAuth is an &#x2018;invisible&#x2019; service, hence dotted outline\nAll this is &#x2018;old&#x2019; hat&#x2019; web redirection authentication\nMost of this is invisible to users\n
ANNIMATION\ngAuth is an &#x2018;invisible&#x2019; service, hence dotted outline\nAll this is &#x2018;old&#x2019; hat&#x2019; web redirection authentication\nMost of this is invisible to users\n
ANNIMATION\ngAuth is an &#x2018;invisible&#x2019; service, hence dotted outline\nAll this is &#x2018;old&#x2019; hat&#x2019; web redirection authentication\nMost of this is invisible to users\n
ANNIMATION\ngAuth is an &#x2018;invisible&#x2019; service, hence dotted outline\nAll this is &#x2018;old&#x2019; hat&#x2019; web redirection authentication\nMost of this is invisible to users\n
Google code now marked &#x2018;deprecated&#x2019;, but what we used earlier\nDidn&#x2019;t use Raven Shib because a) still 1.3; and b) needs &#x2018;special&#x2019; config; and c)wanted to do other things\nHaving our T&Cs was useful for DPA etc. compliance\n\n
ANNIMATION\nOn the way back through gAuth, having worked out who we have\nCreate if doesn&#x2019;t exits, update else\nCreate seems to work reliabably (slightly to my surprise!) \nJava version of API, to integrate with gAuth SSO code\n\n
ANNIMATION\nOn the way back through gAuth, having worked out who we have\nCreate if doesn&#x2019;t exits, update else\nCreate seems to work reliabably (slightly to my surprise!) \nJava version of API, to integrate with gAuth SSO code\n\n
ANNIMATION\nOn the way back through gAuth, having worked out who we have\nCreate if doesn&#x2019;t exits, update else\nCreate seems to work reliabably (slightly to my surprise!) \nJava version of API, to integrate with gAuth SSO code\n\n
ANNIMATION\nOn the way back through gAuth, having worked out who we have\nCreate if doesn&#x2019;t exits, update else\nCreate seems to work reliabably (slightly to my surprise!) \nJava version of API, to integrate with gAuth SSO code\n\n
ANNIMATION\nOn the way back through gAuth, having worked out who we have\nCreate if doesn&#x2019;t exits, update else\nCreate seems to work reliabably (slightly to my surprise!) \nJava version of API, to integrate with gAuth SSO code\n\n
ANNIMATION\nOn the way back through gAuth, having worked out who we have\nCreate if doesn&#x2019;t exits, update else\nCreate seems to work reliabably (slightly to my surprise!) \nJava version of API, to integrate with gAuth SSO code\n\n
ANNIMATION\nOn the way back through gAuth, having worked out who we have\nCreate if doesn&#x2019;t exits, update else\nCreate seems to work reliabably (slightly to my surprise!) \nJava version of API, to integrate with gAuth SSO code\n\n
ANNIMATION\nOn the way back through gAuth, having worked out who we have\nCreate if doesn&#x2019;t exits, update else\nCreate seems to work reliabably (slightly to my surprise!) \nJava version of API, to integrate with gAuth SSO code\n\n
ANIMATION\nAlso wanted/needed to support non-Web access\nVery like &#x2018;application-specific passwords&#x2019; in new Two-step verification\nBorrowed &#x2018;Token&#x2019; idea from eduroam - always retrievable\n
ANIMATION\nAlso wanted/needed to support non-Web access\nVery like &#x2018;application-specific passwords&#x2019; in new Two-step verification\nBorrowed &#x2018;Token&#x2019; idea from eduroam - always retrievable\n
Need to clean up departed users (DPA if nothing else)\n Except our users tend to come back!\nLoss of Raven not good enough --> because of Token\nForced into gAuth database to store retrievable token \nMain gAuth code also enforces consistency\n\n
Not Heartbeat because of Slony issues\n
\n
Max ~400 users/week, ~750/month\nNote Saturday/Sunday\n
cam.ac.uk was &#x2018;Comunity Managed&#x2019; edition\n a problem because a) users might have left; and b) included Docs/Sites\n couldn&#x2019;t check departed users till agreement signed\nMore conflicting accounts than expected\n User confusion, + Calendar restriction\nWanted to use google.cam.ac.uk to allow for mslive.cam.ac.uk. Couldn&#x2019;t.\nStill some re-authentication problems on iPhone. Caching?\nDon&#x2019;t under-estimate the support cost, if you provide support\n
\n

Google Apps - SSO and Identity Management at the University of Cambridge

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Google Apps - SSO and Identity Management at the University of Cambridge

Similar to Google Apps - SSO and Identity Management at the University of Cambridge (20)

More from Jon Warbrick

More from Jon Warbrick (9)

Recently uploaded

Recently uploaded (20)

Google Apps - SSO and Identity Management at the University of Cambridge

Editor's Notes