A scalable server architecture for mobile presence servicesSree Chinni
In this we propose an efficient and scalable server architecture, called Presence Cloud, which enables mobile presence services to support large-scale social network applications. When a mobile user joins a network, Presence Cloud searches for the presence of his/her friends and notifies them arrival.
SaaS as a Security Hazard - Google Apps Security ExampleNewvewm
As the borderline between a web site and an application blurs, so does the division between the enterprise IT and the internet. More and more enterprises adapt core applications which are provided as a service over the Internet. Until recently those where limited to vertical applications such as salesforce.com for sales automation and monster.com for recruiting, both of which have already suffered major security issues that compromises customer data. Google software push has led to enterprise adaption of general purpose cloud services including office tools, mail and knowledge management, which presents an entirely new risk level. In this presentation we will discuss the security risks of SaaS (Software as a service) and review past incidents on such services. We will than dissect the security implications of using Google Apps as an example for a SaaS and create a checklist of things to examine in a SaaS offering before subscribing to ensure that it provides sufficient security. Lastly we will discuss the solutions offered by Google as well as 3rd party solutions.
Moving to the cloud might sound like a challenge but it’s an opportunity to make existing business processes more agile and innovative. Taking the help of cloud migration service providers makes it easier.
For example, at Flentas we have a team of certified AWS consultants, who can understand your current infrastructure landscape, application architecture and help you plan, design, and execute a cloud migration strategy for better scale.
A scalable server architecture for mobile presence servicesSree Chinni
In this we propose an efficient and scalable server architecture, called Presence Cloud, which enables mobile presence services to support large-scale social network applications. When a mobile user joins a network, Presence Cloud searches for the presence of his/her friends and notifies them arrival.
SaaS as a Security Hazard - Google Apps Security ExampleNewvewm
As the borderline between a web site and an application blurs, so does the division between the enterprise IT and the internet. More and more enterprises adapt core applications which are provided as a service over the Internet. Until recently those where limited to vertical applications such as salesforce.com for sales automation and monster.com for recruiting, both of which have already suffered major security issues that compromises customer data. Google software push has led to enterprise adaption of general purpose cloud services including office tools, mail and knowledge management, which presents an entirely new risk level. In this presentation we will discuss the security risks of SaaS (Software as a service) and review past incidents on such services. We will than dissect the security implications of using Google Apps as an example for a SaaS and create a checklist of things to examine in a SaaS offering before subscribing to ensure that it provides sufficient security. Lastly we will discuss the solutions offered by Google as well as 3rd party solutions.
Moving to the cloud might sound like a challenge but it’s an opportunity to make existing business processes more agile and innovative. Taking the help of cloud migration service providers makes it easier.
For example, at Flentas we have a team of certified AWS consultants, who can understand your current infrastructure landscape, application architecture and help you plan, design, and execute a cloud migration strategy for better scale.
Cedar Day 2018 - Integrating PeopleSoft Payroll - Alex LightstoneCedar Consulting
Companies are increasingly adopting Cloud applications for their core HR operations. However, some clients are choosing to have retain PeopleSoft for payroll processing, either as an on-premises implementation or running on a Cloud infrastructure platform (IaaS / PaaS).
In this session, we will look at the reasons behind those decisions, the benefits gained and the options available for interfacing to PeopleSoft and how this was implemented.
Schema-based multi-tenant architecture using Quarkus & Hibernate-ORM.pdfseo18
Architecture design is a must while developing a SaaS application to ensure its scalability and optimising infrastructure costs. In this blog, Lets discuss the implementation of one such architecture with Quarkus java framework and Hibernate ORM
IEEE 2015 - 2016 | Combining Efficiency, Fidelity, and Flexibility in Resource...1crore projects
1 CRORE PROJECTS
chennai | kumbakonam
offers (2015-2016) M.E, BE, M. Tech, B. Tech, PhD, MCA, BCA, MSC & MBA projects and also a real time application projects.
Final Year Projects for BE, B. Tech - ECE, EEE, CSE, IT, MCA, ME, M. Tech, M SC (IT), BCA, BSC and MBA.
Project support:-
1.Abstract, Diagrams, Review Details, Relevant Materials, Presentation,
2.Supporting Documents, Software E-Books,
3.Software Development Standards & Procedure
4.E-Book, Theory Classes, Lab Working programs, Project design & Implementation
online support :
For other districts and states
1.we will help in skype and teamviewer support for project
For further details feel free to call us:
1 CRORE PROJECTS ,Door No: 214/215,2nd Floor, No. 172, Raahat Plaza, (Shopping Mall), Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026.
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536 / +91 77081 50152
Espresso: LinkedIn's Distributed Data Serving Platform (Paper)Amy W. Tang
This paper, written by the LinkedIn Espresso Team, appeared at the ACM SIGMOD/PODS Conference (June 2013). To see the talk given by Swaroop Jagadish (Staff Software Engineer @ LinkedIn), go here:
http://www.slideshare.net/amywtang/li-espresso-sigmodtalk
Sigmod 2013 - On Brewing Fresh Espresso - LinkedIn's Distributed Data Serving...Mihir Gandhi
Espresso is a document-oriented distributed data serving platform that has been built to address LinkedIn’s requirements for a scalable, performant, source-of-truth primary
store. It provides a hierarchical document model, transac-
tional support for modifications to related documents, real-
time secondary indexing, on-the-fly schema evolution and
provides a timeline consistent change capture stream. This
paper describes the motivation and design principles involved
in building Espresso, the data model and capabilities ex-
posed to clients, details of the replication and secondary
indexing implementation and presents a set of experimen-
tal results that characterize the performance of the system
along various dimensions.
It’s impossible to overlook system design when it comes to tech interviews. In this article, we've covered the most frequently asked System Design interview questions in almost every IT giant.
#VirtualDesignMaster 3 Challenge 1 – James Brownvdmchallenge
We are now settled on Mars, and ready to build a more permanentinfrastructure. Keep in mind that power, cooling, and space are extremelyexpensive resources on Mars. In order to save space, we have decidednot to use a traditional FiberChannel infrastructure, meaning there will beno dedicated FiberChannel Switches.
Identity federations play a pivotal role in facilitating easier collaboration and sharing of services around the globe. While the protocols, technology, and best practices of federations and their services are reasonably mature, the adoption and installation of needed tools and services to participate with them can be significantly improved.
A digital divide appears to have developed and is growing between those who are participating and those who want to, but feel they cannot. Pinpointing why this divide exists and how to close the gap is a source of debate but some simple statements can be made:
● Reducing the time to deploy services will help relieve pressure on time and resources for all
● Easier deployment of local components benefits both new participants grappling with the technology adoption curve and existing participants by growing the community
● Embedding best practices and core principles of security and service operation help avoid re-inventing the wheel for new participants as well as help maintain overall quality for the whole community.
Attempting to address this divide has been the work of a number of federation operators and NRENs each at different stages of their plans. This presentation will explore and discuss the various approaches that the NREN community has undertaken and contrast them with how SUNET’s SWAMID and CANARIE’s CAF collaboratively created approach compares. A key component of the approach is to streamline software deployments to support eduroam federated 802.1x authentication using FreeRADIUS and SAML2 federation services using Shibboleth software on a single VM instance. While each service on their own may have been done in the past, combining them in a federation aware context, and simplifying the overall experience is relatively new and revealed a great deal of overlap and efficiencies that could be gained doing so.
The presentation will discuss the various collaboration and decision challenges encountered with implementers in two different federations on two different continents and an eye to other federation’s needs. The implementers feel that design decisions have led to an implementation that is able to be extended to other federations which will also be explored and discussed. Time permitting, a demonstration of the solution deployment process will be shown.
On April 28th, a hands-on workshop was held at BCNet2014 in Vancouver by CANARIE's Canadian Access Federation (CAF) team.
The first part of the workshop explored CAF’s Identity Provider (IdP) Installer tool that automates the installation of FreeRADIUS for eduroam and Shibboleth for Federated SSO. The second part of the workshop will be dedicated to exploring CAF's new Federation Manager, an online tool that enables sites to manage their new or installed Shibboleth IdP installation, and easily manage attributes and enable services.
Cedar Day 2018 - Integrating PeopleSoft Payroll - Alex LightstoneCedar Consulting
Companies are increasingly adopting Cloud applications for their core HR operations. However, some clients are choosing to have retain PeopleSoft for payroll processing, either as an on-premises implementation or running on a Cloud infrastructure platform (IaaS / PaaS).
In this session, we will look at the reasons behind those decisions, the benefits gained and the options available for interfacing to PeopleSoft and how this was implemented.
Schema-based multi-tenant architecture using Quarkus & Hibernate-ORM.pdfseo18
Architecture design is a must while developing a SaaS application to ensure its scalability and optimising infrastructure costs. In this blog, Lets discuss the implementation of one such architecture with Quarkus java framework and Hibernate ORM
IEEE 2015 - 2016 | Combining Efficiency, Fidelity, and Flexibility in Resource...1crore projects
1 CRORE PROJECTS
chennai | kumbakonam
offers (2015-2016) M.E, BE, M. Tech, B. Tech, PhD, MCA, BCA, MSC & MBA projects and also a real time application projects.
Final Year Projects for BE, B. Tech - ECE, EEE, CSE, IT, MCA, ME, M. Tech, M SC (IT), BCA, BSC and MBA.
Project support:-
1.Abstract, Diagrams, Review Details, Relevant Materials, Presentation,
2.Supporting Documents, Software E-Books,
3.Software Development Standards & Procedure
4.E-Book, Theory Classes, Lab Working programs, Project design & Implementation
online support :
For other districts and states
1.we will help in skype and teamviewer support for project
For further details feel free to call us:
1 CRORE PROJECTS ,Door No: 214/215,2nd Floor, No. 172, Raahat Plaza, (Shopping Mall), Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026.
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536 / +91 77081 50152
Espresso: LinkedIn's Distributed Data Serving Platform (Paper)Amy W. Tang
This paper, written by the LinkedIn Espresso Team, appeared at the ACM SIGMOD/PODS Conference (June 2013). To see the talk given by Swaroop Jagadish (Staff Software Engineer @ LinkedIn), go here:
http://www.slideshare.net/amywtang/li-espresso-sigmodtalk
Sigmod 2013 - On Brewing Fresh Espresso - LinkedIn's Distributed Data Serving...Mihir Gandhi
Espresso is a document-oriented distributed data serving platform that has been built to address LinkedIn’s requirements for a scalable, performant, source-of-truth primary
store. It provides a hierarchical document model, transac-
tional support for modifications to related documents, real-
time secondary indexing, on-the-fly schema evolution and
provides a timeline consistent change capture stream. This
paper describes the motivation and design principles involved
in building Espresso, the data model and capabilities ex-
posed to clients, details of the replication and secondary
indexing implementation and presents a set of experimen-
tal results that characterize the performance of the system
along various dimensions.
It’s impossible to overlook system design when it comes to tech interviews. In this article, we've covered the most frequently asked System Design interview questions in almost every IT giant.
#VirtualDesignMaster 3 Challenge 1 – James Brownvdmchallenge
We are now settled on Mars, and ready to build a more permanentinfrastructure. Keep in mind that power, cooling, and space are extremelyexpensive resources on Mars. In order to save space, we have decidednot to use a traditional FiberChannel infrastructure, meaning there will beno dedicated FiberChannel Switches.
Identity federations play a pivotal role in facilitating easier collaboration and sharing of services around the globe. While the protocols, technology, and best practices of federations and their services are reasonably mature, the adoption and installation of needed tools and services to participate with them can be significantly improved.
A digital divide appears to have developed and is growing between those who are participating and those who want to, but feel they cannot. Pinpointing why this divide exists and how to close the gap is a source of debate but some simple statements can be made:
● Reducing the time to deploy services will help relieve pressure on time and resources for all
● Easier deployment of local components benefits both new participants grappling with the technology adoption curve and existing participants by growing the community
● Embedding best practices and core principles of security and service operation help avoid re-inventing the wheel for new participants as well as help maintain overall quality for the whole community.
Attempting to address this divide has been the work of a number of federation operators and NRENs each at different stages of their plans. This presentation will explore and discuss the various approaches that the NREN community has undertaken and contrast them with how SUNET’s SWAMID and CANARIE’s CAF collaboratively created approach compares. A key component of the approach is to streamline software deployments to support eduroam federated 802.1x authentication using FreeRADIUS and SAML2 federation services using Shibboleth software on a single VM instance. While each service on their own may have been done in the past, combining them in a federation aware context, and simplifying the overall experience is relatively new and revealed a great deal of overlap and efficiencies that could be gained doing so.
The presentation will discuss the various collaboration and decision challenges encountered with implementers in two different federations on two different continents and an eye to other federation’s needs. The implementers feel that design decisions have led to an implementation that is able to be extended to other federations which will also be explored and discussed. Time permitting, a demonstration of the solution deployment process will be shown.
On April 28th, a hands-on workshop was held at BCNet2014 in Vancouver by CANARIE's Canadian Access Federation (CAF) team.
The first part of the workshop explored CAF’s Identity Provider (IdP) Installer tool that automates the installation of FreeRADIUS for eduroam and Shibboleth for Federated SSO. The second part of the workshop will be dedicated to exploring CAF's new Federation Manager, an online tool that enables sites to manage their new or installed Shibboleth IdP installation, and easily manage attributes and enable services.
CANARIE operates the Canadian Access Federation, a program with a set of services delivering Federated Single Sign On (FedSSO), and eduroam as services.
This presentation at REFED.org's day at Internet2 identity week is a high level view of what CAF is engaged in and interested in.
Eduroam: A current view of the worldwide serviceChris Phillips
For over 11 years eduroam has been streamlining the mobile user experience and making it easier for researchers and students on the go to collaborate and innovate. With millions of transactions a day across over 60 countries the eduroam approach has scaled and kept abreast of the fast pace of change in ICT and explosive growth in mobile devices. Tapping into the talent pool of the eduroam community has been instrumental to keeping the service relevant and meaningful for the past decade and for more years to come. We'll share how we do this and some of the activities and areas of focus ahead.
CANARIE is the operator for eduroam in Canada and is active both domestically and internationally working on improvements and expanding the reach of eduroam. Our activities are diverse and we would like to update the community with developments in the following areas:
Eduroam operations: The number of eduroam sites in Canada is growing and so is the traffic as more and more mobile users carry multiple devices. Maintaining a high quality experience is important where the ultimate assessment is in the hands of the users. This portion of the presentation will discuss specific areas that we focused on and how they have improved, as well as eduroam traffic patterns and analysis tools.
Helping eduroam sites streamline eduroam configuration using CATS: CAT is short for Configuration Assistant Tool, a centrally managed service tool created by eduroam.org that allows site admins to monitor and remotely test their eduroam site from international locations. It uses federated access (using CAF & eduGAIN) to permit site operators to manage their own site-specific settings, and help streamline eduroam deployment and local support.
Looking to the future: Exploring enhancements to eduroam infrastructure – eduroam has been in service for just over ten years using the same durable RADIUS technology. This portion of the presentation will explore some of the next generation approaches to keep eduroam growing and working even better for the next decade. Topics in this section will be improved ways to interconnect eduroam servers using DNSSEC, as well as DANE cryptographic enhancements for dynamic server discovery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Moonshot Brainstorming Strawman
1. Strawman proposal to use Moonshot for Command Line & Rich Client Sign-on July 7,2011 Chris Phillips –chris.phillips@canarie.ca
2. Goals To model a possible deployment approach To stimulate discussion about: validity & possible gaps problems that this calls out & possible responses scope & scale considerations Costs Install & start Ongoing Receive feedback and adjust as necessary More questions than answers will be raised … 2
3. The Challenge How can a Federation Operator enable federated credentials to sign into non web and rich client infrastructure safely, securely, and reliably? 3
4. Proposed Deployment Can be any computing infrastructure, but HPC site likely candidate Proposed requirements to participate Member of one or more federations trust fabrics (RADIUS &/or SAML) Canada manages both eduroamand Shibso these would be our choices On the target site: Has administrative control over the target to log into (unix box) Has deployed local Moonshot enhancements to said unit (a patched SSHd and Moonshot enhanced GSS libraries) Manages a RADIUS server for their site that is connected to eduroam and is a SAML SP in the Shib Fed. runs Moonshot enhancements Has made necessary configurations in each of the pieces to allow access Has provisioned the necessary information to an acount to permit sign in 4
7. Implementation Questions How does the local environment interact with Moonshot? GSS exposes the data via attribute release from querying it: How does this map to local environment variables? implicit trust that the attributes in those variables are trustworthy & immutable via GSS API call – is this ok? How is the GSS API call secured against a multi-homed multi-user environment? If on same system, can I query for various GSS sessions and walk the users on the system? (doubtful, but want to ask to verify) Assumption is GSS takes care of partitioning users. 7
8. Implementation Questions How do the central components interact with Moonshot? See a need for a formalized schema map to benefit 80% and let 20% extend. Most cost effective is set one standard (based on input) ‘internationally’ with ability to extend Does this style of schema exist elsewhere (e.g. GridShib toolkit?) Various origin datasources are in play so centralized schema in different formats (e.g. 3NF tables for SQL, ldapobjectclass definitions, and SAML profiles would be great to level the playing field. Thoughts on how long/big/worthwhile this is and how repetitive it will be? Thoughts on how elements go from ‘core’ from the extensions? (aka Governance?) 8
9. Total Cost of Ownership How will the account provisioning and maintenance work? Representing a federated cred in a remote environment…how? How will the policy decision on access work? If at the ‘edge’ or end points, need a way to manage mass deployment (>1000’s of systems – think EC2) OR centralize this somehow Need to harmonize the way to deal with schema and consistent view of data across RADIUS & SAML & DB & LDAP…thoughts? Complex is ok, as long as automation can prevail, but what skills will be required to keep the lights on for this software ecosystem? 9
10. Possible Limitations RADIUS attribute passing is limited to 253 bytes per attribute My understanding is that Moonshot takes care of packing/unpacking long attributes over RADIUS protocol Not an issue, but as a more rich attribute definition is built out, there could be large profiles (think XML & x509 certs BASE64’d into this) which may suffer over RADIUS’ UDP. Should we be concerned? 10