Api Gateway - What's the use of an api gateway?inovia
Slide made for the meetup microservice at Paris, France. It describes the use of an api gateway in a microservice architecture.
Feel free to comment through @meetup_ms_paris #microservice
Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...Hedera Hashgraph
In this personation, Hedera Product Marketing Manager Gehrig Kunz presented on the Hedera developer experience. Gehrig shared example SDK code to jumpstart your project. Gehrig also reviewed some of the resources available for developers and explained exactly how to get started building game-changing decentralized applications using Hedera Hashgraph’s network and services.
The Effect of Microservices on API DesignLunchBadger
How has microservices and new architectural style helped to evolve API Design? If you're working with microservices and APIS, this helpful presentation will underscore the important challenges and solutions you can take advantage of right now.
Learn more about:
- Monolith versus Microservices
- How Microservices and APIs interact
- Challenges & Solutions
- How to leverage Express Gateway, an open source API gateway built entirely on Express.js
Presented by Al Tsang, CEO of LunchBadger, at the 2017 SmartBear Conference in Boston, MA.
Keynote: Hedera Cryptoeconomics with Dr. Leemon Baird | Hedera18Hedera Hashgraph
YouTube Video
https://youtu.be/nUiqR7oJS9I
Speaker
Dr. Leemon Baird | Co-Founder and Chief Scientist | Hedera Hashgraph
Abstract
Dr. Leemon Baird, Chief Scientist & Co-Founder at Hedera Hashgraph, will discuss the cryptoeconomics of Hedera hashgraph, including details around proxy staking, fees, and node payments on the Hedera public network. He’ll also touch on some of the obstacles of cryptoeconomics seen across all distributed public ledgers, and how Hedera Hashgraph overcomes them. In his closing, both Leemon and Mance will be unveiling further details of governance and operations of the initial Hedera Hashgraph Council members and their associated committees.
Api Gateway - What's the use of an api gateway?inovia
Slide made for the meetup microservice at Paris, France. It describes the use of an api gateway in a microservice architecture.
Feel free to comment through @meetup_ms_paris #microservice
Hedera Hashgraph San Francisco Meetup - A Complete Guide on Onboarding to the...Hedera Hashgraph
In this personation, Hedera Product Marketing Manager Gehrig Kunz presented on the Hedera developer experience. Gehrig shared example SDK code to jumpstart your project. Gehrig also reviewed some of the resources available for developers and explained exactly how to get started building game-changing decentralized applications using Hedera Hashgraph’s network and services.
The Effect of Microservices on API DesignLunchBadger
How has microservices and new architectural style helped to evolve API Design? If you're working with microservices and APIS, this helpful presentation will underscore the important challenges and solutions you can take advantage of right now.
Learn more about:
- Monolith versus Microservices
- How Microservices and APIs interact
- Challenges & Solutions
- How to leverage Express Gateway, an open source API gateway built entirely on Express.js
Presented by Al Tsang, CEO of LunchBadger, at the 2017 SmartBear Conference in Boston, MA.
Keynote: Hedera Cryptoeconomics with Dr. Leemon Baird | Hedera18Hedera Hashgraph
YouTube Video
https://youtu.be/nUiqR7oJS9I
Speaker
Dr. Leemon Baird | Co-Founder and Chief Scientist | Hedera Hashgraph
Abstract
Dr. Leemon Baird, Chief Scientist & Co-Founder at Hedera Hashgraph, will discuss the cryptoeconomics of Hedera hashgraph, including details around proxy staking, fees, and node payments on the Hedera public network. He’ll also touch on some of the obstacles of cryptoeconomics seen across all distributed public ledgers, and how Hedera Hashgraph overcomes them. In his closing, both Leemon and Mance will be unveiling further details of governance and operations of the initial Hedera Hashgraph Council members and their associated committees.
How are microservices in 2017 different from how we used to build them at the beginning of the decade?
More traditional Service-Oriented Architectures were defined by protocols and standards published and curated by industry consortiums. Knowledge of the architectural style usually called "microservices", on the other hand, is often in the form of patterns, cautionary tales, and tools extracted from real-world reports and software made available by organisations that have adopted this style.
Almost ten years since the first wave of such reports, the landscape has changed considerably. Many hard challenges from the past have been eased or completely solved, and a lot of the custom software created by the microservices pioneers have been made off-the-shelf open source software.
In this talk, Phil Calçado will contrast what we first found in the first generation of microservices architectures against the current generation's landscape. Let's talk about which previous common knowledge and patterns are deprecated, which ones are still active, and introduce some of the ones that have been recently added to our toolbox.
Trading derivatives on a decentralized system aims for high
availability (HA) and disaster recovery (DR). Both HA and DR can be
met by incorporating a blockchain and a container technology. The
Hyperledger is a blockchain framework aims for a cross-industry open
standard with the freely customizable plugins, smart contract, and the
data payload. Those features exposes us the easy ways to implement our
trading platform on a blockchain. The Docker was brought to handle
each specific Hyperledger chain internally. Also, hovering the whole
Hyperledger nodes with containers reduce our time in building
infrastructure, and much easier to be deployed on the production
environment. This presentation will show how we integrate the
Hyperledger and the Docker container for our derivatives trading
project, and the issues that we are focusing on. Additionally, the
talk partially includes the performance evaluation results under
different configurations.
This talk was delivered at LinuxCon Japan 2016 by Siriwat Kasamwattanarote, Thierry Gibralta, Vsevolod Yugov, Shibo Lin, Hideaki Takei, and Fernando Vazquez
Smart Contracts: From Zero to Dapp Hero | Hedera18Hedera Hashgraph
YouTube Video
https://youtu.be/zmFU54Apyn8
Speaker
John Gethoefer | Principal Software Engineer | Bumped, Inc.
Abstract
Get started with Smart Contracts and the Solidity™ language. In this presentation, you'll receive an introduction to Solidity, a programming language for creating smart contracts for Ethereum and Hedera Hashgraph. You will learn step-by-step procedures to creating a simple smart contract and explore best practices for testing and developing distributed applications (Dapps).
Wide adoption of Microservice Architecture presents a whole new set of challenges for us as developers. Some of them are well-known and understood. About others we do not think until they strike us out of the blue and we spend a lot of sleepless nights trying to figure them out. And communication between services in distributed system is one of the latter.
During this Microservice Architecture Odesa #TechTalk we will talk about how to prevent your microservices from becoming a modern-world Tower of Babel. We will discuss how to select appropriate communication mechanisms for most common cases in a distributed system, how should we define API contracts for each of them and what tools are available for us to keep them consistent and evolve them over time.
We will touch following topics:
REST vs RPC vs Messaging and how not to get lost with your options.
Contract First development and how it can save time in multi-team environment.
SwaggerHub as a single Point of truth for REST API
Best practices for gRPC contracts and how to deal with changes in them.
About speaker:
Andrii Barsukov is Senior .NET developer at Lohika, with 5+ years of commercial experience in development of microservice applications. Currently participating in development of microservice-based financial system, which includes 20+ microservices developed by 10 separate development teams. And some of the challenges that we faced during its development I'd like to share.
The message broker systems such as RabbitMQ are gaining a lot of momentum nowadays in large scale app development. They allow us to accomplish many prevalent tasks in a parallel manner without affecting the SLA of the micro-service.
This presentation talks about RabbitMQ and how one can leverage its capabilities for making your software architecture more robust and scalable.
Tech Talk conducted at Atlogys technical Consulting, Delhi by Senior Tech Lead - Mr. Gaurav Garg.
Youtube recording also available at the Atlogys Academy Channel.
Microservices: The phantom menace . Istio Service Mesh: the new hopeSergii Bishyr
Microservices are everywhere and they help in solving business problems. But they also introduce complexity. Istio Service Mesh will help you solve it.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2mcpD5B.
Oliver Gould talks about the Linkerd project, a service mesh hosted by the Cloud Native Computing Foundation, to give operators control over the traffic between their microservices. He shares the lessons they've learned helping dozens of organizations get to production with Linkerd and how they've applied these lessons to tackle complexity with Linkerd. Filmed at qconnewyork.com.
Oliver Gould is co-founder and CTO at Buoyant, Inc.
Decentralized platform for cryptocurrency exchange and trade. A high load blockchain-based solution handling over 1000 transactions per second. The project uniqueness is in its decentralization and complete trading process automatization.
That presentation covers some aspects of Spring Cloud and Netflix OSS projects, with a working demo using Java 8 and the the goodies that Spring offers. The source code of the demo can be found here -> https://github.com/ekholabs/bookstore-microservices
AWS offers customers multiple solutions for federating identities on the AWS Cloud. In this session, we will embark on a tour of these solutions and the use cases they support. Along the way, we will dive deep with demonstrations and best practices to help you be successful managing identities on the AWS Cloud. We will cover how and when to use Security Assertion Markup Language 2.0 (SAML), OpenID Connect (OIDC), and other AWS native federation mechanisms. You will learn how these solutions enable federated access to the AWS Management Console, APIs, and CLI, AWS Infrastructure and Managed Services, your web and mobile applications running on the AWS Cloud, and much more.
AWS offers customers multiple solutions for federating identities on the AWS Cloud. In this session, we will embark on a tour of these solutions and the use cases they support. Along the way, we will dive deep with demonstrations and best practices to help you be successful managing identies on the AWS Cloud. We will cover how and when to use Security Assertion Markup Language 2.0 (SAML), OpenID Connect (OIDC), and other AWS native federation mechanisms. You will learn how these solutions enable federated access to the AWS Management Console, APIs, and CLI, AWS Infrastructure and Managed Services, your web and mobile applications running on the AWS Cloud, and much more.
Primary focus of this presentation is on the hypermedia as the engine of application state (HATEOAS) and how HTTP APIs may benefit from it. Provides sneak peek into HAL media type & gives an overview of hypermedia support in Java tools (JAX-RS / HalBuilder and Spring HATEOAS) along with practical suggestions for server-side design of hypermedia API. Also includes quick overview of Richardson Maturity Model based on a set of examples, current API trends.
How are microservices in 2017 different from how we used to build them at the beginning of the decade?
More traditional Service-Oriented Architectures were defined by protocols and standards published and curated by industry consortiums. Knowledge of the architectural style usually called "microservices", on the other hand, is often in the form of patterns, cautionary tales, and tools extracted from real-world reports and software made available by organisations that have adopted this style.
Almost ten years since the first wave of such reports, the landscape has changed considerably. Many hard challenges from the past have been eased or completely solved, and a lot of the custom software created by the microservices pioneers have been made off-the-shelf open source software.
In this talk, Phil Calçado will contrast what we first found in the first generation of microservices architectures against the current generation's landscape. Let's talk about which previous common knowledge and patterns are deprecated, which ones are still active, and introduce some of the ones that have been recently added to our toolbox.
Trading derivatives on a decentralized system aims for high
availability (HA) and disaster recovery (DR). Both HA and DR can be
met by incorporating a blockchain and a container technology. The
Hyperledger is a blockchain framework aims for a cross-industry open
standard with the freely customizable plugins, smart contract, and the
data payload. Those features exposes us the easy ways to implement our
trading platform on a blockchain. The Docker was brought to handle
each specific Hyperledger chain internally. Also, hovering the whole
Hyperledger nodes with containers reduce our time in building
infrastructure, and much easier to be deployed on the production
environment. This presentation will show how we integrate the
Hyperledger and the Docker container for our derivatives trading
project, and the issues that we are focusing on. Additionally, the
talk partially includes the performance evaluation results under
different configurations.
This talk was delivered at LinuxCon Japan 2016 by Siriwat Kasamwattanarote, Thierry Gibralta, Vsevolod Yugov, Shibo Lin, Hideaki Takei, and Fernando Vazquez
Smart Contracts: From Zero to Dapp Hero | Hedera18Hedera Hashgraph
YouTube Video
https://youtu.be/zmFU54Apyn8
Speaker
John Gethoefer | Principal Software Engineer | Bumped, Inc.
Abstract
Get started with Smart Contracts and the Solidity™ language. In this presentation, you'll receive an introduction to Solidity, a programming language for creating smart contracts for Ethereum and Hedera Hashgraph. You will learn step-by-step procedures to creating a simple smart contract and explore best practices for testing and developing distributed applications (Dapps).
Wide adoption of Microservice Architecture presents a whole new set of challenges for us as developers. Some of them are well-known and understood. About others we do not think until they strike us out of the blue and we spend a lot of sleepless nights trying to figure them out. And communication between services in distributed system is one of the latter.
During this Microservice Architecture Odesa #TechTalk we will talk about how to prevent your microservices from becoming a modern-world Tower of Babel. We will discuss how to select appropriate communication mechanisms for most common cases in a distributed system, how should we define API contracts for each of them and what tools are available for us to keep them consistent and evolve them over time.
We will touch following topics:
REST vs RPC vs Messaging and how not to get lost with your options.
Contract First development and how it can save time in multi-team environment.
SwaggerHub as a single Point of truth for REST API
Best practices for gRPC contracts and how to deal with changes in them.
About speaker:
Andrii Barsukov is Senior .NET developer at Lohika, with 5+ years of commercial experience in development of microservice applications. Currently participating in development of microservice-based financial system, which includes 20+ microservices developed by 10 separate development teams. And some of the challenges that we faced during its development I'd like to share.
The message broker systems such as RabbitMQ are gaining a lot of momentum nowadays in large scale app development. They allow us to accomplish many prevalent tasks in a parallel manner without affecting the SLA of the micro-service.
This presentation talks about RabbitMQ and how one can leverage its capabilities for making your software architecture more robust and scalable.
Tech Talk conducted at Atlogys technical Consulting, Delhi by Senior Tech Lead - Mr. Gaurav Garg.
Youtube recording also available at the Atlogys Academy Channel.
Microservices: The phantom menace . Istio Service Mesh: the new hopeSergii Bishyr
Microservices are everywhere and they help in solving business problems. But they also introduce complexity. Istio Service Mesh will help you solve it.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/2mcpD5B.
Oliver Gould talks about the Linkerd project, a service mesh hosted by the Cloud Native Computing Foundation, to give operators control over the traffic between their microservices. He shares the lessons they've learned helping dozens of organizations get to production with Linkerd and how they've applied these lessons to tackle complexity with Linkerd. Filmed at qconnewyork.com.
Oliver Gould is co-founder and CTO at Buoyant, Inc.
Decentralized platform for cryptocurrency exchange and trade. A high load blockchain-based solution handling over 1000 transactions per second. The project uniqueness is in its decentralization and complete trading process automatization.
That presentation covers some aspects of Spring Cloud and Netflix OSS projects, with a working demo using Java 8 and the the goodies that Spring offers. The source code of the demo can be found here -> https://github.com/ekholabs/bookstore-microservices
AWS offers customers multiple solutions for federating identities on the AWS Cloud. In this session, we will embark on a tour of these solutions and the use cases they support. Along the way, we will dive deep with demonstrations and best practices to help you be successful managing identities on the AWS Cloud. We will cover how and when to use Security Assertion Markup Language 2.0 (SAML), OpenID Connect (OIDC), and other AWS native federation mechanisms. You will learn how these solutions enable federated access to the AWS Management Console, APIs, and CLI, AWS Infrastructure and Managed Services, your web and mobile applications running on the AWS Cloud, and much more.
AWS offers customers multiple solutions for federating identities on the AWS Cloud. In this session, we will embark on a tour of these solutions and the use cases they support. Along the way, we will dive deep with demonstrations and best practices to help you be successful managing identies on the AWS Cloud. We will cover how and when to use Security Assertion Markup Language 2.0 (SAML), OpenID Connect (OIDC), and other AWS native federation mechanisms. You will learn how these solutions enable federated access to the AWS Management Console, APIs, and CLI, AWS Infrastructure and Managed Services, your web and mobile applications running on the AWS Cloud, and much more.
Primary focus of this presentation is on the hypermedia as the engine of application state (HATEOAS) and how HTTP APIs may benefit from it. Provides sneak peek into HAL media type & gives an overview of hypermedia support in Java tools (JAX-RS / HalBuilder and Spring HATEOAS) along with practical suggestions for server-side design of hypermedia API. Also includes quick overview of Richardson Maturity Model based on a set of examples, current API trends.
Secure your APIs using OAuth 2 and OpenID ConnectNordic APIs
Session held by Travis Spencer at PayEx and Nordic APIs event "Secure, flexible and modern APIs for Payments" event in Oslo, May 10th.
Description:
When opening up secure APIs, OAuth 2 and OpenID Connect are the primary standards being used today. Implementing and using these standards can be challenging. In this session, Travis Spencer, CEO of Twobo Technologies, will provide an in-depth overview of these standards and explain how they can be integrated into financial services apps. The overview will include information on:
The actors involved in OAuth and OpenID Connect
The flows used in the standards
What grant types are, which are defined, and the message exchanges of each
What scopes are and examples of their use
Different classes of tokens and how they are used
Overview of the OpenID Foundation’s work in the Financial API WG
Attendees will leave with:
An overview of OAuth 2 and OpenID Connect
Knowledge of the basics necessary to using these standards
Resources and information sources where more information can be found
Advanced Design Patterns for Amazon DynamoDB - DAT403 - re:Invent 2017Amazon Web Services
This session, we go deep into advanced design patterns for DynamoDB. This session is intended for those who already have some familiarity with DynamoDB and are interested in applying the design patterns covered in the DynamoDB deep dive session and hands-on labs for DynamoDB. The patterns and data models discussed in this presentation summarize a collection of implementations and best practices leveraged by the Amazon CDO to deliver highly scaleable solutions for a wide variety of business problems. In this session, we discuss strategies for GSI sharding and index overloading, scaleable graph processing with materialized queries, relational modeling with composite keys, executing transactional workflows on DynamoDB, and much, much more.
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.
In recent years, Jaspersoft has moved from a product that is primarily used from a GUI to a product that is primarily used through an API. While visualize.js is a JavaScript to embed objects like reports and dashboards into a web app, our REST API is primarily used for backend management. This webinar will teach you the basics, what it’s used for and how to get started.
Bringing the Superpower of Bots to Your Company with a Serverless Bot Solutio...Amazon Web Services
Bots are leading the next disruptive wave of how people and companies communicate. Companies can use bots for internal communications, such as facilities management or support, or for external communications, such as selling products, helping customers with searches, and acting as a trusted advisor in other ways. In this session, we show how easy it is to deploy a bot and how it improves customer interactions. Further, most bot solutions operate with a single language. We show how to build a language-agnostic bot solution using AWS Lambda and other AWS services.
Using JSON API to Get Your Content Where It Needs to BeAcquia
Today’s Drupal applications connect to many external systems via APIs - more than ever before. Phone apps, decoupled frontends and other sites or services all need to consume content. Given the number and variety of interfaces a Drupal application needs to interact with, how can you ensure your data gets where it’s needed with minimum fuss?
This session will focus on integrating a JavaScript application with Drupal, but the knowledge will be applicable to many other use-cases. We’ll cover:
Introduction to the JSON API standard
Advantages to JSON API
How the JSON API can be used to pass data between systems
DEV204_Debugging Modern Applications Introduction to AWS X-RayAmazon Web Services
Analyzing and debugging production distributed applications built using a service oriented, microservices, or serverless architectures is a challenging task. In this session, we introduce AWS X-Ray, an AWS service that makes it easier to identify performance bottlenecks and errors, pinpoint issues to specific services in your application, identify the impact of issues on application users, and visualize the service call graph and the request timelines for your applications. We will also showcase a customer, Chick-fil-A and how they have adopted AWS X-Ray to play a role throughout the microservice lifecycle in order to ensure quality, transparency, and operational visibility for their services on AWS
The Future is Now: What’s New in ForgeRock Directory ServicesForgeRock
In this webinar, learn how ForgeRock Directory Services can manage millions of identities faster and more securely than ever, making it an ideal choice for high scale customer identity scenarios. In addition to helping address privacy regulations like GDPR with comprehensive encryption options, new out-of-the-box server hardening capabilities make it easy to ensure deployments are secure.
Serverless OAuth: Authorizing Third-Party Applications to Your Serverless API...Amazon Web Services
By using serverless architectures, startups, and enterprises are building and running modern applications and services with increased agility and simplified scalability, all without managing a single server. Many applications need to manage user identities and support customers signing up and signing in. In this workshop, you create a complete serverless web application backed by a serverless microservice using Amazon API Gateway, AWS Lambda, and Amazon DynamoDB, implementing security controls and best practices at each layer. We also integrate social identity federation with Facebook and Google sign-in options to create a universal user directory with secure identity management and granular role-based access control for your application.
Using Access Advisor to Strike the Balance Between Security and Usability - S...Amazon Web Services
AWS provides a killer feature for security operations teams: Access Advisor. In this session, we discuss how Access Advisor shows the services to which an IAM policy grants access and provides a timestamp for the last time that the role authenticated against that service. At Netflix, we use this valuable data to automatically remove permissions that are no longer used. By continually removing excess permissions, we can achieve a balance of empowering developers and maintaining a best-practice, secure environment.
Using Redux in a large team is not easy. Organization and best practices can help scaling the team.
Tip 1 : Planed 1 full day of training for each member
Tip 2 : Tooled our environment
Tip 3 : Used action creators
Tip 4 : Redux Ducks
Tip 5 : Write Unit tests
Tip 6 : Use payload-based actions
Tip 7 : Frontend development is all about side-effects
Tip 8 : Normalized the state like a db
Tip 9 : Selectors are helpful
Tip 10 : Flow and typescript helped
Matters is a startup studio based in Paris and San Francisco. To know more about us: https://matters.tech
10 essentials steps for kafka streaming servicesinovia
This Matters Meetup gives you keys to build event driven microservices with Apache Kafka. In only 30 minutes, Ben Stopford, technologist at Confluent Inc, gives you 10 essential steps to streaming services with Kafka.
In this presentation, Baptiste Manson provides feedback after 2 years usage of React Redux at Scale with a team of more than 20 developers in Matters Startup Studio. See chapters below and don't forget to subscribe http://bit.ly/2EHSdU7
https://matters.tech/
This meetup is made for developers who are using Redux. Baptiste Manson, from the Matters Tech team, explains in details the pros and cons of React Redux at scale.
You will find in this tutorial video 10 tips to pilot a project React Redux at scale.
With this talk, learn Redux, how to scale your dev team on React projects and how to optimize your performance, in terms of team cooperation and architecture.
Want to migrate to React ? Learn from the experience of Docusign. In this meetup, Joe Cocco, engineering at Docusign provides tips that can help your migration, your road to react. Don’t forget to subscribe http://bit.ly/2EHSdU7
https://matters.tech/
Migrating to React can be a long road. It is always better to have some tips before initiate this process. This Matters Tech video provides talks of two engineers at Docusign. Joe Cocco and Claudiu Andrei explain the steps of a successful React migration, based on their own experience at Docusign.
They give you the keys of success, but they also explain the issues at scale. Some pros and cons of Reactjs are revealed in this Matters Meetup too. If you plan a journey to react, you must watch this video, because maybe you didn’t think of hurdles you will have to surmount, like how to integrating React into existing applications.
However, there is a lot of benefits migrating to React. For instance, the goal of Docusign was to give developers the tool to move forward. The two engineers will convince you to make the transition to this Javascript Library.
Why this presentations could be useful
Differents vim modes
Commands lists and usage
Plugins (or how to customize your vim)
Book (to know more about vim)
NeoVim (new vim ?)
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Ubeeqo application de carsharing
Si je suis ici aujourd’hui, c’est parce que Ubeeqo utilise une architecture en microservices
Avant d’avancer sur notre sujet, je veux bien noter que OAuth2 et OpenID Connect sont deux choses différentes
OAauth2 -> Delegation, autorisation -> C’est de savoir ce que vous etes autorisés à faire.
Open ID Connect -> Le but c’est que l’ont soit sur que l’interlocuteur avec qui vous échangez des données est bien celui que vous croyez.
C’est une couche d’identification sur OAuth2
Open ID connect permet de combler certaines faiblesses de l’OAuth2, ce sont bien deux éléments distincts mais que l’on fait fonctionner ensemble
Vous avez décidé de faire des micro services.
Vous transitionnez d’un monolithe vers une architecture en microservices, bravo.
J’espère que vous avez suivi les précédentes présentations
On va vous donner les clefs, progressivement et plus en détail pour réussir cette transition, notamment sur la gestion de l’identité de l’utilisateur
Architecture avec 1 service
Système traditionnel
Plusieurs sous composants dans un gros
Quelques inconvénients
On doit toujours redéployer toute la stack
Quand l’équipe et le code grossit, il devient compliqué de travailler sur un monolith
Transforme le monolith en une série d’applications modulaires
Deployment indépendant
Code séparé
Un client c’est un utilisateur qui utilise une application mobile par exemple
Le client fait une requète vers le monolith
Un composant au début de la requête gère l’identité de l’utilisateur
Il vérifie si l’utilisateur est connecté
En pratique, on va populer la session ou la requete entrante
Propage cette information aux sous composants
Les composants suivants utilisent cette donnée
Si on prend la meme logique et qu’on l’applique aux microservices, ça donne ça [NEXT SLIDE]
Chacun des microservices devrait alors avoir un composant qui gère les requêtes entrantes, qui gère les identités, qui fait appel a la base de données ou sont stockés les utilisateurs…
Dans un système comme celui la on a beaucoup de redondances, c’est une mauvaise manière de régler le probleme
Comment fait on pour gérer l’identité d’un utilisateur dans des micro services
Pour répondre a cette question, je vais d’abord vous parler d’OAuth2
No Authentication
Pas de gestion d’accès ou de gestion de droit
Delegation de l’accès a quelqu’un pour faire quelque chose pour moi
Ressource Owner (RO) the user
Client (Application mobile par exemple, parfois le backend de l’application)
Authorization Server (AS) oAuth Server
Resource Server (RS) Le service qu’on va appeler
Ressource Owner (RO) the user
Client (Application mobile par exemple, parfois le backend de l’application)
Authorization Server (AS) oAuth Server
Resource Server (RS) Le service qu’on va appeler
Ressource Owner (RO) the user
Client (Application mobile par exemple, parfois le backend de l’application)
Authorization Server (AS) oAuth Server
Resource Server (RS) Le service qu’on va appeler
Ressource Owner (RO) the user
Client (Application mobile par exemple, parfois le backend de l’application)
Authorization Server (AS) oAuth Server
Resource Server (RS) Le service qu’on va appeler
Ressource Owner (RO) the user
Client (Application mobile par exemple, parfois le backend de l’application)
Authorization Server (AS) oAuth Server
Resource Server (RS) Le service qu’on va appeler
Ressource Owner (RO) the user
Client (Application mobile par exemple, parfois le backend de l’application)
Authorization Server (AS) oAuth Server
Resource Server (RS) Le service qu’on va appeler
Le client appelle l’Authorization Server
L’Authorization Server demande alors au Ressource Owner de s’identifier
L’autorisation server fournit au client une preuve d’identité
Le client fait des requêtes auprès du resource server
Le ressource serveur demande a l'authorization server si le token est valide
Le ressource server répond au client la data demandée
Le Ressource Owner a délégué l’accés de ses données au clientL’Authorization Server a fourni une preuve d’identité que le client a pu utiliser pour requeter le Ressource Server ou l’API
Qu’est-ce que cette “preuve d’identité”
Les différents tokens que l’on trouve en OAauth2
Access token c’est une session
On se log sur un site, ça ouvre une session et pendant une période donnée, on n’a pas besoin de se re-logguer
Au bout d’un certain temps, cette session expire et l’access token deviens invalide
Le refresh token ça peut s’apparenter a un mot de passe, ce n’est évidement pas votre mot de passe. C’est un secret.
On s’en sert pour créer une nouvelle session, avoir un nouveau access token
Aussi, l’intéret de ce systeme c’est que si l’utilisateur souhaite révoquer l’accès du client, on a simplement a invalider son refresh token, l’access token sera invalidé rapidement de manière automatique et le client ne pourra plus en générer
On peut ranger ces tokens dans une catégorie
Access token, c’est du partage par référence
Passé au client sous forme d’un header ou d’une query string
compact
Cout de calcul faible
Élément stocké coté client -> Vulnérable
Partir du principe que ça pourrait être compromis
Élément stocké côté client -> Vulnérable
Toujours vérifier la signature du JWT
HTTPS
Ne pas stocker de données sensibles. Si vous avez besoin de transmettre des données sensibles, d’autres systèmes permettent de le faire.
Un JWT qu’on signe, que l’on transmet en HTTPS, on met rien de sensible dedans, il n’est pas critique
Ressource Owner (RO) the user
Client (Application mobile par exemple, parfois le backend de l’application)
Authorization Server (AS) oAuth Server
Resource Server (RS) Le service qu’on va appeler
Que se passe-til quand le client veut accéder a des ressources qui se trouvent sur le resource server ?
ClientID -> Identifiant de l’application qui veut accéder a mes données
Callback URL -> L’URL qui sera utilisée pour rediriger l’utilisateur a la fin du processus d’authentification
Comme des permissions
Decrivent les autorisations que donnent le Ressource Owner (l’utilisateur) au Client
L’utilisateur peut modifier les autorisations données au client
L’utilisateur ne se login pas sur le client ou l’application, mais bien sur l’authorization server
Le RO est identifié sur le AS
Le AS renvoie au client sur l’url de callback spécifiée plus tôt un code
Ce code n’est pas compréhensible par le client
Code a usage unique
Durée de vie extremement limitée
Le ressource server contacte l’autorization serverAuthorization Server (AS)
Le client stock le JWT
Authorization: Bearer AccessToken
L’authorization server c’est une brique technique assez complexe.
Vous pouvez décider de passer par un service tiers, comme Facebook par exemple pour faire office d’authorization server
Vous l’avez surement déjà fait, peut être sans le savoir, mais vous pouvez utiliser l’Authorization Server d’un autre service
vous pouvez également déléguer une partie de la logique OAuth2 a un tiers. comme facebook par exemple
Pour mon exemple j’ai choisi Deezer
Tout le monde connaît Deezer, on écoute de la musique avec, je vais pas vous faire une review de l’application
L’application Deezer envoie a Facebook:
Un clientID
Un scope ( a quoi deezer veur acceder)
Une callback URI
Facebook redirige l’utilisateur sur sa page d’autorisation
On est bien chez Facebook (voir la barre url)
Je me log chez facebook
J’approuve les permissions demandées, le scope
Facebook redirige alors le navigateur de mon téléphone sur l'adresse de callback de deezer avec un code dans l’URL
L’application Deezer communique ce code au backend Deezer, le backend deeezer contact facebook pour vérifier l’authenticité de la preuve d’identé, le code, fourni
A partir de la, Deezer doit stocker mon access et mon refresh, renvoie un token a l’application
Pas de formulaire
Pas besoin d'être garant de l’identité de l’utilisateur
Pas besoin de faire un processus de vérification de l’identité de l’utilisateur
Un élément très important aussi, c’est qu’on a crée des relations de confiance
Le ressource owner fait confiance a Authorization Server
Le ressource server fait confiance également a l’Authorization Server qui se porte garant de l’identité du Resource Owner
Maintenant que vous connaissez tous ces éléments, on va parler de la manière dont on les mets en oeuvre a Ubeeqo pour gérer l’identité de nos utilisateurs a travers les microservices
Je me permets de préciser que c’est l’implémentation que nous avons choisi de mettre en place
Ca ne veut pas dire que c’est la seule, ou que les autres sont mauvaises
UUID -> Universally Unique IDentifierChaine de caractère, répond a RFC
Identifiant de l’utilisateur
UUID -> Universally Unique IDentifierChaine de caractère, répond a RFC
Principal sert à identifier un acteur au travers de l’applicationContexte de la requète
TID: Transaction ID
Microservices sur un réseau fermé
Shared secret entre les microservices
Vous avez pris connaissance des problématiques liées à une architecture en microservice
Notamment celles qui concernent l’authentification et la délégation d’accès