Michael Jones with Microsoft provided an update on the OpenID Certification Program at the OIDF Workshop at the 2019 European Identity Conference on Tuesday, May 14, 2019 in Munich.
OpenID Foundation FastFed Working Group Update - 2017-10-16MikeLeszcz
The Fast Federation Working Group aims to increase adoption of federated identity by making it easier to configure single sign-on between applications. It proposes new metadata files and user experience flows to simplify the registration process for administrators. The goals are to solve problems like attribute mapping and endpoint discovery by pushing complexity onto identity providers and advocating for administrators through standards that reduce integration work for service providers.
OpenID Certification Program Update - 2018-04-02MikeLeszcz
The document discusses OpenID Certification, which allows OpenID Connect implementations to be certified as meeting defined technical profiles through testing. Certification provides value by helping ensure technical interoperability and enhancing organizations' reputations. Current certifiable profiles include basic, implicit, hybrid, and dynamic profiles for OpenID providers and relying parties. The certification process uses self-certification where organizations test their own implementations against public test suites. Certified implementations can use the "OpenID Certified" logo. The international certification effort aims to promote further adoption and make interoperable OpenID Connect implementations commonplace.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...OpenIDFoundation
Michael Jones with Microsoft provided an update on the OpenID Certification Program at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
OpenID Foundation Fast Federation (FastFed) Working Group update presented by Darin McAdams (Amazon) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Foundation FastFed Working Group Update - 2017-10-16MikeLeszcz
The Fast Federation Working Group aims to increase adoption of federated identity by making it easier to configure single sign-on between applications. It proposes new metadata files and user experience flows to simplify the registration process for administrators. The goals are to solve problems like attribute mapping and endpoint discovery by pushing complexity onto identity providers and advocating for administrators through standards that reduce integration work for service providers.
OpenID Certification Program Update - 2018-04-02MikeLeszcz
The document discusses OpenID Certification, which allows OpenID Connect implementations to be certified as meeting defined technical profiles through testing. Certification provides value by helping ensure technical interoperability and enhancing organizations' reputations. Current certifiable profiles include basic, implicit, hybrid, and dynamic profiles for OpenID providers and relying parties. The certification process uses self-certification where organizations test their own implementations against public test suites. Certified implementations can use the "OpenID Certified" logo. The international certification effort aims to promote further adoption and make interoperable OpenID Connect implementations commonplace.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...OpenIDFoundation
Michael Jones with Microsoft provided an update on the OpenID Certification Program at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOpenIDFoundation
OpenID Foundation Fast Federation (FastFed) Working Group update presented by Darin McAdams (Amazon) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group UpdateMikeLeszcz
OpenID Foundation MODRNA Working Group update presented by Bjorn Hjelm (Verizon) and John Bradley (Yubico) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
OpenID Foundation Connect Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation Connect Working Group update presented by Michael Jones (Microsoft) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OpenIDFoundation
Joseph Heenan is part of the OpenID Certification Program team provided an update on the Financial-grade API (FAPI) at the OIDF Workshop at the 2019 European Identity Conference on Tuesday, May 14, 2019 in Munich.
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...MikeLeszcz
OpenID Foundation Enhanced Authentication Profile (EAP) Working Group update presented by Dr. Michael B. Jones (Microsoft) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OpenIDFoundation
George Fletcher presented Browser Changes Impacting Identity Flows at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Foundation iGov Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation iGov Working Group update presented by Paul Grassi (Easy Dynamics) and Bjorn Hjelm (Verizon) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
Security architecture best practices for saas applicationskanimozhin
This document discusses security best practices for Software as a Service (SaaS) applications. It recommends adopting a holistic governance framework to manage operational risks, using standards like COBIT 5. Key aspects covered include tenant data isolation, role-based access control, preventing common web attacks, and implementing robust security auditing of events, transactions, and user actions. The goal is to establish trust with customers by providing protection of information, access controls, data security, and audit capabilities.
CIS 2015 Easy Federation in Cloud and on Premises - Ian JaffeCloudIDSummit
Want to configure SSO for your users or improve your utilization of Ping’s services and take advantage of the latest features that Ping Identity has available in our PingFederate and PingOne products? Come learn about improvements in how PingFederate and PingOne work together both in the initial setup phase and the configuration of SSO applications. Come and discover new provisioning capabilities including support for additional applications and an expanded use of SCIM. Additionally, find out about new API enablement functionality of PingOne that focuses on Employee SSO which can be used to automate the setting up of a customer’s connection to PingOne as well as a customer’s application configurations. And more.
The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome.
In this deck, we discuss:
- The need for API/Microservices Security
- The importance of delegating security enforcement to an API Gateway
- API Authentication and Authorization methodologies
- OAuth2 - The de-facto standard of API Authentication
- Protection against cyber attacks and anomalies
- Security aspects to consider when designing Single Page Applications (SPAs)
Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/
The industry move towards wearables is all the rage and taking advantage of these new devices doesn’t have to mean learning a whole new platform. For example the Microsoft Band is a multi-function wearable device that works with your smart phone to help you track heart rate, steps, calorie burn, sleep quality and be productive with email and calendar alerts and more. While you can quickly and easily build an app for the Band in just a few minutes how can you be sure the back end is up to the scale you’d need to support potential massive growth if it were to take off? Enter the cloud and tools available that we can use to load test and explore the performance characteristics of the solution. In this session we’ll take a look at what’s possible and walk thru the scenario to see first hand how it is done.
1) The document discusses Oracle Identity Governance and Access Management projects for several clients, including integrating numerous applications with OIM and implementing ESSO.
2) It provides an overview of integrating applications with OIM using connectors and protecting web applications using OAM with WebGates deployed.
3) Finally, it outlines different deployment approaches for OAM including agent-based, agent-less, using a terminal server as a gateway, and a hybrid approach combining methods.
Join us for a deep dive into the Scribe Online CDK and Connector Development!
Scribe Online is a cloud based Data Migration & Integration tool built on top of the Azure platform and offers robust customization capabilities through it's CDK to connect to any software platform!
This presentation, given at Embedded World 2016, discusses a multi-stage strategy for ensuring that all the elements of the solution stack work correctly and the IoT solutions you deliver will meet quality requirements.
This document provides an overview of extending Scribe Online through connectors and the Scribe Online API. It discusses the Fast Connector Framework and Connector Development Kit (CDK) for building connectors, and their different use cases. It also demonstrates how to use the Scribe Online API through the Swagger framework to programmatically interact with and manage Scribe Online.
Getting Started with API Standardization in SwaggerHubSmartBear
This document provides an overview of a presentation on standardizing API documentation using SwaggerHub. The agenda includes an introduction to SmartBear and their tools, why standardization is critical for API quality, defining quality for teams, challenges of OpenAPI Specification development at scale, and how SwaggerHub can help address those challenges. It discusses how SwaggerHub provides a central hub for designing, documenting, and collaborating on APIs to improve efficiency, quality and reduce defects.
OpenID Foundation Certification Program Update - October 22, 2018OpenIDFoundation
OpenID Foundation Certification Program update presented by Michael Jones (Microsoft) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
This document provides an introduction to OpenID Connect and summarizes its key aspects:
1) OpenID Connect is an identity layer built on top of OAuth 2.0 that allows clients to verify the identity of users and obtain basic profile information through RESTful APIs and JSON.
2) Many major companies have already implemented OpenID Connect in their applications and websites.
3) OpenID Connect specifications cover a wide range of use cases from non-sensitive to highly secure information as well as different levels of sophistication in claims usage. Implementations can build only the required pieces.
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group UpdateMikeLeszcz
OpenID Foundation MODRNA Working Group update presented by Bjorn Hjelm (Verizon) and John Bradley (Yubico) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
OpenID Foundation Connect Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation Connect Working Group update presented by Michael Jones (Microsoft) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OpenIDFoundation
Joseph Heenan is part of the OpenID Certification Program team provided an update on the Financial-grade API (FAPI) at the OIDF Workshop at the 2019 European Identity Conference on Tuesday, May 14, 2019 in Munich.
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...MikeLeszcz
OpenID Foundation Enhanced Authentication Profile (EAP) Working Group update presented by Dr. Michael B. Jones (Microsoft) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OpenIDFoundation
George Fletcher presented Browser Changes Impacting Identity Flows at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OpenID Foundation iGov Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation iGov Working Group update presented by Paul Grassi (Easy Dynamics) and Bjorn Hjelm (Verizon) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
Security architecture best practices for saas applicationskanimozhin
This document discusses security best practices for Software as a Service (SaaS) applications. It recommends adopting a holistic governance framework to manage operational risks, using standards like COBIT 5. Key aspects covered include tenant data isolation, role-based access control, preventing common web attacks, and implementing robust security auditing of events, transactions, and user actions. The goal is to establish trust with customers by providing protection of information, access controls, data security, and audit capabilities.
CIS 2015 Easy Federation in Cloud and on Premises - Ian JaffeCloudIDSummit
Want to configure SSO for your users or improve your utilization of Ping’s services and take advantage of the latest features that Ping Identity has available in our PingFederate and PingOne products? Come learn about improvements in how PingFederate and PingOne work together both in the initial setup phase and the configuration of SSO applications. Come and discover new provisioning capabilities including support for additional applications and an expanded use of SCIM. Additionally, find out about new API enablement functionality of PingOne that focuses on Employee SSO which can be used to automate the setting up of a customer’s connection to PingOne as well as a customer’s application configurations. And more.
The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome.
In this deck, we discuss:
- The need for API/Microservices Security
- The importance of delegating security enforcement to an API Gateway
- API Authentication and Authorization methodologies
- OAuth2 - The de-facto standard of API Authentication
- Protection against cyber attacks and anomalies
- Security aspects to consider when designing Single Page Applications (SPAs)
Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/
The industry move towards wearables is all the rage and taking advantage of these new devices doesn’t have to mean learning a whole new platform. For example the Microsoft Band is a multi-function wearable device that works with your smart phone to help you track heart rate, steps, calorie burn, sleep quality and be productive with email and calendar alerts and more. While you can quickly and easily build an app for the Band in just a few minutes how can you be sure the back end is up to the scale you’d need to support potential massive growth if it were to take off? Enter the cloud and tools available that we can use to load test and explore the performance characteristics of the solution. In this session we’ll take a look at what’s possible and walk thru the scenario to see first hand how it is done.
1) The document discusses Oracle Identity Governance and Access Management projects for several clients, including integrating numerous applications with OIM and implementing ESSO.
2) It provides an overview of integrating applications with OIM using connectors and protecting web applications using OAM with WebGates deployed.
3) Finally, it outlines different deployment approaches for OAM including agent-based, agent-less, using a terminal server as a gateway, and a hybrid approach combining methods.
Join us for a deep dive into the Scribe Online CDK and Connector Development!
Scribe Online is a cloud based Data Migration & Integration tool built on top of the Azure platform and offers robust customization capabilities through it's CDK to connect to any software platform!
This presentation, given at Embedded World 2016, discusses a multi-stage strategy for ensuring that all the elements of the solution stack work correctly and the IoT solutions you deliver will meet quality requirements.
This document provides an overview of extending Scribe Online through connectors and the Scribe Online API. It discusses the Fast Connector Framework and Connector Development Kit (CDK) for building connectors, and their different use cases. It also demonstrates how to use the Scribe Online API through the Swagger framework to programmatically interact with and manage Scribe Online.
Getting Started with API Standardization in SwaggerHubSmartBear
This document provides an overview of a presentation on standardizing API documentation using SwaggerHub. The agenda includes an introduction to SmartBear and their tools, why standardization is critical for API quality, defining quality for teams, challenges of OpenAPI Specification development at scale, and how SwaggerHub can help address those challenges. It discusses how SwaggerHub provides a central hub for designing, documenting, and collaborating on APIs to improve efficiency, quality and reduce defects.
OpenID Foundation Certification Program Update - October 22, 2018OpenIDFoundation
OpenID Foundation Certification Program update presented by Michael Jones (Microsoft) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
OpenID Connect "101" Introduction -- October 23, 2018OpenIDFoundation
This document provides an introduction to OpenID Connect and summarizes its key aspects:
1) OpenID Connect is an identity layer built on top of OAuth 2.0 that allows clients to verify the identity of users and obtain basic profile information through RESTful APIs and JSON.
2) Many major companies have already implemented OpenID Connect in their applications and websites.
3) OpenID Connect specifications cover a wide range of use cases from non-sensitive to highly secure information as well as different levels of sophistication in claims usage. Implementations can build only the required pieces.
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewMikeLeszcz
The OpenID Foundation and the Open Identity Exchange co-hosted an Open Banking Workshop on Tuesday, January 30, 2018 in London. This presentation is an and overview of the OpenID Foundation and provides updates on the OpenID Connect standard and OpenID Certification Program that was presented by Mike Jones (Microsoft), OpenID Foundation Secretary.
This document discusses ASP.NET Core security topics like OpenID Connect, OAuth, authentication, authorization, and policies. It provides an overview of common flows like OAuth2 resource owner credentials, OpenID Connect authorization code, and hybrid flows. It also covers implementing authorization in ASP.NET Core using policies, requirements, and handlers. Code examples for OpenID Connect hybrid flow and OAuth2 resource owner credentials flow are referenced.
The document announces and promotes UiPath's certification program for professionals working with robotic process automation (RPA). It provides information on the benefits of certification, including increased confidence, knowledge, work quality, and salary. The certification framework includes a general track and RPA developer track. Exams assess skills from foundational to advanced levels. Becoming certified demonstrates skills and knowledge, builds credibility, and helps individuals and employers alike.
OpenAthens Conference 2018 - Don Thibeau - OpenID ConnectOpenAthens
The document discusses the OpenID Foundation, which develops open standards including OAuth, JWT, JWS, and OpenID Connect. It describes the Foundation's leadership and working groups, and how open standards enable interoperability, extensibility, and user control of privacy and security. It outlines how OpenID Connect is widely used and continues to expand through new profiles. The Foundation operates a certification program to promote high-quality implementations and drive adoption of OpenID Connect through self-certification.
Free and Open Source Software - Challenges for the Automotive Supply ChainShane Coughlan
The document discusses challenges that the automotive supply chain faces with open source software and how the OpenChain project provides solutions. OpenChain defines requirements for quality open source compliance programs and allows companies to self-certify or obtain third-party certification that they meet the requirements. This helps companies address licensing issues and predictably manage open source code in business-to-business contexts.
Main Takeaways:
Different type of APIs - Public, Partner, and Private APIs
Key focus areas - Value, Platform Strategy, Measure & Grow API adoption
Typical journey for building API Products - PayPal Subscriptions as an example
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OpenIDFoundation
Michael Jones with Microsoft provided an update on the OpenID Connect Working Group at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
The document discusses using OpenID Connect to enable social single sign-on for Salesforce users. OpenID Connect is an identity layer built on top of OAuth 2.0 that allows users to authenticate using their existing credentials from identity providers like Google, Microsoft, and PayPal. It describes how to set up OpenID Connect with Salesforce as the relying party by registering as an OAuth client, configuring an auth provider in Salesforce, and defining user management logic using a registration handler.
This document discusses securing .NET Core and ASP.NET Core applications. It covers authentication and authorization topics like OpenID Connect, OAuth, sessions, and HTTPS. It provides an overview of authentication flows like OAuth's resource owner credentials flow and OpenID Connect's authorization code flow. It also discusses securing single page applications, Azure managed identities, and using libraries instead of rolling your own security implementation.
The document summarizes key highlights from an intelligent automation center of excellence, including over 150 bots deployed, 420+ processes automated, and over 500k hours of manual effort saved. It then discusses how constant application changes were causing maintenance issues for 60% of automations. The center implemented a test suite and continuous integration/continuous delivery pipeline partnering with Auxis to improve automation quality and speed, reduce errors by 15%, and increase production deployment speed by 96%. It provides an overview of the high-level CI/CD pipeline design and concludes by discussing what's next, including expanding the use of artificial intelligence and machine learning in automations.
To Open Banking and Beyond: Developing APIs that are Resilient to every new I...Curiosity Software Ireland
Watch the live webinar on-demand here -
https://curiositysoftware.ie/resources/to-open-banking-and-beyond-api-testing-free-webinar/
With over 35 APIs involved in an average business transaction, API innovation is critical for every organisation. However, microservices and fast-changing components can quickly create overwhelming complexity for architects, developers, and testers. They produce complex arrays of API calls, often leading to QA bottlenecks – or, worse, business-critical systems that have been released with undetected flaws in their APIs.
APIs often also work with sensitive data, making it essential to remove risk from API releases. Otherwise, initiatives like Open Banking can turn from an opportunity to a compliance nightmare. The challenge is that the time available to test APIs is only becoming shorter, while the complexity of the systems is increasing.
API testing must become both more iterative and more granular. This webinar will show why enterprises across banking, retail, telecoms, and more are combining Model-Based Testing and API Test Automation to overcome API complexity. You will see how Test Modeller builds rigorous API tests automatically in-sprint, pushing them to API Fortress for execution. This approach enables QA teams to ensure that APIs deliver business value, building seamlessly on the skills and techniques they use today.
Key takeaways:
1. Organizations investing in APIs must maintain API resilience, reliability, performance, and security.
2. Companies can significantly decrease risk while accelerating releases by combining model-based testing with complete test data management.
3. Test Modeller enables model-based API test automation, using coverage algorithms to create functional and data-driven API tests.
4. Testers can reuse functional API tests in API Fortress as integration tests, load tests, and functional uptime monitors with unlimited deployment and no metered usage fees.
Lessons in Transforming the Enterprise to an API PlatformLaunchAny
A look at lessons from our recent consulting engagements on why and how enterprises are moving from an API program to an API platform as part of their digital transformation. Includes 5 common practices we see across successful enterprises as they move to an API platform. Recording: https://www.youtube.com/watch?v=Km-mCx0Zbgo&feature=youtu.be
Enterprise QA and Application Testing ServicesHemang Rindani
Cygnet’s innovation and insight-driven software testing services have paved way for numerous path-breaking software applications. Our meticulous approach towards application testing eliminates pesky bugs, reduces the time-to-market while optimizing the total-cost-of-ownership.
Enterprise QA and Application Testing ServicesCygnet Infotech
Cygnet’s innovation and insight-driven software testing services have paved way for numerous path-breaking software applications. Our meticulous approach towards application testing eliminates pesky bugs, reduces the time-to-market while optimizing the total-cost-of-ownership.
TULI eServices is a US and India based software development company that specializes in web, mobile, and desktop applications. They follow an agile development process that includes monthly iterations, continuous client interaction, and quality assurance testing. TULI has expertise in various programming languages, databases, frameworks, and design tools. Their services include development, testing, maintenance, and digital marketing.
The document discusses WSO2's API Management Platform, which provides tools for publishing, documenting, securing, analyzing usage of, and monetizing APIs. It highlights key features like API publishing, documentation, analytics, security via OAuth, and a roadmap including additional collaboration and monetization features. The platform is based on WSO2's middleware and aims to provide a minimum viable product in its first release with additional capabilities over time based on user requirements.
Behavior Driven Development (BDD) is very popular with many Agilists out there, specially those focused on Testing. However my view is that BDD is not about Test Automation, it is about collaboration so that the expected behavior of the application can be determined. Cucumber happens to be the tool of choice to implement BDD. While doing this for web applications, we can drive the features through WebDriver.
Lately the application development has been inclined towards mobile apps and we need to extend our exiting BDD frameworks to handle app, be it Android, iOS or Win Mobile.
Appium is a neat tool for anyone who has exposure to WebDriver, irrespective of that also it is an excellent tool for mobile testing.
Here is my video of running Appium tests for android app using Cucumber.
Similar to OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Certification Program Update (20)
OIDF Virtual Workshop -- 5/21/2020 -- OpenID Certification Program UpdateOpenIDFoundation
Joseph Heenan provided an update on the OpenID Foundation's certification program. The new Java-based conformance suite has launched in pilot mode and offers additional testing compared to the previous Python suite. Features like mutual TLS, signed requests, and certificate-bound access tokens are now supported. FAPI-RW app-to-app certification remains free until the end of June 2020. Future plans include adding JARM and PAR profile testing along with certification for additional profiles like FAPI 2 and CIBA once specifications are stable. Feedback on the new conformance suite is welcomed.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OpenIDFoundation
Atul Tulshibagwale with Google provided an an overview of the Continuous Access Evaluation Protocol (CAEP) at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop at Verizon Media -- 9/30/2019 -- Research & Education Working G...OpenIDFoundation
Roland Hedberg with Catalogix provided an update on the Research & Education (R&E) Working Group at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...OpenIDFoundation
Torsten Lodderstedt with yes.com provided an overview of a proposed OpenID Foundation working group focused on identity assurance at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
Roland Hedberg with Catalogix and the OpenID Foudation provided an update on OpenID Connect Federation at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OpenIDFoundation
Dr. Torsten Lodderstedt with yes.com provided an update on OpenID Connect for Identity Assurance at the OIDF Workshop at the 2019 European Identity Conference on Tuesday, May 14, 2019 in Munich.
OIDF Workshop 4/29/2019 -- OpenID Research & Education Working Group UpdateOpenIDFoundation
Davide Vaghetti with Consortium GARR provided an update on the OpenID Foundation Research & Education (R&E) Working Group at the OIDF Workshop at Verizon Media on Monday, April 29, 2019.
OpenID Foundation Research & Education Working Group Update - October 22, 2018OpenIDFoundation
OpenID Foundation Research & Education (R&E) Working Group update presented by Nick Roy (Internet2) at the OpenID Foundation Workshop at VMware on Monday, October 22, 2018.
Things to Consider When Choosing a Website Developer for your Website | FODUUFODUU
Choosing the right website developer is crucial for your business. This article covers essential factors to consider, including experience, portfolio, technical skills, communication, pricing, reputation & reviews, cost and budget considerations and post-launch support. Make an informed decision to ensure your website meets your business goals.
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
2. What is OpenID Certification?
• OpenID Certification enables OpenID Connect and FAPI
implementations to be certified as meeting the requirements
of defined conformance profiles
• An OpenID Certification has two components:
– Technical evidence of conformance resulting from testing
– Legal statement of conformance
• Certified implementations can use the “OpenID Certified” logo
3. What value does certification provide?
• Technical:
– Certification testing gives confidence that things will “just work”
– No custom code required to integrate with implementation
– Better for all parties
– Relying parties explicitly asking identity providers to get certified
• Business:
– Enhances reputation of organization and implementation
– Shows that organization is taking interop seriously
– Customers may choose certified implementations over others
4. OpenID Connect Certification Profiles
• Six conformance profiles of OpenID Providers:
– Basic OpenID Provider
– Implicit OpenID Provider
– Hybrid OpenID Provider
– OpenID Provider Publishing Configuration Information
– Dynamic OpenID Provider
– Form Post OpenID Provider
• Six corresponding conformance profiles of OpenID Relying Parties:
– Basic Relying Party
– Implicit Relying Party
– Hybrid Relying Party
– Relying Party Publishing Configuration Information
– Dynamic Relying Party
– Form Post Relying Party
5. New Connect Certification Profiles
• Third Party Initiated Login for OPs and RPs
– Please test these tests!
• Four logout profiles for OPs and RPs being developed
– RP-Initiated Logout
– Session Management Logout
– Front-Channel Logout
– Back-Channel Logout
• Logout tests in alpha release
– https://new-op.certification.openid.net:60000/
– https://new-rp.certification.openid.net:8080/
– Expect testing instructions this week
6. FAPI Certification Status
• FAPI Part 2 (Read/Write) OP certification launched April 2019
– Two FAPI OP certifications completed to date
• Authlete
• ForgeRock
• FAPI Part 2 RP certification tests soon to be ready to test
• FAPI Client Initiated Back-channel Authentication (CIBA) tests
for OP and RP certification also soon to come
7. OpenID Connect OP Certifications
• OpenID Provider certifications at
https://openid.net/certification/#OPs
– 281 profiles certified for
91 implementations by
74 organizations
• Recent additions:
– Arizona Regional Multiple Listing
Service, City of Beverly Hills, CA,
Chinese Academy of Sciences, GrabTaxi
Holdings, Microsoft, Ping Identity,
SoftBank
• Each entry link to zip file with test
logs and signed legal statement
– Test results available for public
inspection
8. OpenID Connect RP Certifications
• Relying Party certifications at
https://openid.net/certification/#RPs
– 65 profiles certified for
26 implementations by
18 organizations
• Recent additions:
– IBM, Ping Identity
9. FAPI OP Certifications
• FAPI OP Certifications at
https://openid.net/certification/#FAPI_OPs
– 3 profiles certified for
2 implementations by
2 organizations
• Recent additions:
– Authlete, ForgeRock
10. A Very International Effort
• European programmers developed and operate the certification
test suites:
– Roland Hedberg, Sweden
– Joseph Heenan, UK
– Serkan Özkan, Turkey
– Tomas Pazderka, Czech Republic
– Filip Skokan, Czech Republic
– Hans Zandbelt, Netherlands
• OpenID Connect leadership also very international:
– Nat Sakimura, Japan
– John Bradley, Chile
– Michael Jones, United States
11. Use of Self-Certification
• OpenID Certification uses self-certification
– Party seeking certification does their own testing
– (rather than paying a 3rd party to do the testing)
• Simpler, quicker, less expensive, more scalable than 3rd party
certification
• Results are nonetheless trustworthy because
– Testing logs are made available for public scrutiny
– Organization puts its reputation on the line by making a public
declaration that its implementation conforms to the profile being
certified to
12. How does OpenID Certification work?
• Organization decides what profiles it wants to certify to
– For instance, “Basic OP”, “Config OP”, and “Dynamic OP”
• Runs conformance tests publicly available at
https://op.certification.openid.net/ or https://rp.certification.openid.net/
or https://www.certification.openid.net/
• Once all tests for a profile pass, organization submits certification request
to OpenID Foundation containing:
– Logs from all tests for the profile
– Signed legal declaration that implementation conforms to the profile
• Organization pays certification fee (for profiles not in pilot mode)
• OpenID Foundation verifies application is complete and grants certification
• OIDF lists certification at https://openid.net/certification/ and registers it in
OIXnet at http://oixnet.org/openid-certifications/
13. What does certification cost?
• Not a profit center for the OpenID Foundation
– Fees there to help cover costs of operating certification program
• Member price
– $200 for OpenID Connect, $500 for FAPI
• Connect price will change to $500 in June 2019
• Non-member price
– $999 for OpenID Connect, $2,500 for FAPI
• Connect price will change to $2,500 in June 2019
• New profiles in pilot mode are available to members for free
• Costs described at https://openid.net/certification/fees/
16. Certification of Conformance
• Legal statement by certifier
stating:
– Who is certifying
– What software
– When tested
– Profile tested
• Commits reputation of certifying
organization to validity of results
17. How does certification relate to
interop testing?
• OpenID Connect held 5 rounds of interop testing – see
http://osis.idcommons.net/
– Each round improved implementations and specs
– By the numbers: 20 implementations, 195 members of interop list, > 1000
messages exchanged
• With interop testing, by design, participants can ignore parts of the
specs
• Certification raises the bar:
– Defines set of conformance profiles that certified implementations meet
– Assures interop across full feature sets in profiles
18. Can I use the certification sites for
interop testing?
• Yes – please do!
• The OpenID Foundation is committed to keeping the
conformance test sites up and available for free to all
• Many projects using conformance testing for regression testing
– Once everything passes, you’re ready for certification!
• Test software is open source Python using Apache 2.0 license
– Some projects have deployed private instances for internal testing
– Available as a Docker container
19. Favorite Comments on OpenID
Certification
• Eve Maler – VP of Innovation at ForgeRock
– “You made it as simple as possible so every interaction added value.”
• Jaromír Talíř – CZ.NIC
– “We used and still are using certification platform mainly as testing tool for our
IdP. Thanks to this tool, we have fixed enormous number of bugs in our platform
an even some bugs in the underlying library.”
• Brian Campbell – Distinguished Engineer at Ping Identity
– “The process has allowed us to tighten up our implementation and improve on
the already solid interoperability of our offerings in the OpenID Connect
ecosystem.”
• William Denniss – Google
– “We have built the RP tests into the continuous-integration testing pipeline for
AppAuth.”
20. Certification Won Two Awards in 2018
Identity Innovation Award European Identity Award
21. What’s next for OpenID Certification?
• Additional Connect profiles being developed:
– Third Party Initiated Login
– RP-Initiated Logout, Session Management, Front-Channel Logout, Back-
Channel Logout
– Refresh Token Behaviors
• Additional FAPI profiles being developed:
– FAPI RP
– FAPI CIBA OP
– FAPI CIBA RP
• Certification for additional specifications is anticipated:
– E.g., HEART, MODRNA, iGov, EAP, etc.
22. Call to Action
• Certify your OpenID Connect and FAPI implementations now
• Help us test the new tests
• Join the OpenID Foundation and/or the OpenID Connect
working group
23. Where can I learn more?
• Certification instructions and current results:
– https://openid.net/certification/
• Frequently asked questions:
– https://openid.net/certification/faq/
• My blog:
– http://self-issued.info/
• Or drop me an e-mail:
– mbj@microsoft.com