API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
The presentation introduces the Financial API Working Group at the OpenID Foundation. The presentation was made at the API Days 2016 on December 13, 2016 in Paris.
1. In the era of mobile, OAuth 2.0 is the protocol of the choice. 2. However, RFC6749 is a framework and needs to be profiled appropriately for use cases.
3. FAPI WG @ OIDF is taking such task for Financial APIs and securing it using RFC7636, JWT Client Authentication/TLS Client Authentication, OpenID Connect, etc.
4. FAPI WG is collaborating with many stakeholders including financial institutions and fintech companies, etc.
5. Read only security profile going to OIDF votes.
6. Overview of the requirements for Read Only and Write Access security profiles are discussed.
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...MikeLeszcz
Introduction to the FAPI Read & Write OAuth Profile presentation given by Nat Sakimura, OpenID Foundation Chairman, at the OpenID Foundation Workshop at EIC 2018 on May 15, 2018 in Munich.
Introduction to the FAPI Read & Write OAuth ProfileNat Sakimura
It the presentation used in APIDays Berlin (2017-11-08) to explain the Financial API Read & Write Security profile's rationale and how it fulfilled the requirements.
Introduction to the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesNat Sakimura
APIDays Paris 2018 presentaion by Nat Sakimura.
Talking about Part 1, 2, and new Part 3 with examples.
My twitter: @_nat_en
Follow me on Youtube: https://www.youtube.com/NatSakimura
Blog: https://nat.sakimura.org/
API Days 2016 Day 1: OpenID Financial API WGNat Sakimura
The presentation introduces the Financial API Working Group at the OpenID Foundation. The presentation was made at the API Days 2016 on December 13, 2016 in Paris.
1. In the era of mobile, OAuth 2.0 is the protocol of the choice. 2. However, RFC6749 is a framework and needs to be profiled appropriately for use cases.
3. FAPI WG @ OIDF is taking such task for Financial APIs and securing it using RFC7636, JWT Client Authentication/TLS Client Authentication, OpenID Connect, etc.
4. FAPI WG is collaborating with many stakeholders including financial institutions and fintech companies, etc.
5. Read only security profile going to OIDF votes.
6. Overview of the requirements for Read Only and Write Access security profiles are discussed.
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...MikeLeszcz
Introduction to the FAPI Read & Write OAuth Profile presentation given by Nat Sakimura, OpenID Foundation Chairman, at the OpenID Foundation Workshop at EIC 2018 on May 15, 2018 in Munich.
Introduction to the FAPI Read & Write OAuth ProfileNat Sakimura
It the presentation used in APIDays Berlin (2017-11-08) to explain the Financial API Read & Write Security profile's rationale and how it fulfilled the requirements.
Introduction to the FAPI Read & Write OAuth Profile - Jan 2018 UpdatesNat Sakimura
APIDays Paris 2018 presentaion by Nat Sakimura.
Talking about Part 1, 2, and new Part 3 with examples.
My twitter: @_nat_en
Follow me on Youtube: https://www.youtube.com/NatSakimura
Blog: https://nat.sakimura.org/
Identity Management: Using OIDC to Empower the Next-Generation AppsTom Freestone
Technology has grown at an unprecedented rate in recent years. We now are tasked to create applications that will provide us with the flexibility to adapt to this unparalleled growth. We will look at the state of SSO including applicable standards, such as SAML, OpenId Connect, to gain an understanding of the bigger picture and examine how this new technology can be leveraged to help serve our customers.
Examining the emergent open source IoT ecosystem - IoT World Europe 2016Benjamin Cabé
* Examining the Open Source opportunity across all layers of the IoT software stack
* From sensor connectivity, to edge processing, cloud analytics and presentation of the events
* How can Open Source provide a trusted space where device vendors and software companies can reliably share components essential to interconnect the currently splintered IoT ecosystem
* Vertically Integrating the OpenSource IoT stack
Sitecore might be secure, but your site isn'tBas Lijten
Presentation about Sitecore and common security flaws that was given on the SUGCON conference in Copenhagen, Denmark. Find sources on https://github.com/BasLijten/Securitycore
[CB16] Background Story of "Operation neutralizing banking malware" and highl...CODE BLUE
Financial damages caused by remittance fraud in Japan has been increasing since year 2013, and this has become a critical problem in our society.
In April 2015, Tokyo Metropolitan Police Department conducted its very first unique takedown operation called "Operation Banking Malware Takedown”.
Tokyo Metropolitan Police Department had asked us to cooporate with this operation, so we developed a technology that would takedown the banking malware called "VAWTRAK".
In this presentation, I will give an overview of the operation and a background of our involvement.
Then, I will introduce and demonstrate the technology that we developed to takedown “VAWTRAK”.
I will also provide a description of ongoing banking malware attacks this year based on our investigation.
--- Kazuki Takada
He works at SecureBrain Corporation and belongs to Advanced Research Center and Security Response Team. Senior Software Engineer. 2014, He joined SecureBrain Corporation. As a software engineer, he works on the software development while doing security research. Mainly he focused on the analysis of the cyber crimes caused by financial Malware and phishing and its developing its technological countermeasures.
Major lectures in the past
2015/2016 Practical Anti-Phishing Guideline Seminar Lecturer
2016 IEICE requested symposium “Analysis methods and the results from Malware Long-term observation and taint analysis”.
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around.
This high intensity 30-minute crash course covers:
+ Man-in-the-middle (MITM) attacks
+ Taking advantage of improper certificate validation
+ Demonstration of a privilege escalation exploit of a web back-end vulnerability
Watch it here: https://youtu.be/bT1-7ZkSdNY
aplonAPI empowers you to explore the Future of FinTech APIs ... today.
Learn more about the product & discover how you can rapidly enter the APIs era, using our production grade API Management Framework.
aplonAPI allows you to become PSD2 compliant and start deploying innovative Open Banking / Banking as a Platform services & solutions
The supply chain of the future will accelerate due to assistance from autonomous technologies and processes. These are slides from our webinar Supply Chain and the Autonomous World webinar featuring special guests Jim Lawton, Chief Product and Marketing Officer, Rethink Robotics and Andy Souders, SVP Products and Strategy IoT/Big Data, Savi Technology, as they join Lora to discuss the impact of technologies such as robotics, self-driving vehicles, wearable devices, cognitive learning, 3-D printing and other evolutions on current and future supply chains.
Blockchain Primer - Founder Collective - December 2017Parul Singh
As 2017 comes to a close, blockchain is everywhere (or more accurately perhaps “bitcoin, bitcoin, bitcoin.”) here is a primer on blockchain that I prepared for my team at Founder Collective to help frame some of the exciting use cases we see coming down the pike. Further reading is on the last slide.
A Backstage Tour of Identity - Paris Identity Summit 2016ForgeRock
Join us to hear the challenges that online retailer “Band Materials” now face as the business grows and the external customer base increases to internet scale. What steps can the management take to transform their customer identity landscape? This backstage tour will cover the live deployment and configuration of components within the ForgeRock Identity Platform.
OpenID in the Digital ID Landscape: A Perspective From the Past to the FutureNat Sakimura
Digital identity has been under a constant evolution for the last 30 years. It started from a simple access control via user account within a system to a shared credential among the systems, then to the federated identity and bring-your-own-identity (BYOI). Modern usages are not only for access control but include such purposes like digital on-boarding (account opening), employee and customer relationship management. Among the many technologies out there, OpenID seems to have gained popularity in the market that you are probably using it without knowing it. This session explains the positioning of OpenID in the digital ID landscape and explores the future potential for both corporations and individuals.
More Related Content
Similar to OpenID Foundation Foundation Financial API (FAPI) WG
Identity Management: Using OIDC to Empower the Next-Generation AppsTom Freestone
Technology has grown at an unprecedented rate in recent years. We now are tasked to create applications that will provide us with the flexibility to adapt to this unparalleled growth. We will look at the state of SSO including applicable standards, such as SAML, OpenId Connect, to gain an understanding of the bigger picture and examine how this new technology can be leveraged to help serve our customers.
Examining the emergent open source IoT ecosystem - IoT World Europe 2016Benjamin Cabé
* Examining the Open Source opportunity across all layers of the IoT software stack
* From sensor connectivity, to edge processing, cloud analytics and presentation of the events
* How can Open Source provide a trusted space where device vendors and software companies can reliably share components essential to interconnect the currently splintered IoT ecosystem
* Vertically Integrating the OpenSource IoT stack
Sitecore might be secure, but your site isn'tBas Lijten
Presentation about Sitecore and common security flaws that was given on the SUGCON conference in Copenhagen, Denmark. Find sources on https://github.com/BasLijten/Securitycore
[CB16] Background Story of "Operation neutralizing banking malware" and highl...CODE BLUE
Financial damages caused by remittance fraud in Japan has been increasing since year 2013, and this has become a critical problem in our society.
In April 2015, Tokyo Metropolitan Police Department conducted its very first unique takedown operation called "Operation Banking Malware Takedown”.
Tokyo Metropolitan Police Department had asked us to cooporate with this operation, so we developed a technology that would takedown the banking malware called "VAWTRAK".
In this presentation, I will give an overview of the operation and a background of our involvement.
Then, I will introduce and demonstrate the technology that we developed to takedown “VAWTRAK”.
I will also provide a description of ongoing banking malware attacks this year based on our investigation.
--- Kazuki Takada
He works at SecureBrain Corporation and belongs to Advanced Research Center and Security Response Team. Senior Software Engineer. 2014, He joined SecureBrain Corporation. As a software engineer, he works on the software development while doing security research. Mainly he focused on the analysis of the cyber crimes caused by financial Malware and phishing and its developing its technological countermeasures.
Major lectures in the past
2015/2016 Practical Anti-Phishing Guideline Seminar Lecturer
2016 IEICE requested symposium “Analysis methods and the results from Malware Long-term observation and taint analysis”.
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around.
This high intensity 30-minute crash course covers:
+ Man-in-the-middle (MITM) attacks
+ Taking advantage of improper certificate validation
+ Demonstration of a privilege escalation exploit of a web back-end vulnerability
Watch it here: https://youtu.be/bT1-7ZkSdNY
aplonAPI empowers you to explore the Future of FinTech APIs ... today.
Learn more about the product & discover how you can rapidly enter the APIs era, using our production grade API Management Framework.
aplonAPI allows you to become PSD2 compliant and start deploying innovative Open Banking / Banking as a Platform services & solutions
The supply chain of the future will accelerate due to assistance from autonomous technologies and processes. These are slides from our webinar Supply Chain and the Autonomous World webinar featuring special guests Jim Lawton, Chief Product and Marketing Officer, Rethink Robotics and Andy Souders, SVP Products and Strategy IoT/Big Data, Savi Technology, as they join Lora to discuss the impact of technologies such as robotics, self-driving vehicles, wearable devices, cognitive learning, 3-D printing and other evolutions on current and future supply chains.
Blockchain Primer - Founder Collective - December 2017Parul Singh
As 2017 comes to a close, blockchain is everywhere (or more accurately perhaps “bitcoin, bitcoin, bitcoin.”) here is a primer on blockchain that I prepared for my team at Founder Collective to help frame some of the exciting use cases we see coming down the pike. Further reading is on the last slide.
A Backstage Tour of Identity - Paris Identity Summit 2016ForgeRock
Join us to hear the challenges that online retailer “Band Materials” now face as the business grows and the external customer base increases to internet scale. What steps can the management take to transform their customer identity landscape? This backstage tour will cover the live deployment and configuration of components within the ForgeRock Identity Platform.
Similar to OpenID Foundation Foundation Financial API (FAPI) WG (20)
OpenID in the Digital ID Landscape: A Perspective From the Past to the FutureNat Sakimura
Digital identity has been under a constant evolution for the last 30 years. It started from a simple access control via user account within a system to a shared credential among the systems, then to the federated identity and bring-your-own-identity (BYOI). Modern usages are not only for access control but include such purposes like digital on-boarding (account opening), employee and customer relationship management. Among the many technologies out there, OpenID seems to have gained popularity in the market that you are probably using it without knowing it. This session explains the positioning of OpenID in the digital ID landscape and explores the future potential for both corporations and individuals.
Future Proofing the OAuth 2.0 Authorization Code Grant Protocol by the applic...Nat Sakimura
OAuth 2.0 Authorization Framework, while achieved an extremely large adoption, has been exposed to various attacks and a num- ber of additional specifications to patch the problem has been created. It is expected that other attacks would come in the future requiring yet another patch specification. To avoid such future problems, a more systematic approach is needed.
This paper attempts to do it by applying BCM principles on OAuth (RFC6749). It demonstrates that additional parameters in all four messages are needed as well as the integrity protection of both authorization request and response.
As part of exercise to test the extensibility of OpenID Connect to other protocols than HTTP, we have created a custom scheme binding. This is still a rough sketch but should give you some ideas on what it is. It may seem to be a bit of stretch, but has a niche characteristics that it does not "leak" information to external OPs.
There will be a companion RP side as well, which would be a more normal case.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Key Trends Shaping the Future of Infrastructure.pdf
OpenID Foundation Foundation Financial API (FAPI) WG
1. Nomura Research Institute
Nat Sakimura
Chairman of the Board, OpenID Foundation
Senior Researcher, Nomura Research Institute
#cisnola
Foundation Financial API WG
• OpenID® is a registered trademark of OpenID Foundation.
• *Unless otherwise noted, all the photos and vector images are licensed by GraphicStocks.
June 2016
Anoop Saxena
FAPI WG co-chair, OpenID Foundation
Architect, Intuit
http://openid.net/wg/fapi/