To view recording of this webinar please use below URL:
Attacks against information systems is on the rise making enterprise security a major concern. It’s important to identify and address security needs such as confidentiality, integrity, availability and auditability of information. Enterprise security patterns facilitate balanced and informed decisions about security needs, as well as provide a rationale for the evolution of security needs over time. Antipatterns, which are fostered by misapplications of concepts and misunderstandings of security concerns, should be avoided. Enterprise security patterns and antipatterns solve these security concerns by addressing recurrent problems and challenges. These security patterns facilitate balanced and informed decisions about security needs, avoid the misapplication of concepts and misunderstanding of security concerns and provide a rationale for evolution of security needs over time.
This webinar will
Deep dive into enterprise security patterns and antipatterns
Explore the importance of using them
Discuss how to apply them with WSO2 Identity Server
What is SAML , How does SAML Works , request and Response , Enterprise and Web SSO, Advantages and Disadvantages of SSO, What is SSO, Single Sign On, Security Assertion Mark-up language.
Because the SAML Protocol is so foundational to the cloud identity software as a service Gluu provides, we wanted to lay out the basics of SAML for those interested.
The following can be thought of as a basic guide to getting you conversational with the SAML protocol.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
Daniel Stenberg does a presentation about HTTP/3 and QUIC. Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
Percona XtraDB Cluster vs Galera Cluster vs MySQL Group ReplicationKenny Gryp
What are the implementation differences between Percona XtraDB Cluster 5.7, Galera Cluster 5.7 and MySQL Group Replication?
- How do each of these work?
- How do they behave differently?
- Are there any major issues with any of these?
This talk will describe these differences and also shed some light on how QA is done for each of these different technologies.
What we've learned from running a PostgreSQL managed service on KubernetesDoKC
In this talk, I will share some of our learnings from running a managed PostgreSQL/TimescaleDB service on Kubernetes on AWS for a little more than a year: I’ll start with the motivation of running managed PostgreSQL on Kubernetes, the benefits and drawbacks. I’ll describe the architecture of the managed PostgreSQL cloud on Kubernetes I’ll zoom in on how we solved some of the Kubernetes-specific issues within our cloud, such as upgrading extensions without downtimes, taming the dreaded OOM killer, and doing regular maintenance and PostgreSQL major upgrades. I’ll share how open-source tools from the PostgreSQL ecosystem helps us to run the service and explain how we use them in a slightly non-trivial way.
This talk was given by Oleksii Kliukin for DoK Day Europe @ KubeCon 2022.
What is SAML , How does SAML Works , request and Response , Enterprise and Web SSO, Advantages and Disadvantages of SSO, What is SSO, Single Sign On, Security Assertion Mark-up language.
Because the SAML Protocol is so foundational to the cloud identity software as a service Gluu provides, we wanted to lay out the basics of SAML for those interested.
The following can be thought of as a basic guide to getting you conversational with the SAML protocol.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
HTTP/3 is the designated name for the coming next version of the protocol that is currently under development within the QUIC working group in the IETF.
HTTP/3 is designed to improve in areas where HTTP/2 still has some shortcomings, primarily by changing the transport layer. HTTP/3 is the first major protocol to step away from TCP and instead it uses QUIC.
Daniel Stenberg does a presentation about HTTP/3 and QUIC. Why the new protocols are deemed necessary, how they work, how they change how things are sent over the network and what some of the coming deployment challenges will be.
Percona XtraDB Cluster vs Galera Cluster vs MySQL Group ReplicationKenny Gryp
What are the implementation differences between Percona XtraDB Cluster 5.7, Galera Cluster 5.7 and MySQL Group Replication?
- How do each of these work?
- How do they behave differently?
- Are there any major issues with any of these?
This talk will describe these differences and also shed some light on how QA is done for each of these different technologies.
What we've learned from running a PostgreSQL managed service on KubernetesDoKC
In this talk, I will share some of our learnings from running a managed PostgreSQL/TimescaleDB service on Kubernetes on AWS for a little more than a year: I’ll start with the motivation of running managed PostgreSQL on Kubernetes, the benefits and drawbacks. I’ll describe the architecture of the managed PostgreSQL cloud on Kubernetes I’ll zoom in on how we solved some of the Kubernetes-specific issues within our cloud, such as upgrading extensions without downtimes, taming the dreaded OOM killer, and doing regular maintenance and PostgreSQL major upgrades. I’ll share how open-source tools from the PostgreSQL ecosystem helps us to run the service and explain how we use them in a slightly non-trivial way.
This talk was given by Oleksii Kliukin for DoK Day Europe @ KubeCon 2022.
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
A high level overview of ModeShape, a lightweight, fast, pluggable, open-source JCR repository that federates and unifies content from multiple systems, including files systems, databases, data grids, other repositories, etc.
Maximizing performance via tuning and optimizationMariaDB plc
Ensuring that your end users get the performance they expect from your system requires an organized approach to performance management. This session will cover the planning and measurement necessary to ensure satisfied customers, and will also include tips and tricks learned from MariaDB’s years of supporting many of the most demanding installations in the world.
These slides are supposed to help you understand the basics of application security, and how the latest technologies come together to enable you to reduce the number of times people at your organization need to authenticate.
For more information visit. http://gluu.org
An edge gateway is an essential piece of infrastructure for large scale cloud based services. This presentation details the purpose, benefits and use cases for an edge gateway to provide security, traffic management and cloud cross region resiliency. How a gateway can be used to enhance continuous deployment, and help testing of new service versions and get service insights and more are discussed. Philosophical and architectural approaches to what belongs in a gateway vs what should be in services will be discussed. Real examples of how gateway services, built on top of Netflix's Open source project, Zuul, are used in front of nearly all of Netflix's consumer facing traffic will show how gateway infrastructure is used in real highly available, massive scale services.
The presentations should help security professionals create security architecture that supports business objectives, covers all areas of security technology, and allows for effective measurement of security value.
The presentation was given at BrighTalk
Secret Management with Hashicorp’s VaultAWS Germany
When running a Kubernetes Cluster in AWS there are secrets like AWS and Kubernetes credentials, access information for databases or integration with the company LDAP that need to be stored and managed.
HashiCorp’s Vault secures, stores, and controls access to tokens, passwords, certificates, API keys, and other secrets . It handles leasing, key revocation, key rolling, and auditing.
This talk will give an overview of secret management in general and Vault’s concepts. The talk will explain how to make use of Vault’s extensive feature set and show patterns that implement integration between Kubernetes applications and Vault.
A high level overview of ModeShape, a lightweight, fast, pluggable, open-source JCR repository that federates and unifies content from multiple systems, including files systems, databases, data grids, other repositories, etc.
Maximizing performance via tuning and optimizationMariaDB plc
Ensuring that your end users get the performance they expect from your system requires an organized approach to performance management. This session will cover the planning and measurement necessary to ensure satisfied customers, and will also include tips and tricks learned from MariaDB’s years of supporting many of the most demanding installations in the world.
These slides are supposed to help you understand the basics of application security, and how the latest technologies come together to enable you to reduce the number of times people at your organization need to authenticate.
For more information visit. http://gluu.org
An edge gateway is an essential piece of infrastructure for large scale cloud based services. This presentation details the purpose, benefits and use cases for an edge gateway to provide security, traffic management and cloud cross region resiliency. How a gateway can be used to enhance continuous deployment, and help testing of new service versions and get service insights and more are discussed. Philosophical and architectural approaches to what belongs in a gateway vs what should be in services will be discussed. Real examples of how gateway services, built on top of Netflix's Open source project, Zuul, are used in front of nearly all of Netflix's consumer facing traffic will show how gateway infrastructure is used in real highly available, massive scale services.
The presentations should help security professionals create security architecture that supports business objectives, covers all areas of security technology, and allows for effective measurement of security value.
The presentation was given at BrighTalk
HD version: http://1drv.ms/1eR5OQf
This is my publication on how the integration of the TOGAF Enterprise Architecture framework, the SABSA Enterprise Security Architecture framework, and Information Governance discipline add up to a robust and successful Information Security Management Program.
How to Secure Your Enterprise Services with WSO2 ESBWSO2
To view recording of this webinar please use the below URL:
http://wso2.com/library/webinars/2015/06/how-to-secure-your-enterprise-services-with-wso2-esb/
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
The difference between Web Apps, Web Services, and Web APIs, and how getting into Web APIs will change the way you do authentication and access control.
You want to start integrating security in your web application project but you don't know where to start and don't have access to software security professionals. What are the "cheapest" while very efficient activities that you can already do by yourself?
Agenda:
-Understanding the need for information security and privacy
-Secure design: key principles
-Threat modeling and analysis: building your first threat model and identifying the major risks in your web application
- Testing the security of your web application
- Understanding the big picture: what is a secure SDLC
- Cheap and efficient security activities that might be started immediatly in your SDLC
IoT And Inevitable Decentralization of The InternetPaul Brody
The Internet of things isn't just here, it's inevitable and it's going to re-architect the internet as a result. It's time to drop our obsession with analytics and focus on value creation.
The End of the Fortress: The new Approach to CybersecurityMarc Nader
Presentation delivered at the Cybercrime conference of the World Union of Arab Bankers on Nov 5th, 2016.
It explains how digital technologies are pushing us to rethink the traditional model of securing the enterprise.
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
The intent of the paper is to propose a simple yet comprehensive technique to model enterprise security architecture and design aligned to SABSA that enables –
Standardisation of SABSA Enterprise Security Architecture framework by formalizing common language used in the form of ESA modelling notation
Reusability of model artefacts (not documents) to enable enterprise and department level collaboration and knowledge management
Generic or organisation specific Library of assets for various ESA artefacts such as – Business attribute profile(s), security services, mechanisms and components and associated views
Tool-assisted development using a separate toolbox for ESA that augments Enterprise Architecture (ToGAF) modelling using Archimate.
Part 2 of the study with the accompanying book: https://msdn.microsoft.com/en-us/library/ff649874.aspx
This is a n architectural study for making application software resilient to security threat.
Identity Federation Patterns with WSO2 Identity ServerWSO2
The rapid growth of organizations, ever changing company policies, mergers and acquisitions often lead to the need for complex identity solutions that require integration with multiple heterogeneous systems. This makes traditional centralized identity management systems no longer viable.
Identity federation is now adopted as a solution for such complex systems. It allows you to link multiple identities that belong to different trust domains by means of a common set of policies, practices and protocols.
Join Darshana and Omindu in this webinar as they explore
The challenges of introducing identity federation with use cases
How to leverage identity federation patterns to overcome these challenges
Troubles with Large Identity Providers.pptxYury Leonychev
I have tried to summarize my experience from development of large-scale IdP. And highlight typical problems, that companies can face, when they will build their own IdP platforms.
Decentralized access control with anonymous authentication of data stored in ...LeMeniz Infotech
Decentralized access control with anonymous authentication of data stored in clouds parallel distributed systems
We propose a new decentralized access control scheme for secure data storage in clouds that supports anonymous authentication. In the proposed scheme, the cloud verifies the authenticity of the series without knowing the user's identity before storing data. Our scheme also has the added feature of access control in which only valid users are able to decrypt the stored information. The scheme prevents replay attacks and supports creation, modification, and reading data stored in the cloud. We also address user revocation. Moreover, our authentication and access control scheme is decentralized and robust, unlike other access control schemes designed for clouds which are centralized. The communication, computation, and storage overheads are comparable to centralized approaches.
Advanced mechanism for single sign on for distributed computer networkseSAT Journals
Abstract A distributed computer networks could be a special form of the network that facilitates the purchasers to use completely different network services that is provided by the service suppliers. Within the distributed computer networks, user verification is a crucial method for the protection. Within the verification, the choice is taken whether the user is legal or not and then enabled the users to access the service. In general users are using multiple usernames and passwords for to access different applications on a distributed computer network. This increase the burden of the user and organization administrator as each and every account of the organization is going to be handled with their explicit username and credential. A new certification plan that is named as single sign-on mechanism that facilitates the users with one identity token to be verified by multiple service suppliers. Single sign-on is one of user authentication method that allows a user to enter one name and identity token so as to access multiple applications. The method authenticates the user for all the applications they have been offered access to and eliminates additional prompts after they switch applications throughout a specific session. However, existing approaches which are utilizing single sign-on scheme have some drawbacks relating to security needs. Thus, through this paper, we will discuss regarding the event of security from earlier stage to present stage. And clearly discuss regarding the authentication steps between user and service supplier. Keywords — single sign-on, authentication token , mutual authentication
In Cloud, existing vulnerabilities, threats, and associated attacks raise several security concerns. Vulnerabilities in Cloud can be defined as the loopholes in the security architecture of Cloud, which can be exploited by an adversary via sophisticated techniques to gain access to the network and other infrastructure resources. In these slides, we discuss major Cloud specific vulnerabilities, which pose serious threats to Cloud computing.
Federated identity management is mainly used by security leaders. It.pdfapexjaipur
Federated identity management is mainly used by security leaders. It is mainly DEALS with the
identifying the individuals and it permits secure access to resource. It is a secure arrangement
that can made among the enterprises.
Security benefits of Federated Identity Management:
1. Offer authentication for XML based open standard data format:
2. Security standpoint: The more organizations adopt it because it prevents hackers looking for
vulnerabilities. It is a simplified password management. Only authenticated persons have access
right.
3. Lose coupling of Directories: It does not require user information to be preserved and
coordinated between directories.
4. Platform neutrality:
In FIDM abstracts the security framework away from platform architecture and vendor
implementations, for more independent of application logic and it provide secure communication
in any platform.
5. Reduced cost for service providers:
In this re-use a single act of authentication many times across several services can reduce the
cost of maintaining account.
6. Best online experience for end users:
While end users enter into the particular site, perform sign on by allowing users to authenticate at
an identity provider and then access service providers without other verification.
Solution
Federated identity management is mainly used by security leaders. It is mainly DEALS with the
identifying the individuals and it permits secure access to resource. It is a secure arrangement
that can made among the enterprises.
Security benefits of Federated Identity Management:
1. Offer authentication for XML based open standard data format:
2. Security standpoint: The more organizations adopt it because it prevents hackers looking for
vulnerabilities. It is a simplified password management. Only authenticated persons have access
right.
3. Lose coupling of Directories: It does not require user information to be preserved and
coordinated between directories.
4. Platform neutrality:
In FIDM abstracts the security framework away from platform architecture and vendor
implementations, for more independent of application logic and it provide secure communication
in any platform.
5. Reduced cost for service providers:
In this re-use a single act of authentication many times across several services can reduce the
cost of maintaining account.
6. Best online experience for end users:
While end users enter into the particular site, perform sign on by allowing users to authenticate at
an identity provider and then access service providers without other verification..
This slide deck explores the advantages of choosing an open source IAM solution and the enhancements and customizations that are made possible with this model.
Introduction to the security components used in FIWARE architecture. What is the standard communication of the oAuth2.0 standard. What about the fine grane access to the information using XACML standard. How to use JWT with FIWARE Secure components. What are the different types of accessing support are allowed. How to offer security access to your applications using these components. What is eIDAS and eID and how to integrate them in the FIWARE Security architecture. Finally an overview of the Data Usage Control using FIWARE Security components
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover:
The overall software architecture for VHR’s Cloud Data Platform
Critical decision points leading to adoption of Ballerina for the CDP
Ballerina’s role in multiple evolutionary steps to the current architecture
Roadmap for the CDP architecture and plans for Ballerina
WSO2’s partnership in bringing continual success for the CD
The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.
Platformless Horizons for Digital AdaptabilityWSO2
In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.
Quantum computers are rapidly evolving and are promising significant advantages in domains like machine learning or optimization, to name but a few areas. In this keynote we sketch the underpinnings of quantum computing, show some of the inherent advantages, highlight some application areas, and show how quantum applications are built.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
2. For whom?
● Looking to learn about Identity and Access Management Patterns to
solve real world business problems.
● Some experience with Identity and Access Management
Technologies. E.g. Directories, SAML2, OAuth2 which are some of the
most commonly used data standards / protocols for transporting
Identity and Access Management data.
● Main focus is on Identity and Access Management Patterns.
○ NOT Network Security
○ NOT OS Security
2
4. Problem
● Users to the system can come from multiple sources
● A single user’s attributes can come from multiple sources
● User credentials and attributes can come from separate sources
Solution
● Mount multiple user stores for
user management and make the
number and type of user stores
transparent to the application
● Connect the credential stores and
identity stores to the system and
provide a unified view of the
user's’ identity hiding away the
complexity in aggregating those
data
4
6. Problem
Users will work with multiple applications in an enterprise.
They will have to use specific credentials for each.
● Disjointed User Experience
● Complicated user and account management
● Security Threats
Solution
Delegate authentication to a trusted
identity provider - Brokered Identity
6
7. Benefits
● Single Sign On
● Separate user authentication from application code
● Hides user credentials from applications
● Removes administrative overhead from applications
● Improves user experience
Limitations
● Authentication can be a single point of failure.
● Introduce a single point where the security of the entire system can
be breached
7
9. Problem
Users will use applications across enterprise borders and cloud.
Solution
Multiple trust domains with multiple Identity Providers.
Federated authentication based on the trust relationship
9
10. Benefits
● Single Sign On
● No need of managing accounts in the on premise userstore
● Reduce administration overhead
Limitations
Security of the system can be compromised if any of the Identity Provider
that your Identity Provider trusts are breached.
10
12. Problem
A consumer who is living in a trust domain needs to interact with a
service that is developed in a federated trust domain
Solution
Establish a trust relationship between the two Identity Providers residing
in each trust domain.
IdP-A IdP-B
Consumer Service
Trust
Trust
Trust
Trust Domain A Trust Domain B
12
13. Benefits
● Flexible in maintaining trust domains
● Facilitates federated interactions between consumers and services
across trust domains
● Same model can be extended to address more complex federation
scenarios
Limitations
Introduces certain level of dependency between the consumer and the
Identity Provider in the other trust domain
13
15. Problem
A consumer who is living in a trust domain needs to interact with a
service that is developed in a federated trust domain, without any
dependencies to entities in the other trust domain
Solution
Consumer presents the token to the service in the other trust domain.
Service will validate the token with its Identity Provider.
IdP-A IdP-B
Consumer Service
Trust
Trust
Trust
Trust Domain A Trust Domain B
15
16. Benefits
● Removes dependencies between consumers and service in different
trust domains
● Can handle different token claim representations
Limitations
● Adds complexity to the mechanism used to model the trust
relationship with the Identity Provider in the other trust domain
● Makes the services to accept messages that are not issued by the
Identity Provider that they trusts
16
18. Problem
Creation of trust between Identity Providers can be complex.
Ex:
Cannot establish direct trust relationship as some identity information
cannot be shared with partner company.
Solution
Establish the trust
relationship with a
third party Identity
Provider, that act as a
bridge between other
Identity Providers
IdP-A IdP-B
Consumer Service
Trust
Trust
Trust
Trust Domain A
Trust Domain BIdP-C
Trust Trust
18
19. Benefits
Isolates the complexities of the federated environment from different
trust domains
Limitations
Introduces a new component that needs to maintained
19
21. Problem
● Increasing no of Service Providers and Identity Providers
● Each Service Provider has to trust Each Identity Provider
Not scalable
Hard to manage
Source : http://blog.facilelogin.com/2014/10/identity-federation-patterns-with-wso2.
html
Spaghetti
21
24. Problem
● Multiple Identity Federation Protocols
SAML, OpenID Connect, WS-Federation etc.
● But federation systems relies on only one protocol
Ex:
Silo of SAML Federation
Silo of OpenID Connect Federation
Source : http://blog.facilelogin.com/2014/10/identity-federation-patterns-with-wso2.
html
Federation
Silos
24
26. Benefits
● Single Sign On across heterogeneous protocols
● Identity federation between Service Providers and Identity Providers
with heterogeneous federation protocols
● Scalability
Limitations
● Authentication can be a single point of failure.
● Introduce a single point where the security of the entire system can
be breached
26
28. Problem
Service Providers may not be able to understand claims or roles of the
subject, in the format issued by Identity Providers and vise versa.
Solution
Convert incoming claims to the expected format
Benefits
● Process claims in a single point reducing the complexity of enforcing
brokered trust
● Can be used with legacy systems
28
30. Problem
Digital identity fraud is still on the rise
Needs “strong” user authentication
Solution
Use two or more authentication factors
● Something known to only the user (Knowledge based)
password, shared secret, PIN
● Something held only by the user (Possession based)
security token, smart card, mobile device
● Something inherent only to the user (Biometric)
facial recognition, fingerprint, voice recognition
30
32. Problem
Multiple domains essentially isolated due to lack of mutual inbound or
outbound trust relationships.
Service Providers opt for different login options
Solution
Multiple login options are presented to the user as per the Service
Provider application.
32
34. Problem
Needs “strong” user authentication, if and only if there is an actual risk.
Solution
Provide additional authentication steps, if and only if the risk profile
(derived from a matrix of variables) is high.
Enhance user experience
34
36. 36
MAC vs. DAC
● Mandatory Access Control (MAC)
○ Centralized security policy
○ Users do not have the ability to override the policy
● Discretionary Access Control (DAC)
○ Governs the ability of subjects to access objects
○ Allows users the ability to make policy decisions and/or assign
security attributes.
○ The traditional Unix system of users, groups, and read-write-
execute permissions is an example of DAC.
37. 37
Access Control Patterns
● Access Matrix / Access Control Table / Access Control List
● Role Based Access Control (RBAC)
● Group Based Access Control
● Claim Based Access Control
● Policy Based
● Hierarchical Authorization
○ Hierarchical Tenants
○ Hierarchical Groups/Roles
○ Hierarchical Resources
● Multilevel Access Control
42. Problem
Consumers need to access back-end APIs on behalf of the logged in user.
42
Solution
Should adhere to some access delegation protocol
Ex: OAuth
Exchange the authentication token to some access token
SAML token, JSON Web Token (JWT)
53. 53
Problem
Securing a n-tier application
● Securing only the top most layer
● Expansion in the number and kinds of users
● Heterogeneous devices
● Unlimited connections
● Who should be allowed to access the data?
● Cannot protect from an attack originating from the local area
network within the company.
● Who has already accessed the data?
Source : http://blog.facilelogin.com/2014/10/identity-federation-patterns-with-w
html
54. 54
Solution 1
Impersonation and Delegation
● Delegation is the process of allowing another party to act on behalf
of an identity.
● This process bestows upon a party the rights and privileges of
another party to perform a set of tasks.
● Impersonation can be viewed as the most relaxed form of
delegation, such that one identity is assigned the complete set of
permissions of the impersonated identity.
55. 55
Solution 2
Trusted Subsystem
● Trusted subsystem model implies that application services are trusted
to perform a specific set of application tasks.
● Frequently, downstream services need to make application
authorization decisions.
● To do so, the service must know the identity of the end user.
● While the ability to flow the identity of the end user is an inherent
property of the delegation model, it is not so for the trusted subsystem
model and special efforts must be made to include this feature.
Source : https://msdn.microsoft.com/en-us/library/aa905320.
aspx#trstsubsysdes_topic6
56. 56
Solution 2 Contd.
Trusted Subsystem
● Authenticate and verify the identity of the upstream or downstream
service they are communicating with.
● Decide if the identified service is a trusted subsystem for a specific set
of application functions, including propagating identity claims.
● Protect the integrity of the data being communicated between trusted
subsystem and downstream services. Besides application data and
application plumbing data, such as the identity claims of the original
user, must also be protected so that no man-in-the-middle can modify
the identity information that is in transit.
57. 57
Solution 2 Contd.
Trusted Subsystem - Identity Flows
● Trusted subsystem generated identity tokens / Self-issued
○ When downstream services trust the trusted subsystem to assert the
original caller's identity, without requiring additional evidence from
other parties.
● Third party generated identity tokens / Self-contained
○ When the downstream services trust the trusted subsystem to assert
claims regarding the original caller in conjunction with third party
evidence that satisfies an additional set of security requirements.
● User self-signed tokens
○ When the trusted subsystem is authorized to perform a set of
application functions and when there must be evidence from the
original caller that the caller initiated the request.
● Identity/Credential Mapping
○ Special function of the trusted subsystem role, where the goal is to
transform an identity to another related identity for the purpose of
gaining access to downstream resources that only recognize the
transformed identity.
61. 61
Audit Interceptor
Requirement
● Log security incidents to trace system abuse:
○ Failed login attempts
○ Unauthorized access attempts to services
Solution
● All messages flow through the a gateway of the system.
● Necessary auditing is done by the logging at the gateway.
62. 62
Data Origin Authentication
Requirement
● Non-repudiation
Solution
● Digital Signature
Data Confidentiality
Requirement
Protect sensitive personal data during transmission from:
● Tampering
● unauthorized access
Solution
● Digital Encryption
63. 63
Message Screening
Requirement
Mitigate damages to the system from messages with malicious content
● SQL injection
● X-Doc attacks
Solution
● XML Schema validation.
● Regular expression validation to avoid SQL injections contained in
strings.
● An application of Perimeter Security
64. 64
Replay Mitigation/DoS Safety
Requirement
Prevent denial of service attacks caused by replaying valid messages.
Solution
● Apply throttling rules at the entry point.
● Validate message freshness by WS-Security mechanisms
(Timestamp/Nonce).
● An application of Perimeter Security.
65. 65
Exception Shielding
Requirement
Avoid exposing sensitive data through exceptions.
● Legacy application code might throw exceptions containing sensitive
information.
● Need to filter those exceptions when system is exposed to external
parties.
Solution
● Sanitize unsafe exception data by replacing it with non-harmful
exception message and give the right level of detail to the user.
66. 66
References
[1] https://msdn.microsoft.com/en-us/library/
[2] http://soapatterns.org/
[3] https://medium.facilelogin.com/thirty-solution-patterns-with-the-wso2-identity-server-
16f9fd0c0389#.1f3slrjnt
[4] http://wso2.com/library/blog-post/2014/10/blog-post-identity-anti-patterns-federation-silos-
and-spaghetti-identity/
[5] http://wso2.com/library/webinars/identity-server/
[6] M. Schumacher, E. Fernandez-Buglioni and D. Hybertson, Security Patterns: Integrating
Security and Systems Engineering. 2005.