David Orrell, System Architect and Phil Leahy, Service Relationship Manager, talk about Phase II of the OpenAthens Cloud Service Provider project, and also about how OpenAthens is being used as an identity provider service in the corporate sector.
Phil Leahy, Service Relationship Manager covers our commitment to the publishing community as part of our Publisher Manifesto. David Orrell, System Architect, runs through phase one of our new service provider product.
Active Directory serves as the definitive framework to coordinate access between users and their gadgets to different resources like servers, or cloud-based systems and applications. Learn more how Active Directory integration solution with AWS benefits business.
Mobility, flexibility, Content Creation & Internal Collaboration rely on an individuals ability to access and share their content from anywhere at anytime. OneDrive for Business is the solution provided by Office 365, and mobile apps, to meet these unwavering end-user goals. However, there are still questions if the current solution does meet the expectations of the end-user while balancing the need of IT governance. In this session we'll take a look at the key considerations when building your adoption plan of OneDrive, migration methods for moving your end-users' content, how to manage the content as users join and leave your organization.
SharePoint Migration Series: Success Takes Three ActionsAdam Levithan
Your successful migration to SharePoint 2016 takes three actions: analysis, optimization and planning. It also takes a lot of questions that require answers. What do you have? What do you move? What do you archive? What problems might occur? What do users expect? From identifying content sprawl, deciding what to archive, understanding potential security risks, ending performance issues and creating an environment that meets end-user expectations, requires many questions that need good answers. In this session, you’ll learn what to ask and how to find answers: Understand your current environment
Maximizing SharePoint 2016 features
Accurately plan your migration
Reduce risk in your SharePoint migration
Life in the clouds: SharePoint and Office 365Loryan Strant
Presented at the Australian SharePoint Conference (Sydney) in 2013 by Mark O'Shea and myself, this presentation covers:
- What is SharePoint in Office 365?
- Comparison between SharePoint Online & Server
- Licensing from the cloud
- SkyDrive Pro – cloud or on-premises?
- SkyDrive Pro desktop experience
- On-premises & the cloud
Smart Submit and Client Support
Michael Millar, Junior Software Developer, and Frank Coates, Client Support Manager
Get a peek at the new and improved Smart Submit and learn about new, easier ways to contact the support team at Access Innovations.
Phil Leahy, Service Relationship Manager covers our commitment to the publishing community as part of our Publisher Manifesto. David Orrell, System Architect, runs through phase one of our new service provider product.
Active Directory serves as the definitive framework to coordinate access between users and their gadgets to different resources like servers, or cloud-based systems and applications. Learn more how Active Directory integration solution with AWS benefits business.
Mobility, flexibility, Content Creation & Internal Collaboration rely on an individuals ability to access and share their content from anywhere at anytime. OneDrive for Business is the solution provided by Office 365, and mobile apps, to meet these unwavering end-user goals. However, there are still questions if the current solution does meet the expectations of the end-user while balancing the need of IT governance. In this session we'll take a look at the key considerations when building your adoption plan of OneDrive, migration methods for moving your end-users' content, how to manage the content as users join and leave your organization.
SharePoint Migration Series: Success Takes Three ActionsAdam Levithan
Your successful migration to SharePoint 2016 takes three actions: analysis, optimization and planning. It also takes a lot of questions that require answers. What do you have? What do you move? What do you archive? What problems might occur? What do users expect? From identifying content sprawl, deciding what to archive, understanding potential security risks, ending performance issues and creating an environment that meets end-user expectations, requires many questions that need good answers. In this session, you’ll learn what to ask and how to find answers: Understand your current environment
Maximizing SharePoint 2016 features
Accurately plan your migration
Reduce risk in your SharePoint migration
Life in the clouds: SharePoint and Office 365Loryan Strant
Presented at the Australian SharePoint Conference (Sydney) in 2013 by Mark O'Shea and myself, this presentation covers:
- What is SharePoint in Office 365?
- Comparison between SharePoint Online & Server
- Licensing from the cloud
- SkyDrive Pro – cloud or on-premises?
- SkyDrive Pro desktop experience
- On-premises & the cloud
Smart Submit and Client Support
Michael Millar, Junior Software Developer, and Frank Coates, Client Support Manager
Get a peek at the new and improved Smart Submit and learn about new, easier ways to contact the support team at Access Innovations.
The Micrsoft Ignite conference is designed to fuel businesses and give them a glimpse into the future.
Updates from 2015 confrence include Sharepoint 2016 and Office 365.
SharePoint Saturday Paris 2015 Validating SharePoint 2013 Farm Before Go-LiveChirag Patel
You are at a mercy of your IT service provider who has delivered SharePoint to your organisation and you are ready to go live... but your newly appointed SharePoint expert has found plethora of issues!
This session focuses on real world scenario on what went wrong and the steps SharePoint expert recommended and actioned to bring the project back on track to drive the replacement of fileshare with SharePoint 2013 and paving the way for better end user adoption.
Vanessa Fairhurst presents about managing changes to scholarly content using the Crossmark service. Presented at Crossref LIVE local events Pretoria and Cape Town, 17th and 19th April 2018.
Joe Wass talked us through the Crossmark service, managing changes to content at Crossref and keeping your readers updated. Presented at Crossref LIVE local Hannover, June 27th 2018.
A 5 minutes lightning talk about standards based approach to authentication and authorization of RESTful web services using OAuth et al. It shows how OAuth web services can be called by taverna workflow.
Presented at Biodiversity Informatics Horizon 2013 conference (see http://conference.lifewatch.unisalento.it/index.php/EBIC/BIH2013)
Azure for IaaS - Global Windows Azure Bootcamp (GWAB)Loryan Strant
A presentation on Windows Azure as a platform for Infrastructure as a Service.
Presented in Melbourne, Australia as part of the Global Windows Azure Bootcamp in April 2013.
Wisconsin SharePoint User Group - SharePoint Conference 2018 AnnouncementsDrew Madelung
Collection of announcements from the recent SharePoint Conference North American 2018 that happened in Las Vegas in May 2018. This includes information on SharePoint, OneDrive, Teams and Office 365
This session covers in detail the modern experiences recently made available in SharePoint Online and how to take the most of them in your organization.
In this presentation from the Live!360 conference in Orlando in 2016, I presented on implementing and managing Office 365 and how to get started with Office 365
OpenAthens Service Provider in the cloud: development update Eduserv
OpenAthens is developing its Service Provider software so it does not need to be installed on our customers' applications or platforms. The objective is to enable federated single sign on without exposing customers to many of the complexities of SAML. Access management will be controlled via an API into a hosted service using OpenID connect which is a modern, standards based authentication protocol.
The aims of this short webinar are:
- To update customers to the streamlining of our SP dashboard and our federation manager to improve the customer experience.
- Introduce the architectural framework that will underpin the extension of our service.
- Answer questions and receive feedback on the work from our key customers.
Introducing OpenAthens Cloud for content providersOpenAthens
Find out how your organisation can benefit from our new cloud-based OpenAthens Access product, built using next generation authentication technology OpenID Connect.
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...WSO2
This deck will cover the problem with running systems in isolation. how you can move away from isolated systems, an Introduction to the concept of services oriented architecture and integration hub, the benefits of sharing information and services, and will introduce the concept of API Management.
The Micrsoft Ignite conference is designed to fuel businesses and give them a glimpse into the future.
Updates from 2015 confrence include Sharepoint 2016 and Office 365.
SharePoint Saturday Paris 2015 Validating SharePoint 2013 Farm Before Go-LiveChirag Patel
You are at a mercy of your IT service provider who has delivered SharePoint to your organisation and you are ready to go live... but your newly appointed SharePoint expert has found plethora of issues!
This session focuses on real world scenario on what went wrong and the steps SharePoint expert recommended and actioned to bring the project back on track to drive the replacement of fileshare with SharePoint 2013 and paving the way for better end user adoption.
Vanessa Fairhurst presents about managing changes to scholarly content using the Crossmark service. Presented at Crossref LIVE local events Pretoria and Cape Town, 17th and 19th April 2018.
Joe Wass talked us through the Crossmark service, managing changes to content at Crossref and keeping your readers updated. Presented at Crossref LIVE local Hannover, June 27th 2018.
A 5 minutes lightning talk about standards based approach to authentication and authorization of RESTful web services using OAuth et al. It shows how OAuth web services can be called by taverna workflow.
Presented at Biodiversity Informatics Horizon 2013 conference (see http://conference.lifewatch.unisalento.it/index.php/EBIC/BIH2013)
Azure for IaaS - Global Windows Azure Bootcamp (GWAB)Loryan Strant
A presentation on Windows Azure as a platform for Infrastructure as a Service.
Presented in Melbourne, Australia as part of the Global Windows Azure Bootcamp in April 2013.
Wisconsin SharePoint User Group - SharePoint Conference 2018 AnnouncementsDrew Madelung
Collection of announcements from the recent SharePoint Conference North American 2018 that happened in Las Vegas in May 2018. This includes information on SharePoint, OneDrive, Teams and Office 365
This session covers in detail the modern experiences recently made available in SharePoint Online and how to take the most of them in your organization.
In this presentation from the Live!360 conference in Orlando in 2016, I presented on implementing and managing Office 365 and how to get started with Office 365
OpenAthens Service Provider in the cloud: development update Eduserv
OpenAthens is developing its Service Provider software so it does not need to be installed on our customers' applications or platforms. The objective is to enable federated single sign on without exposing customers to many of the complexities of SAML. Access management will be controlled via an API into a hosted service using OpenID connect which is a modern, standards based authentication protocol.
The aims of this short webinar are:
- To update customers to the streamlining of our SP dashboard and our federation manager to improve the customer experience.
- Introduce the architectural framework that will underpin the extension of our service.
- Answer questions and receive feedback on the work from our key customers.
Introducing OpenAthens Cloud for content providersOpenAthens
Find out how your organisation can benefit from our new cloud-based OpenAthens Access product, built using next generation authentication technology OpenID Connect.
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...WSO2
This deck will cover the problem with running systems in isolation. how you can move away from isolated systems, an Introduction to the concept of services oriented architecture and integration hub, the benefits of sharing information and services, and will introduce the concept of API Management.
What Do Records Managers Need to Know About Open Source, Open Standards, Open...Cheryl McKinnon
What do records and information managers need to know about the Web's Three Os? Open Source, Open Standards and Open Data? ARMA Ottawa IM Days - Nov 28, 2012
[Workshop] Digital Transformation: Breaking Down Boundaries for Greater Conne...WSO2
This deck will cover the problem with running systems in isolation. how you can move away from isolated systems, an Introduction to the concept of services oriented architecture and integration hub, the benefits of sharing information and services, and will introduce the concept of API Management.
Nowadays most components of a full identity infrastructure are available as Open Source components - and some even within The ASF: identity repositories, provisioning engines, access management systems.
Picking these bricks to realize a solution that will suit the wide-range ever-changing organizations' needs is a real challenge for all system integrators in the Identity & Access Management area.
Some real-word use cases and scenarios will be reviewed in this presentation to highlight strengths, flexibility and benefits - but also wicked problems and possible improvements - that Open Source Identity infrastructures can provide to organizations and final users.
Managing the Software Supply Chain: Policies that Promote Innovation While Op...FINOS
Jeff Luszcz, Flexera Software: Managing the Software Supply Chain: Policies that Promote Innovation While Optimizing Security and Compliance.
Do you build software, sell software consulting services, or contribute to the open source community? Understanding your software supply chain and learning the best way to manage them is worth your time. As the consumption of open source and other third party software increases, companies who know how to manage and influence the supply chain have a competitive advantage over those who don’t do it as well. Developers, Architects, and IP attorneys need to understand the long term impact of leveraging Open Source and Third Party software in their enterprise software, internal tools and web services. Join Jeff Luszcz, VP of Product Management at Flexera, as he walks through best practices to manage OSS in the financial services world.
Talk from the API Management Meeting, San Francisco, 9/11/2013. Covering how APIs change the way be build applications. Also covers why the API Economy will be a complex distributed system.
ADV Slides: Trends in Streaming Analytics and Message-oriented MiddlewareDATAVERSITY
Streaming and real-time data has high business value, but that value can rapidly decay if not processed quickly. If the value of the data is not realized in a certain window of time, its value is lost and the decision or action that was needed as a result never occurs. Streaming data – whether from sensors, devices, applications, or events – needs special attention because a sudden price change, a critical threshold met, a sensor reading changing rapidly, or a blip in a log file can all be of immense value, but only if the alert is in time.
Authentication technologies have come a long way from IP recognition and EZ Proxy but most services have not addressed the poor user experience associated with off-campus access, particularly on mobile and tablet devices. In 2017 the conversation around streamlining remote access has moved on from talk to real solutions.
In this webinar Josh Howlett of Jisc will update us on the RA21 initiative, while Phil Leahy will explore why organisations are moving to managed identity management solutions and how OpenAthens has responded to publisher feedback with its new OpenAthens Cloud product.
This talk was provided by Phil Leahy of OpenAthens during the NISO Live Connections event, Digital Libraries: Authentication, Access & Security of Information Resources, held on May 22-23, 2018 in Baltimore, MD.
How to Manage APIs in your Enterprise for Maximum Reusability and GovernanceHARMAN Services
Trying to form an API/service strategy to keep pace with the IoT revolution? Know how you can address issues and challenges your enterprise might face while implementing it and know how you can address the same.
This webinar will also explains how WSO2 API Manager and WSO2 Governance Registry have helped enterprises overcome the following challenges:
1. How the number of services and their users affect service discoverability, catalog, and re-usability.
2. Mistrust among producers and consumers
3. Reliability, stability, and availability of services
4. How externally built common and reusable services meet requirements (anti-patterns - NIH)
Similar to Phase two of OpenAthens SP evolution including OpenID connect option (20)
Tim Lull, Vice President of Sales and Gar Sydnor, Vice President of Discovery Innovation, showcases EBSCO and how this product benefits the identity and access management community.
Neil Scully, Head of Development and Service Delivery, shares the AGILE SCRUM and SPRINT process used in our product development methodology and the benefits this brings.
Tracy Gardner from Simon Inger Consulting presents the results of their 12 month research project, which included a survey of how over 40,000 readers discover scholarly content. The findings are pertinent to publishers and information professionals alike across sectors.
Jon Bentley, Commercial Director, shares the vision for our products, explains our brand evolution and presents key milestones in the development of our identity and access management (IAM) solutions. He also highlights the range of applications that work with OpenAthens.
Mike Brooksbank, Executive Director of OpenAthens, runs through the schedule of the day, plus an overview of OpenAthens and Eduserv, our last FY year and the year ahead.
Eduserv's Marketing Manager, Alex Bacon, presented at the B2B Network about his experience of content marketing and how to deliver valuable and engaging content to your audiences whilst generating leads at the same time.
This presentation by Jonathan Watkins of Maplesoft and the University of Birmingham was given to the Eduserv Maths and Stats Software Focus Group in June 2016. Möbius is a comprehensive online courseware environment that focuses on science, technology, engineering, and mathematics (STEM). students can explore important concepts using engaging, interactive applications, visualize problems and solutions, and test their understanding by answering questions that are graded instantly.
This presentation was given to the Eduserv Maths and Stats Software Focus Group in June 2016. It focuses on updates to NVivo 11 for Windows and Mac, the new QSR Certification Programme and how QSR and the academic community might work more closely together.
Nick Wallace, Government Analyst, Public Sector Ovum
Momentum for the adoption of cloud services continues to grow in the public sector as services mature and agencies experience in buying and using cloud services grows. As agencies steadily incorporate various cloud components into their environment, it is clear that public sector organisations are starting to realise the benefits of cloud. In fact if one where creating a “greenfield” service, “in the cloud” would be the default approach. However the reality is that most institutions are not in this position. Most have to manage a legacy environment that comprises aging technology, duplicate, inefficient and inconsistent business processes. Developing and implementing a staged migration to cloud will be pivotal when determining whether the “as-a-service” promise facilitates innovation or undermines organisational integrity
Planning your cloud strategy: Adur and Worthing CouncilsEduserv
Paul Brewer, Director for Digital & Resources at Adur & Worthing Council.
How do you assess your organisations readiness to move to the cloud and adopt new platforms drive business change? Paul Brewer from Adur and Worthing Councils will be sharing how they evaluated whether cloud was right for them, the talk will cover how they evaluated the benefits, costs and risks of moving to the cloud, and how they used this assessment to support and build their cloud strategy.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Metaverse and AI: how can decision-makers harness the Metaverse for their...Jen Stirrup
The Metaverse is popularized in science fiction, and now it is becoming closer to being a part of our daily lives through the use of social media and shopping companies. How can businesses survive in a world where Artificial Intelligence is becoming the present as well as the future of technology, and how does the Metaverse fit into business strategy when futurist ideas are developing into reality at accelerated rates? How do we do this when our data isn't up to scratch? How can we move towards success with our data so we are set up for the Metaverse when it arrives?
How can you help your company evolve, adapt, and succeed using Artificial Intelligence and the Metaverse to stay ahead of the competition? What are the potential issues, complications, and benefits that these technologies could bring to us and our organizations? In this session, Jen Stirrup will explain how to start thinking about these technologies as an organisation.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
2. OpenAthens Service Provider as a service
• Phil Leahy (OpenAthens Service Relationship Manager)
• David Orrell (OpenAthens System Architect)
3. OpenAthens for corporate customers
• Our roots are in UK academia and healthcare, plus…
• Ministry of Defence
• House of Commons Library
• Healthcare organisations in the US, Spain & Australia
• US Department of Defense
4. Publisher 1
Publisher 2
Publisher 3
Publisher 4
Banking/finance
company
Legal practice
Pharmaceutical
company
Petrochemical
company
Corporate/publisher relationships
150 other
publishers
Other research activity
SAML connection
5. Other access tools persist
• IP authentication
• Publisher-issued credentials
• Pre-loading data
• Domain-matching
• …but none of them tell you anything about your users
6. Local authentication tools in OpenAthens
• Shibboleth/SAML
• ADFS
• LDAP
• SirsiDynix
• PING Federate
• other SAML systems
• All of these can use attribute release in OpenAthens
8. Resource Access for the 21st century (RA21)
• Joint initiative between NISO and STM Association
• Announced at Frankfurt Book Fair
• Meetings in London in December
• OpenAthens is part of the conversation
9. 1. Authentication: Providing the best possible end-user
experience
2. Single Sign-On: Enabling simple SSO within publishing
platforms
3. Establishing standards: Driving common standards for
interoperability
4. Facilitating discussions: Providing forums for discussion
5. Embracing change: Understanding that change is constant
12. • State of Identity Management and Federated Identity in
2016
• Our plans for OpenAthens SP
13. Federated identity management
• Adoption continues to grow
“Through 2016, Federated Single Sign-On Will Be the Predominant SSO
Technology, Needed by 80 Percent of Enterprises” – Gartner
• New generation of standards are here
• OAuth/OpenID Connect
• ...and emerging
• UMA (user-managed access)
14. How well does SAML fit today?
• Mature standard, widely adopted
• Many moving parts
• metadata ~10s of megabytes
• possibly addressed by MDQ protocol?
• ...but SAML is widely deployed by organisations
• Developers at ease working with JSON, REST APIs
• consume and integrate cloud services
• loosely-coupled and ‘version-less’
• micro-services vs monolithic
15. How well does OpenAthens SP fit today?
• Server modules have limited integration options
• servlet-filter, Apache module etc.
• difficult to test
• may not align well with modern architectures
• Limited APIs
16. Customer feedback
• Not familiar with concepts of federated identity
• Installation and configuration steps unclear
• Changes take too long to take effect
• or require contact with Service Desk
• Locally installed software required
• prefer to use an API
• Integrating with multiple applications is complex
• duplication of configuration and registration
• End-user experience inconsistent and confusing
Phase 1
Phase 2
17. SAML connector
Future OpenAthens SP
Identity
provider
Service Provider
Identity
provider
Identity
provider
App1 App2 App3
SAML
OAuth/OpenID Connect
REST
Multiple applications can
share the same connector
SAML connector available
as a service
DashboardOpenAthens
18. OpenID Connect
• Identity layer on top of OAuth 2.0
• Industry-wide adoption
• Developer friendly
• Wide variety of clients including JavaScript and mobile
• Supports range of deployment scenarios
19. • Dashboard provides
• Configuration
• Access to logs
• Analytics
• Add additional applications without having to register
multiple SAML entities
OpenAthens SP Cloud
20. Federated login: UX issues!
• One of the most common user complaints!
• Users presented with too many options
• “OpenAthens login”
• “Shibboleth login”
• “Institutional login”
• “Choose you federation”
• Drop-down lists of organisations
• Search for organisation
• …
• Users often don’t even understand the question!
21. Current options for discovery
• By-pass completely (WAYFless URL, OA redirector)
• Use a federation discovery service
• Does not work across multiple federations
• Does user know their federation?
• Build your own using OpenAthens SP API
• Build your own using your own data
22. Federated discovery as a service?
• A more opinionated approach to discovery UX
• Consistent but brand-able via dashboard
• Will work out-of-the-box
• Delivered via:
• Standalone hosted service
• Embeddable JavaScript widget
• REST APIs still available to build your own
• Independent of a given federation but will support any
Afternoon slot
Welcome to the second publisher breakout session. You already know who David and I are, and in this session we’re going to be talking about Phase II of the OpenAthens Cloud Service Provider project, and also about how OpenAthens is being used as an identity provider service in the corporate sector.
Firstly, here’s David to talk about what we’re going to be doing in Phase II.
I’m going to talk now about how OpenAthens is already being used in the corporate sector, and how we believe publishers can benefit from enabling access to its content via the same routes as those traditionally used by the academic, research and healthcare sectors.
And that is where OpenAthens is recognised as having its roots. We started by providing single sign-on services initially for the UK academic sector, followed closely by the UK National Health Service, but our customer base has been wider than that for some time now.
Fast-forwarding around fifteen years presents a more complex picture: publishers and subscribing organisations alike are coming to realise the OpenAthens Federation is the only scalable SAML/Shibboleth option available to non-academic organisations. Every other access management federation has ring-fenced its membership to the academic and research communities because of the way in which they’re funded, but we’re increasingly seeing questions from publishers on whether they can use the access routes originally provided for academic and research organisations for any customer type.
And the reason we’re seeing these questions is because the way in which many corporate organisations want to connect to a publisher’s platform isn’t necessarily the most efficient or secure.
So here’s an illustration of what typically happens. SAML has made connecting with customers much easier. [CLICK] Get their Identity Provider certificate or metadata or both, and integrate them into your access management system. Perhaps you’ll need to supply the customer with login and logout URLs. You might require them to pass you their users’ email, firstname, and lastname. If you’re lucky, you can get them to adhere to specific attribute namespaces too. All of that is development work.
Then you’re asked do that for the next customer [CLICK], and the next and the next and the next and the next, until you’ve ended up with a series of expensive, parallel, single-use connections, each with their own dependencies.
And those customers are asking their other suppliers for exactly the same thing [CLICK].
But SAML is not plug’n’play technology, and each of those connections will need testing. And won’t be your customer services team doing that work – it’s probably your development team. That makes it an expensive task. And in all likelihood, it’s a developer involved at the customer end too, so it’s not a cheap solution for anyone.
A number of other methods are still around, none of them particularly responsive or secure, and with little or no information about who is looking at your content. For example, it could be a finance director, or clinical services director, who’s looking at your content a few times a year but you’ve got no way of knowing that using any of these methods.
[list each method’s drawback]
Shibboleth was supposed to replace some or all of these access methods, at least in those traditional STM sectors, and in Europe that has been pretty successful. But there are no technical reasons preventing other organisation types from using the same access methods.
During his talk this morning, David talked about attribute exchange. The OpenAthens Federation allows service providers to go to their corporate customers and say “send me some data about your users and we can make it a richer experience for them.” Attribute release has never been easier to manage for subscribing organisations, and OpenAthens provides the tools for them to do this quickly and easily.
David mentioned these connection methods this morning as those we’re currently supporting in OpenAthens, and each of them offers publishers the same advantages of efficiency and security as they already have for the academic, research and healthcare sectors. Corporate customers can join these sectors in using these technologies to hook into their organisation’s directory services, allowing publishers to leverage the daily identity management tasks that take place in every organisation. When someone joins an organisation as a new employee, they’re given a record in (say) their Active Directory. Their login will give them access to specific network drives, to the printers, and perhaps to specific offices or buildings in some cases. All this will be because of certain properties given to their directory record.
At the same time, if that company is one of your customers and they’re logging in via the OpenAthens Federation, they will have automatic access to their subscriptions without requiring any other tasks to be completed, and without needing a separate username and password whether that’s for their company VPN or a publisher’s login credentials.
I just mentioned that we’d made it easier for customers to release additional data about their users. That could be forename, surname and email address so that first-time users aren’t required to complete a registration form, or it could be something more interesting like a job role or department, to help you identify the content that finance director is viewing. More than that, perhaps you want to authorise access to premium or sensitive data to specific job roles or individuals.
The tools to experiment with attribute release are in your grasp. The same OpenAthens credentials you use to login and configure our software can be used to access our user management dashboard and configure both standard and custom data attributes for release, and here is Adam Snook of our presales team is here to show you how.
---
We’re now beginning to see a much more positive attitude to attribute release, as the people involved in making these decisions are much more comfortable with the data protection issues involved. It is possible to release specific attributes to specific publishers, so it’s not a case of opening the floodgates and letting every publisher get access to every piece of account data. Subscribing organisations realise they retain complete control over attribute release.
I want to briefly refer to a new initiative which has only just been announced, and which plays directly into this topic.
RA21 is a joint initiative between the National Information Standards Organization and STM Association who are essentially asking the question: can we all do better at access management?
some commercial organisations are happy to use the federated access management ecosystem pioneered by the academic access management federations
Some corporates want a better degree of frictionless content, but with the granularity of federated access management
RA21 will coordinate a study to identify the best options and work with pilot sites
OpenAthens is committed to participating in this project and to promoting the best practice and any new standards which emerge as a result.
We’re also committed to making these standards available via a common interface. We work hard to ensure publishers don’t need to know which identity provider products our mutual customers are using in the OpenAthens Federation, and we’ll be taking the same approach with the outputs from this initiative. We want to make any standards which arise as transparent to service providers as possible.
Which brings us back to the OpenAthens Publisher Manifesto. RA21 has clearly come about because NISO and the STM Association have been hearing similar things to us. While Shibboleth and SAML have enabled the adoption of common standards and removed some barriers to access, people are now asking if it’s enough?
I’ve already referred to how Shibboleth has promoted the adoption of access management standards in Europe, but it’s a different story in the US where it hasn’t gained the same level of traction. The Coalition for Networked Information (CNI) reported earlier this year that although most US institutions are members of In Common, the US access management federation, they’re not using it as an access route for subscription content. So it is obviously not seen as a good option there.
David has also talked today about our plans for ‘federated discovery as a service’ (FedDaaS), which will be another way of shaving a few rough edges from the user journey. It will contribute to the very first item on this list, just as the RA21 project is intended to do, and we’ll be telling you more about this project as it emerges.
Thanks for your time, and it’s time for your questions.