Prabath Siriwardena is the Director of Security Architecture at WSO2 and an Apache Axis2 PMC member. He maintains a blog on security and identity and has authored several books. The document then outlines the evolution of key identity standards and providers from Yahoo and Hotmail in the 1990s to the development of SAML, OpenID, OAuth and their adoption by major tech companies from the mid-2000s to the present.
The document discusses various patterns for securing APIs in different enterprise scenarios. It outlines 12 different problem statements involving securing APIs that can only be accessed by employees via web/mobile applications, ensuring authentication and authorization, and integrating with identity providers while supporting single sign-on. The patterns cover securing APIs within and across departments, supporting third-party partners, non-repudiation of API calls, and securing APIs without changing the APIs or clients.
This document discusses best practices for building an API security ecosystem, including using a gateway pattern to decouple clients from APIs, various methods for direct authentication of internal users like HTTP basic authentication and OAuth, auditing and monitoring APIs, and externalizing authorization using standards like XACML. It also covers cross-domain access, distributed authorization with resource servers, and user-managed access models.
This document discusses securing systems from security threats. It covers topics like perception of security, the CIA triad of confidentiality, integrity and availability. Examples of attacks are given like RSA in 2011, Adobe in 2013, and Target in 2013. The document discusses defense in depth using the LA airport as an example. Insider threats such as WikiLeaks and NSA are mentioned. Software security focuses on secure coding practices. Other security topics covered include operating system security, firewalls, intrusion detection systems, and the Heartbleed vulnerability.
This document discusses next generation applications with Internet of Things (IoT) and cloud technologies. It notes that the number of devices connected to the internet exceeded the world's population in 2008 and will reach 50 billion devices connected by 2020. These devices will generate zetabytes of data. IoT applications are built on tiers including devices, integration, analytics and presentation layers facilitated through APIs. The document outlines WSO2's reference architecture for IoT and application development, as well as an app store and publisher components for a connected enterprise.
The document outlines the evolution of internet identity from 1997 to the present, listing key events, technologies, and standards. It starts with early services like Hotmail and Yahoo in 1997 and continues through the development of platforms and standards like OpenID, OAuth, SAML, and newer initiatives for decentralized identity. The timeline shows the ongoing progression of identity management online from the first webmail services to current innovations in user-centric identity and authentication.
Connected business is a very dynamic and complex environment. Your desire is to reach out to your customers, partners, distributors and suppliers and create more and more business interactions and activities, that will generate more revenue. The goal here is not just integrate technological silos, in your enterprise – but also make your business more accessible and reactive. The ability to propagate identities across borders in a protocol-agnostic manner is a core ingredient in producing a connected business environment.
SAML, OpenID, OpenID Connect, WS-Federation all support identity federation – cross domain authentication. But, can we always expect all the parties in a connected environment to support SAML, OpenID or OpenID Connect ? Most of the federation systems we see today are in silos. It can be a silo of SAML federation, a silo of OpenID Connect federation or a silo of OpenID federation.
Even in a given federation silo how do you scale with increasing number of service providers and identity providers? Each service provider has to trust each identity provider and this leads into the Spaghetti Identity anti-pattern.
Federation Silos and Spaghetti Identity are two anti-patterns that needs to be addressed in a connected environment.
This talk will present benefits, risks and challenges in a connected identity environment
Prabath Siriwardena is an expert in identity management who has authored books and articles on the topic. This document discusses key concepts in identity management including identity landscapes, federation, provisioning, access control, and governance. It also provides an overview of the speaker and describes various identity management demonstrations that will be shown, such as single sign-on, provisioning, access control, and securing APIs with OAuth.
Prabath Siriwardena is the Director of Security Architecture at WSO2 and an Apache Axis2 PMC member. He maintains a blog on security and identity and has authored several books. The document then outlines the evolution of key identity standards and providers from Yahoo and Hotmail in the 1990s to the development of SAML, OpenID, OAuth and their adoption by major tech companies from the mid-2000s to the present.
The document discusses various patterns for securing APIs in different enterprise scenarios. It outlines 12 different problem statements involving securing APIs that can only be accessed by employees via web/mobile applications, ensuring authentication and authorization, and integrating with identity providers while supporting single sign-on. The patterns cover securing APIs within and across departments, supporting third-party partners, non-repudiation of API calls, and securing APIs without changing the APIs or clients.
This document discusses best practices for building an API security ecosystem, including using a gateway pattern to decouple clients from APIs, various methods for direct authentication of internal users like HTTP basic authentication and OAuth, auditing and monitoring APIs, and externalizing authorization using standards like XACML. It also covers cross-domain access, distributed authorization with resource servers, and user-managed access models.
This document discusses securing systems from security threats. It covers topics like perception of security, the CIA triad of confidentiality, integrity and availability. Examples of attacks are given like RSA in 2011, Adobe in 2013, and Target in 2013. The document discusses defense in depth using the LA airport as an example. Insider threats such as WikiLeaks and NSA are mentioned. Software security focuses on secure coding practices. Other security topics covered include operating system security, firewalls, intrusion detection systems, and the Heartbleed vulnerability.
This document discusses next generation applications with Internet of Things (IoT) and cloud technologies. It notes that the number of devices connected to the internet exceeded the world's population in 2008 and will reach 50 billion devices connected by 2020. These devices will generate zetabytes of data. IoT applications are built on tiers including devices, integration, analytics and presentation layers facilitated through APIs. The document outlines WSO2's reference architecture for IoT and application development, as well as an app store and publisher components for a connected enterprise.
The document outlines the evolution of internet identity from 1997 to the present, listing key events, technologies, and standards. It starts with early services like Hotmail and Yahoo in 1997 and continues through the development of platforms and standards like OpenID, OAuth, SAML, and newer initiatives for decentralized identity. The timeline shows the ongoing progression of identity management online from the first webmail services to current innovations in user-centric identity and authentication.
Connected business is a very dynamic and complex environment. Your desire is to reach out to your customers, partners, distributors and suppliers and create more and more business interactions and activities, that will generate more revenue. The goal here is not just integrate technological silos, in your enterprise – but also make your business more accessible and reactive. The ability to propagate identities across borders in a protocol-agnostic manner is a core ingredient in producing a connected business environment.
SAML, OpenID, OpenID Connect, WS-Federation all support identity federation – cross domain authentication. But, can we always expect all the parties in a connected environment to support SAML, OpenID or OpenID Connect ? Most of the federation systems we see today are in silos. It can be a silo of SAML federation, a silo of OpenID Connect federation or a silo of OpenID federation.
Even in a given federation silo how do you scale with increasing number of service providers and identity providers? Each service provider has to trust each identity provider and this leads into the Spaghetti Identity anti-pattern.
Federation Silos and Spaghetti Identity are two anti-patterns that needs to be addressed in a connected environment.
This talk will present benefits, risks and challenges in a connected identity environment
Prabath Siriwardena is an expert in identity management who has authored books and articles on the topic. This document discusses key concepts in identity management including identity landscapes, federation, provisioning, access control, and governance. It also provides an overview of the speaker and describes various identity management demonstrations that will be shown, such as single sign-on, provisioning, access control, and securing APIs with OAuth.
This document summarizes the key features of an open source identity and entitlement management server. It provides authentication using LDAP, AD, JDBC and single sign-on using SAML2, Kerberos, WS-Fed and passive protocols. It also supports provisioning using SCIM and SPML and role based access control using XACML policies. The server allows for federation between identity providers and service providers.
The document discusses the role of an identity broker and its key functions. An identity broker acts as a centralized hub that can connect to multiple identity providers and service providers in a protocol-agnostic manner. It allows for identity federation across different protocols and systems. The broker supports important identity management capabilities like claim transformation, home realm discovery, multi-factor authentication, adaptive authentication, identity mapping, attribute aggregation, and just-in-time provisioning in a centralized manner. Fifteen fundamentals of the identity broker pattern are described. The document also discusses the concept of an identity mediation language and seven fundamentals of future identity and access management.
Enterprise API adoption has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed.
This session focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question - and you need to deal with it quite carefully to identify and isolate the tradeoffs. Security is not an afterthought. It has to be an integral part of any development project - so as for APIs. API security has evolved a lot in last five years. This talk covers best practices in building an API Security Ecosystem with OAuth 2.0, UMA, SCIM, XACML and LDAP.
The document discusses API security patterns and practices. It covers topics like API gateways, authentication methods like basic authentication and OAuth 2.0, authorization with XACML policies, and securing APIs through measures like TLS, JWTs, and throttling to ensure authentication, authorization, confidentiality, integrity, non-repudiation, and availability. Key points covered include the gateway pattern, direct vs brokered authentication, JSON web tokens for self-contained access tokens, and combining OAuth and XACML for fine-grained access control.
The document discusses XML signatures, which provide integrity and non-repudiation for XML documents. It describes the components of an XML signature such as SignedInfo, SignatureValue and KeyInfo. It explains different types of XML signatures like enveloping, enveloped and detached signatures. It provides examples of XML signatures and answers questions about canonicalization, transforms, references and other concepts related to XML signatures.
This document provides API security best practices and guidelines. It discusses defining APIs and who may access them, such as employees, partners, customers or the general public. Authentication can be direct, using credentials, or brokered, using a third party. Best practices include using TLS, strong credentials, short-lived tokens, and throttling access. The guidelines aim to prevent attacks like CSRF, authorization code interception, and brute force attacks through measures like state parameters, PKCE, and long random tokens.
This document discusses securing single-page applications (SPAs) with OAuth 2.0. It describes how SPAs work by loading a single HTML page and dynamically updating content without page reloads. It outlines two issues with using OAuth in SPAs: client authentication and exposing access tokens to users. It proposes using the implicit grant type to address these by enabling single sign-on without exposing credentials to the SPA. It also describes using an OAuth proxy to further improve security by encrypting tokens in cookies and routing all API calls through the proxy.
WSO2 produces open source identity and access management software. Through Google Summer of Code, WSO2 has mentored 11 projects implementing key identity standards like UMA, SAML, and OAuth. These standards, developed by organizations like OASIS and IETF, provide frameworks for identity federation, SSO, provisioning, and access control. Formats include SAML for SSO, SCIM for provisioning using REST, and XACML for fine-grained authorization control. WSO2 contributes implementations of these standards to help users manage identity and access securely across domains.
The document discusses XML Encryption, which is a W3C standard for encrypting XML documents and data. It can encrypt entire documents, parts of documents, or external objects. XML Encryption uses symmetric or asymmetric encryption and supports algorithms like AES and Triple DES. It provides elements for specifying the encryption method, key information, and encrypted data or references to encrypted resources. The key information does not directly include the encryption key but provides ways to locate it through names, encryption, or key agreement protocols.
The document discusses Java security and how to configure a security manager and policy in Java. It explains that a security manager creates a sandbox for Java applications and uses a security policy to define permissions. The policy grants or denies permissions to code based on code location, trust via signing, and the user running the code. It provides examples of policy syntax and common permissions.
The document describes precision operational amplifiers, the LT1013 dual op amp and LT1014 quad op amp. Key specifications of the devices include low offset voltage (50uV for LT1014), low drift (0.3uV/°C), high gain (8 million), and ability to operate on a single 5V supply. The LT1013 and LT1014 offer improved performance over previous industry standard op amps in the same package sizes. Typical applications include instrumentation, signal conditioning circuits, and active filters.
La Unión Europea ha acordado un paquete de sanciones contra Rusia por su invasión de Ucrania. Las sanciones incluyen restricciones a las importaciones de productos rusos clave como el acero y la madera, así como medidas contra bancos y funcionarios rusos. Los líderes de la UE esperan que las sanciones aumenten la presión económica sobre Rusia y la disuadan de continuar su agresión contra Ucrania.
The budget simulation assignment recommends purchasing a portable interactive whiteboard system, wireless student response system, and document camera to improve writing skills and engagement at Sims Elementary School. The school's writing scores were below district averages. The recommended technologies would allow interactive lessons, student polling and feedback, and visual presentations to better engage students and support the school's focus on improving writing. The summary includes specifications and pricing for the recommended Mimio portable whiteboard system and Qomo student response system from various vendors.
Create - Day 2 - 11:15 - "Six Secrets to Overcoming Social Marketing Hurdles"PerformanceIN
Despite the fact that customers expect to engage with their brands on social media, most firms continue to see their social budgets fall low on the marketing priority list.
Whether through a lack of hard ROI or meaningful metrics, social teams struggle to acquire the funding and support to make a real difference.
Veteran social media marketer Eric Weaver will share six secrets from major global brands on how to garner financial support, create meaningful impact and engage distracted fans.
Expect to walk away with new methods of measuring social media ROI, successfully requesting more funding and approaches to paid advertising, content and engagement to produce tangible business results.
Concern India Foundation is a nonprofit established in 1991 that supports grassroots organizations working in education, health, and community development. It began by supporting 2 organizations helping 1,000 people, and in 2011-12 supported 250 organizations benefiting 250,000 people across several Indian cities. The foundation monitors grantee organizations closely to ensure efficient use of funds. It has transformed the lives of over 250,000 disadvantaged individuals through various social programs.
Langkah-langkah penelitian sejarah terdiri dari 5 tahapan yaitu penentuan topik, pengumpulan sumber (heuristik), verifikasi sumber, interpretasi, dan penulisan hasil penelitian (historiografi).
Patterns in Test Automation: Issues and SolutionsTechWell
Testers often encounter problems when automating test execution. The surprising thing is that many testers encounter the very same problems, over and over again. These problems often have known solutions, yet many testers are not aware of them. Recognizing the commonality
Innovation Thinking: Evolve and Expand Your CapabilitiesTechWell
Innovation is a word tossed around frequently in organizations today. The standard clichés are Do more with less and Be creative. Companies want to be innovative but often struggle with how to define, implement, prioritize, and track their innovation efforts. Using the Innovation to Types model, Jennifer Bonine will help you transform your thinking regarding innovation and understand if your team and company goals match their innovation efforts. Learn how to classify your activities as "core" (to the business) or "context" (essential, but non-revenue generating). Once you understand how your innovation activities are related to revenue generating activities, you can better decide how much of your effort should be spent on core or context activities. Take away tools including an Innovation to Types model for classifying innovation, a Core and Context model to classify your activities, and a way to map your innovation initiatives to different contexts.
Innovation Thinking: Evolve and Expand Your CapabilitiesTechWell
Innovation is a word frequently tossed around in organizations today. The standard clichés are do more with less and be creative. Companies want to be innovative but often struggle with how to define, implement, prioritize, and track their innovation efforts. Using the Innovation to Types model, Jennifer Bonine will help you transform your thinking regarding innovation and understand if your team and company goals match their innovation efforts. Learn how to classify your activities as "core" (to the business) or "context" (essential, but non-revenue generating). Once you understand how your innovation activities are related to revenue generating activities, you can better decide how much of your effort should be spent on core or context activities. Take away tools including an Innovation to Types model for classifying innovation, a Core and Context model to classify your activities, and a way to map your innovation initiatives to different contexts.
This document summarizes the key features of an open source identity and entitlement management server. It provides authentication using LDAP, AD, JDBC and single sign-on using SAML2, Kerberos, WS-Fed and passive protocols. It also supports provisioning using SCIM and SPML and role based access control using XACML policies. The server allows for federation between identity providers and service providers.
The document discusses the role of an identity broker and its key functions. An identity broker acts as a centralized hub that can connect to multiple identity providers and service providers in a protocol-agnostic manner. It allows for identity federation across different protocols and systems. The broker supports important identity management capabilities like claim transformation, home realm discovery, multi-factor authentication, adaptive authentication, identity mapping, attribute aggregation, and just-in-time provisioning in a centralized manner. Fifteen fundamentals of the identity broker pattern are described. The document also discusses the concept of an identity mediation language and seven fundamentals of future identity and access management.
Enterprise API adoption has gone beyond predictions. It has become the 'coolest' way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed.
This session focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question - and you need to deal with it quite carefully to identify and isolate the tradeoffs. Security is not an afterthought. It has to be an integral part of any development project - so as for APIs. API security has evolved a lot in last five years. This talk covers best practices in building an API Security Ecosystem with OAuth 2.0, UMA, SCIM, XACML and LDAP.
The document discusses API security patterns and practices. It covers topics like API gateways, authentication methods like basic authentication and OAuth 2.0, authorization with XACML policies, and securing APIs through measures like TLS, JWTs, and throttling to ensure authentication, authorization, confidentiality, integrity, non-repudiation, and availability. Key points covered include the gateway pattern, direct vs brokered authentication, JSON web tokens for self-contained access tokens, and combining OAuth and XACML for fine-grained access control.
The document discusses XML signatures, which provide integrity and non-repudiation for XML documents. It describes the components of an XML signature such as SignedInfo, SignatureValue and KeyInfo. It explains different types of XML signatures like enveloping, enveloped and detached signatures. It provides examples of XML signatures and answers questions about canonicalization, transforms, references and other concepts related to XML signatures.
This document provides API security best practices and guidelines. It discusses defining APIs and who may access them, such as employees, partners, customers or the general public. Authentication can be direct, using credentials, or brokered, using a third party. Best practices include using TLS, strong credentials, short-lived tokens, and throttling access. The guidelines aim to prevent attacks like CSRF, authorization code interception, and brute force attacks through measures like state parameters, PKCE, and long random tokens.
This document discusses securing single-page applications (SPAs) with OAuth 2.0. It describes how SPAs work by loading a single HTML page and dynamically updating content without page reloads. It outlines two issues with using OAuth in SPAs: client authentication and exposing access tokens to users. It proposes using the implicit grant type to address these by enabling single sign-on without exposing credentials to the SPA. It also describes using an OAuth proxy to further improve security by encrypting tokens in cookies and routing all API calls through the proxy.
WSO2 produces open source identity and access management software. Through Google Summer of Code, WSO2 has mentored 11 projects implementing key identity standards like UMA, SAML, and OAuth. These standards, developed by organizations like OASIS and IETF, provide frameworks for identity federation, SSO, provisioning, and access control. Formats include SAML for SSO, SCIM for provisioning using REST, and XACML for fine-grained authorization control. WSO2 contributes implementations of these standards to help users manage identity and access securely across domains.
The document discusses XML Encryption, which is a W3C standard for encrypting XML documents and data. It can encrypt entire documents, parts of documents, or external objects. XML Encryption uses symmetric or asymmetric encryption and supports algorithms like AES and Triple DES. It provides elements for specifying the encryption method, key information, and encrypted data or references to encrypted resources. The key information does not directly include the encryption key but provides ways to locate it through names, encryption, or key agreement protocols.
The document discusses Java security and how to configure a security manager and policy in Java. It explains that a security manager creates a sandbox for Java applications and uses a security policy to define permissions. The policy grants or denies permissions to code based on code location, trust via signing, and the user running the code. It provides examples of policy syntax and common permissions.
The document describes precision operational amplifiers, the LT1013 dual op amp and LT1014 quad op amp. Key specifications of the devices include low offset voltage (50uV for LT1014), low drift (0.3uV/°C), high gain (8 million), and ability to operate on a single 5V supply. The LT1013 and LT1014 offer improved performance over previous industry standard op amps in the same package sizes. Typical applications include instrumentation, signal conditioning circuits, and active filters.
La Unión Europea ha acordado un paquete de sanciones contra Rusia por su invasión de Ucrania. Las sanciones incluyen restricciones a las importaciones de productos rusos clave como el acero y la madera, así como medidas contra bancos y funcionarios rusos. Los líderes de la UE esperan que las sanciones aumenten la presión económica sobre Rusia y la disuadan de continuar su agresión contra Ucrania.
The budget simulation assignment recommends purchasing a portable interactive whiteboard system, wireless student response system, and document camera to improve writing skills and engagement at Sims Elementary School. The school's writing scores were below district averages. The recommended technologies would allow interactive lessons, student polling and feedback, and visual presentations to better engage students and support the school's focus on improving writing. The summary includes specifications and pricing for the recommended Mimio portable whiteboard system and Qomo student response system from various vendors.
Create - Day 2 - 11:15 - "Six Secrets to Overcoming Social Marketing Hurdles"PerformanceIN
Despite the fact that customers expect to engage with their brands on social media, most firms continue to see their social budgets fall low on the marketing priority list.
Whether through a lack of hard ROI or meaningful metrics, social teams struggle to acquire the funding and support to make a real difference.
Veteran social media marketer Eric Weaver will share six secrets from major global brands on how to garner financial support, create meaningful impact and engage distracted fans.
Expect to walk away with new methods of measuring social media ROI, successfully requesting more funding and approaches to paid advertising, content and engagement to produce tangible business results.
Concern India Foundation is a nonprofit established in 1991 that supports grassroots organizations working in education, health, and community development. It began by supporting 2 organizations helping 1,000 people, and in 2011-12 supported 250 organizations benefiting 250,000 people across several Indian cities. The foundation monitors grantee organizations closely to ensure efficient use of funds. It has transformed the lives of over 250,000 disadvantaged individuals through various social programs.
Langkah-langkah penelitian sejarah terdiri dari 5 tahapan yaitu penentuan topik, pengumpulan sumber (heuristik), verifikasi sumber, interpretasi, dan penulisan hasil penelitian (historiografi).
Patterns in Test Automation: Issues and SolutionsTechWell
Testers often encounter problems when automating test execution. The surprising thing is that many testers encounter the very same problems, over and over again. These problems often have known solutions, yet many testers are not aware of them. Recognizing the commonality
Innovation Thinking: Evolve and Expand Your CapabilitiesTechWell
Innovation is a word tossed around frequently in organizations today. The standard clichés are Do more with less and Be creative. Companies want to be innovative but often struggle with how to define, implement, prioritize, and track their innovation efforts. Using the Innovation to Types model, Jennifer Bonine will help you transform your thinking regarding innovation and understand if your team and company goals match their innovation efforts. Learn how to classify your activities as "core" (to the business) or "context" (essential, but non-revenue generating). Once you understand how your innovation activities are related to revenue generating activities, you can better decide how much of your effort should be spent on core or context activities. Take away tools including an Innovation to Types model for classifying innovation, a Core and Context model to classify your activities, and a way to map your innovation initiatives to different contexts.
Innovation Thinking: Evolve and Expand Your CapabilitiesTechWell
Innovation is a word frequently tossed around in organizations today. The standard clichés are do more with less and be creative. Companies want to be innovative but often struggle with how to define, implement, prioritize, and track their innovation efforts. Using the Innovation to Types model, Jennifer Bonine will help you transform your thinking regarding innovation and understand if your team and company goals match their innovation efforts. Learn how to classify your activities as "core" (to the business) or "context" (essential, but non-revenue generating). Once you understand how your innovation activities are related to revenue generating activities, you can better decide how much of your effort should be spent on core or context activities. Take away tools including an Innovation to Types model for classifying innovation, a Core and Context model to classify your activities, and a way to map your innovation initiatives to different contexts.
The document discusses strategic decision making and the collaborative design process. It notes that strategic decisions usually involve conversations among experts, decision makers, and stakeholders. Good strategic decision making requires knowledge of framing issues, tools, and mutual learning. Framing questions properly is important to avoid making decisions based on the wrong assumptions.
The document outlines tips for transforming online delivery of webinars. It discusses how to engage participants through polling, chat functions, videos and using the host/producer to handle technology issues. Specific tools in Adobe Connect like annotation, emoticons and role plays are presented as ways to keep learners engaged. The importance of visual slides, interactivity every 3 minutes and practicing technology are emphasized. Participants are also polled to assess their webinar experience and adult learning principles. The document provides an action plan and offers to help participants improve their virtual facilitation skills.
Kickoff Workshop with Dstillery: The Future of Cross-Channel Marketing - It's...Digiday
The document discusses a study by Digiday on the future of cross-channel marketing. While agencies and brands agree cross-channel is important, they differ on definitions and strategies. Specifically, they have misaligned views on which channels are highest priority. Both agree the biggest obstacle is metrics and data. The document proposes solutions like Facebook Exchange and Twitter Tailored Audiences that use first-party data for targeted, programmatic advertising across channels to help build trust and efficiency.
Have you ever needed a way to measure your leadership IQ? Or been in a performance review where the majority of time was spent discussing your need to improve as a leader? If you have ever wondered what your core leadership competencies are and how to build on and improve them, Jennifer Bonine shares a toolkit to help you do just that. This toolkit includes a personal assessment of your leadership competencies, explores a set of eight dimensions of successful leaders, provides suggestions on how you can improve competencies that are not in your core set of strengths, and describes techniques for leveraging and building on your strengths. These tools can help you become a more effective and valued leader in your organization. Exercises help you gain an understanding of yourself and strive for balanced leadership through recognition of both your strengths and your “development opportunities.”
This document discusses a webinar on adding predictive marketing in 2015. It includes an agenda for the webinar covering topics like conversion rates, the "67% myth" about buyers' journeys, what buyers' journeys really look like, inhabitants of marketing automation platforms, adoption of predictive technologies so far, and keys to predictive success. The document provides background and perspectives on these topics to help marketing organizations better understand buyers and improve lead qualification and sales effectiveness through predictive approaches.
The document discusses managing strategic uncertainty and innovation in business. It recommends that businesses 1) speed through the fragile "first mile" phase of moving from plan to reality by being DEFT (documenting plans, evaluating assumptions, focusing on uncertainties, and testing assumptions) and having HOPE during experimentation, 2) increase organizational curiosity to make strategic experimentation a natural part of the culture, and 3) seek chaos, broaden skills, and diversify networks to adapt to discontinuity and lead in times of change. The document emphasizes managing the unknown, testing assumptions quickly and cheaply, and cultivating a culture that supports failure and learning from failures.
The document describes The PM Success Formula, which provides practical guidance to help project managers successfully deliver projects, accelerate their careers, and increase their earnings. It teaches how to adopt the mindset of top-performing PMs through a seven-day program and focuses on getting work done through others to meet requirements on time and budget and provide a positive customer experience.
Make the Switch to Learner centered ExperiencesAllen Partridge
The document discusses flipped learning and learner-centered teaching. It describes flipped learning basics like definition, theory and research. It discusses flipped classrooms, the role of technology, and extending learning experiences with social learning and video-based learning. It also addresses authentic and active learning, different types of learning, and how technology can enable personalized and location-based learning.
Innovation Thinking: Evolve and Expand Your CapabilitiesTechWell
Innovation is a word tossed around frequently in organizations today. The standard cliché is “Do more with less.” People and teams want to be innovative but often struggle with how to define, prioritize, implement, and track their innovation efforts. Jennifer Bonine shares the "Innovation Types" model to give you new tools to evolve and expand your innovation capabilities. Find out if your innovation ideas and efforts match your team and company goals. Learn how to classify your innovation and improvement efforts as core (to the business) or context (essential but non-revenue generating). WIth this data, you can better decide how much of your effort should being spent on core versus context activities. Take away new tools for classifying innovation and mapping your activities and your team’s priorities to their importance and value. With Jennifer’s guidance you’ll evolve and expand your innovation capabilities on the spot.
CME Group: Social media and the Global Financial Leadership Conference, prese...SocialMedia.org
In his SocialMedia.org Member Meeting case study presentation, CME Group's Director of Corporate Marketing, Evan Peterson, explains how they use social media to amplify their annual Global Financial Leadership Conference.
Evan shares how they utilize video, interviews, photos, blogs, and articles from the event as content for their social media platforms.
Deliver Double the Value in Half the TimeDavid Hawks
This session was presented at the PMI Austin Development Day Conference in Sept 2014. We explore the difference between "Doing Agile" vs. "Being Agile." Establishing a learning culture is critical. Six problems are presented and solutions are shown which lead to the team's ability to deliver double the value in half the time.
The Intersection of Content Marketing and Influencer MarketingSkyword Inc.
What happens when powerful stories are told by talented storytellers? People listen.
We call this Con-fluence - the exciting, new intersection of content marketing and influencer strategy. Learn how some of the savviest brands are working with influential storytellers to become what people love, instead of interrupting what they love on the web.
Gain valuable insight on how to:
Identify subject matter experts in your industry
Make connections with those who have sway among your customer base
Streamline content creation with market influencers
Improve the reach and resonance of your content.
Doug Sikes, Traackr's vice president of sales, and Andrew Wheeler, Skyword's vice president of strategic services, will show you how to marry your content marketing with influencer strategy to help you become a stronger storyteller.
Connecting with What Your Customers Care About -
Technology and our love of mobile devices have fundamentally changed our behavior and expectations of what good events should be. Compared to ten years ago, the world today is a very different place. We all know that, but do you know why? This deck will give you insight into the exciting and dynamic world of technology that is affecting events and venues.
Bring Your Mojo to the Virtual ClassroomCynthia Clay
This 60-minute webinar delivered to the Los Angeles chapter of ASTD describes Mojo Crushers and Mojo Makers. Learn how to design and facilitate engaging, interactive webinars.
The Seven Lenses - a mini masterclass. CRM for charity communicators conferen...CharityComms
Natalie Horne, strategy director, Prime Decision
Visit the CharityComms website to view slides from past events, see what events we have coming up and to check out what else we do. www.charitycomms.org.uk
This document discusses security in microservices architectures. It begins by comparing monolithic and microservices approaches. It then covers edge security using API gateways and OAuth 2.0 authorization. Other topics include service-to-service security using TLS mutual authentication, JSON Web Tokens (JWTs), and SPIFFE/SPIRE for identity management. Patterns like JWTs, nested JWTs, and token exchange are presented for secure communication between services. The document also discusses access control and policy evaluation using approaches like embedded policy decision points and the Open Policy Agent (OPA) framework.
This document discusses Cloud Native Identity Management using SPIFFE (Secure Production Identity Framework for Everyone) and SPIRE (SPIFFE Runtime Environment). It provides an overview of SPIFFE and SPIRE, including how they address identity management challenges in cloud-native environments. It then summarizes how SPIRE implements the SPIFFE specifications through a node attestation and workload attestation process where a SPIRE agent authenticates to a server, retrieves selectors to verify workloads, and issues signed identity documents when a workload matches the selectors.
This document provides guidelines for securing managed APIs. It discusses defining an API's audience and whether they are direct users or relying parties. It also covers bootstrapping trust either directly through user credentials or brokerd through a third party. The document then discusses various OAuth 2.0 grant types and federated access scenarios. It emphasizes using TLS, strong credentials, short-lived tokens, and access control to secure APIs and their communication.
This document discusses trends in identity and access management. It notes that identity standards like OpenID Connect are rising while others like SAML are fading. Authentication methods are shifting from traditional multi-factor authentication to continuous adaptive authentication. Privacy and centralized identity systems are concerns driving interest in self-sovereign identity models using blockchain and decentralized identifiers. Large countries are implementing national digital identity systems and blockchain may help improve transparency. The role of mobile identity is growing as phone numbers become integral identifiers.
This document discusses security considerations for microservices architectures. It covers edge security using API gateways, service-to-service authentication using TLS and JWT, access control using centralized and embedded policy decision points, deployment models like Docker and Kubernetes, and the use of sidecars and service meshes like Istio for security. Key challenges with microservices include a broader attack surface, performance issues, and complexity in deployment and observability across services.
The document discusses OAuth 2.0 security threats including session injection with CSRF, token leakage, token reuse/misuse, and token export. It provides details on the threats, victims, and best practices for mitigation. These include using short-lived authorization codes, TLS, proof-key-for-code-exchange, limiting grant types by client, white-listing redirect URIs, token binding, and enforcing throttle limits to prevent token misuse. The presentation encourages attendees to review their OAuth 2.0 implementations against these threats and ensure authorization servers follow security best practices.
This document provides an overview of the General Data Protection Regulation (GDPR) for identity architects. It discusses GDPR requirements such as data protection impact assessments, data processing records that must be maintained by controllers and processors, and data subject's rights. It also discusses principles of identity and access management design and best practices related to GDPR compliance. Finally, it includes links to Facebook and Google's cookie and data use policies.
Blockchain-based Solutions for Identity & Access ManagementPrabath Siriwardena
This document discusses self-sovereign identity and decentralized identifiers (DIDs). It provides an overview of identity evolution from centralized to user-centric models. Self-sovereign identity allows individuals to control their digital identities across systems without relying on centralized authorities. DIDs are a new type of identifier that can be registered on a distributed ledger without a centralized registration authority. The document outlines the goals and components of DID specifications and describes how DIDs and verifiable claims work on networks like Sovrin to enable self-sovereign identity.
This document summarizes OAuth 2.0 threat landscapes and best practices for mitigation. It discusses threats such as CSRF, session injection, token leakage, IDP mix-up, and token reuse/misuse. Recommended mitigations include using the state parameter, PKCE, short-lived tokens, TLS, white-listing callback URLs, scoped tokens, audience restriction, OpenID Connect, and throttling. The document provides technical details on various OAuth 2.0 flows and threats as well as references to relevant IETF draft specifications.
I would like to thank my family, friends, colleagues, and everyone else who supported me in writing this book. Their encouragement and feedback were invaluable.
SAML enables portable identities by defining standards for assertions, protocols and bindings. It allows identities established in one trust domain to be asserted in another domain. SAML assertions include authentication, authorization and attribute statements. SAML tokens can be included in SOAP message headers according to the WS-Security standard. They can be included directly or referenced remotely. WS-Trust is a standard that defines mechanisms for establishing, brokering and assessing trust relationships as well as issuing and exchanging security tokens like SAML tokens. Common patterns in WS-Trust include issuance, renewal, validation and cancellation of tokens.
This document provides an overview of wound healing, its functions, stages, mechanisms, factors affecting it, and complications.
A wound is a break in the integrity of the skin or tissues, which may be associated with disruption of the structure and function.
Healing is the body’s response to injury in an attempt to restore normal structure and functions.
Healing can occur in two ways: Regeneration and Repair
There are 4 phases of wound healing: hemostasis, inflammation, proliferation, and remodeling. This document also describes the mechanism of wound healing. Factors that affect healing include infection, uncontrolled diabetes, poor nutrition, age, anemia, the presence of foreign bodies, etc.
Complications of wound healing like infection, hyperpigmentation of scar, contractures, and keloid formation.
Temple of Asclepius in Thrace. Excavation resultsKrassimira Luka
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
A Visual Guide to 1 Samuel | A Tale of Two HeartsSteve Thomason
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
Gender and Mental Health - Counselling and Family Therapy Applications and In...PsychoTech Services
A proprietary approach developed by bringing together the best of learning theories from Psychology, design principles from the world of visualization, and pedagogical methods from over a decade of training experience, that enables you to: Learn better, faster!
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
I want to split my presentation in to 2 parts , one to discuss the “ trends in the industry with a Srilankan context the other to talk about what the Industry’s expectation of a young graduate when he joins a company , what should be his profile.
Need to understand basic computer language principlesPosses good solid background knowledge on software designing and object oriented design concepts.Programming languages get outdated very quickly. You can be a Java expert today, but if some ground braking technology becomes the industry trend tomorrow you will in be trouble.Mastering concepts will help you to understand and grasp any technology when you need to switch between languages.So focus on getting your foundation properly setup by learning concepts and not languages
2 most important days in your life the day you born and the other ….. Not the day you are going to die … or got married