This document discusses SAML, the Citizen Card, and Umbraco Identity Extensions for single sign-on authentication. It provides an overview of SAML as an open standard for exchanging authentication data between an identity provider and service provider using XML. It describes how SAML can enable single sign-on functionality. It also outlines the requirements and process for configuring the Portuguese government authentication service and demonstrates how to integrate it with Umbraco for backend user authentication.
Slide deck from Azure Saturday Munich 2019. Describing basics of online identity management and federation. But also capabilities of Azure AD B2C - from open standards protocols support (like OAuth and OpenID Connect) to building complex identity flows with Identity Experience Framework
This webinar discusses authentication, authorization, and communication using AWS IoT device shadows. It provides an overview of the AWS IoT components and protocols for connecting devices and applications. It also covers creating certificates, policies for controlling data access, and demonstrates how to set up and interact with a device shadow.
Session I delivered at Oredev, with some updates, more detail, reviewing all of the security standards including ws-federation, saml, ws-trust, oauth,openID connect.
Comodo offers various certificate types and partnership programs to enable partners to offer SSL certificates and generate recurring revenue. Their certificates are compatible with 99% of browsers and include features like automatic root installation and real-time website verification. Their partner programs have benefits like no upfront costs, discounted pricing, and integrated management systems.
Comodo offers various certificate types and partnership programs to enable partners to offer SSL certificates and generate recurring revenue. Their certificates are compatible with 99% of browsers and include features like automatic root installation and real-time website verification. Their partner programs have benefits like no upfront costs, discounted pricing, and integrated management systems.
This document provides an overview of common standards used for cloud identity management, including SAML, OAuth, SCIM, and JWT. It describes how each standard addresses aspects of authentication, authorization, and user provisioning. The document also discusses some ways these standards can be combined, such as using SCIM for user provisioning and SAML assertions for single sign-on authentication, or carrying SCIM user profiles within SAML messages. It acknowledges challenges around mapping complex SCIM schemas to SAML's attribute model and notes that further work is needed to fully define interoperability between the standards.
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...HostedbyConfluent
Saxo Bank is on a growth journey and Kafka is a critical component to that success. Securing our financial event streams is a top priority for us and initially we started with an on-prem Kafka cluster secured with (the de-facto) Kerberos. However, as we modernize and scale, the demands of hybrid cloud, multiple domains, polyglot computing and Data Mesh require us to also modernize our approach to security. In this talk, we will describe how we took the default (non-production ready) Kafka OAuth implementation and productionized it to work with Kafka in Azure Cloud, including the Kafka stack and clients. By enabling both Kerberos and OAuth running on-prem and in the cloud, we now plan to gracefully retire Kerberos from our estate.
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
The document discusses authentication and authorization architectures for microservices. It describes using OpenAM for centralized authentication and authorization across microservices. Tokens like access tokens, refresh tokens and ID tokens are used to authenticate service-to-service calls in a stateless manner. The document outlines approaches for different tiers of microservices and integrating OpenAM with Cloud Foundry.
Slide deck from Azure Saturday Munich 2019. Describing basics of online identity management and federation. But also capabilities of Azure AD B2C - from open standards protocols support (like OAuth and OpenID Connect) to building complex identity flows with Identity Experience Framework
This webinar discusses authentication, authorization, and communication using AWS IoT device shadows. It provides an overview of the AWS IoT components and protocols for connecting devices and applications. It also covers creating certificates, policies for controlling data access, and demonstrates how to set up and interact with a device shadow.
Session I delivered at Oredev, with some updates, more detail, reviewing all of the security standards including ws-federation, saml, ws-trust, oauth,openID connect.
Comodo offers various certificate types and partnership programs to enable partners to offer SSL certificates and generate recurring revenue. Their certificates are compatible with 99% of browsers and include features like automatic root installation and real-time website verification. Their partner programs have benefits like no upfront costs, discounted pricing, and integrated management systems.
Comodo offers various certificate types and partnership programs to enable partners to offer SSL certificates and generate recurring revenue. Their certificates are compatible with 99% of browsers and include features like automatic root installation and real-time website verification. Their partner programs have benefits like no upfront costs, discounted pricing, and integrated management systems.
This document provides an overview of common standards used for cloud identity management, including SAML, OAuth, SCIM, and JWT. It describes how each standard addresses aspects of authentication, authorization, and user provisioning. The document also discusses some ways these standards can be combined, such as using SCIM for user provisioning and SAML assertions for single sign-on authentication, or carrying SCIM user profiles within SAML messages. It acknowledges challenges around mapping complex SCIM schemas to SAML's attribute model and notes that further work is needed to fully define interoperability between the standards.
How we eased out security journey with OAuth (Goodbye Kerberos!) | Paul Makka...HostedbyConfluent
Saxo Bank is on a growth journey and Kafka is a critical component to that success. Securing our financial event streams is a top priority for us and initially we started with an on-prem Kafka cluster secured with (the de-facto) Kerberos. However, as we modernize and scale, the demands of hybrid cloud, multiple domains, polyglot computing and Data Mesh require us to also modernize our approach to security. In this talk, we will describe how we took the default (non-production ready) Kafka OAuth implementation and productionized it to work with Kafka in Azure Cloud, including the Kafka stack and clients. By enabling both Kerberos and OAuth running on-prem and in the cloud, we now plan to gracefully retire Kerberos from our estate.
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
The document discusses authentication and authorization architectures for microservices. It describes using OpenAM for centralized authentication and authorization across microservices. Tokens like access tokens, refresh tokens and ID tokens are used to authenticate service-to-service calls in a stateless manner. The document outlines approaches for different tiers of microservices and integrating OpenAM with Cloud Foundry.
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
Curious about AWS Mobile Services and latest updates? Attend this session for a deep dive on recent updates to AWS Mobile Services aimed at helping you build scalable, reliable, and feature-rich mobile apps. We’ll dig into the new features and discuss the relevant use cases. Specifically, we will cover the following releases: Amazon Cognito Your User Pools - Add sign-up and sign-on to your mobile apps, Amazon Simple Notification Service Global SMS - Send SMS messages to phone numbers in 200+ countries, and AWS Device Farm Remote Access - Gesture, swipe, and interact with iOS and Android devices in real time, directly from your web browser.
The document discusses bootstrapping identity protocols to work together, including SAML to OpenID, Infocards to ID-WSF, and SAML to OAuth. It provides examples of how these protocols can be chained together to enable single sign-on and API access across different systems.
IBM MQ V8 Security: Latest Features Deep-DiveMorag Hughson
More than ever, security issues are on the top of everyone's list of priorities. Find out about the approach taken by IBM MQ. This session will cover the security features in the latest release of IBM MQ.
This document provides an introduction and summary of Part 1 of a presentation on Bring Your Own Device (BYOD) essentials using Windows technologies. It discusses authentication challenges with current protocols like Kerberos and proposes solutions using claims-based authentication with Active Directory Federation Services (AD FS) and Windows Azure Active Directory. It also covers multi-factor authentication options and the benefits of claims over tickets for flexible authorization. The presentation demonstrates configuring SAML authentication in AD FS.
Identity, Security and XML Web ServicesJorgen Thelin
The use of security credentials and concepts of single-sign-on and “identity” play a big part in Web Services as developers start writing enterprise-grade line-of-business applications. An overview is provided of the emerging XML security credential standards such as SAML, along with various “identity” standards such as Passport and Liberty. We examine how “identity aware” Web Service implementations need to be, and the value a Web Services platform can add in reducing complexity in this area, with lessons drawn from experiences using J2EE technology for real-world security scenarios.
This document provides a comparison of Comodo SSL certificates and those offered by competitors such as VeriSign, GeoTrust, and Thawte. It includes comparison tables for four main certificate types: Extended Validation Certificates, which provide the highest level of trust; Organization Validation Certificates; Domain-Only Validation Certificates, the lowest-cost option; and Wildcard and Unified Communications Certificates. The tables show differences in prices, features, benefits, and technical specifications among the certificates. The document aims to demonstrate that Comodo certificates offer more robust security features, lower prices, and a better overall value compared to rival certificate providers.
Taking Identity from the Enterprise to the CloudPat Patterson
This document discusses taking identity from the enterprise to the cloud by enabling single sign-on and secure access to resources across multiple providers. It covers technologies like SAML 2.0, OAuth 2.0, and WS-Trust that can be combined to allow seamless authentication from a user's enterprise credentials to access cloud applications and APIs without additional logins. Specific protocols and examples are provided for integrating SAML 2.0 with Windows Integrated Authentication to enable single sign-on to external sites, and combining SAML 2.0, OAuth 2.0 and WS-Trust to allow desktop applications to securely access cloud APIs on behalf of the authenticated user.
AWS IoT provides a suite of services to connect, manage and integrate IoT devices at scale. These include SDKs to connect devices, a highly scalable message broker using MQTT and HTTP, authentication and authorization security, a rules engine to route messages to AWS services and third parties, persistent device shadows to represent state, and a registry for device identity and metadata. AWS IoT handles heavy lifting tasks so devices can securely connect to the cloud and applications.
Open source wso2 identity server sso with drupal 8Iwantha Lekamge
Single sign-on is important for government agencies to maintain a single authentication mechanism among their systems. Open Source WSO2 Identity Server can connect with Drupal 8 and create an SSO environment for government agencies.
What is SAML , How does SAML Works , request and Response , Enterprise and Web SSO, Advantages and Disadvantages of SSO, What is SSO, Single Sign On, Security Assertion Mark-up language.
My slides from the Identity Protocol Smackdown session at Gartner Catalyst 2013. Ignite format - 20 slides, 15 seconds per slide. There are auto-builds on a few slides, so download and view in PowerPoint for the best experience.
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Canada
1) The document discusses identity management, authentication, and authorization in Cisco Spark cloud and on-premises collaboration. It reviews concepts like realms of separation, identity obfuscation, and client connections.
2) Cisco Spark uses realms of separation to logically and physically separate identity services, encryption/indexing/compliance services, and data storage services across different data centers. It also uses identity obfuscation so real identity information is not stored or transmitted elsewhere in the cloud.
3) Hybrid data security allows key management, indexing, and e-discovery services to run on-premises while encrypted content remains in the cloud. This keeps encryption keys and other sensitive data local to the customer's environment
The document discusses SSL (Secure Sockets Layer) and TLS (Transport Layer Security). It provides an overview of SSL, including its history and evolution. It describes the SSL handshake protocol and components of SSL certificates such as subjects, issuers, and digital signatures. It also discusses SSL attacks like POODLE and Heartbleed and problems with certificate authorities.
This presentation provides an overview of the technical considerations that Third Eye made while developing a tool to create, digitally sign and certify Software Identification (SWID) tags.
CA API Gateway: Web API and Application SecurityCA Technologies
This document discusses how CA API Gateway can be used to secure web APIs and applications. It begins with an introduction to securing the new digital perimeter where APIs are increasingly exposed. It then provides an overview of the CA API Management suite and common use cases. The remainder of the document discusses various security considerations and features that the CA API Gateway provides, such as authentication, authorization, encryption, auditing, and protection from common vulnerabilities and attacks. It concludes by recommending where organizations should start in securing their APIs and applications.
Microservices architecture is becoming a prominent design principle and a service development methodology, we have now started to see many microservices in production. Yet, security is a less concerned aspect, most of the time development teams are much focus on edge security but due to distributed and disposable nature of microservices, it's equally important to pay attention to securing service-to-service communication both during the transmission and sharing end-user context among services in order to cover vast attack surface.
Single Sign On (SSO) allows a user to authenticate once and gain access to multiple related systems without re-authenticating. SSO uses protocols like SAML and OAuth to issue authentication tokens after initial login. SAML is an XML-based standard that transfers user identity and attribute data between an identity provider and service provider using assertions. Metadata ensures secure transactions by allowing providers to look up authentication endpoints and validate digital signatures. The SSO workflow involves a user authenticating with an identity provider, which issues a token for the user to access a service provider. Major SSO providers include Microsoft, IBM, Red Hat, and ForgeRock.
This document provides an overview of SSL certificates and the process for configuring a Domino server with an SSL certificate from a third-party certificate authority (CA). It discusses key SSL and PKI concepts like certificates, CAs, CSRs, and key sizes. It then outlines the steps to create a keyring file, generate a CSR, retrieve the signed certificate from the CA, install it on the server, and configure Domino for SSL. The goal is to teach attendees about SSL certificates and how to set them up for their Domino environment.
This is about SAML 2.0 (Security Assertion Markup Language 2.0) is an XML based framework which is meant for requesting OAuth 2.0 access token; where Ping Federate acts as OAuth 2.0 Authorization server to authenticate and authorize clients application or request for a token to access user's protected resource.
Lets move on to know more about the operation concept regarding security access
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
How to integrate the complex use cases in the hyper-connected world with millions of devices and services.
Bhavna Bhatnagar (VigourSoft Technical Advisor and Industry expert) talks about SAML, OAuth, OpenID and what you need to make your place in the complex scenario this presents
Curious about AWS Mobile Services and latest updates? Attend this session for a deep dive on recent updates to AWS Mobile Services aimed at helping you build scalable, reliable, and feature-rich mobile apps. We’ll dig into the new features and discuss the relevant use cases. Specifically, we will cover the following releases: Amazon Cognito Your User Pools - Add sign-up and sign-on to your mobile apps, Amazon Simple Notification Service Global SMS - Send SMS messages to phone numbers in 200+ countries, and AWS Device Farm Remote Access - Gesture, swipe, and interact with iOS and Android devices in real time, directly from your web browser.
The document discusses bootstrapping identity protocols to work together, including SAML to OpenID, Infocards to ID-WSF, and SAML to OAuth. It provides examples of how these protocols can be chained together to enable single sign-on and API access across different systems.
IBM MQ V8 Security: Latest Features Deep-DiveMorag Hughson
More than ever, security issues are on the top of everyone's list of priorities. Find out about the approach taken by IBM MQ. This session will cover the security features in the latest release of IBM MQ.
This document provides an introduction and summary of Part 1 of a presentation on Bring Your Own Device (BYOD) essentials using Windows technologies. It discusses authentication challenges with current protocols like Kerberos and proposes solutions using claims-based authentication with Active Directory Federation Services (AD FS) and Windows Azure Active Directory. It also covers multi-factor authentication options and the benefits of claims over tickets for flexible authorization. The presentation demonstrates configuring SAML authentication in AD FS.
Identity, Security and XML Web ServicesJorgen Thelin
The use of security credentials and concepts of single-sign-on and “identity” play a big part in Web Services as developers start writing enterprise-grade line-of-business applications. An overview is provided of the emerging XML security credential standards such as SAML, along with various “identity” standards such as Passport and Liberty. We examine how “identity aware” Web Service implementations need to be, and the value a Web Services platform can add in reducing complexity in this area, with lessons drawn from experiences using J2EE technology for real-world security scenarios.
This document provides a comparison of Comodo SSL certificates and those offered by competitors such as VeriSign, GeoTrust, and Thawte. It includes comparison tables for four main certificate types: Extended Validation Certificates, which provide the highest level of trust; Organization Validation Certificates; Domain-Only Validation Certificates, the lowest-cost option; and Wildcard and Unified Communications Certificates. The tables show differences in prices, features, benefits, and technical specifications among the certificates. The document aims to demonstrate that Comodo certificates offer more robust security features, lower prices, and a better overall value compared to rival certificate providers.
Taking Identity from the Enterprise to the CloudPat Patterson
This document discusses taking identity from the enterprise to the cloud by enabling single sign-on and secure access to resources across multiple providers. It covers technologies like SAML 2.0, OAuth 2.0, and WS-Trust that can be combined to allow seamless authentication from a user's enterprise credentials to access cloud applications and APIs without additional logins. Specific protocols and examples are provided for integrating SAML 2.0 with Windows Integrated Authentication to enable single sign-on to external sites, and combining SAML 2.0, OAuth 2.0 and WS-Trust to allow desktop applications to securely access cloud APIs on behalf of the authenticated user.
AWS IoT provides a suite of services to connect, manage and integrate IoT devices at scale. These include SDKs to connect devices, a highly scalable message broker using MQTT and HTTP, authentication and authorization security, a rules engine to route messages to AWS services and third parties, persistent device shadows to represent state, and a registry for device identity and metadata. AWS IoT handles heavy lifting tasks so devices can securely connect to the cloud and applications.
Open source wso2 identity server sso with drupal 8Iwantha Lekamge
Single sign-on is important for government agencies to maintain a single authentication mechanism among their systems. Open Source WSO2 Identity Server can connect with Drupal 8 and create an SSO environment for government agencies.
What is SAML , How does SAML Works , request and Response , Enterprise and Web SSO, Advantages and Disadvantages of SSO, What is SSO, Single Sign On, Security Assertion Mark-up language.
My slides from the Identity Protocol Smackdown session at Gartner Catalyst 2013. Ignite format - 20 slides, 15 seconds per slide. There are auto-builds on a few slides, so download and view in PowerPoint for the best experience.
Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...Cisco Canada
1) The document discusses identity management, authentication, and authorization in Cisco Spark cloud and on-premises collaboration. It reviews concepts like realms of separation, identity obfuscation, and client connections.
2) Cisco Spark uses realms of separation to logically and physically separate identity services, encryption/indexing/compliance services, and data storage services across different data centers. It also uses identity obfuscation so real identity information is not stored or transmitted elsewhere in the cloud.
3) Hybrid data security allows key management, indexing, and e-discovery services to run on-premises while encrypted content remains in the cloud. This keeps encryption keys and other sensitive data local to the customer's environment
The document discusses SSL (Secure Sockets Layer) and TLS (Transport Layer Security). It provides an overview of SSL, including its history and evolution. It describes the SSL handshake protocol and components of SSL certificates such as subjects, issuers, and digital signatures. It also discusses SSL attacks like POODLE and Heartbleed and problems with certificate authorities.
This presentation provides an overview of the technical considerations that Third Eye made while developing a tool to create, digitally sign and certify Software Identification (SWID) tags.
CA API Gateway: Web API and Application SecurityCA Technologies
This document discusses how CA API Gateway can be used to secure web APIs and applications. It begins with an introduction to securing the new digital perimeter where APIs are increasingly exposed. It then provides an overview of the CA API Management suite and common use cases. The remainder of the document discusses various security considerations and features that the CA API Gateway provides, such as authentication, authorization, encryption, auditing, and protection from common vulnerabilities and attacks. It concludes by recommending where organizations should start in securing their APIs and applications.
Microservices architecture is becoming a prominent design principle and a service development methodology, we have now started to see many microservices in production. Yet, security is a less concerned aspect, most of the time development teams are much focus on edge security but due to distributed and disposable nature of microservices, it's equally important to pay attention to securing service-to-service communication both during the transmission and sharing end-user context among services in order to cover vast attack surface.
Single Sign On (SSO) allows a user to authenticate once and gain access to multiple related systems without re-authenticating. SSO uses protocols like SAML and OAuth to issue authentication tokens after initial login. SAML is an XML-based standard that transfers user identity and attribute data between an identity provider and service provider using assertions. Metadata ensures secure transactions by allowing providers to look up authentication endpoints and validate digital signatures. The SSO workflow involves a user authenticating with an identity provider, which issues a token for the user to access a service provider. Major SSO providers include Microsoft, IBM, Red Hat, and ForgeRock.
This document provides an overview of SSL certificates and the process for configuring a Domino server with an SSL certificate from a third-party certificate authority (CA). It discusses key SSL and PKI concepts like certificates, CAs, CSRs, and key sizes. It then outlines the steps to create a keyring file, generate a CSR, retrieve the signed certificate from the CA, install it on the server, and configure Domino for SSL. The goal is to teach attendees about SSL certificates and how to set them up for their Domino environment.
This is about SAML 2.0 (Security Assertion Markup Language 2.0) is an XML based framework which is meant for requesting OAuth 2.0 access token; where Ping Federate acts as OAuth 2.0 Authorization server to authenticate and authorize clients application or request for a token to access user's protected resource.
Lets move on to know more about the operation concept regarding security access
Similar to SAML Protocol and Umbraco Backoffice (20)
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
2. Checklist for take-off
■ What is SAML ?
– Request
– Response
– Certificates
– SSO
■ autenticacao.gov.pt
– Citizen Card
– Chave móvel digital
■ Umbraco Identity Extensions
– OauthVS SAML
– Owin
3. SAML stands for:
SecurityAssertion Markup Language
■ “… is an open standard for exchanging authentication and authorization data between
parties, in particular, between an identity provider and a service provider. As its name
implies,SAML is an XML-based markup language for security assertions (statements that
service providers use to make access-control decisions” (fromWikipedia)
■ SAML 1.0 (11/2002)
■ SAML 1.1 (09/2003)
■ SAML 2.0 (03/2005)
■ http://saml.xml.org/saml-specifications
4. SAML design
■ XML – format
– Old school xml ;)
■ XML Schema (aka xsd)
– Assertions and protocol specification
– Integrity
■ XML Signature
– Identity / Authenticity
– V1.1 and v2.0 compliant with digital signature
■ XML Encryption (only on v2.0)
– X.509 / RSA / Certificate chain
■ Http(s) as communication protocol
■ SOAP – protocol, binding and profile
■ 10% Enterprise adoption
13. Requirements of: autenticacao.gov.pt
Autenticação Gov Request doc template (data of contacts, etc)
Para a configuração do Service Provider no Autenticação.Gov de PRODUÇÃO necessitamos que:
1. Nos forneçam um certificado digital , emitido por entidade certificadora reconhecida e exportado com
a sua cadeia de certificação.
2. Nos informem:
- a. O “valor” que será utilizado no atributo "Issuer"
- b. O “valor” que será usado no atributo "ProviderName"
- 3.Nos forneçam um logótipo de dimensão 195*97 (com fundo preferencialmente transparente)
- 4. Nos forneçam um endereço para onde o Autenticação.Gov vai redirecionar as respostas aos
pedidos de logout (opcional) ou em alternativa fornecer o endereço de logout no pedido de logout
(Source ama.pt)
Olá,
Esta apresentação tem como objectivo principal, dar a conhecer os resultados do desafio proposto pelo portaldacultura, isto é, autenticação em backoffice Umbraco através do nosso cartão de cidadão.
Quais os desafios que se propuseram. Quais as dificuldades e incompatibilidades. Quais as novas noções e conhecimentos envolvidos.
Para vos pilotar sobre esta apresentação e sobre os tópicos principais de forma a melhor compreensão, foram aqui reunidos alguns exemplos e explicações.
Contudo as palavras chaves envolvidas passam pela utilização e compreensão do protocolo de segurança para autenticação SSO (single sign on) SAML 2.0, serviço prestado pelo autenticação.gov.pt (cartão de cidadão e chave móvel digital) e por último a autenticação interna para backoffice em Umbraco v7.x
O protocolo SAML, pela sua definição das iniciais dadas, assenta sobre os princípios de segurança e identidade definidos em linguagem markup, muito em semelhança a outros protocolos mais conhecidos como por ex. SOAP. Através da definição de sintaxe XML, é possível descrever as mensagens sobre estrutura SAML para solicitar pedidos de identidade (autenticação) bem como outras operações que o serviço (provider) de SSO possa disponibilizar.
Seja eles:
Asserção de queries ou de pedidos (aplicação de filtros, acesso dinâmico a dados…)
Pedidos de autenticação (SSO login, normal como é mais conhecido)
Resolução de artfactos (transmissão de dados concretos, encapsulados em pedido, Http Artifact binding)
Gestão de nomes identificativos (nomes de atributos, namespaces, etc)
Pedido para Logout
Mapeamento de nomes identificativos (atributo idade, do tipo int, etc)
e muitas outras especificações que possam ser ou não compreendidas pelo standard definido ao protocolo.
Apesar da idade do protocolo em si, e da sua evolução se mostrar um pouco tímida, as evoluções introduzidas no protocolo foram claramente determinantes para a sua utilização inclusive aos dias de hoje. Falamos mais concretamente da inclusão de suporte para certificados de segurança, de forma a garantir integridade de mensagem, identidade e a própria cifra para garantir a confidencialidade das mensagens trocadas.
Concentrando a nossa atenção para a versão 2.0 do protocolo, é importante notar que o seu objectivo é dar suporte a:
Asserção para autenticação (afirmação de confiança para autenticação)
Asserção de atributos (por ex: dados de perfil do utilizador, ou de uma determinada entidade
Asserção de decisão de autorização ( ou seja, através do conceito de claim, identificar a autorização concreta para um determinado recurso ou conjunto de funcionalidades)
O formato XML amplamente conhecido e utilizado em inúmeras utilizações semelhantes por outros protocolos é também adoptado no SAML, e com o recurso a à definição de estrutura indicada através da utilização de XSDs, é possível de determinar a utilização correcta e a validação da sua especificação em toda a sua definição. Isto é, seja para pedidos e atributos.
Através da introdução das capacidades de assinatura de XML (XML Signature ) é conseguida a possibilidade de assinatura correcta para garantir a identidade que está a solicitar ou a responder aos pedidos SAML.
Por outro lado, e com recurso às capacidades de cifra (encriptação) através da utilização de certificados X.509, é garantida previamente a integridade e confidencialidade do pedido, ou resposta e a segurança durante a sua transmissão entre as entidades envolvidas. Uma vez que os conteúdos apenas serão passíveis de leitura ao detentores das chaves privadas.
O protocolo SAML está associado por definição ao protocolo de comunicação Http/https. E uma vez esta associação são herdados conceitos e funcionalidades do protocolo http para o SAML, especialmente as ligações (bindings) a recursos, ex:
1) (Reverse) SAML SOAP binding
2) Http redirect
3) Http POST
4) Http Artifact
5) SAML Uri (Defines a means for retrieving an existing SAML assertion by resolving a URI (uniform resource identifier).)
Uma vez a utilização desta arquitectura no protocol SAML, é também herdado os conceitos de perfil (profiling) permitindo a definição de comportamentos/fluxos esperados para cada tipo durante as suas múltiplas utilizações.
Ex:
Web Browser SSO Profile
Enhanced Client or Proxy (ECP) Profile
Identity Provider Discovery Profile
Single Logout Profile
Name Identifier Management Profile
Artifact Resolution Profile
Assertion Query/Request Profile
Name Identifier Mapping Profile
SAML Attribute Profiles
Basic Attribute Profile
X.500/LDAP Attribute Profile
UUID Attribute Profile
DCE PAC Attribute Profile
XACML Attribute Profile
Como se pode constactar a versatilidade deste protocol é claramente ampla e permite a sua utilização em múltiplos cenários.
Adopção moderada, e em ênfase nas aplicações empresariais de maior escala.
Apenas para nos relembrarmos todos, o que é a autenticação SSO e como é que a mesma se processa.
Portanto existe uma entidade central (identity provider) que detém a informação sobre a identidade dos utilizadores e dados de perfil. O nosso fornecedor de autenticação, apenas nos permite realizar pedidos de autenticação se a nossa aplicação (cliente) está previamente autorizada a fazê-lo. Para além de autorizar/reconhecer individualmente as aplicações, e as respectivas identidades dos utilizadores, permite naturalmente definir contextos individualizados e especificados para cada uma.
O melhor exemplo, é o caso do Facebook. Não só a necessidade de diferenciar as origem de autenticação, como também a versatilidade de acesso a determinados dados da nossa identidade serem negociados por meios providos de autorização extra.
Benefícios vs integridade de autenticação. Se o SSO provider não estiver a funcionar, todas as funcionalidades pendentes de autenticação das aplicações estarão também comprometidas. (single point of failure)
Confiança e integridade da informação e da identidade. Ou seja, o nosso SSO provider deverá ter a capacidade de determinar e garantir não só a autenticidade da informação como também o seu nível de confiança da mesma.
A implementação SSO do portal autenticacao.gov.pt, segue uma aproximação standard para este cenário.
Descrição do fluxo:
O utilizador acede ao nosso website/aplicação
O utilizador solicita login com authgov.pt
O nosso site gera o primeiro SAML Request
O utilizador é redireccionado (vis post de página) para o nosso SSO login page
O portal authgov.pt solicita as credenciais e certificados registados em CC através de leitura via smartcard. Pin de autenticação
O portal authgov.pt valida os dados e emite a reposta para o nosso website/aplicação
O nosso website/aplicação procede à validação da resposta e segue o seu fluxo de autenticação interna.
Após a introdução e definição do protocolo SAML, o nosso foco centra-se nas funcionalidades de autenticação SSO. Significa que para que seja possível solicitar uma autenticação via SSO com a utilização do SAML para os nossos pedidos e respostas. Ou seja, o processo de negociação com o nosso identity provider.
Este exemplo é o pedido SAML AuthRequest gerado pelo nosso método GetSamlAuthRequest (API).
O que é importante destacar/notar:
Geração de IDs por pedido (tracking, autenticidade);
ProtocolBinding, qual é o perfil de ligação do protocol que estamos à espera na resposta (POST);
AssertionConsumerServiceURL, ou seja, qual é o endereço para o qual queremos receber a resposta por parte do SSO provider;
Provider Name, a identificação do nosso SSO provider;
Elemento de assinatura, detém a “nossa” assinatura devidamente identificada e cifrada com o certificado emitido para o efeito (X.509) negociado com o SSO;
Passagem do certificado para o SSO verificar a sua validade e autenticidade perante a sua realidade;
Extensions. Conjunto de pedidos de atributos específicos, neste caso, NIC como obrigatório e o nome como opcional. Atributos do nosso SSO (autenticacao.gov.pt)
FAAALevel, atributo especial que define o grau de segurança disponível para a autenticação. Neste caso o default é 4 (verificar a doc do SSO), contudo a indicação “2” define a opção para solicitar autenticação através da CMD por opção do utilizador. (Ou seja, é apresentada as duas hipóteses ao utilizador no momento de auth)
Estamos agora a visualizar o exemplo de resposta ao nosso pedido (slide anterior).
A destacar:
InResponseTo, ID do nosso pedido original (novamente tracking e integridade)
Destination, url de envo deste pedido (POST)
Issuer, dado como uma afirmação (assertion) do cartão de cidadão português
Novamente a presença da assinatura do pedido e do respectivo certificado
Elemento Status e Status Code. Neste caso requestDenied porque o nosso SSO não reconheceu no nosso pedido original a entidade definida em na propriedade Issuer
Estamos agora a visualizar o exemplo de resposta ao nosso pedido (slide anterior).
A destacar:
InResponseTo, ID do nosso pedido original (novamente tracking e integridade)
Destination, url de envio deste pedido (POST)
Issuer, dado como uma afirmação (assertion) do cartão de cidadão português
Novamente a presença da assinatura do pedido e do respectivo certificado
Elemento Status e Status Code. Neste caso Success
Elemento Audience, o url do nosso portal
Elementos de atributos em reposta ao pedido de autenticação
Retorna o seu tipo e o seu valor
Ausência do attr nome neste exemplo, apesar de ter sido pedido no request (retirado para efeitos de visualização).
Conheçem o nosso cartão de cidadão ou o bilhete de identidade?
Quem chegou a ter o BI “antigo” ?
E os mitos sobre os números e teorias sobre os nomes?
Quem sabe o que contém o cartão de cidadão?
Tem 11 anos de vida
Fornece a nossa identidade de cidadania e a nossa identidade digital
Formato em smartcard, capaz de armazenar os certificados digitais e respectivas cadeias
Pin de autenticação, para autorizar a leitura do nosso certificado individual de identidade para quem está a solicitar a sua leitura
Pin de morada, permite alterar/ler os dados da nossa morada, mas mediante pin
Pin de assinatura, permite a leitura do nosso certificado para ser utilizado como assinatura digital de documentos, etc
Validade e equicidade (perante a lei) digital vs presencial
Então o que é que o SSO service provider do portal autenticação gov pt nos oferece?
Autenticação com o cartão de cidadão
Requer presença física do cartão
Leitura de dados através de smartcard
Autorizações via PIN
Consulta de dados;
Autenticação via Chave Móvel Digital
A chave móvel é uma autenticação mais simples,
Não requer o leitor smarcard
Não requer presença física do cartão
Emissão de token de autorização via número de telemóvel ou email
Envio de autorização (tokenizer) com janela de 5 minutos;
SMS
Email
Twitter
Com a CMD, conseguimos acelerar o processo de autenticação, eliminando a barreira de software/hardware e com o recurso à utilização de meios digitais já amplamente conhecidos pelos utilizadores. Contudo é necessário a utilização do cartão cidadão físico para activar/criar a CMD.
Com base nestas duas opções, é possível ser a nossa aplicação a determinar qual o método de autenticação a ser utilizado (cc ou cmd, ou um individualmente), bem como no grau de confiança dos atributos solicitados.
Os requisitos mais importantes solicitados pela ama.pt para uma determinada aplicação cliente e consumidora do serviços SSO de autenticação, são:
1) Certificado, com toda a sua cadeia. Uma vez que toda a cadeia é validada pelo SSO nos pedidos… (não sei se isto é um facto, mas não encontrei mais informações)
2) Issuer value (mais uma vez, este valor serve para dar garantia de identididade da propria aplicação)
3) ProviderName, outro indicador e identificador da nossa aplicação, que no momento de SSO irá aparecer no portal autenticacao.gov.pt
4) Sobre a questão de logout, nesta implementação não houve a opurtunidade de ensaiar. Contudo cremos pela documentação, que se quando o utilizador faz logout no portal authgov.pt, o mesmo transmite a acção para todos os clients que detêm pedidos de autenticação emitidos.
O modelo de autenticação utilizado pelo backoffice Umbraco é baseado em ASP.NET Identity, por sua vez este modelo é baseado nos princípios de autenticação Oauth com recurso à implementação da sua interface via OWIN;
Por outro lado o Sistema de autenticação oferecido pela AMA, baseado em SSO via SAML não é compatível de todo com o protocol Oauth. Não creio que haja forma de colar estas duas realidades sem que seja a recurso a alguma forma de adaptação. Isto é, a criação de um middle-ware específico que permita a transpocisão entre a emissão de tokens oauth e a negociação dos pedidos SAML.
Ref: https://www.ubisecure.com/uncategorized/difference-between-saml-and-oauth/
Desta forma, pensámos em duas formas para atacar o problema:
Implementação de um middleware, ex: IdentityServer4 com recurso a um adapter para realizar a negociação com o SSO… tempo vs custo
Criar um adapter local, que resolva a negociação SSO, e que crie um token e o injecte no formulário de autenticação. Depois e atráves da extensibilidade que o Umbraco.Identity.Extensions nos trás, pela implementação de um custom password checker, realizar a validação do token e a consequente autenticação.
A concretização desta segunda opção será mostrada mais à frente.
Sequência de pedidos do processo:
Para aparecer o butão da autenticação gov
Request à nossa API para gerar um SAML Request com os atributos que queremos (nic, nome, etc) | autenticação normal e/ou com cmd
Injectar o SAML e relay state em base 64 em <form > da página
Clique => post do form para o authgov.pt (estamos a solicitar um pedido de autenticação para o nosso “site”
O user resolve o processo de autenticação no portal authgov.pt com o cc ou cmd
O resultado do processo de autenticação é enviado de volta via POST para o indicado no request
Valida-se o resultado SAML, avalia-se os dados de resultado
Gera-se um token nosso com atributos e data de validade
Preenche-se o form automáticamente para “simular” a autenticação.
Ver vídeo
Ver vídeo
Isolámos o código respeitante à autenticação/negociação SSO SAML, em projecto próprio
Desenvolvimento de um conjunto de serviços e helpers que facilitem o processo de solicitação de um pedido SAML e de validação e processamento de resposta SAML
Enums com os atributos disponíveis pelo SSO AuthGov.pt para o Cartão de cidadão;
Schemas, ficheiros que definem a estrutura válida para os pedidos SAML para validação via xsd
Desenvolvimento de serviço em classes parciais que detém dois métodos principais: GetSAMLResquest (para solicitar um pedido de autenticação) e ProcessSAMLResponse, para validar e processar uma resposta SAML
Class SAML Protocol que define a estrutura de um pedido SAML
Class SAML Request, um wrapper que determina a junção de um pedido/resposta SAML com propriedades próprias para dar apoio ao fluxo de SSO + autenticação
API – Controller que detêm o método que devolve um pedido de autenticação SAML e outro método que recebe via POST a resposta SAML emitida via SSO do authgov.pt
Demo com o VS + cartão de cidadao + Umbraco
Explicação dos passos e dos conceitos no código
Referências e links úteis com mais informações sobre os temas abordados.