Whada #yapcasia 2011

•

0 likes•1,785 views

This document introduces whada, a multi-protocol authentication and authorization tool that allows managing user privileges and permissions through an LDAP backend. It addresses the need for centralized authentication across internal web services while overcoming the limitations of traditional directory services like ActiveDirectory. Key points are that whada stores authorization data in its own privilege store and retrieves authentication data from external sources like LDAP, with the goal of allowing dynamic management of user access without worrying about password storage. The document outlines whada's architecture and implementation as an OpenLDAP backend module written in Perl, and solicits feedback on potential next steps.

Technology

whada

YAPC::Asia 2011
2011/10/15
tagomoris

2011 10 15

2010/08 livedoor
System Administration Group
Develop Support Group

2011 10 15

whada
'Whada Hits on the Advanced
Dominant Authentication.'

Multi-Protocol
Authentication/Authorization
Tool

2011 10 15

whada

Multi-Protocol
Authentication/Authorization
Tool
(Now, LDAP only... )

2011 10 15

Why whada ? (1)
Many internal web services requires
authentication/authorization.
Authentication per services:
chaos
management worry
poor UI

2011 10 15

Why whada ? (2)

Password dictionary is very sensitive
and dangerous:
new commers
retired employees
password changes

2011 10 15

Why NOT
ActiveDirectory ?
Managed by personnel department...
We cannot :
change data structures
add attirubutes
normalize values (!)
add ACL rule (!)
2011 10 15

Why whada ? (3)
We want to:
add/drop new privilege definitions
add/drop permission to/from anyone at
anytime
ignore password management
use web centric authentication protocols

2011 10 15

whada
authorization data source:
by whada privilege store
authentication data source:
external data source (ex: LDAP)
client access protocol:
LDAP (OpenID/OAuth comming soon!)
https://github.com/tagomoris/whada
2011 10 15

whada data

Account: Account Name

Privilege: Label for Authorization
(ex: WHADA, BLOG, BLOG+ADMIN, ...)

2011 10 15

slapd perl backend
Backend module runs in
OpenLDAP Server (slapd) process
specified Perl Module.
database perl
suffix "dc=wada,dc=intranet"
perlModulePath /root/whada/lib
perlModule Whada::SlapdBackendHandler

2011 10 15

What i should do next ?

OpenID / OAuth
Improved Admin UI
Other password data source?
(NIS? RDBMS?)
Performance?

2011 10 15

SSO is not a new concept, even we’ve heard very much in your work or research. It's useful but it’s really belong to administration/management people? It's interesting for users but it's really complex and headache for someone implement it? Especially nowadays, we are in an age of Troika Computing: Cloud, Social Network, Mobile, Big data and federation problems. So, with being a professional organisation, or being a skilled member in development team, you will start from where? what is your knowledge about it? which methods will you choose to implement in your organisation? how to develop or intergrate to your customers' products? how does your organisation deploy to support customers and partners...

Oracle Access Manager Integration with Microsoft Active Directory for Zero Si...

Sumit Gupta

Extending Oracle SSO

kurtvm

With a complete new Identity/Access Management Suite on the Oracle market, one might forget the good old SSO server, bundled with each and every IAS server. Although it has some out-of-the-box capabilities like WNA and X509 certificate support, it can be quite hard to set up an authentication scheme just the way you (or your customers) like it. Using a case study, this presentation discusses how you can extend Oracle’s Single Sign On (SSO) server to your needs. It will discuss : - Integration & authentication with smartcard passports (eID) - Authentication with digital certificates - Implementing fallback authentication schemes - Integration with SSL terminators and reverse proxies - DIY federated authentication - writing your own SSO plugin The solutions presented are part of AXI NV/BV's portfolio.

Oracle iAS Forms to WebLogic Suite for AlescoFumiko Yamashita

CA Workload Automation Agent Monitor enables workload administrators to simplify and automate the process of CA Workload Automation agents and clients monitoring. This session will describe and demonstrate this Web service application to monitor CA Workload Automation agent configuration and system information and status for all CA Workload Automation AutoSys (AE), CA Workload Automation dSeries (DE), CA Workload Automation CA 7 Edition and CA Workload Automation ESP Edition environments. Seating is limited and available first come-first served. For more information, please visit http://cainc.to/Nv2VOe

Oracle database 12c_and_DevOps

Maria Colgan

For decades developers and DBAs have battled over who controls the world. With each new development paradigm the battle flares again as developers push DBAs to adopt and support new data structures (JSON), new APIs (REST services), new technologies (In-Memory) and new platforms (Cloud). In this session, Gerald Venzl takes on the role of lead developer on a project to deploy a RESTful web-based application for a new coffeeshop chain, while Maria Colgan takes on the role of the DBA. Through the use of live demos, they learn to work together to find a solution that will allow them to embrace a more agile development approach, as well as the latest technology trends without exposing the business to painful availability or security vulnerabilities.

Producing an OData feed in 10 minutes

Woodruff Solutions LLC

Explore Advanced CA Release Automation Configuration Topics

CA Technologies

Partner Ecosystem Showcase for Apache Ranger and Apache Atlas

DataWorks Summit

The community for Apache Atlas and Apache Ranger, which are foundational components for Security and Governance across the Hadoop stack, has spawned a robust partner ecosystem of tools and platforms. These partner solutions build upon the extensibility offered in these platforms via open and robust APIs via integration patterns to provide innovative “better together” capabilities. In this talk, we will showcase how three of Hortonworks partners Talend, Protegrity, and Arcadia Data have effectively extended Apache Ranger and Apache Atlas frameworks to provide value added security and governance features to complement the Hadoop ecosystem. The talk will showcase partner-led demonstrations that will include how to enhance Apache Atlas lineage and metadata to cover ETL operations, how to build Apache Ranger authorizations of custom objects such as visualizations and how to enhance Apache Ranger’s data protection capabilities for encryption and masking. We will also provide a short overview of Hortonworks Gov Ready and Sec Ready programs and how partners can benefit from the certification process as part of this program.

SAP HANA SPS10- Security

SAP Technology

PL/SQL All the Things in Oracle SQL Developer

Jeff Smith

What is direct access?

Shery Techyboy

EAP-TLS

Karri Huhtanen

Turning Relational Database Tables into Hadoop Datasources by Kuassi Mensah

Data Con LA

CIS14: Early Peek at PingFederate Administrative REST API

CloudIDSummit

Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...

VMware Tanzu

Technical Track presented by Vinícius Carvalho, Senior Field Engineer at Pivotal. Cloud Foundry provides the foundation for your PaaS infrastructure. It streamlines deployment and turns your developers and your ops into super heroes when it comes to time to market. But what about your architecture? How should you build your services (or microservices)? How can you guarantee security is being enforced on every layer of your architecture? How can you solve cross-service dependencies? How can services discover each other? How could developers leverage an API explorer to test your services and build apps on top of it? How could you leverage a data pipeline to solve polyglot persistence and cascading operations on diverse persistence technologies? How can you monetize on top of your public services? How could you use a service registry to boost your models with extended metadata? This session presents a few recipes to demonstrate how to solve some of the problems found when applying cloud patterns to real business scenarios.

Recipes for a successful production cloudfoundry deployment - CF Summit 2014

Vinícius Carvalho

Oracle Data Integration CON9737 at OpenWorld

Jeffrey T. Pollock

CA Service Virtualization 9.0—What's the Latest and Greatest

CA Technologies

Come explore at this technical, pre-conference session the latest and greatest CA Service Virtualization 9.0 features and functionality that are being launched here at CA World '15. If you want a deep dive of what are the new features and how they work with other parts of our DevTest portfolio, this is the session for you. Be the first to have a sneak peak at the latest and greatest features in our major release of CA Service Virtualization 9.0. For more information, please visit http://cainc.to/Nv2VOe

Select Star: Unified Batch & Streaming with Flink SQL & Pulsar

Caito Scherr

If you want to leverage the strengths of multiple streaming tools, but without the typical overhead of familiarizing yourself with each tool and their interconnected relationships, then this talk is for you. This is a beginner friendly talk intended for anyone who is familiar with just one of these tools, or none of them (although some familiarity with SQL will help). If you want to walk away with the necessary foundation to go home and build a unified batch and streaming pipeline without having to know Flink (or Java, or Scala, etc...), that's where Flink SQL comes in. We'll then add in Pulsar, enabling you to maximize their pub-sub messaging system alongside your pipeline. This talk will go through an easy-to-follow 5 step process (with demos for each step) to building a unified pipeline with Flink SQL and Pulsar together, and resources for future steps.

Denver ACE October 21st 2020

denveraug

HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel

TDNF Seminar

EmpowerID

Marcin Szałowicz - MySQL Workbench

Women in Technology Poland

Ractor's speed is not light-speed

SATOSHI TAGOMORI

Good Things and Hard Things of SaaS Development/Operations

SATOSHI TAGOMORI

Similar to Whada #yapcasia 2011

Tech Talk: CA Workload Automation Agent Monitor, Agents and Advanced Integrat...

CA Technologies

Oracle database 12c_and_DevOps

Maria Colgan

Producing an OData feed in 10 minutes

Woodruff Solutions LLC

Explore Advanced CA Release Automation Configuration Topics

CA Technologies

Partner Ecosystem Showcase for Apache Ranger and Apache Atlas

DataWorks Summit

SAP HANA SPS10- Security

SAP Technology

PL/SQL All the Things in Oracle SQL Developer

Jeff Smith

What is direct access?

Shery Techyboy

EAP-TLS

Karri Huhtanen

Turning Relational Database Tables into Hadoop Datasources by Kuassi Mensah

Data Con LA

CIS14: Early Peek at PingFederate Administrative REST API

CloudIDSummit

Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...

VMware Tanzu

Recipes for a successful production cloudfoundry deployment - CF Summit 2014

Vinícius Carvalho

Oracle Data Integration CON9737 at OpenWorld

Jeffrey T. Pollock

CA Service Virtualization 9.0—What's the Latest and Greatest

CA Technologies

Select Star: Unified Batch & Streaming with Flink SQL & Pulsar

Caito Scherr

Denver ACE October 21st 2020

denveraug

HAD05: Collaborating with Extranet Partners on SharePoint 2010Michael Noel

TDNF Seminar

EmpowerID

Marcin Szałowicz - MySQL Workbench

Women in Technology Poland

Similar to Whada #yapcasia 2011 (20)

Tech Talk: CA Workload Automation Agent Monitor, Agents and Advanced Integrat...

Oracle database 12c_and_DevOps

Producing an OData feed in 10 minutes

Explore Advanced CA Release Automation Configuration Topics

Partner Ecosystem Showcase for Apache Ranger and Apache Atlas

SAP HANA SPS10- Security

PL/SQL All the Things in Oracle SQL Developer

What is direct access?

EAP-TLS

Turning Relational Database Tables into Hadoop Datasources by Kuassi Mensah

CIS14: Early Peek at PingFederate Administrative REST API

Cloud Foundry Cookbook: Recipes for a Successful Cloud Foundry Deployment in ...

Recipes for a successful production cloudfoundry deployment - CF Summit 2014

Oracle Data Integration CON9737 at OpenWorld

CA Service Virtualization 9.0—What's the Latest and Greatest

Select Star: Unified Batch & Streaming with Flink SQL & Pulsar

Denver ACE October 21st 2020

HAD05: Collaborating with Extranet Partners on SharePoint 2010

TDNF Seminar

Marcin Szałowicz - MySQL Workbench

Recently uploaded

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

Welocme to ViralQR, your best QR code generator.

ViralQR

Welcome to ViralQR, your best QR code generator available on the market! At ViralQR, we design static and dynamic QR codes. Our mission is to make business operations easier and customer engagement more powerful through the use of QR technology. Be it a small-scale business or a huge enterprise, our easy-to-use platform provides multiple choices that can be tailored according to your company's branding and marketing strategies. Our Vision We are here to make the process of creating QR codes easy and smooth, thus enhancing customer interaction and making business more fluid. We very strongly believe in the ability of QR codes to change the world for businesses in their interaction with customers and are set on making that technology accessible and usable far and wide. Our Achievements Ever since its inception, we have successfully served many clients by offering QR codes in their marketing, service delivery, and collection of feedback across various industries. Our platform has been recognized for its ease of use and amazing features, which helped a business to make QR codes. Our Services At ViralQR, here is a comprehensive suite of services that caters to your very needs: Static QR Codes: Create free static QR codes. These QR codes are able to store significant information such as URLs, vCards, plain text, emails and SMS, Wi-Fi credentials, and Bitcoin addresses. Dynamic QR codes: These also have all the advanced features but are subscription-based. They can directly link to PDF files, images, micro-landing pages, social accounts, review forms, business pages, and applications. In addition, they can be branded with CTAs, frames, patterns, colors, and logos to enhance your branding. Pricing and Packages Additionally, there is a 14-day free offer to ViralQR, which is an exceptional opportunity for new users to take a feel of this platform. One can easily subscribe from there and experience the full dynamic of using QR codes. The subscription plans are not only meant for business; they are priced very flexibly so that literally every business could afford to benefit from our service. Why choose us? ViralQR will provide services for marketing, advertising, catering, retail, and the like. The QR codes can be posted on fliers, packaging, merchandise, and banners, as well as to substitute for cash and cards in a restaurant or coffee shop. With QR codes integrated into your business, improve customer engagement and streamline operations. Comprehensive Analytics Subscribers of ViralQR receive detailed analytics and tracking tools in light of having a view of the core values of QR code performance. Our analytics dashboard shows aggregate views and unique views, as well as detailed information about each impression, including time, device, browser, and estimated location by city and country. So, thank you for choosing ViralQR; we have an offer of nothing but the best in terms of QR code services to meet business diversity!

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

The Future of Platform Engineering

Jemma Hussein Allen

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Bits & Pixels using AI for Good.........

Alison B. Lowndes

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Free Complete Python - A step towards Data Science

RinaMondal9

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Recently uploaded (20)

When stars align: studies in data quality, knowledge graphs, and machine lear...

FIDO Alliance Osaka Seminar: Overview.pdf

By Design, not by Accident - Agile Venture Bolzano 2024

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

UiPath Test Automation using UiPath Test Suite series, part 3

PHP Frameworks: I want to break free (IPC Berlin 2024)

Welocme to ViralQR, your best QR code generator.

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Introduction to CHERI technology - Cybersecurity

The Future of Platform Engineering

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Bits & Pixels using AI for Good.........

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Securing your Kubernetes cluster_ a step-by-step guide to success !

Assure Contact Center Experiences for Your Customers With ThousandEyes

Free Complete Python - A step towards Data Science

Leading Change strategies and insights for effective change management pdf 1.pdf

Epistemic Interaction - tuning interfaces to provide information for AI support

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Whada #yapcasia 2011

1. whada YAPC::Asia 2011 2011/10/15 tagomoris 2011 10 15

2. 2010/08 livedoor System Administration Group Develop Support Group 2011 10 15

3. 2011 10 15

4. what's WADA ? 2011 10 15

5. WADA Pass ( ) 2011 10 15

6. what's whada ? 2011 10 15

7. whada 'Whada Hits on the Advanced Dominant Authentication.' Multi-Protocol Authentication/Authorization Tool 2011 10 15

8. whada Multi-Protocol Authentication/Authorization Tool (Now, LDAP only... ) 2011 10 15

9. Why whada ? (1) Many internal web services requires authentication/authorization. Authentication per services: chaos management worry poor UI 2011 10 15

10. Why whada ? (2) Password dictionary is very sensitive and dangerous: new commers retired employees password changes 2011 10 15

11. Why NOT ActiveDirectory ? Managed by personnel department... We cannot : change data structures add attirubutes normalize values (!) add ACL rule (!) 2011 10 15

12. Why whada ? (3) We want to: add/drop new privilege definitions add/drop permission to/from anyone at anytime ignore password management use web centric authentication protocols 2011 10 15

13. whada authorization data source: by whada privilege store authentication data source: external data source (ex: LDAP) client access protocol: LDAP (OpenID/OAuth comming soon!) https://github.com/tagomoris/whada 2011 10 15

14. whada data Account: Account Name Privilege: Label for Authorization (ex: WHADA, BLOG, BLOG+ADMIN, ...) 2011 10 15

15. 2011 10 15

16. slapd perl backend Backend module runs in OpenLDAP Server (slapd) process specified Perl Module. database perl suffix "dc=wada,dc=intranet" perlModulePath /root/whada/lib perlModule Whada::SlapdBackendHandler 2011 10 15

17. 2011 10 15

18. What i should do next ? OpenID / OAuth Improved Admin UI Other password data source? (NIS? RDBMS?) Performance? 2011 10 15

19. Thank you! 2011 10 15

Whada #yapcasia 2011

Recommended

Recommended

More Related Content

Similar to Whada #yapcasia 2011

Similar to Whada #yapcasia 2011 (20)

More from SATOSHI TAGOMORI

More from SATOSHI TAGOMORI (20)

Recently uploaded

Recently uploaded (20)

Whada #yapcasia 2011