In this community call, we discuss mastering JWTs with WSO2 API Manager including
- Backend user authentication with JWT
- Backend JWT generation
- Best practices to validate JWT
- User-related claims in JWT
- JWT grant
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...WSO2
In this community call, we will discuss extending WSO2 API Manager's key management capabilities including:
- An overview of key manager connectors in WSO2 API Manager
- Implementing a custom key manager connector
- GUI features of the connectors for easier configuration
- Event-based token revocation
Resources:
- https://github.com/wso2-extensions/apim-km-auth0
Sign up to get notified of future calls: https://bit.ly/373f4ae
WSO2 API Manager Community Channels:
- Slack: https://apim-slack.wso2.com
- Twitter: https://twitter.com/wso2apimanager
GraphQL is a query language for APIs and a runtime for fulfilling those queries. It gives clients the power to ask for exactly what they need, which makes it a great fit for modern web and mobile apps. In this talk, we explain why GraphQL was created, introduce you to the syntax and behavior, and then show how to use it to build powerful APIs for your data. We will also introduce you to AWS AppSync, a GraphQL-powered serverless backend for apps, which you can use to host GraphQL APIs and also add real-time and offline capabilities to your web and mobile apps. You can follow along if you have an AWS account – no GraphQL experience required!
Level: Beginner
Speaker: Rohan Deshpande - Sr. Software Dev Engineer, AWS Mobile Applications
OpenAPI 3.0, And What It Means for the Future of SwaggerSmartBear
OpenAPI 3.0, which is based on the original Swagger 2.0 specification, is meant to provide a standard format to unify how an industry defines and describes RESTful APIs.
The release of OAS 3.0 marks a significant milestone in the growth of the API economy — bringing together collaborators from across industries, to evolve the specification to meet the needs of API developers and consumers across the world in an open and transparent manner.
We hosted a free Swagger training: OpenAPI 3.0, And What it Means for the Future of Swagger. More than 2,000 people signed up to learn more about the new specification, and to find out about what’s coming next for Swagger and SwaggerHub!
You can watch the full recording of the presentation here: https://swaggerhub.com/blog/api-resources/openapi-3-0-video-tutorial/
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Building Cloud-Native App Series - Part 2 of 11
Microservices Architecture Series
Event Sourcing & CQRS,
Kafka, Rabbit MQ
Case Studies (E-Commerce App, Movie Streaming, Ticket Booking, Restaurant, Hospital Management)
Extending WSO2 API Manager's Key Management Capabilities - WSO2 API Manager C...WSO2
In this community call, we will discuss extending WSO2 API Manager's key management capabilities including:
- An overview of key manager connectors in WSO2 API Manager
- Implementing a custom key manager connector
- GUI features of the connectors for easier configuration
- Event-based token revocation
Resources:
- https://github.com/wso2-extensions/apim-km-auth0
Sign up to get notified of future calls: https://bit.ly/373f4ae
WSO2 API Manager Community Channels:
- Slack: https://apim-slack.wso2.com
- Twitter: https://twitter.com/wso2apimanager
GraphQL is a query language for APIs and a runtime for fulfilling those queries. It gives clients the power to ask for exactly what they need, which makes it a great fit for modern web and mobile apps. In this talk, we explain why GraphQL was created, introduce you to the syntax and behavior, and then show how to use it to build powerful APIs for your data. We will also introduce you to AWS AppSync, a GraphQL-powered serverless backend for apps, which you can use to host GraphQL APIs and also add real-time and offline capabilities to your web and mobile apps. You can follow along if you have an AWS account – no GraphQL experience required!
Level: Beginner
Speaker: Rohan Deshpande - Sr. Software Dev Engineer, AWS Mobile Applications
OpenAPI 3.0, And What It Means for the Future of SwaggerSmartBear
OpenAPI 3.0, which is based on the original Swagger 2.0 specification, is meant to provide a standard format to unify how an industry defines and describes RESTful APIs.
The release of OAS 3.0 marks a significant milestone in the growth of the API economy — bringing together collaborators from across industries, to evolve the specification to meet the needs of API developers and consumers across the world in an open and transparent manner.
We hosted a free Swagger training: OpenAPI 3.0, And What it Means for the Future of Swagger. More than 2,000 people signed up to learn more about the new specification, and to find out about what’s coming next for Swagger and SwaggerHub!
You can watch the full recording of the presentation here: https://swaggerhub.com/blog/api-resources/openapi-3-0-video-tutorial/
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management).
And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Building Cloud-Native App Series - Part 2 of 11
Microservices Architecture Series
Event Sourcing & CQRS,
Kafka, Rabbit MQ
Case Studies (E-Commerce App, Movie Streaming, Ticket Booking, Restaurant, Hospital Management)
In this community call, we will discuss the highlights of WSO2 API Manager 4.0 including
- Why we moved from WSO2 API Manager 3.2.0 to 4.0.0.
- New architectural changes
- Overview of the new features with a demo
- Improvements to the existing features and deprecated features
Recording: https://youtu.be/_ks4zEeRFdk
Sign up to get notified of future calls: https://bit.ly/373f4ae
WSO2 API Manager Community Channels:
- Slack: https://apim-slack.wso2.com
- Twitter: https://twitter.com/wso2apimanager
Discussed the general OAuth2 features. Reviewer OAuth2 Roles and Grand Flows
Authorization code grant flow
Implicit grant flow
Resource owner password credentials grant flow
Client credentials grant flow
Reviewed access resource flow and token refresh.
see video: https://www.youtube.com/watch?v=UPsVD-A7gP0
Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in ProductionFIWARE
This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!
Presented by Nikola Vasilev on SkopjeTechMeetup 7.
Representational state transfer (REST) can be thought of as the language of the Internet. Now with cloud usage on the rise, REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. This talk will deliver more insight into the challenges on building and maintaining good and clean RESTful APIs.
Swagger is an open source software framework backed by
a large ecosystem of tools that helps developers
design, build, document and consume RESTful Web
services.
Building Cloud-Native App Series - Part 11 of 11
Microservices Architecture Series
Service Mesh - Observability
- Zipkin
- Prometheus
- Grafana
- Kiali
Building Cloud-Native App Series - Part 7 of 11
Microservices Architecture Series
Containers Docker Kind Kubernetes Istio
- Pods
- ReplicaSet
- Deployment (Canary, Blue-Green)
- Ingress
- Service
Spring Boot on Amazon Web Services with Spring Cloud AWSVMware Tanzu
SpringOne 2021
Session Title: Spring Boot on Amazon Web Services with Spring Cloud AWS
Speakers: Maciej Walkowiak, Software Consultant at Independent; Matej Nedic, Software engineer at Ingemark
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
Irfan Baqui, Senior Engineer at LunchBadger, breaks down the important role of the API Gateway in Microservices. Additionally, Irfan covers how to get started with Express Gateway, an open source API Gateway built entirely on Express.js. Originally presented at the San Francisco Node Meetup.
Building Cloud-Native App Series - Part 4 of 11
Microservices Architecture Series
NoSQL vs SQL
Redis, MongoDB, AWS DynamoDB
Big Data Design Patterns
Sharding, Partitions
In this community call, we will discuss the highlights of WSO2 API Manager 4.0 including
- Why we moved from WSO2 API Manager 3.2.0 to 4.0.0.
- New architectural changes
- Overview of the new features with a demo
- Improvements to the existing features and deprecated features
Recording: https://youtu.be/_ks4zEeRFdk
Sign up to get notified of future calls: https://bit.ly/373f4ae
WSO2 API Manager Community Channels:
- Slack: https://apim-slack.wso2.com
- Twitter: https://twitter.com/wso2apimanager
Discussed the general OAuth2 features. Reviewer OAuth2 Roles and Grand Flows
Authorization code grant flow
Implicit grant flow
Resource owner password credentials grant flow
Client credentials grant flow
Reviewed access resource flow and token refresh.
see video: https://www.youtube.com/watch?v=UPsVD-A7gP0
Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in ProductionFIWARE
This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!
Presented by Nikola Vasilev on SkopjeTechMeetup 7.
Representational state transfer (REST) can be thought of as the language of the Internet. Now with cloud usage on the rise, REST is a logical choice for building APIs that allow end users to connect and interact with cloud services. This talk will deliver more insight into the challenges on building and maintaining good and clean RESTful APIs.
Swagger is an open source software framework backed by
a large ecosystem of tools that helps developers
design, build, document and consume RESTful Web
services.
Building Cloud-Native App Series - Part 11 of 11
Microservices Architecture Series
Service Mesh - Observability
- Zipkin
- Prometheus
- Grafana
- Kiali
Building Cloud-Native App Series - Part 7 of 11
Microservices Architecture Series
Containers Docker Kind Kubernetes Istio
- Pods
- ReplicaSet
- Deployment (Canary, Blue-Green)
- Ingress
- Service
Spring Boot on Amazon Web Services with Spring Cloud AWSVMware Tanzu
SpringOne 2021
Session Title: Spring Boot on Amazon Web Services with Spring Cloud AWS
Speakers: Maciej Walkowiak, Software Consultant at Independent; Matej Nedic, Software engineer at Ingemark
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
Irfan Baqui, Senior Engineer at LunchBadger, breaks down the important role of the API Gateway in Microservices. Additionally, Irfan covers how to get started with Express Gateway, an open source API Gateway built entirely on Express.js. Originally presented at the San Francisco Node Meetup.
Building Cloud-Native App Series - Part 4 of 11
Microservices Architecture Series
NoSQL vs SQL
Redis, MongoDB, AWS DynamoDB
Big Data Design Patterns
Sharding, Partitions
Using JSON Web Tokens for REST Authentication Mediacurrent
This session will provide an introduction to JSON Web Tokens (JWT) (https://jwt.io/introduction/), advantages over other authentication methods, and how to use it to authenticate requests to Drupal REST resources. After this session, attendees will have a better understanding of how JWTs work and will be able to set up and use JWT for authenticating REST requests in Drupal.
You know Apigee Edge does OAuth. But what about JWT? These slides will take a deep dive into working demonstrations of our advanced security features, including:
- how Edge can generate or validate JWT
- how to generate or validate JWS signatures
- how to encrypt and decrypt using JWE
This is my first public speech about way to secure your API. Interective presentation you could find here - https://sergeypodgornyy.github.io/oauth-webbylab-presentation/
Security is something you want to get right. If you need to secure an API right now, I imagine you are worrying about how, exactly, to do it. It is to my surprise that JSON Web Tokens is a topic not often talked about, and I think it deserves to be in the spotlight today. We will see how easy it is to integrate it in an API authentication mechanism. If you want simple stateless HTTP authentication to an API, then JWT is just fine and relatively quick to implement. But JWT is a simple authentication protocol, OAuth is an authentication framework, that enables a third-party application to obtain limited access to an HTTP service. OAuth is a simple way to publish and interact with protected data. It's also a safer and more secure way for people to give you access.
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
APIsecure - April 6 & 7, 2022
APIsecure is the world’s first conference dedicated to API threat management; bringing together breakers, defenders, and solutions in API security.
Why Assertion-based Access Token is preferred to a Handle-based one?
Yoshiyuki Tabata, Software Engineer at Hitachi
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
apidays Helsinki & North 2023
API Ecosystems - Connecting Physical and Digital
June 5 & 6, 2023
API authorization with Open Policy Agent
Anders Eknert, Developer Advocate at Styra
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
[Webinar] WSO2 API Microgateway with Okta as Key ManagerWSO2
API security is increasingly becoming a vital aspect of modern API-driven, digital transformation business use cases. Implementing a robust security mechanism for APIs is a challenging task which every organization has to undergo when exposing their APIs to the public.
Usually, API management solutions come with their own key management capabilities to handle API security. However, when an organization already has an Identity Provider that is capable of key management, they usually prefer to use the same to handle API security as well. Therefore, an API gateway’s ability to connect to 3rd party Key Managers to handle API security is very important.
By attending this webinar, you will gain hands-on experience on how WSO2 API Microgateway can be leveraged to use 3rd party key management services to secure your microservices.
- Principles of API security with WSO2 Microgateway
- API authentication flow in WSO2 Microgateway for both JWT and reference access tokens
- Configuring Okta as the key manager for WSO2 Microgateway
- Using Okta and WSO2 API Manager to leverage API authentication with subscription validation
- Live demo
On-demand webinar: https://wso2.com/library/webinars/wso2-api-microgateway-with-okta-as-key-manager/
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
It gives an overview about the WebRTC Identity and Security model, and our in-place SAML based Identity Federations. It gives detailed description about the combination and integration possibilities and difficulties. Demonstrating the integration with an example web application.
https://youtu.be/aeXaWDNU_sg
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
At its core, the challenge of managing Human Resources data is an integration challenge: estimates range from 2-3 HR systems in use at a typical SMB, up to a few dozen systems implemented amongst enterprise HR departments, and these systems seldom integrate seamlessly between themselves. Providing a multi-tenant, cloud-native solution to integrate these hundreds of HR-related systems, normalize their disparate data models and then render that consolidated information for stakeholder decision making has been a substantial undertaking, but one significantly eased by leveraging Ballerina. In this session, we’ll cover:
The overall software architecture for VHR’s Cloud Data Platform
Critical decision points leading to adoption of Ballerina for the CDP
Ballerina’s role in multiple evolutionary steps to the current architecture
Roadmap for the CDP architecture and plans for Ballerina
WSO2’s partnership in bringing continual success for the CD
The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.
Platformless Horizons for Digital AdaptabilityWSO2
In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.
Quantum computers are rapidly evolving and are promising significant advantages in domains like machine learning or optimization, to name but a few areas. In this keynote we sketch the underpinnings of quantum computing, show some of the inherent advantages, highlight some application areas, and show how quantum applications are built.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
6. Overview of JWT
● JSON Web Token (JWT) is used to represent claims that are transferred between two parties, such as the
end-user and the backend.
● The JWT Claims Set represents a JSON object whose members are the claims conveyed by the JWT.
When should you use JSON Web Tokens?
● Authentication: This is the most common scenario for using JWT. Once the user is logged in, each
subsequent request will include the JWT, allowing the user to access routes, services, and resources that
are permitted with that token.
● Information Exchange: JSON Web Tokens are a good way of securely transmitting information between
parties.
6
7. How Do JSON Web Tokens Work?
Browser Server
1. POST/user/login with username and password
3. Return the JWT to the browser
4. Send the JWT on the authorization header
6. Sends response to the client
2. Creates a JWT with a secret
5. Check JWT signature
Get user information from the
JWT
7
9. ● The token is a long string, divided into different parts separated with dots, and each part is base64
encoded.
● If the token is signed it will have three sections:
⦿ header
⦿ payload
⦿ signature
● If the token is encrypted it will consist of five parts:
⦿ header
⦿ encrypted key
⦿ initialization vector
⦿ ciphertext (payload)
⦿ authentication tag
9
Best Practices When Validating JWT
10. ● Algorithm
⦿ The JWA RFC lists all available algorithms that can be used to sign or encrypt JWTs
⦿ The most recommended algorithm is ES256 although still the most popular one is
RS256
● Validate the token
⦿ Always validate an incoming JWT
⦿ If using the implicit flow, and the token is sent back to the client by means of a
redirect URI
10
Best Practices When Validating JWT
11. ● Symmetric signing
⦿ Try to avoid using symmetric signing
⦿ If, for some reason, you have to use symmetric signing try to use ephemeral secrets,
which will help increase security
● Signature
⦿ The signature is used to sign not only the payload of the token but also the header
⦿ Signatures require keys or certificates to be properly validated
11
Best Practices When Validating JWT
12. ● Do not use JWTs for sessions
⦿ JWTs were never considered for use with sessions, and using them in such a way
may actually lower the security of your applications
● Make sure tokens are used as intended
⦿ JWTs can be used as Access Tokens or ID Tokens
● Always check the issuer and the audience
⦿ Be sure that it has been issued by someone you expected to issue it
⦿ The server should expect that the token has been issued for an audience, which the
server is part of
12
Best Practices When Validating JWT
14. Backend JWT Generation
● If you enable JWT generation in WSO2 API Manager, each API request will carry a JWT to
the back-end service
● The JWT is appended as a transport header to the outgoing message
● The back-end service fetches the JWT and retrieves the required information about the
user, application, or token
● You can pass additional attributes to the backend with the JWT or completely change the
default JWT generation logic
● You can change the existing functionality of retrieving end-user related claims to the JWT
15. Enable Backend JWT Generation
● There are some elements that can be configured. If you do not configure these
elements, they take their default values.
⦿ apim.jwt.enable
⦿ apim.jwt.header
⦿ apim.jwt.enable_user_claims
⦿ apim.jwt.claims_extractor_impl
⦿ apim.jwt.claim_dialect
⦿ apim.jwt.convert_dialect
⦿ apim.jwt.signing_algorithm
⦿ apim.jwt.gateway_generator.impl
⦿ apim.jwt.gateway_generator.excluded_claims
15
16. Customizing the User-related Claims in Backend JWT
● Write your own Claim Retriever
implementation by implementing
org.wso2.carbon.apimgt.impl.t
oken.ClaimsRetriever class
● Sample Custom Claim Retriever:
https://github.com/wso2/samples-api
m/blob/master/CustomJWTGenerator/
src/main/java/org/wso2/carbon/test/C
ustomClaimRetriever.java
16
17. Build and Deploy
● Build the project with maven
mvn clean install
● Build the class and copy the jar to <API-M_HOME>/repository/components/lib directory
where the node works as the Key Manager node
● Set the apim.jwt.claims_extractor_impl to your class name
[apim.jwt]
enable_user_claims = true
claims_extractor_impl = "org.wso2.carbon.test.CustomClaimRetriever"
● Start WSO2 API Manager server
./wso2server.sh or wso2server.bat
17
19. 19
JWT contains three parts that are separated by dots ".":
● header
● payload
● signature
header.payload.signature
Sample Header:
JWT Grant
20. 20
The payload contains the following claims:
● iss - Identifies the identity provider that issued the JWT
● sub - Identifies the entity that issued the JWT vouches
● aud - Identifies the authorization server as an intended audience
● exp - Limits the time window during which the JWT can be used
● nbf - Forces a JWT to be used only after a specified time
● iat - Identifies the time at which the JWT was issued
● jti - Provides a unique identifier for the token
● Custom claims — This is the extension point of the JWT specification
JWT Grant - Payload
22. Signature = sign(encodeBase64(header) + '.' + encodeBase64(payload))
assertion = encodeBase64(header) + '.' + encodeBase64(payload) + '.' +
encodeBase64(signature)
If you want to disable the JWT Bearer grant type in the APIM instance, add the following entry to the
deployment.toml file in the <APIM_HOME>/repository/conf/ folder.
[oauth.grant_type.jwt_bearer]
enable = false
Signature
23. Generate JWT Bearer Grant
● Configuring the JWT grant
⦿ Obtain a JWT from an external Identity Provider
⦿ Configure an Identity Provider and a Service Provider in WSO2 API Manager
● Using the JWT grant
⦿ Obtain a JWT from the service provider
⦿ Retrieve the access token from WSO2 API Manager for the generated JWT in the previous
step
23
26. More Info
● How to write a custom JWT generator for WSO2 API Manager
https://www.youtube.com/watch?v=VZ0UER0DR6s
● Best practices to validate JWT
https://curity.io/resources/architect/api-security/jwt-best-practices/
● User-related claims in JWT
https://apim.docs.wso2.com/en/latest/learn/api-gateway/passing-end-user-attributes-to-the-backend/pa
ssing-enduser-attributes-to-the-backend-using-jwt/#customizing-the-user-related-claims-in-jwt
● JWT grants
https://apim.docs.wso2.com/en/latest/learn/api-security/oauth2/grant-types/jwt-grant/#jwt-grant
26
28. 28
Next Session
● Thursday, March 25, 2021
● Click on the community call page link to get notified of the next call or submit
your topic suggestions
⦿ Page - https://wso2.com/community/api-management/#CommunityCall
● You can join our ongoing conversations on WSO2 API Manager using the following
channels
⦿ Slack invite - apim-slack.wso2.com
⦿ Twitter - @wso2apimanager
⦿ Email - dev@wso2.org
● You can find out more about our product by visiting
⦿ YouTube - bit.ly/api-life
⦿ Website - WSO2
28