Profesia, Lynx Group, presenta la terza puntata di masterclass sulla tecnologia WSO2 di cui è Distributore esclusivo per l'Italia.
Autenticazione e autorizzazione, riconoscimento e abilitazione all'accesso. L'Identity server è uno strumento in grado di gestire l'autenticazione dei vostri utenti, interni ed esterni , di gestire le sessioni di login e di effettuare autenticazioni mirate al contesto applicativo. È consigliabile prediligere sempre un prodotto on-premise o in cloud compatible GDPR che supporta protocolli SAML e oAuth2 e permette la federazione con i maggiori IDP social.
Se stai pensando a una trasformazione digitale per evolvere verso un business agile scrivi a contact@profesia.it e parla con uno dei nostri esperti
This document introduces the business problems of user life-cycle management: slow and complex onboarding; redundant administration effort; slow and unreliable deactivation; excess security entitlements and inconsistent user profile data. It then describes how Hitachi ID Identity Manager addresses these problems using streamlined business processes built on integrated technology. Finally, the benefits of enabling automation and self-service to improve user and security management processes are described.
Evolveum: All you need to know about identity & access managementEvolveum
On these 15 slides, we will explain you what identity & access management is, how it is used and we will also mention 4 major categories of IAM components.
Identity Management for the 21st Century IT MissionCA API Management
The 21st century mission is dependent on providing secure and agile access to information across an increasing range of stakeholders, both internal and external to your agency. This comes amidst evolving IT missions, budget challenges, a complete IT compliance landscape and an increased need for rapidly deployable and flexible solutions.
This webinar explores integrated identity management solutions and real life use case examples.
Presented By
• Stephanie McVitty - Account Manager, Compsec
• Paul Grassi - Vice President of Federal Programs, Sila Solutions Group
• Jim Rice - Vice President of Federal, Layer 7
• Dieter Schuller - VP of Sales, Radiant Logic
• Phil McQuitty - Director of Systems Engineering, Sailpoint
• Gerry Gebel - President, Axiomatics Americas
This document introduces the business problems of user life-cycle management: slow and complex onboarding; redundant administration effort; slow and unreliable deactivation; excess security entitlements and inconsistent user profile data. It then describes how Hitachi ID Identity Manager addresses these problems using streamlined business processes built on integrated technology. Finally, the benefits of enabling automation and self-service to improve user and security management processes are described.
Evolveum: All you need to know about identity & access managementEvolveum
On these 15 slides, we will explain you what identity & access management is, how it is used and we will also mention 4 major categories of IAM components.
Identity Management for the 21st Century IT MissionCA API Management
The 21st century mission is dependent on providing secure and agile access to information across an increasing range of stakeholders, both internal and external to your agency. This comes amidst evolving IT missions, budget challenges, a complete IT compliance landscape and an increased need for rapidly deployable and flexible solutions.
This webinar explores integrated identity management solutions and real life use case examples.
Presented By
• Stephanie McVitty - Account Manager, Compsec
• Paul Grassi - Vice President of Federal Programs, Sila Solutions Group
• Jim Rice - Vice President of Federal, Layer 7
• Dieter Schuller - VP of Sales, Radiant Logic
• Phil McQuitty - Director of Systems Engineering, Sailpoint
• Gerry Gebel - President, Axiomatics Americas
This reference architecture outlines a general solution for a centralized Identity Management (IdM) system without
committing itself to any specific business needs.
Sailpoint Training is an innovative identity management solution. Best Sailpoint IdentityIQ Online Training gives sailpoint 7.1 version & corporate training
Summary of Quest One IAM solutions that address core Federal Identity Credentialing and Access Management (FICAM) suggested framework to meet the various challenges of both the DOD and Federal Civilian Agencies.
Cybersecurity Identity and Access Management applies to the security architecture and disciplines for digital identity management. It governs the duties and access rights shared with individual customers and the conditions under which such privileges are permitted or refused.
The leading players have adopted competitive strategies such as acquisition, product launch and agreement in order to strengthen their market presence. For instance, in 2015, Sailpoint Technologies, Inc. acquired Whitebox Security, which would help the company to manage unstructured data. In 2014, IBM acquired two IAM firms, Lighthouse Security Group and CrossIdeas to expand and enhance its identity and access management (IAM) offerings.
SAP Identity Management helps companies centrally manage their user accounts (identities) in a complex system landscape, including both SAP and non-SAP systems. More information: http://scn.sap.com/community/idm.
SSO IN/With Drupal and Identitiy ManagementManish Harsh
This presentation is a result of research and evaluation for SSO and IDM majorly focused to Drupal CMS.
Enterprises, corporations and companies with multiple web properties are struggling to provide a better user experience and offer a single "corporate ID" and "Password" as the key for all.
This single ID should be used across all the properties and corporations should still be able to manage the access level and permission of the respective user based on the grants assigned to this ID in each web property.
Distributed architectures make security difficult. JWT, OAuth2 and OIDC are standards that help in securing microservices. Microservices are deployed as containers. So container security too is critical to secure microservices. Learn how to holistically secure microservices.
This reference architecture outlines a general solution for a centralized Identity Management (IdM) system without
committing itself to any specific business needs.
Sailpoint Training is an innovative identity management solution. Best Sailpoint IdentityIQ Online Training gives sailpoint 7.1 version & corporate training
Summary of Quest One IAM solutions that address core Federal Identity Credentialing and Access Management (FICAM) suggested framework to meet the various challenges of both the DOD and Federal Civilian Agencies.
Cybersecurity Identity and Access Management applies to the security architecture and disciplines for digital identity management. It governs the duties and access rights shared with individual customers and the conditions under which such privileges are permitted or refused.
The leading players have adopted competitive strategies such as acquisition, product launch and agreement in order to strengthen their market presence. For instance, in 2015, Sailpoint Technologies, Inc. acquired Whitebox Security, which would help the company to manage unstructured data. In 2014, IBM acquired two IAM firms, Lighthouse Security Group and CrossIdeas to expand and enhance its identity and access management (IAM) offerings.
SAP Identity Management helps companies centrally manage their user accounts (identities) in a complex system landscape, including both SAP and non-SAP systems. More information: http://scn.sap.com/community/idm.
SSO IN/With Drupal and Identitiy ManagementManish Harsh
This presentation is a result of research and evaluation for SSO and IDM majorly focused to Drupal CMS.
Enterprises, corporations and companies with multiple web properties are struggling to provide a better user experience and offer a single "corporate ID" and "Password" as the key for all.
This single ID should be used across all the properties and corporations should still be able to manage the access level and permission of the respective user based on the grants assigned to this ID in each web property.
Distributed architectures make security difficult. JWT, OAuth2 and OIDC are standards that help in securing microservices. Microservices are deployed as containers. So container security too is critical to secure microservices. Learn how to holistically secure microservices.
As the industry’s first enterprise identity bus (EIB), WSO2 Identity Server is the central backbone that connects and manages multiple identities across applications, APIs, the cloud, mobile, and Internet of Things devices, regardless of the standards on which they are based. The multi-tenant WSO2 Identity Server can be deployed directly on servers or in the cloud, and has the ability to propagate identities across geographical and enterprise borders in a connected business environment.
EduID Mobile App - Use-Cases, Concepts and ImplementationChristian Glahn
This presentation describes the token-agent implementation for openID Connect for authenticating native mobile apps provided by third parties. It presents a standards-based working solution for integrating loosely coupled native apps into a trust federation using. This allows for deeper integrated authentication services on Android and iOS without violating app-store policies.
This presentation has been part of the EduID Mobile App workshop at SWITCH on 25 Apr. 2017.
Thanks to Christoph Graf (SWITCH), Riccardo Mazza (USI), Michael Hausherr (FHNW), Goran Josic (USI), and Yann Cuttaz (USI).
Financial Event Sourcing at Enterprise Scaleconfluent
For years, Rabobank has been actively investing in becoming a real-time, event-driven bank. If you are familiar with banking processes, you will understand that this is not simple. Many banking processes are implemented as batch jobs on not-so-commodity hardware, meaning that any migration effort is immense.
*Find out how Rabobank redesigned Rabo Alerts while continuing to provide a robust and stable alert system for its existing user base
*Learn how the project team managed to achieve a balance between the need to decentralise activity while not losing control
*Understand how Rabobank re-invented a reliable service to meet modern customer expectations
Oauth 2.0 Introduction and Flows with MuleSoftshyamraj55
Learn about the basics of OAuth 2.0 and the different OAuth flows in this introductory video. Understand how OAuth works and the various authorization mechanisms involved.
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIsWSO2
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
Businesses today are rapidly moving from being service enabled to being API enabled. Moving into the world of APIs brings together its own set of complexities and challenges that are tough to tackle. API security, performance, scalability, monitoring and notifications are key areas to be focusing your engineering efforts on. The WSO2 Carbon platform is a complete open source enterprise middleware platform which includes products catering to your various different enterprise needs.
This talk will focus on leveraging the extensive feature set and extensible nature of the WSO2 platform to secure, monitor and monetize your APIs. It will also touch upon some of WSO2’s experiences with customers in building API ecosystems that suit modern day enterprises.
Presenter:
Nuwan Dias
Technical Lead,
WSO2
Identity Management with the ForgeRock Identity Platform - So What’s New?ForgeRock
It’s no secret that Identity Management is a key component to any modern identity solution. Organizations need to easily provision, de-provision and perform synchronization & reconciliation tasks across not just users, but devices and things as well. The future of Identity Management will require the unique flexibility of a service based approach with custom configurable administrative and self-service capabilities that can handle any kind of Identity. Find out more about how all forms of identity (business, consumer and device) can by centralized, normalized, coordinated and managed by policy - and automated to ensure a consistent experience that complies with regulations and policies. Discover how ForgeRock can help you deliver Identity Management the right way to your customers, partners and employees.
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
Five Things You Gotta Know About Modern IdentityMark Diodati
Modern identity supports the new world built on device-independent, location-anywhere access. New-school provisioning and authentication are requiremed. Its protocols are increasingly built upon frameworks like REST and JSON; examples include SCIM, OAuth OpenID Connect and FIDO. Modern identity leverages IDaaS and identity bridges to manage users and applications across the hybrid cloud.
Similar to #3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le identità digitali (20)
In questa sessione ci concentriamo sul concetto di Total Experience e su come oggi le dinamiche che ruotano attorno ai dipendenti e ai clienti si intrecciano verso un nuovo concetto di Brand Awareness.
Migliorare la onboarding dei dipendenti grazie all'utilizzo di strumenti di Digital Adoption Platform vuol dire contribuire a migliorare retention e produttività.
I vantaggi per le organizzazioni sono molteplici:
👩🏫 Formazione tradizionale VS 👨💻 #Selflearning
🚂 Learning curve VS digital Onboarding 💹
🐢Lentezza VS Agilità 🐍
Scrivici - sales@profesia.it - per scoprire come una DAP può aiutare i tuoi colleghi in #smartworking a integrarsi facilmente nelle dinamiche aziendali
3.TIC TAC TECH: Gartner - Gestire il debito tecnico dell'architettura ITProfesia Srl, Lynx Group
Il debito tecnico dell'architettura IT è quel tipo di debito tecnico causato da una deriva architetturale derivata da decisioni non ottimali, violazioni dell'architettura del prodotto target definito e anche da best practice architetturali di settore e da compromessi architettonici adottati per velocizzare la software delivery.
In questo talk commentiamo il report di Gartner dedicato a questo tema.
Per scoprire come modernizzare il vostro IT e risolvere il debito scrivete a sales@profesia.it
2. Guidare il futuro, l'approccio di WSO2 Italia alle tendenze tecnologiche e...Profesia Srl, Lynx Group
Nella seconda puntata di TIC TAC TECH vedremo dove ci troviamo e dove siamo diretti in termini di tecnologie emergenti. Matteo, CTO di Profesia ci darà degli input su quali tendenze tecnologiche emergenti sono da cavalcare, per cogliere potenzialità e vantaggi in un Business digitale moderno che si evolve continuamente.
Guidare il futuro: l'approccio di WSO2 Italia.
Scrivi a sales@profesia.it per conoscere i nostri esperti
1. Nella prima puntata TIC TAC TECH 2024 analizzeremo il 9° Report di Sonatype sul mondo Open Source e sulla sicurezza della catena di fornitura del software. Scarica il report completo sul sito di Sonatype o scrivi a info@profesia.it per mettere in sicurezza il tuo patrimonio Open Source
Profesia e Newired presentano un webinar che racconta come è possibile rivoluzionare il vostro processo di creazione dei contenuti del vostro sito web, consentendovi di semplificare concetti complessi, snellire i flussi di lavoro e fornire istruzioni passo-passo che coinvolgano e responsabilizzino realmente i vostri utenti.
In questo webinar di 30 minuti vedrai:
- best practice sulla DAS;
- consigli pratici;
- esempi reali che dimostrano come Newired possa elevare i vostri contenuti a nuovi livelli di chiarezza ed efficacia.
Vuoi provare Newired sulla tua applicazione? Scrivi a sales@profesia.it per una POC
In Estra la Digital Transformation parte dalla User Experience del ClienteProfesia Srl, Lynx Group
Per rispondere alle esigenze di business che nel tempo hanno richiesto sempre più un approccio efficiente e rapido nella gestione dei servizi, abbiamo installato un’infrastruttura che chi ha consentito di integrare la App mobile di Estra con il gestionale aziendale. La suite WSO2 è stata la chiave che ci ha permesso di velocizzare lo sviluppo delle nostre App Web e Mobile, migliorare la sicurezza e l’esperienza dei clienti.
Intervento di Manuel Cesarini, Estra Spa.
Per maggiori informazioni puoi scrivere a sales@profesia.it
Nello speech Michelangelo Simonazzi racconta come un’integrazione tra sistemi omnicanale, stores, WMS, marketplace in ambienti internazionali permette una riduzione del time-to-market ed una standardizzazione delle procedure operative.
Intervento di Michelangelo Simonazzi, Gianvito Rossi.
Per maggiori informazioni puoi scrivere a sales@profesia.it
Nell’intervento Stefano Olivotto di Crédit Agricole Italia ha illustrato la sua esperienza nell’adozione di uno strumento di API management e di un processo di gestione delle API, con una particolare focalizzazione su metodologia di adozione, sulle principali sfide indirizzate e un verticale sul livello di automazione raggiunto mediante l’adozione di tecniche di DevOps.
Per maggiori informazioni scrivi a sales@profesia.it
Evoluzioni nel mondo delle API
Matteo Bordin, CTO di Profesia, Lynx Group, ci racconta in che modo l'AI può aiutare nell'esposizione di servizi digitali per una esperienza utente positiva.
Per maggiori informazioni scrivi a sales@profesia.it
WSO2 ITALIA SMART TALK #10 - Interoperability nelle utility, un caso realeProfesia Srl, Lynx Group
Nella decima puntata di WSO2 ITALIA SMART TALK 2023 - Alessio e Daniele ci raccontano alcuni casi d'uso di interoperabilità attualmente utilizzati in ambito Utility.
Vuoi conoscere Profesia e il nostro approccio orientato al Business Digitale? Scrivi a sales@profesia.it per fissare un appuntamento
WSO2 ITALIA SMART TALK 2023 - Gabriele ci mostra come installare WSO2 in AWS.
Vuoi conoscere Profesia e il nostro approccio orientato al Business Digitale? Scrivi a sales@profesia.it e fissiamo un appuntamento
WSO2 SMART TALK 2023 #2 Novità di WSO2 Identity Server
Nel secondo appuntamento di WSO2 smart talk 2023 Matteo ci racconta tutte le novità di WSO2 Identity Server 6.2. Per ulteriori informazioni scrivete a sales@profesia.it
Leo Antonaccio ci racconta un tipico caso d'uso di implementazione di WSO2 IDENTITY SERVER con SPID.
In questo talk ci rivolgiamo non solo alle PA ma a qualsiasi organizzazione interscambi informazioni con la PA.
Vuoi conoscere Profesia?
Scrivi a sales@profesia.it per conoscere il nostro approccio: smart, collaudato, efficace
WSO2 ITALIA SMART TALK 2023 #8
ASYNCHRONOUS API. STREAMING AND EVENT DRIVEN ARCHITECTURE.
Unisciti al Gruppo Linkedin WSO2 ITALIA CLUB e scopri come avere un digital business di successo.
Scrivi a sales@profesia.it per conoscere Profesia, polo innovativo del Gruppo Lynx
WSO2 ITALIA SMART TALK #6 - Autenticazione User Centric: Identità digitaleProfesia Srl, Lynx Group
L'esposizione di dati e/o servizi attraverso la progettazione di API non deve solo tenere conto del dato che viene esposto, quanto piuttosto dell'utilizzo che l'utente farà di quel dato.
Per questo motivo la progettazione di una qualsiasi infrastruttura è bene che sia svolta partendo dalle esigenze dell'utente finale (user centred), occorre quindi chiesersi come l'usere interagirà con il prodotto in modo da poter implementare un applicativo semplice da usare così da ridurre al minimo il periodo di formazione dell'utente stesso all'utilizzo del prodotto.
WSO2 Identity Server pone l'attenzione nella gestione degli utenti finali come soggetti distinti tra di loro e con differenti peculiarità, aiutando gli amministratori della piattaforma applicativa nell'on-boarding e nella gestione degli stessi.
Scrivi a sales@profesia.it per conoscere come rendere la gestione delle identità digitali un fattore di successo
WSO2 ITALIA SMART TALK #5 - APIFICATION: OPPORTUNITÀ DELLE ORGANIZZAZIONI MOD...Profesia Srl, Lynx Group
APIfication, con questo termine sempre più "di moda" identifichiamo uno strumento che consente di valorizzare maggiormente le API, rendendo disponibili funzionalità e dati come servizio, lo riteniamo sempre più importante, in un'ottica di digital transformation, soprattutto in area banking e finance.
Un approccio più moderno all’integrazione API riduce il time-to-market, velocizza l'adozione di nuove tecnologie e crea nuovi flussi di entrate, aumentando la crescita dei ricavi.
L'APIfication può aiutare a creare con più facilità offerte integrate di vendita e marketing con i partner e a fornire prodotti e servizi più velocemente. In questo appuntamento numero 5 di WSO2 ITALIA SMART TALK ti raccontiamo come evolvere il vostro business! Scrivi a sales@profesia.it per conoscere i numerosi progetti di successo
In questo appuntamento con WSO2 SMART TALK, il nostro partner WSO2 ci racconta il caso di successo di Telefonica (O2) Germany e la sua strategia di APIfication. Scopri come monetizzare le tue API e offrire un'esperienza di navigazione user centric ai tuoi clienti. Scrivi a sales@profesia.it per iniziare subito
In questa prima puntata di WSO2 Smart Talk 2023 Matteo ci farà esplorare WSO2 API Manager 4.1.0 raccontandoci principali use cases, caratteristiche dell'ultima versione e anche accenni a versioni future
Nell'ambito dell'iniziativa #PAnontidemo_webinar, ciclo di eventi e iniziative dedicati alla Pubblica Amministrazioni italiana, Emerasoft e Profesia presentano weModI, la soluzione per l'interoperabilità delle PA conforme alle normative AgID (ModI & PDND).
Negli ultimi anni le Amministrazioni Pubbliche sono chiamate a interscambiare informazioni attraverso le API. Questo processo si è reso necessario per rendere standard il processo di interoperabilità tra gli enti sul territorio italiano.
WSO2 è la soluzione 100% Open Source e leader di mercato in grado di aiutare il Management di un ente (pubblico o privato) nel processo di manutenzione ed evoluzione delle API. Il percorso tracciato da WSO2 risponde puntualmente alle esigenze degli utenti finali e nel caso della Pubblica Amministrazione, che rappresenta uno dei principali utilizzatori della piattaforma, viene messa a disposizione l'estensione weModI, che rende WSO2 API Manager conforme ai pattern definiti da AgID.
Gli utenti hanno così la possibilità di pubblicare e sottoscrivere API aderenti ai pattern ModI in modo semplice e sicuro, avviando un percorso di collaborazione e monetizzazione che assicura trasparenza e rapidità nell'interoperabilità con altri enti nazionali ed europei secondo quello che è già noto come Interoperable Europe Act.
Se sei una PA alle prese con PDND contattaci! Scrivi a sales@profesia.it o chiamaci allo 0110120371
Con weModI le Pubbliche Amministrazioni Italiane sono compliant al modello di interoperabilità definito da AgID.
weModI (WSO2 Enterprise Modi) è un’estensione WSO2 che abilita sia in Otbound sia in Inbound l’integrazione dei Pattern ModI e PDND.
Scrivi a sales@profesia.it per saperne di più
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
#3 Wso2 masterclassitalia - wso2 Identity Server: must-have per gestire le identità digitali
1.
2. Iscriviti al gruppo Linkedin WSO2 Italia per entrare nella community italiana,
conoscere la tecnologia WSO2 e condividere strategie di integrazione e use cases
3. WSO2 API Manager
Addresses full API lifecycle management
operations. Open, extensible, customizable.
WSO2 Enterprise Integrator
Hybrid integration platform for quick,
iterative integration of any application,
data, or system.
WSO2 Identity Server
Federates and manages identities across
both cloud service and enterprise
environments.
WSO2 Technology
WSO2 Open Banking
A purpose-built technology platform for
global open banking.
WSO2 Open Healthcare
Towards greater interoperability with a
proven integration platform and FHIR®
.
WSO2 Strategic Consulting
Streamline your business objectives and
rapidly achieve key results.
Together, with hundreds of the world’s largest corporations, leading universities, and governments, we execute in excess of
6 trillion transactions, expose more than 200,000 APIs, and manage over 100 million identities every single year.
6. WSO2 Identity & Access Management
The WSO2 Identity Server is the #1 open source
IAM product with comprehensive capabilities
for identity federation, strong customer
authentication, adaptive access control and API
security.
Highlights:
❖ Comprehensive identity federation, single
sign-on & global sign-off capabilities
❖ Extensive set of adaptive access control
capabilities
❖ Comprehensive API and Microservices
Security
❖ Open, extensible architecture for unique
business needs; rich connector ecosystem
❖ Container-friendly deployments
7. High-level Capability Breakdown
Identity Federation and SSO
Identity Bridging
Strong and Adaptive Access Control
Identity Provisioning and Administration
Authorization
API & Microservice Security
Consent Management
9. Identity Federation & Single Sign-On (SSO)
❖ Business users need access to multiple heterogeneous applications.
➢ Cloud and on-premises applications
➢ Consumers, enterprise customers, partners, workforce applications
➢ Web, mobile web, mobile native, SaaS, IoT device applications
❖ Single Sign-On and Single Logout across identity federation protocols
➢ Claim and Role transformation
➢ Standard identity federation protocols
10. Federation with Identity Providers
❖ Provide access to users from trusted internal identity providers (B2E)
❖ Provide access to partners or customers from trusted external identity providers (B2B)
➢ Example: Authenticate users in ADFS to Salesforce
❖ Provide social login/sign-up for your consumer websites (B2C)
❖ The same set of standard identity federation protocols are available for outbound authentication requests
as well
11. Log-in Journey
The log-in journey of a user to a particular application is defined as a sequence of authentication
steps (MFA). Each authentication step can provide the user with multiple authentication options
(authenticator). A user MUST authenticate successfully AT EACH authentication step using AT LEAST
ONE authentication option.
❖ Classification based on :
➢ responsibility of user authentication
➢ user experience in service provider
➢ user experience
➢ user experience defined by PSD2
12. Request-based Step-up Authentication
❖ Required Level of Assurance (LoA)
➢ Authentication ContextClassRef in SAML2
➢ ‘acr’ in OpenID Connect
➢ custom HTTP parameters
View Balance Fund Transfer
16. Risk-based Authentication
❖ Login patterns (time of the day, day of the week, etc.)
❖ Last successful login time
❖ Typing speed
❖ Consecutive incorrect password attempts
19. Identity Management
❖ User Profile
➢ User attributes
➢ User credentials
➢ User groups
➢ User roles
❖ User Onboarding Workflows
➢ Admin Creation Workflow
➢ Invitation Workflow
➢ Self-Registration Workflow
➢ Just-in-time (JIT) Provisioning Workflow
➢ Bulk user onboarding workflow
❖ Users/Groups/Roles Management
➢ By administrator
➢ Self-service profile management
➢ Inbound Provisioning Endpoints:
■ SCIM 2.0
■ Self-registration API
➢ Outbound provisioning connectors
■ E.g. SCIM 2.0, Google Apps, Microsoft
Azure
■ Rule-based
➢ Identity Verification / Proofing
■ E.g. Evident
➢ Multi-level Approvals
➢ Username recovery
➢ Identity Integration Workflows, Business
❖ Processes and Business Rules with WSO2
❖ Enterprise Integrator
20. Identity Management
❖ Identity Change Events:
➢ USER_UPDATE
➢ USER_DELETION
➢ PASSWORD_UPDATE
➢ GROUP_CHANGE
➢ ROLE_CHANGE
❖ Identity Event Triggers:
➢ Admin-initiated actions
➢ Self-service actions
➢ System-initiated lifecycle state
transitions
❖ Identity Lifecycle
➢ States:
■ PENDING
■ ACTIVE
■ LOCKED
■ INACTIVE
➢ State Transitions Events:
■ ACCOUNT_CREATED
■ ACCOUNT_CONFIRMED
■ ACCOUNT_LOCKED_INVALID_PASSWORD
■ ACCOUNT_LOCKED_INVALID_CHALLENGE_QUESTION_ANSWER
■ ACCOUNT_UNLOCKED_TIMEOUT
■ ACCOUNT_UNLOCKED_ADMIN
■ ACCOUNT_DEACTIVATED_IDLE
❖ Features
➢ Account confirmation via email address and/or mobile number verification
➢ Email address and mobile number verification for existing accounts and on change
event
21. ❖ Admin-initiated
➢ Password reset
➢ Admin-initiated password reset workflow
❖ Password policies
➢ Password complexity
➢ Password rotation
➢ Password history
❖ Self-service
➢ Set password on account confirmation for invitation
workflow
➢ On first log-in:
■ Set password
■ Set challenge questions/answers
➢ Password reset
➢ Challenge questions/answers
➢ Password recovery using:
■ Email address verification
■ Mobile number verification
■ Challenge question answers
Password management
22. Inbound and Outbound Provisioning
❖ Inbound: Users and groups can be provisioned into the WSO2 IS
➢ Outbound: Users and groups can be provisioned from WSO2 IS to external systems
➢ Supports SCIM 2.0 and SOAP (proprietary) APIs for inbound provisioning
➢ Supports SCIM 2.0, Salesforce, Google Apps, Microsoft Azure, etc. for outbound provisioning
23. Just-in-Time (JIT) Account Provisioning
Provision accounts for users from a federated IdP at the time of first login.
User story - A Company wishes to have social login with Facebook and Twitter for its consumer website, but also wishes to
manage a profile-lite for its users for offline communication purposes.
24. Approval Workflows
❖ Multi-step / multi-option approval template (similar to authentication)
❖ Approval option - either a user or a role
❖ Out-of-the-box supports for user or group management operations.
❖ Trigger conditions, e.g. ‘trigger workflow only if user is in the ‘manager’ group.
❖ Out-of-the-box integrates with
❖ WSO2 Business Process Server (BPS)
User story - students who are
added to a particular academic
year group have to be approved by
the administrators of that group.
27. ❖ Coarse-grained entitlements are managed centrally and enforced both centrally and in the application
➢ Create and manage roles
➢ Manage user roles
➢ Manage virtual role mappings for federated users
➢ Conditional log-in managed and enforced centrally via XACML 3.0 authorization policies
➢ Coarse-grained authorization managed centrally and enforced in the application via
■ Sending user roles in the log-in response
■ Querying user roles via SCIM 2.0 API
■ Evaluating user roles via XACML 3.0 Rest/JSON API
Role-Based Access Control (RBAC)
28. Permission-Based Access Control
❖ Fine-grained entitlements are managed centrally
➢ Permission = resource + corresponding action
➢ Fine-grained resources and actions
➢ Hierarchical resources
➢ Typed-Resource-level permissions
➢ Role is a named collection of permissions
➢ Users are assigned to roles
➢ Permissions are assigned to user groups
➢ User entitlements are sent to the application in the log-in response
➢ SCIM 2.0 API to query user entitlements
➢ XACML 3.0 Rest/JSON API to evaluate user entitlements
29. Attribute-Based Access Control (ABAC)
❖ Fined-grained entitlements are managed centrally and enforced in the application
➢ Fine-grained
➢ Instance-level authorization
➢ Policy-based / Rule-based access control (PBAC)
➢ XACML 3.0 Rest/JSON API
➢ Plug-in model available for PIPs, PRPs, functions, combining algorithms and other language constructs
30. OAuth2
❖ OAuth 2.0 is a framework to delegate authorization to resources (APIs)
❖ OAuth 2.0 by design can limit the authorization to resources by,
➢ resource owner (user)
➢ resource owner consent
➢ client (application)
➢ authorization expiry time (token lifetime)
➢ additional Authorization Server policies (via scopes)
❖ Orchestrates an approval interaction between the resource owner and the authorization server
❖ Resource owners can manage and revoke authorization grants at any time
31. OAuth2 Grant Flow
❖ 5 core grant flows
➢ Authorization Code
➢ Implicit
➢ Resource Owner Password
➢ Client Credentials
➢ Refresh Token
❖ Extended grant flows
➢ SAML2 Bearer Assertion
➢ JWT Bearer Assertion
❖ Custom grant flows
➢ Kerberos grant flow
➢ NTLM grant flow
32. Federated Authorization
❖ UMA 2.0 is a federated authorization protocol built on top of OAuth 2.0
➢ UMA defines a workflow that creates authorization policies on a centralized
authorization server for resource owners to control the access to their protected
resources
34. ❖ Increased attack surface
❖ Authentication and authorization needed at each service
❖ Each microservice is a responsibility of a single team → Data security is also their responsibility
❖ Username/password is an option but self-signed JWT is better
Securing Microservices
38. Multy tenancy
❖ WSO2’s organization model, also technically known as multi-tenancy, is built with the intention of supporting IDaaS
offerings.
❖ In other words, WSO2 Identity Server is capable of hosting multiple organizations in the same runtime instance.
❖ With WSO2’s in-JVM multi-tenancy, you get API level isolation.
❖ With WSO2’s in-JVM multi-tenancy, you don’t get execution or data-level isolation.
❖ While the primary userstore is physically shared but logically separate, the secondary userstores are physically and
logically separate.
❖ With increasing number of tenants, tenant sharding/partitioning deployment models are available to support
horizontal scalability (beyond 1000 tenants).
44. Deployment Pattern 1
❖ Highly available deployment of WSO2 Identity Server
➢ Minimum recommendation is 2 active/active nodes
❖ Deployment for scalability
➢ TPS based scaling (Single node can handle up to 34 million
authentication requests per day)
➢ Horizontal auto-scaling via AWS/Azure/Google App Engine
or container platforms such as K8S/Docker or OpenShift
45. Deployment Pattern 2
❖ Highly available deployment of WSO2 IS and WSO2 IS Analytics
➢ Minimum recommendation is 2 active/active IS nodes and 2
active/passive IS Analytics nodes
❖ Deployment for scalability
➢ TPS Based Scaling (Single IS Analytics node can handle up to 3000
event per second)
❖ IS Analytics doesn’t support horizontal dynamic scaling but events
published by upto 10 IS nodes
47. What's New in Next Releases - WSO2
Identity Server 5.12 and Beyond
48. 48
WSO2 Identity Server Roadmap Summary
Phase I - near term
Make the current product offering API-driven, developer focused and cloud
native. Deploy in the cloud (WSO2 Identity Cloud) to provide core Identity
functionality targeting CIAM.
2020/2021
Phase II - mid term
Expand IAM ecosystem around Identity Server / WSO2 Identity Cloud by
integrating and building technical partnerships with IAM vendors outside the
access management segment (analytics, risk-based authentication, etc)
2021 / 2022
Phase III - long term
Build an integrated CIAM solution in the cloud (WSO2 Identity Cloud).
Out-of-the-box integrations with consent and preference management
systems, CRM systems, marketing platforms/solutions, content
management systems, data management platforms, etc.
2022+
All information pertaining to WSO2 Identity Cloud is strictly confidential until the offering launches in July 2021. At that time, the Identity Cloud roadmap information will be publicly available.
49. 49
● Launch WSO2 Identity Cloud beta on top of Identity Server v5.12.0 as the base version.
● WSO2 Identity Cloud will support connecting to an on-prem identity store from the cloud
● Improved user experience with React based SPAs for self care, console (for devs and admins)
● Authentication SDKs (JS, React, Angular, Java, Android, .Net) and samples
● Authentication agents for Tomcat for SAML 2.0 and OIDC
● Developer tooling (VS Code plugin for adaptive scripts)
● Multiple Attribute login support
● Rest API for Multi Factor Authentication - SMS/Email OTP, TOTP, FIDO2
● Organization Management - B2B business use cases
Phase I: WSO2 Identity Cloud GA and WSO2 IS 5.12 - July 2021
50. 50
Phase II: 2021 Q4/2022
● Provide integration option with identity verification and proofing systems (EvidentID, IDEMEA,
Jumio, Socure)
● Expand strong authentications options with biometric and passwordless authentication provider
integrations (HYPR, Trusona, Typing DNA, Veridium, BehavioSec, etc.)
● Enhance cloudnative ecosystem integrations (log analytics: ELK, key rotation: Hashicorp Vault,
AWS KMS, Azure KMS) and onboard to WSO2 Identity Cloud
● Enhance SIEM integrations ( LogRhythm).
● Evaluate and build deep integrations with Ellucian, AWS, Office365 etc.
● Get the WSO2 Identity Cloud audited for SOC 2, HIPAA and PCI DSS, and build regional
deployments of WSO2 Identity Cloud to be compliant with regulatory requirements.
● Integrate with fraud detection systems (ThreatMetrix etc.)
● Integrate bot detection and mitigation systems (Imperva etc), to protect WSO2 Identity Cloud
● Deploy connectors/extensions as Docker containers
51. 51
Phase III: 2022+
● Provide integration options with 3rd party consent and preference management vendors: Consent
Systems, Didomi, KnowNow Information, Tealium, TrustArc.
● A web form designer for progressive profiling, that can be embedded into content management
systems
● Templated data orchestration flows between identity stores, CRM systems, CDM systems,
marketing automation platforms.
● Build out-of-the-box data-level integrations with MailChimp, Google Analytics, and Salesforce
Pardot (marketing platforms) in WSO2 Identity Cloud.
● Build out-of-the-box data-level integrations with Shopify, Magneto, Oracle Micros (ecommerce
platforms) in WSO2 Identity Cloud.
● Build out-of-the-box data-level integrations with SharePoint, Drupal, WordPress, and Joomla
(content management systems) in out-of-the-box.