Leaving the State: Sessionless (Stateless) Authentication in D8 with Whole Foods Market. BADCamp 2017

Size: px
Start display at page:

Download "Leaving the State: Sessionless (Stateless) Authentication in D8 with Whole Foods Market. BADCamp 2017"

Transcription

1 Leaving the State: Sessionless (Stateless) Authentication in D8 with Whole Foods Market BADCamp 2017

2 These Guys Dr J Daverth Technical Lead, Whole Foods Market D.O.: dr-jay BitBucket: drjdaverth LinkedIn: drjdaverth Adam Weingarten Senior Technical Architect, Acquia D.O.: adam.weingarten GitHub: aweingarten LinkedIn: adam.weingarten Page 2

3 Brought to you by Page 3

4 What are we going to talk about? Why scaling authenticated traffic is hard? What is sessionless auth? How can you use it to manage a single login to multiple sites Working with an external auth provider (Janrain) PIIaaS! Storing PII as a Service in an API. Proxying web-service calls - don t do it! How to delegate oauth tokens

5 Case Study: Launched July 2012 on Drupal 7 Designed for a much more static world Full page refreshes Not service based

6 Deep dive into the issues on D7 Primitive Janrain Social Integration: Really heavy weight on page load Bloated DB. Copies took forever. Stored unnecessary PII Authenticated experiences required full page loads. Meant things weren t cacheable.

7 You want your food to be grown organically not your website

8 D8 High Level Goals

9 Technical Drivers Support 10% Authenticated Traffic SSO between D7 and D8 Personalized Digital Experience Mobile / Responsive Experience

10 Back to the Basics

11 Scaling Anonymous Traffic Is Easy Can let CDN do the lifting: Fastly, Akamai, CloudFlare. Varnish in front of your webs Hit your origin. Store the information at Varnish and CDN. Caching solves all the problems.

12 What is a session? The sequence of interactions between client and server, or between user and system; the period during which a user is logged in or connected. -- Thus spoke Wikipedia

13 What is a PHP Session? - $_SESSION super global - Start with session_start() early in your PHP script. - Drupal wraps it and stores data across requests in the DB - Uses a cookie value to ID you

14 What does it look like?

15 Why are sessions a PAIN? HTTP/ OK Age: 0 Cache-Control: must-revalidate, no-cache, private Via: 1.1 varnish-v4 Connection: keep-alive X-Cache: MISS, MISS, MISS X-Cache-Hits: 0, 0 X-Timer: S ,VS0,VE296

16 Under Pressure

17 Opposition of Forces New experience requires personalization Our infrastructure sucks at personalized data

18 Oh did you forget we also need to support seamless login to D7 and D8? Login to one system, and let the second system hit a service to confirm a user is authenticated Set a token that both sites can read

19 Solutions not problems After we have crushed your soul let s build you back up.

20 Traditional Auth Get session Data Yeah they re cool Authenticates IDP Return personalized data Drupal 8 MySql with Session tables Return session data

21 Sessionless Auth

22 From Drupal s POV

23 What is in the magic encrypted token? Anything that might live in a PHP Session or User table API UserIDs Session Expiration time

24 How does this let me do D7 and D8? Assuming that the 2 sites are on the same domain or subdomain Both sites can read the cookie Shared decryption key both can read it. I login on D8 -> I go to a page being hosted at D7

25 I used to log people out by truncating the session table. Now what?

26 We can show you how to prevent world domination by zombies

27 Set Cookie Cookie Expiration Joe signs in 9/7/17 8:00 AM 10/7/17 8:00 AM Adam kicks everyone out 9/7/17 10:00 AM 10/7/17 10:00 AM Saul Logs in 9/7/17 11:00 AM 10/7/17 11:00 AM Cookies: Fresh baked, stale, or burned to a crisp?

28 PIIaaS: Storing PII as a Service in an API

29 PII As a service All personalized content on IOS, Android and Web via API Drupal is a consumer of the API like anyone else No db calls, no PII unnecessarily stored on Drupal Clear separation of concerns.

30 Proxying webservice calls is bad.

31 Yeah this is why it s really bad. Latency. Each web-server has a finite number of concurrent PHP procs When you make a webservice call you tie up those procs waiting for a response. Limits transactions per-second.

32 How do I fix it?

33 Browser can access the API layer directly without an intermediary

34 How Scalable?

35 Very Scalable

36 Ended up with.. Scalable System Separation of concerns: Each part of our stack can focus on doing 1 thing well.

37 Questions?

38 Thank you!

Warm Up to Identity Protocol Soup

Warm Up to Identity Protocol Soup Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital

More information

Administering Jive Mobile Apps for ios and Android

Administering Jive Mobile Apps for ios and Android Administering Jive Mobile Apps for ios and Android TOC 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios...3 Custom App Wrapping for ios...3 Authentication with Mobile

More information

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo Document Sub Title Yotpo Technical Overview 07/18/2016 2015 Yotpo Contents Introduction... 3 Yotpo Architecture... 4 Yotpo Back Office (or B2B)... 4 Yotpo On-Site Presence... 4 Technologies... 5 Real-Time

More information

BUILDING THE FASTEST DRUPAL OF THE GALAXY

BUILDING THE FASTEST DRUPAL OF THE GALAXY BUILDING THE FASTEST DRUPAL OF THE GALAXY Hello! I AM MATEU AGUILÓ I am a senior developer at Lullabot You can find me at @e0ipso Hi! I AM PEDRO GONZÁLEZ I am a sysadmin at sbit.io You can find me at @NITEMAN_es

More information

Securing ArcGIS for Server. David Cordes, Raj Padmanabhan

Securing ArcGIS for Server. David Cordes, Raj Padmanabhan Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting

More information

WEB APPLICATION ENGINEERING II

WEB APPLICATION ENGINEERING II WEB APPLICATION ENGINEERING II Lecture #5 Umar Ibrahim Enesi Objectives Gain understanding of how Cookies and Sessions Work Understand the limitations of Sessions and Cookies Understand how to handle Session

More information

Squirrel case-study. Decentralized peer-to-peer web cache. Traditional centralized web cache. Based on the Pastry peer-to-peer middleware system

Squirrel case-study. Decentralized peer-to-peer web cache. Traditional centralized web cache. Based on the Pastry peer-to-peer middleware system Decentralized peer-to-peer web cache Based on the Pastry peer-to-peer middleware system Traditional centralized web cache 1 2 Decentralized caching of web pages use the resources of peers (web browsers/clients)

More information

Authentication for Web Services. Ray Miller Systems Development and Support Computing Services, University of Oxford

Authentication for Web Services. Ray Miller Systems Development and Support Computing Services, University of Oxford Authentication for Web Services Ray Miller Systems Development and Support Computing Services, University of Oxford Overview Password-based authentication Cookie-based authentication

More information

DatabaseRESTAPI

DatabaseRESTAPI ORDS DatabaseRESTAPI https://oracle.com/rest Jeff Smith Senior Principal Product Manager Jeff.d.smith@oracle.com @thatjeffsmith Database Tools, Oracle Corp Not just THAT SQLDev Guy I GET ORDS, too! Blogs

More information

Control for CloudFlare - Installation and Preparations

Control for CloudFlare - Installation and Preparations Control for CloudFlare - Installation and Preparations Installation Backup your web directory and Magento 2 store database; Download Control for CloudFlare installation package; Copy files to /app/firebear/cloudflare/

More information

RESTFUL WEB SERVICES - INTERVIEW QUESTIONS

RESTFUL WEB SERVICES - INTERVIEW QUESTIONS RESTFUL WEB SERVICES - INTERVIEW QUESTIONS http://www.tutorialspoint.com/restful/restful_interview_questions.htm Copyright tutorialspoint.com Dear readers, these RESTful Web services Interview Questions

More information

Data Source Kerberos / oauth On the Wire Explaining Kerberos Constrained Delegation with Protocol Transition and Oauth for Data Source Single Sign On

Data Source Kerberos / oauth On the Wire Explaining Kerberos Constrained Delegation with Protocol Transition and Oauth for Data Source Single Sign On Welcome 1 8 B I - 11 3 Data Source Kerberos / oauth On the Wire Explaining Kerberos Constrained Delegation with Protocol Transition and Oauth for Data Source Single Sign On John Kew Manager / Connectivity

More information

Computer Networks. HTTP and more. Jianping Pan Spring /20/17 CSC361 1

Computer Networks. HTTP and more. Jianping Pan Spring /20/17 CSC361 1 Computer Networks HTTP and more Jianping Pan Spring 2017 1/20/17 CSC361 1 First things first W1 due next Monday (Jan 23) submit a single PDF file through connex Noah posted a docx for for questions on

More information

Your Auth is open! Oversharing with OpenAuth & SAML

Your Auth is open! Oversharing with OpenAuth & SAML Your Auth is open! Oversharing with OpenAuth & SAML Andrew Pollack Northern Collaborative Technologies 2013 by the individual speaker Sponsors 2013 by the individual speaker Who Am I? Andrew Pollack President

More information

MIRO DIETIKER Founder

MIRO DIETIKER Founder DRUPAL SECURITY MIRO DIETIKER Founder I am I am consulting End User Agencies Site builder Hosters Developer Maintainer Open Source Initiative Leader Spring 2017 Security - Responsible disclosure...a vulnerability

More information

CSE/EE 461 HTTP and the Web

CSE/EE 461 HTTP and the Web CSE/EE 461 HTTP and the Web Last Time The Transport Layer Focus How does TCP share bandwidth? Topics AIMD Slow Start Application Presentation Session Transport Network Data Link Fast Retransmit / Fast

More information

Authentication CS 4720 Mobile Application Development

Authentication CS 4720 Mobile Application Development Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war

More information

SSH with Globus Auth

SSH with Globus Auth SSH with Globus Auth Summary As the community moves away from GSI X.509 certificates, we need a replacement for GSI-OpenSSH that uses Globus Auth (see https://docs.globus.org/api/auth/ ) for authentication.

More information

Approaches for application request throttling. Maarten

Approaches for application request throttling. Maarten Approaches for application request throttling Maarten Balliauw @maartenballiauw 1 Who am I? Maarten Balliauw Antwerp, Belgium Developer Advocate, JetBrains Founder, MyGet AZUG Focus on web ASP.NET MVC,

More information

Caching. Caching Overview

Caching. Caching Overview Overview Responses to specific URLs cached in intermediate stores: Motivation: improve performance by reducing response time and network bandwidth. Ideally, subsequent request for the same URL should be

More information

Eric Sachs Director of Product Management Identity, Google. Pam Dingle Senior Technical Architect Office of the CTO, Ping Identity

Eric Sachs Director of Product Management Identity, Google. Pam Dingle Senior Technical Architect Office of the CTO, Ping Identity SESSION ID: IDY-R05R Identity Standards at Work in Google's Mobile-Focused Future Eric Sachs Director of Product Management Identity, Google Pam Dingle Senior Technical Architect Office of the CTO, Ping

More information

TIBCO Cloud Integration Security Overview

TIBCO Cloud Integration Security Overview TIBCO Cloud Integration Security Overview TIBCO Cloud Integration is secure, best-in-class Integration Platform as a Service (ipaas) software offered in a multi-tenant SaaS environment with centralized

More information

Guerilla Scaling In The Wild. Jake Grimley, Managing Director, Made Media Ltd.

Guerilla Scaling In The Wild. Jake Grimley, Managing Director, Made Media Ltd. Guerilla Scaling In The Wild Jake Grimley, Managing Director, Made Media Ltd. Made Media Ltd. Digital Marketing Agency Web Design Agency Arts, Media, Advertising Design & Code Disposable Software Employing...

More information

Kerberos and Single Sign On with HTTP

Kerberos and Single Sign On with HTTP Kerberos and Single Sign On with HTTP Joe Orton Red Hat Overview Introduction The Problem Current Solutions Future Solutions Conclusion Introduction WebDAV: common complaint of poor support for authentication

More information

High Availability/ Clustering with Zend Platform

High Availability/ Clustering with Zend Platform High Availability/ Clustering with Zend Platform David Goulden Product Manager goulden@zend.com Copyright 2007, Zend Technologies Inc. In this Webcast Introduction to Web application scalability using

More information

Securing APIs and Microservices with OAuth and OpenID Connect

Securing APIs and Microservices with OAuth and OpenID Connect Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform

More information

VAM. PeopleSoft Value-Added Module (VAM) Deployment Guide

VAM. PeopleSoft Value-Added Module (VAM) Deployment Guide VAM PeopleSoft Value-Added Module (VAM) Deployment Guide Copyright Information 2018. SecureAuth is a registered trademark of SecureAuth Corporation. SecureAuth s IdP software, appliances, and other products

More information

REST. And now for something completely different. Mike amundsen.com

REST. And now for something completely different. Mike amundsen.com REST And now for something completely different Mike Amundsen @mamund amundsen.com Preliminaries Mike Amundsen Developer, Architect, Presenter Hypermedia Junkie I program the Internet Designing Hypermedia

More information

ArcGIS Server and Portal for ArcGIS An Introduction to Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context

More information

How to use or not use the AWS API Gateway for Microservices

How to use or not use the AWS API Gateway for Microservices How to use or not use the AWS API Gateway for Microservices Presented by Dr. Martin Merck Wednesday 26 September 2018 What is an API Gateway Traits AWS API Gateway Features of API gateway OAuth2.0 Agenda

More information

Attributes for Apps How mobile Apps can use SAML Authentication and Attributes

Attributes for Apps How mobile Apps can use SAML Authentication and Attributes Attributes for Apps How mobile Apps can use SAML Authentication and Attributes Lukas Hämmerle lukas.haemmerle@switch.ch TNC 2013, Maastricht Introduction App by University of St. Gallen Universities offer

More information

Scaling DreamFactory

Scaling DreamFactory Scaling DreamFactory This white paper is designed to provide information to enterprise customers about how to scale a DreamFactory Instance. The sections below talk about horizontal, vertical, and cloud

More information

Administering Jive Mobile Apps

Administering Jive Mobile Apps Administering Jive Mobile Apps Contents 2 Contents Administering Jive Mobile Apps...3 Configuring Jive for Android and ios... 3 Custom App Wrapping for ios... 4 Native App Caching: Android...4 Native App

More information

Life as a Service. Scalability and Other Aspects. Dino Esposito JetBrains ARCHITECT, TRAINER AND CONSULTANT

Life as a Service. Scalability and Other Aspects. Dino Esposito JetBrains ARCHITECT, TRAINER AND CONSULTANT Life as a Service Scalability and Other Aspects Dino Esposito JetBrains ARCHITECT, TRAINER AND CONSULTANT PART I Scalability and Measurable Tasks SCALABILITY Scalability is the ability of a system to expand

More information

AppDirector and AppXcel With Oracle Application Server 10g Release 3 ( ) - Oracle SOA Suite Enterprise Deployment

AppDirector and AppXcel With Oracle Application Server 10g Release 3 ( ) - Oracle SOA Suite Enterprise Deployment AppDirector, AppXcel with Oracle SOA Suite 7/16/2008 TESTING & INTEGRATION GROUP AppDirector and AppXcel With Oracle Application Server 10g Release 3 (10.1.3.1.0) - Oracle SOA Suite Enterprise Deployment

More information

The Z-Files: Field reports from the world of business critical PHP applications

The Z-Files: Field reports from the world of business critical PHP applications The Z-Files: Field reports from the world of business critical PHP applications By Axel Schinke Senior Manager of Global Operations for Global Services About this webinar Field reports from Zend Consulting

More information

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B ForgeRock Access Management Core Concepts AM-400 Course Description Revision B ForgeRock Access Management Core Concepts AM-400 Description This structured course comprises a mix of instructor-led lessons

More information

Beginner's Guide to Performance! Jonathan Rowny

Beginner's Guide to Performance! Jonathan Rowny Beginner's Guide to Performance! Jonathan Rowny JonathanRowny Software Architect @ AboutWeb Speaking at RIACon next week about NodeJS jrowny.com @jrowny github.com/jrowny jrowny@aboutweb.com We have a

More information

Using WebGallery, WebDeploy and some IIS Extensions

Using WebGallery, WebDeploy and some IIS Extensions Using WebGallery, WebDeploy and some IIS Extensions Using WebGallery, WebDeploy and some IIS Extensions Luis Alves Martins @luismartins luis.martins@microsoft.com Architect Evangelist Microsoft Portugal

More information

Salesforce External Identity Implementation Guide

Salesforce External Identity Implementation Guide Salesforce External Identity Implementation Guide Salesforce, Spring 17 @salesforcedocs Last updated: March 11, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered

More information

Microsoft Graph API Deep Dive

Microsoft Graph API Deep Dive Microsoft Graph API Deep Dive Donald Hessing Lead Architect, Capgemini, The Netherlands Microsoft Certified Master (MCM) Agenda Introduction to Microsoft Graph API What is now and what is new in GA and

More information

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith

ArcGIS Enterprise Security: An Introduction. Gregory Ponto & Jeff Smith ArcGIS Enterprise Security: An Introduction Gregory Ponto & Jeff Smith Agenda ArcGIS Enterprise Security Model Portal for ArcGIS Authentication Authorization Building the Enterprise Encryption Collaboration

More information

FREQUENTLY ASKED QUESTIONS (FAQs)

FREQUENTLY ASKED QUESTIONS (FAQs) FREQUENTLY ASKED QUESTIONS (FAQs) OMREB s New Single Sign-On (SSO) Portal & Scout for SAFEAccess from Clareity 2 FAQs FREQUENTLY ASKED QUESTIONS (FAQs) Q: What is Clareity? A: Clareity Security s Single

More information

Salesforce External Identity Implementation Guide

Salesforce External Identity Implementation Guide Salesforce External Identity Implementation Guide Salesforce, Summer 17 @salesforcedocs Last updated: September 28, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered

More information

Configuring Caching Services

Configuring Caching Services CHAPTER 8 This chapter describes how to configure conventional caching services (HTTP, FTP [FTP-over-HTTP caching and native FTP caching], HTTPS, and DNS caching) for centrally managed Content Engines.

More information

Modern Identity Management Patterns for Microservices and Mobile

Modern Identity Management Patterns for Microservices and Mobile SESSION ID: SDS-F04 Modern Identity Management Patterns for Microservices and Mobile Mark Perry APAC CTO Ping Identity @markperryau IT S A NEW WORLD Everything s Mobile 2 IT S A NEW WORLD Agile Backend

More information

Topic 15: Authentication

Topic 15: Authentication Topic 15: Authentication CITS3403 Agile Web Development Getting MEAN with Mongo, Express, Angular and Node, Chapter 11 Semester 1, 2018 Secure web apps Security is a primary concern for anyone developing

More information

Distributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018

Distributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018 Distributed Systems 21. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance

More information

CS November 2018

CS November 2018 Distributed Systems 21. Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance

More information

Access Management Handbook

Access Management Handbook Access Management Handbook Contents An Introduction 3 Glossary of Access Management Terms 4 Identity and Access Management (IAM) 4 Access Management 5 IDaaS 6 Identity Governance and Administration (IGA)

More information

Yahoo Traffic Server -a Powerful Cloud Gatekeeper

Yahoo Traffic Server -a Powerful Cloud Gatekeeper Yahoo Traffic Server -a Powerful Cloud Gatekeeper Shih-Yong Wang Yahoo! Taiwan 2010 COSCUP Aug 15, 2010 What is Proxy Caching? Proxy Caching explicit client configuration transparent emulate responses

More information

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide

More information

OpenIAM Identity and Access Manager Technical Architecture Overview

OpenIAM Identity and Access Manager Technical Architecture Overview OpenIAM Identity and Access Manager Technical Architecture Overview Overview... 3 Architecture... 3 Common Use Case Description... 3 Identity and Access Middleware... 5 Enterprise Service Bus (ESB)...

More information

Single Sign-On Showdown

Single Sign-On Showdown Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013

More information

Coding for OCS. Derek Endres Software Developer Research #OSIsoftUC #PIWorld 2018 OSIsoft, LLC

Coding for OCS. Derek Endres Software Developer Research #OSIsoftUC #PIWorld 2018 OSIsoft, LLC Coding for OCS Derek Endres Software Developer Research dendres@osisoft.com 1 Planned Agenda Intro (~20 min) Presentation formalities Intro to OCS Detail of what I am going to do Building the app (~55

More information

Authentication with OAuth 2.0

Authentication with OAuth 2.0 Authentication with OAuth 2.0 The OAuth 2.0 specification defines a delegation protocol that is useful for conveying authorization decisions across a network of web-enabled applications and APIs. OAuth

More information

Personal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018

Personal Internet Security Basics. Dan Ficker Twin Cities DrupalCamp 2018 Personal Internet Security Basics Dan Ficker Twin Cities DrupalCamp 2018 Overview Security is an aspiration, not a state. Encryption is your friend. Passwords are very important. Make a back-up plan. About

More information

Overview Content Delivery Computer Networking Lecture 15: The Web Peter Steenkiste. Fall 2016

Overview Content Delivery Computer Networking Lecture 15: The Web Peter Steenkiste. Fall 2016 Overview Content Delivery 15-441 15-441 Computer Networking 15-641 Lecture 15: The Web Peter Steenkiste Fall 2016 www.cs.cmu.edu/~prs/15-441-f16 Web Protocol interactions HTTP versions Caching Cookies

More information

The New Net, Edge Computing, and Services. Michael R. Nelson, Ph.D. Tech Strategy, Cloudflare May 2018

The New Net, Edge Computing, and Services. Michael R. Nelson, Ph.D. Tech Strategy, Cloudflare May 2018 The New Net, Edge Computing, and Services Michael R. Nelson, Ph.D. Tech Strategy, Cloudflare MNELSON@CLOUDFLARE.COM or @MikeNelson May 2018 We are helping build a better Internet Cloudflare is an Edge

More information

DATAOPS.BARCELONA SIMPLIFYING IDENTITY MANAGEMENT WITH SSO TOOLS

DATAOPS.BARCELONA SIMPLIFYING IDENTITY MANAGEMENT WITH SSO TOOLS SIMPLIFYING IDENTITY MANAGEMENT WITH SSO TOOLS WHO AM I & WHAT DO WE DO? Pol Jane - Senior DevOps Engineer DevOps IoT Big Data Software Development Migrations Automation Cost Optimization WE RE WOLDWIDE!

More information

Persistence & State. SWE 432, Fall 2016 Design and Implementation of Software for the Web

Persistence & State. SWE 432, Fall 2016 Design and Implementation of Software for the Web Persistence & State SWE 432, Fall 2016 Design and Implementation of Software for the Web Today What s state for our web apps? How do we store it, where do we store it, and why there? For further reading:

More information

Hypertext Transport Protocol HTTP/1.1

Hypertext Transport Protocol HTTP/1.1 Hypertext Transport Protocol HTTP/1.1 Jim Gettys Digital Equipment Corporation, ISBU Visiting Scientist, World Wide Web Consortium 10/17/96 20-Apr-01 1 Acknowledgments HTTP/1.1 Authors Roy Fielding (UCI)

More information

Reza Tourani, Satyajayant (Jay) Misra, Travis Mick

Reza Tourani, Satyajayant (Jay) Misra, Travis Mick Application-Specific Secure Gathering of Consumer Preferences and Feedback in Information-Centric Networks Reza Tourani, Satyajayant (Jay) Misra, Travis Mick Computer Science Department New Mexico State

More information

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility

PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means

More information

Open Source in the Corporate World. Open Source. Single Sign On. Erin Mulder

Open Source in the Corporate World. Open Source. Single Sign On. Erin Mulder Open Source in the Corporate World Open Source Single Sign On Erin Mulder Agenda Introduction Single Sign On for Multiple s Shared directory (e.g. OpenLDAP) Proxy systems (e.g. Yale CAS) X.509 certificates

More information

www.drupaleurope.org How to COPE with external entities Publishing & Media Goal COPE: Create Once Publish Everywhere Strategy to create content in one place and publish it in many places Simple example:

More information

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of

More information

When providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS

When providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS When providing a native mobile app ruins the security of your existing web solution CyberSec Conference 2015 05/11/2015 Jérémy MATOS whois securingapps Developer background Spent last 10 years working

More information

[GSoC Proposal] Securing Airavata API

[GSoC Proposal] Securing Airavata API [GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating

More information

Real World Web Scalability. Ask Bjørn Hansen Develooper LLC

Real World Web Scalability. Ask Bjørn Hansen Develooper LLC Real World Web Scalability Ask Bjørn Hansen Develooper LLC Hello. 28 brilliant methods to make your website keep working past $goal requests/transactions/sales per second/hour/day Requiring minimal extra

More information

I n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:

I n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures: This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web

More information

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide Policy Manager for IBM WebSphere DataPower Configuration Guide SOAPMDP_Config_7.2.0 Copyright Copyright 2015 SOA Software, Inc. All rights

More information

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng. CS 355 Computer Networking Wei Lu, Ph.D., P.Eng. Chapter 2: Application Layer Overview: Principles of network applications? Introduction to Wireshark Web and HTTP FTP Electronic Mail SMTP, POP3, IMAP DNS

More information

Building on the Globus Python SDK

Building on the Globus Python SDK Building on the Globus Python SDK Stephen Rosen April 11, 2017 SDK Overview The Globus SDK is a client-side library which provides language bindings for entities and methods available via web APIs. SDK

More information

Black Box DCX3000 / DCX1000 Using the API

Black Box DCX3000 / DCX1000 Using the API Black Box DCX3000 / DCX1000 Using the API updated 2/22/2017 This document will give you a brief overview of how to access the DCX3000 / DCX1000 API and how you can interact with it using an online tool.

More information

Distributed Architectures & Microservices. CS 475, Spring 2018 Concurrent & Distributed Systems

Distributed Architectures & Microservices. CS 475, Spring 2018 Concurrent & Distributed Systems Distributed Architectures & Microservices CS 475, Spring 2018 Concurrent & Distributed Systems GFS Architecture GFS Summary Limitations: Master is a huge bottleneck Recovery of master is slow Lots of success

More information

Salesforce External Identity Implementation Guide

Salesforce External Identity Implementation Guide Salesforce External Identity Implementation Guide Salesforce, Winter 18 @salesforcedocs Last updated: December 20, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered

More information

P2_L12 Web Security Page 1

P2_L12 Web Security Page 1 P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction

More information

GroupWise Architecture and Best Practices. WebAccess. Kiran Palagiri Team Lead GroupWise WebAccess

GroupWise Architecture and Best Practices. WebAccess. Kiran Palagiri Team Lead GroupWise WebAccess GroupWise Architecture and Best Practices WebAccess Kiran Palagiri Team Lead GroupWise WebAccess kpalagiri@novell.com Ed Hanley Senior Architect ed.hanley@novell.com Agenda Kiran Palagiri Architectural

More information

Using OAuth 2.0 to Access ionbiz APIs

Using OAuth 2.0 to Access ionbiz APIs Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and

More information

CIT 668: System Architecture. Caching

CIT 668: System Architecture. Caching CIT 668: System Architecture Caching Topics 1. Cache Types 2. Web Caching 3. Replacement Algorithms 4. Distributed Caches 5. memcached A cache is a system component that stores data so that future requests

More information

Force.com Mobile Web with Sencha Touch

Force.com Mobile Web with Sencha Touch Force.com Mobile Web with Sencha Touch Don Robins Outformations, Inc. www.forcementor.com www.outformations.com Who Am I? 1. Technical Instructor (since 2009) 2. Developer (since 1984) 3. Community Activist

More information

EMPOWER2018 Quick Base + Workato Workjam

EMPOWER2018 Quick Base + Workato Workjam EMPOWER2018 Quick Base + Workato Workjam Prerequisites Thank you for your interest in the Workjam. We are excited to have you on board. Before you get cracking to build your very own integration, below

More information

Security & Privacy. Larry Rudolph. Pervasive Computing MIT SMA 5508 Spring 2006 Larry Rudolph

Security & Privacy. Larry Rudolph. Pervasive Computing MIT SMA 5508 Spring 2006 Larry Rudolph Security & Privacy Larry 1 Who cares about Privacy? Everybody? Nobody? Criminals? Governments? Corporations? Privacy is the right to keep information hidden. But there is lots of information. You do not

More information

Web Security, Summer Term 2012

Web Security, Summer Term 2012 IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 7 Broken Authentication and Session

More information

Web Security, Summer Term 2012

Web Security, Summer Term 2012 Table of Contents IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Introduction Examples of Attacks Brute Force Session

More information

Scaling Without Sharding. Baron Schwartz Percona Inc Surge 2010

Scaling Without Sharding. Baron Schwartz Percona Inc Surge 2010 Scaling Without Sharding Baron Schwartz Percona Inc Surge 2010 Web Scale!!!! http://www.xtranormal.com/watch/6995033/ A Sharding Thought Experiment 64 shards per proxy [1] 1 TB of data storage per node

More information

CMPE 151: Network Administration. Servers

CMPE 151: Network Administration. Servers CMPE 151: Network Administration Servers Announcements Unix shell+emacs tutorial. Basic Servers Telnet/Finger FTP Web SSH NNTP Let s look at the underlying protocols. Client-Server Model Request Response

More information

Designing, Scoping, and Configuring Scalable LAMP Infrastructure

Designing, Scoping, and Configuring Scalable LAMP Infrastructure Designing, Scoping, and Configuring Scalable LAMP Infrastructure Presented 2010-05-19 by About me About me Founded Four Kitchens in 2006 while at UT Austin About me Founded Four Kitchens in 2006 while

More information

Grandstream Networks, Inc. Captive Portal Authentication via Twitter

Grandstream Networks, Inc. Captive Portal Authentication via Twitter Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...

More information

Avoka Transact Reference Architectures. Version 4.0

Avoka Transact Reference Architectures. Version 4.0 Avoka Transact Reference Architectures Version 4.0 COPYRIGHT NOTICE Copyright 2014 - Avoka Technologies Pty Ltd. All Rights Reserved. No parts of this work may be reproduced in any form or by any means

More information

Lecture 7: Dates/Times & Sessions. CS 383 Web Development II Wednesday, February 14, 2018

Lecture 7: Dates/Times & Sessions. CS 383 Web Development II Wednesday, February 14, 2018 Lecture 7: Dates/Times & Sessions CS 383 Web Development II Wednesday, February 14, 2018 Date/Time When working in PHP, date is primarily tracked as a UNIX timestamp, the number of seconds that have elapsed

More information

Persistence. SWE 432, Fall 2017 Design and Implementation of Software for the Web

Persistence. SWE 432, Fall 2017 Design and Implementation of Software for the Web Persistence SWE 432, Fall 2017 Design and Implementation of Software for the Web Today Demo: Promises and Timers What is state in a web application? How do we store it, and how do we choose where to store

More information

Lecture 9a: Sessions and Cookies

Lecture 9a: Sessions and Cookies CS 655 / 441 Fall 2007 Lecture 9a: Sessions and Cookies 1 Review: Structure of a Web Application On every interchange between client and server, server must: Parse request. Look up session state and global

More information

Depending on your location and needs we can accommodate your application at one of our established data centers:

Depending on your location and needs we can accommodate your application at one of our established data centers: Drupal Hosting by Developers, for Developers At amazee.io, we don t just know Drupal we love Drupal. We re a secure, high-performance, cloud-based hosting provider built for folks who love their Drupal

More information

Authentication in the Cloud. Stefan Seelmann

Authentication in the Cloud. Stefan Seelmann Authentication in the Cloud Stefan Seelmann Agenda Use Cases View Points Existing Solutions Upcoming Solutions Use Cases End user needs login to a site or service End user wants to share access to resources

More information

The case for IPv6-only data centres...and how to pull it off in today's IPv4-dominated world

The case for IPv6-only data centres...and how to pull it off in today's IPv4-dominated world The case for IPv6-only data centres...and how to pull it off in today's IPv4-dominated world Tore Anderson Redpill Linpro AS PLNOG10, Warszawa, February 2013 Our traditional DC layout VLAN cust. 1 ~150

More information

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14 Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.

More information

Connect. explained. Vladimir Dzhuvinov. :

Connect. explained. Vladimir Dzhuvinov.   : Connect explained Vladimir Dzhuvinov Email: vladimir@dzhuvinov.com : Twitter: @dzhivinov Married for 15 years to Java C Python JavaScript JavaScript on a bad day So what is OpenID Connect? OpenID Connect

More information

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party

Definition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone

More information