GPII Security. Washington DC, November 2015
|
|
- Ella Randall
- 5 years ago
- Views:
Transcription
1 GPII Security Washington DC, November 2015
2 Outline User data User's device GPII Configuration use cases Preferences access and privacy filtering Work still to do Demo
3 GPII User Data Preferences Device information Environmental information Log in and log out activity User account GPII-enabled websites visited
4 User data: Preferences User preferences expressed both in cross-application terms and application-specific terms Context-specific preferences and definitions of contexts Metadata such as solution priorities (product A with priority X) and required settings Stored: remote Preferences Server, keyed by GPII token Used: in the Match Making process and context selection to build solution settings
5 User data: Preferences "preferences": { " true, " "white-black", " 0.5, " 5, " true, " 300, " { "fontsize": "medium", "highcontrastenabled": true }, " "RuleBased" }
6 User data: Preference contexts contexts : { gpii-default : { preferences : { } }, turn-down-light : { preferences : { } "conditions": [{ "type": " "min": 400, "inputpath": " }] } }
7 User data: Device information Operating System being used Set of available solutions on the device Likely to be extended in the future Used: in the Match Making process
8 User data: Environmental information Such as time of day, luminance level, sound level Used: in context selection
9 User data: log in and log out activity Used: to apply and revert settings by GPII
10 User data: User account Username, password Associated GPII token Set of solutions that have been authorized and selection of preferences the user has shared Stored: remote Authorization Manager within Cloud Based Flow Manager Used: to provide access control to preferences filter preferences access to the Privacy Setting page
11 User accounts Provide stronger authentication than using tokens directly and (in the future) will be capable of managing multiple tokens Associating a token with an account enables sharing of preferences via OAuth 2 and fine grained control of preference sharing A user may edit their privacy settings at any time, including making updates to the preferences that are shared and revoking access
12 User account authentication All account credential entry and verification is done by the Authorization Manager We currently use username and password credentials but in the future other forms of authentication could be supported Authentication of user accounts is independent of keying in with a token and is used to manage privacy settings
13 Information not required in GPII Medical or disability information Address, phone numbers, or other directly personally identifying information
14 User device endpoints We have HTTP based communication between components on the user's device and therefore ports that will accept requests User Listener to Flow Manager Log in Log out Device Reporter Gather information about Operating System and available solutions
15 GPII Configuration use cases Public access workstation Personal devices Anonymous/non-cloud use case
16 User Listeners Device Reporter Preferences Server Token, device info Environment Reporter Untrusted Flow Manager Lifecycle Manager Context Evaluator Lifecycle actions Local machine Match maker output with filtered settings Cloud Based Flow Manager Auth Manager Context Evaluator Solutions Registry Cloud Matchmaker
17 Local machine Cloud User Listeners Device Reporter Environment Reporter Flow Manager Preferences Server Lifecycle Manager Context Evaluator Solutions Registry Lifecycle actions Matchmaker
18 User Listeners Device Reporter Environment Reporter Flow Manager Lifecycle Manager Context Evaluator Lifecycle actions Matchmaker Local machine Cloud Solutions Registry
19 User Listeners Device Reporter Environment Reporter Flow Manager Lifecycle Manager Context Evaluator Lifecycle actions Matchmaker Local machine Solutions Registry Cloud
20 Preference access points with privacy filtering Untrusted Flow Manager Chrome extension Provides filtered settings to web content and cloudbased ATs OAuth 2 authorization code grant protocol Applies privacy filtering of preferences reaching the user's machine Most suited to web content and cloud-based ATs OAuth 2 client credentials grant protocol for adding new preferences
21 Privacy Principles Autonomy: user has full control over who can access their preferences sets, and which parts Prevent privacy leakage: only share the needs & preferences that a solution is capable of accommodating, filter everything else out at the Flow Manager layer
22 Privacy Filtering Users will typically want to control access to their NP set using familiar categories, e.g. Increase Size, Volume, Visual Styling These categories form an ontology defined by the Privacy settings We transform the user s preference set into this ontology on the fly (i.e. categorize the user s preferences sets into containers) Remove all items that the user doesn t want to share. Default policy removes everything (pessimistic or whitelist) Then transform back to flat preferences and continue the normal personalization workflow
23
24 Preferences { } " true, " 200, " true, " 1.5 Privacy Policy { } "visual-alternatives.speak-text.rate": true Filtered Preferences in Privacy ontology { } "visual-alternatives": { "speak-text": { "rate": 200 } } Filtered Settings { } " 200
25 Untrusted Flow Manager Splits the Flow Manager into 2 parts: a local part and a cloud part Matchmaking happens in the cloud and the settings are filtered before being returned to the local Flow Manager
26 User Listeners Device Reporter Preferences Server Token, device info Environment Reporter Untrusted Flow Manager Lifecycle Manager Context Evaluator Lifecycle actions Local machine Match maker output with filtered settings Cloud Based Flow Manager Auth Manager Context Evaluator Solutions Registry Cloud Matchmaker
27 Untrusted Flow Manager user data Preferences: complete preferences on remote server, filtered settings returned to the user's device Device information: sent to Cloud Based Flow Manager Environmental information: on user's device Log in and log out activity: log in initiates communication with server, log out not sent User account: authentication on remote server for Privacy Settings
28
29
30
31 Untrusted Flow Manager Log in 1) Gather device information and send to the Cloud Based Flow Manager 2) Retrieve user preferences and respond with instructions for applying the user's preferences 3) Use the Lifecycle Manager to apply the received instructions
32 Step 1: User logs in Gather local device information Send GPII token and device information to the Cloud Based Flow Manager GET /<GPII token>/untrusted-settings/<device info>
33 Device Information { "OS": { "id": "win32", "version": " " }, solutions: [ { "id": "com.microsoft.windows.highcontrast" }, { "id": "com.microsoft.windows.magnifier" }, { "id": "org.nvda-project" } ] }
34 Step 2: Cloud Based Flow Manager Retrieve user preferences Retrieve privacy policy for GPII token Perform match making Filter the settings according to the privacy policy Select context Build instructions to configure solutions
35 Untrusted Flow Manager response { "solutionsregistryentries": "usertoken": "li", "matchmakeroutput": "activecontextname": "gpii-default", "activeconfiguration": { "applications": { "org.nvda-project": { "active": true, "settings": { " 200 } } } }, "lifecycleinstructions": }
36 matchmakeroutput "gpii-default": { "applications": { "org.nvda-project": { "active": true, "settings" { " 200 } } } }, "turn-down-light": { "applications":... "conditions": [{ "type": " "min": 400, "inputpath": " }] }
37 lifecycleinstructions { "org.nvda-project": { "settingshanders": "start": "stop": "active": true } }
38 Chrome Extension Web sites and applications receive user settings through a browser extension Implemented as a GPII Settings Handler Uses Web Sockets The settings seen by each site will be subject to the user s privacy policy
39 OAuth 2 Authorization Code
40 OAuth 2 Authorization Code user data Preferences: complete preferences on remote server, filtered client settings returned via HTTP Device information: not involved Environmental information: not involved Log in and log out activity: local machine GPII not directly involved User account: authentication on remote server
41
42 Step 1: Redirect the user to request preferences access GET /authorize response_type: code client_id: <solution id> redirect_uri: <URL to send users after authorization> state: <unguessable string>
43
44
45 Step 2: GPII redirects back to site code: <authorization code> state: <string sent in Step 1>
46 Step 3: Exchange the authorization code for an access token POST /access_token grant_type: authorization_code code: <the authorization code> redirect_uri: <must match that specified in Step 1> client_id: <the solution id> client_secret: <the solution client secret> JSON response access_token: <access token> token_type: Bearer
47 Step 4: Use the access token to retrieve the user's preferences GET /settings Authorization: Bearer <access token> Preferences are filtered according to user's privacy policy for the solution
48 OAuth 2 Client Credentials for adding preferences Currently working to integration the First Discovery Tool for adding new user preferences
49
50
51
52
53
54 OAuth 2 Client Credentials user data Preferences: sent from the First Discovery Tool to GPII Device information: not involved Environmental information: not involved Log in and log out activity: not involved User account: not involved
55 Step 1: Request an access token POST /access_token grant_type: client_credentials scope: add_preferences client_id: <solution id> client_secret: <the solution client secret> JSON response access_token: <access token> token_type: Bearer
56 Step 2: Add new preferences POST /add-preferences Authorization: Bearer <access token> Post body containing preferences JSON Response Generated GPII token
57 Server Deployment HTTPS for all HTTP traffic Only public APIs exposed to the internet Whitelist filtering of API endpoints Logging and monitoring to check health and diagnose issues
58 Work to do Bug fixing User account infrastructure Local machine security Work through all GPII use cases and determine suitable approaches to realize each use case with appropriate security Bearer tokens Secured endpoints for all user data access Audit all HTTP endpoints
59 Work to do Tighter integration with other parts of GPII Solutions Registry Match making Authenication mechanisms such as two-factor authenciation, face-recognition, and devices such as YubiKey Server mechanisms to protect user accounts such as detecting and blacklisting IP addresses performing brute-force attacks
60 Questions What else are we missing? Best practices for local machine traffic using HTTP Provide authentication on devices that is both secure and convenient
61 Demo
Mobile Procurement REST API (MOBPROC): Access Tokens
Mobile Procurement REST API (MOBPROC): Access Tokens Tangoe, Inc. 35 Executive Blvd. Orange, CT 06477 +1.203.859.9300 www.tangoe.com TABLE OF CONTENTS HOW TO REQUEST AN ACCESS TOKEN USING THE PASSWORD
More informationUsing OAuth 2.0 to Access ionbiz APIs
Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and
More informationINTEGRATION MANUAL DOCUMENTATION E-COMMERCE
INTEGRATION MANUAL DOCUMENTATION E-COMMERCE LOGIN: In order to use Inkapay's e-commerce payment API you should be registered and verified on Inkapay, otherwise you can do this by entering to www.inkapay.com.
More informationIntegrating with ClearPass HTTP APIs
Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,
More informationAruba Central Application Programming Interface
Aruba Central Application Programming Interface User Guide Copyright Information Copyright 2016 Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationInland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE
Inland Revenue Build Pack Identity and Access Services Date: 04/09/2017 Version: 1.5 IN CONFIDENCE About this Document This document is intended to provide Service Providers with the technical detail required
More informationProtect Your API with OAuth 2. Rob Allen
Protect Your API with OAuth 2 Authentication Know who is logging into your API Rate limiting Revoke application access if its a problem Allow users to revoke 3rd party applications How? Authorization header:
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationThe production version of your service API must be served over HTTPS.
This document specifies how to implement an API for your service according to the IFTTT Service Protocol. It is recommended that you treat this document as a reference and follow the workflow outlined
More informationNIELSEN API PORTAL USER REGISTRATION GUIDE
NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration
More informationBlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide
BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,
More informationovirt SSO Specification
ovirt SSO Specification Behavior Changes End user visible changes The password delegation checkbox at user portal login is now a profile setting. Sysadmin visible changes Apache negotiation URL change
More informationWEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F
WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization
More informationNetIQ Access Manager 4.4. REST API Guide
NetIQ Access Manager 4.4 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationAdvanced API Security
Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation
More informationOracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.3.0) April 2014 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.3.0) Copyright 1999, 2014, Oracle and/or its
More informationOracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware API Gateway OAuth User Guide 11g Release 2 (11.1.2.2.0) August 2013 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.2.0) Copyright 1999, 2013, Oracle and/or its affiliates.
More informationClickToCall SkypeTest Documentation
ClickToCall SkypeTest Documentation Release 0.0.1 Andrea Mucci August 04, 2015 Contents 1 Requirements 3 2 Installation 5 3 Database Installation 7 4 Usage 9 5 Contents 11 5.1 REST API................................................
More informationNetIQ Access Manager 4.3. REST API Guide
NetIQ Access Manager 4.3 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationJPX Data Cloud API Specifications
JPX Data Cloud API Specifications February 2015 TOKYO STOCK EXCHANGE Copyright 2015 Japan Exchange Group, Inc. All rights reserved. 1 API List User Authentication API No API Name Method URL 1User Authentication
More informationHKWirelessHD API Specification
HKWirelessHD API Specification Release 1.0 Harman International June 22, 2016 Contents 1 Overview 3 2 Contents 5 2.1 Introduction............................................... 5 2.2 HKWirelessHD Architecture
More informationUsage of "OAuth2" policy action in CentraSite and Mediator
Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and
More informationfredag 7 september 12 OpenID Connect
OpenID Connect OpenID Connect Necessity for communication - information about the other part Trust management not solved! (1) OP discovery The user provides an identifier (for instance an email address)
More informationSalesforce IoT REST API Getting Started Guide
Salesforce IoT REST API Getting Started Guide Version 42.0, Spring 18 @salesforcedocs Last updated: March 9, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More informationClearPass. ClearPass Extension Universal Authentication Proxy. ClearPass Extension Universal Authentication Proxy TechNote
ClearPass Extension Universal Authentication Proxy TechNote ClearPass Extension Universal Authentication Proxy ClearPass TechNote ClearPass Extension Universal Authentication Proxy - TechNote 1 ClearPass
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More informationThe OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-30
OAuth Working Group D. Hardt, Ed. Internet-Draft Microsoft Obsoletes: 5849 (if approved) D. Recordon Intended status: Standards Track Facebook Expires: January 16, 2013 July 15, 2012 The OAuth 2.0 Authorization
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationRed Hat 3Scale 2-saas
Red Hat 3Scale 2-saas API Documentation For Use with Red Hat 3Scale 2-saas Last Updated: 2018-07-11 Red Hat 3Scale 2-saas API Documentation For Use with Red Hat 3Scale 2-saas Legal Notice Copyright 2018
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationThe OAuth 2.0 Authorization Protocol
The OAuth 2.0 Authorization Protocol Abstract The OAuth 2.0 authorization protocol enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by
More informationCoveo Platform 7.0. Yammer Connector Guide
Coveo Platform 7.0 Yammer Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing market conditions,
More informationUsing Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway
Using Keycloak to Provide Authentication, Authorization, and Identity Management Services for Your Gateway Marcus Christie Science Gateways Research Center Indiana University EDS Consultant Award Number
More informationIdentity and Data Access: OpenID & OAuth
Feedback: http://goo.gl/dpubh #io2011 #TechTalk Identity and Data Access: OpenID & OAuth Ryan Boyd @ryguyrg https://profiles.google.com/ryanboyd May 11th 2011 Agenda Feedback: http://goo.gl/dpubh #io2011
More informationOAuth2 Autoconfig. Copyright
Copyright Table of Contents... iii 1. Downloading... 1 1.1. Source... 1 1.2. Maven... 1 1.3. Gradle... 2 2. Authorization Server... 3 3. Resource Server... 4 I. Token Type in User Info... 5 II. Customizing
More informationInfo Input Express Network Edition
Info Input Express Network Edition Administrator s Guide A-61892 Table of Contents Using Info Input Express to Create and Retrieve Documents... 9 Compatibility... 9 Contents of this Guide... 9 Terminology...
More informationForeScout Extended Module for Symantec Endpoint Protection
ForeScout Extended Module for Symantec Endpoint Protection Version 1.0.0 Table of Contents About the Symantec Endpoint Protection Integration... 4 Use Cases... 4 Additional Symantec Endpoint Protection
More informationE POSTBUSINESS API Login-API Reference. Version 1.1
E POSTBUSINESS API Login-API Reference Imprint Software and documentation are protected by copyright and may not be copied, reproduced, stored, translated, or otherwise reproduced without the written approval
More informationLeveraging the Globus Platform in your Web Applications. GlobusWorld April 26, 2018 Greg Nawrocki
Leveraging the Globus Platform in your Web Applications GlobusWorld April 26, 2018 Greg Nawrocki greg@globus.org Topics and Goals Platform Overview Why expose the APIs A quick touch of the Globus Auth
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding 1 Table of Content FAS as an authorization server 3 1 OpenID Connect Authorization Code Request and Response 4 1.1 OPENID CONNECT AUTHORIZATION CODE
More informationOAuth App Impersonation Attack
OAuth App Impersonation Attack HOW TO LEAK A 100-MILLION-NODE SOCIAL GRAPH IN JUST ONE WEEK? A REFLECTION ON OAUTH AND API DESIGN IN ONLINE SOCIAL NETWORKS Pili Hu & Prof. Wing Cheong Lau The Chinese University
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationWeb Based Single Sign-On and Access Control
0-- Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationdjango-oauth2-provider Documentation
django-oauth2-provider Documentation Release 0.2.7-dev Alen Mujezinovic Aug 16, 2017 Contents 1 Getting started 3 1.1 Getting started.............................................. 3 2 API 5 2.1 provider.................................................
More informationBuilding the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017
Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?
More informationOAuth 2.0 Incremental Auth
OAuth 2.0 Incremental Auth IETF 99 Prague, July 2017 William Denniss Incremental Auth Problem Statement Asking for the kitchen sink of scopes up-front is a bad thing. Users should have the context of the
More informationBuilding the Modern Research Data Portal. Developer Tutorial
Building the Modern Research Data Portal Developer Tutorial Thank you to our sponsors! U. S. DEPARTMENT OF ENERGY 2 Presentation material available at www.globusworld.org/workshop2016 bit.ly/globus-2016
More informationCreating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions
Creating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions 2013-05-14, Vladimir Dzhuvinov Goals of the SDK Full implementation of the OIDC specs and all related OAuth
More informationSingle Sign-On Showdown
Single Sign-On Showdown ADFS vs Pass-Through Authentication Max Fritz Solutions Architect SADA Systems #ITDEVCONNECTIONS Azure AD Identity Sync & Auth Timeline 2009 2012 DirSync becomes Azure AD Sync 2013
More informationGitHub-Flask Documentation
GitHub-Flask Documentation Release 3.2.0 Cenk Altı Jul 01, 2018 Contents 1 Installation 3 2 Configuration 5 3 Authenticating / Authorizing Users 7 4 Invoking Remote Methods 9 5 Full Example 11 6 API Reference
More informationMediaAUTH Draft Proposal
MediaAUTH Draft Proposal August 21, 2012 Contents 1 Introduction 2 2 Service & User Perspective 2 2.1 Login...................................... 2 2.2 Soft Login.................................... 3
More informationOpen standards: Open authentication and Identity Management tool
Open standards: Open authentication and Identity Management tool Decentralised Citizens ENgagement Technologies Specific Targeted Research Project Collective Awareness Platforms Creative Commons Attribution-NonCommercial-
More informationOpenID Connect Opens the Door to SAS Viya APIs
Paper SAS1737-2018 OpenID Connect Opens the Door to SAS Viya APIs Mike Roda, SAS Institute Inc. ABSTRACT As part of the strategy to be open and cloud-ready, SAS Viya services leverage OAuth and OpenID
More informationPartner Center: Secure application model
Partner Center: Secure application model The information provided in this document is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including
More informationVerasys Enterprise Security and IT Guide
Verasys Enterprise Johnson Controls Milwaukee WI, USA www.verasyscontrols.com LIT-12013026 March 2018 Contents Introduction... 3 Microsoft Azure security and privacy... 5 Security... 5 Privacy...5 Compliance...5
More informationScience-as-a-Service
Science-as-a-Service The iplant Foundation Rion Dooley Edwin Skidmore Dan Stanzione Steve Terry Matthew Vaughn Outline Why, why, why! When duct tape isn t enough Building an API for the web Core services
More informationGrandstream Networks, Inc. Captive Portal Authentication via Twitter
Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...
More informationOracle Cloud Using Oracle Event Hub Cloud Service
Oracle Cloud Using Oracle Event Hub Cloud Service E78653-16 June 2018 Oracle Cloud Using Oracle Event Hub Cloud Service, E78653-16 Copyright 2017, 2018, Oracle and/or its affiliates. All rights reserved.
More informationPacific Gas and Electric Company
Pacific Gas and Electric Company Functional & Technical Application Design Program Project Client SDK Python Development Guide Line of Business or Department Prepared by Bharati Vanganuru Date 05/22/2015
More informationGmail Integration for Salesforce and Dynamics 365
Gmail Integration for Salesforce and Dynamics 365 PRIVACY POLICY LAST MODIFIED: MARCH 12, 2019 2019 Introduction Welcome to Gmail Integration for Salesforce and Dynamics 365, a service provided by Akvelon,
More informationAN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE
AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE Nicholas Carlini, Adrienne Porter Felt, David Wagner University of California, Berkeley CHROME EXTENSIONS CHROME EXTENSIONS servers servers
More informationpython-oauth2 Documentation
python-oauth2 Documentation Release 2.0.0 Markus Meyer Oct 07, 2017 Contents 1 Usage 3 2 Installation 5 3 oauth2.grant Grant classes and helpers 7 3.1 Three-legged OAuth...........................................
More informationHow to set up VMware Unified Access Gateway with OPSWAT MetaAccess Client
How to set up VMware Unified Access Gateway with OPSWAT MetaAccess Client About This Guide... 2 Part 1: Enforce MetaAccess client installation... 3 Part 2: Enforce device compliance... 5 1 About This Guide
More informationPrivacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras
Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 12 Tutorial 3 Part 1 Twitter API In this tutorial, we will learn
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationsanction Documentation
sanction Documentation Release 0.4 Demian Brecht May 14, 2014 Contents 1 Overview 3 2 Quickstart 5 2.1 Instantiation............................................... 5 2.2 Authorization Request..........................................
More informationLogin with Amazon. Developer Guide for Websites
Login with Amazon Developer Guide for Websites Login with Amazon: Developer Guide for Websites Copyright 2017 Amazon Services, LLC or its affiliates. All rights reserved. Amazon and the Amazon logo are
More informationLiveEngage Messaging Platform: Security Overview Document Version: 2.0 July 2017
LiveEngage Messaging Platform: Security Overview Document Version: 2.0 July 2017 Contents Introduction... 3 Supported Platforms... 3 Protecting Data in Transit... 3 Protecting Data at Rest... 3 Encryption...
More informationGrandstream Networks, Inc. Captive Portal Authentication via Facebook
Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...
More informationOracle REST Data Services Quick Start Guide. Release 17.4
Oracle REST Data Services Quick Start Guide Release 17.4 E88402-01 December 2017 Oracle REST Data Services Quick Start Guide, Release 17.4 E88402-01 Copyright 2011, 2017, Oracle and/or its affiliates.
More informationBlack Box DCX3000 / DCX1000 Using the API
Black Box DCX3000 / DCX1000 Using the API updated 2/22/2017 This document will give you a brief overview of how to access the DCX3000 / DCX1000 API and how you can interact with it using an online tool.
More informationUsing Twitter & Facebook API. INF5750/ Lecture 10 (Part II)
Using Twitter & Facebook API INF5750/9750 - Lecture 10 (Part II) Lecture contents Connecting to popular social APIs Authentication Authorization Common calls Privacy and understanding data storage Social
More informationPackage GAR. September 18, 2015
Type Package Package GAR September 18, 2015 Title Authorize and Request Google Analytics Data Version 1.1 Date 2015-09-17 Author Maintainer BugReports https://github.com/andrewgeisler/gar/issues
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Active Directory Domain Services On-premises App Server Validate credentials
More informationSAS Event Stream Processing 4.2: Security
SAS Event Stream Processing 4.2: Security Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically, you
More informationMicrosoft Graph API Deep Dive
Microsoft Graph API Deep Dive Donald Hessing Lead Architect, Capgemini, The Netherlands Microsoft Certified Master (MCM) Agenda Introduction to Microsoft Graph API What is now and what is new in GA and
More informationTACHO ONLINE API. TUNGVOGNSSPECIALISTEN APS Københavnsvej 265, DK-4000 Roskilde
2018 TACHO ONLINE API TUNGVOGNSSPECIALISTEN APS Københavnsvej 265, DK-4000 Roskilde CONTENT What s new?... 5 Tacho activities... 5 Welcome... 5 More information... 5 Terminology... 5 TVS... 5 Tacho Online...
More informationSalesforce External Identity Implementation Guide
Salesforce External Identity Implementation Guide Salesforce, Spring 17 @salesforcedocs Last updated: March 11, 2017 Copyright 2000 2017 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationAruba Central APIs. Adolfo Bolivar April 2018
Aruba Central APIs Adolfo Bolivar April 2018 Agenda Why APIs? Enabling Aruba Central to support APIs Getting the Access token and refresh token via APIs Aruba Central APIs Demos: 1. Proactive notifications
More informationWho am I? Identity Product Group, CXP Team. Premier Field Engineer. SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB
@markmorow Who am I? Identity Product Group, CXP Team Premier Field Engineer SANS STI Student GWAPT, GCIA, GCIH, GCWN, GMOB Under the hood: Multiple backend services and hybrid components Hybrid Components
More informationLogin with Amazon. Developer Guide API Version
Login with Amazon Developer Guide API Version 2013-01-03 Login with Amazon: Developer Guide Copyright 2013 Amazon Services, LLC or its affiliates. All rights reserved. The following are trademarks or registered
More informationDeploying OAuth with Cisco Collaboration Solution Release 12.0
White Paper Deploying OAuth with Cisco Collaboration Solution Release 12.0 Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing) Last Updated: December 2017 This document describes the
More informationCassia Software Development Kit (SDK) for S1000, S1100, X1000 and E1000. Table of Contents
WHITE PAPER Cassia Software Development Kit (SDK) for S1000, S1100, X1000 and E1000 This document shows how you can use the Cassia SDK to integrate your Bluetooth end devices with the Cassia S1000, S1100,
More informationIntroduction to IdentityServer
Introduction to IdentityServer The open source OIDC framework for.net Brock Allen http://brockallen.com @BrockLAllen brockallen@gmail.com @IdentityServer Dominick Baier http://leastprivilege.com @leastprivilege
More informationGrandstream Networks, Inc. Captive Portal Authentication via Facebook
Grandstream Networks, Inc. Table of Content SUPPORTED DEVICES... 4 INTRODUCTION... 5 CAPTIVE PORTAL SETTINGS... 6 Policy Configuration Page... 6 Landing Page Redirection... 8 Pre-Authentication Rules...
More information[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol
[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft
More informationLIPPU-API: Security Considerations
LIPPU-API: Security Considerations Interoperability of ticket and payment systems project 27th of November 2017 1 Contents 1 Introduction... 2 2 Threat modeling... 2 3 Layered security architecture and
More informationRealtime API. API Version: Document Revision: 16 Last change:26 October Kwebbl Swiss Software House GmbH
Realtime API API Version: 1.0.0 Document Revision: 16 Last change:26 October 2016 Kwebbl Swiss Software House GmbH Haldenstrasse 5 6340 Baar info@kwebbl.com Switzerland www.kwebbl.com Table of Contents
More informationLab 2 Third Party API Integration, Cloud Deployment & Benchmarking
Lab 2 Third Party API Integration, Cloud Deployment & Benchmarking In lab 1, you have setup the web framework and the crawler. In this lab, you will complete the deployment flow for launching a web application
More informationIf the presented credentials are valid server will respond with a success response:
Telema EDI REST API Telema EDI REST API allows client to send and receive document to and from Telema server. In order to use EDI REST API client must have correct channel configured in Telema system.
More informationChatWork API Documentation
ChatWork API Documentation 1. What s ChatWork API? 2. ChatWork API Endpoints 3. OAuth 4. Webhook What s ChatWork API? ChatWork API is an API provided for developers to programmatically interact with ChatWork's
More informationBomgar PA Integration with ServiceNow
Bomgar PA Integration with ServiceNow 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property of
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationRead the following information carefully, before you begin an upgrade.
Read the following information carefully, before you begin an upgrade. Review Supported Upgrade Paths, page 1 Review Time Taken for Upgrade, page 1 Review Available Cisco APIC-EM Ports, page 2 Securing
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More information