Nordic APIs - Building a Secure API

•

1 gefällt mir•6,362 views

This document discusses techniques for building a secure API, including OAuth, OpenID Connect, SCIM, JSON Web Tokens, and other standards. It provides an overview of key concepts like the OAuth authorization framework with clients, authorization servers, and resource servers. Identity management is central, and protocols like SCIM and SAML can be used to provision and manage user accounts. The document also summarizes standards like JWTs and how pieces like OAuth, OpenID Connect, and SCIM can be combined to securely access APIs and manage user identities.

Technologie

Crucial Security Concerns

Enterprise API Mobile
Security Security Security

Copyright © 2013 Twobo Technologies AB. All rights reserved

Identity is Central

Mobile
Security

MDM MAM
Identity
Enterprise A
u API
Security t Security
h
Z

Copyright © 2013 Twobo Technologies AB. All rights reserved Venn diagram by Gunnar Peterson

Neo-security Stack
OpenID Connect
 SCIM, SAML, OAuth, and JWT are the new
standards-based cloud security stack
 OAuth 2 is the new meta-protocol defining how
tokens are handled
 These address old requirements, solves new
problems & are composed
in useful ways Grandpa SAML
& junior

 WS- again? Yep

Copyright © 2013 Twobo Technologies AB. All rights reserved

OAuth Actors

 Client
AS
 Authorization Server (AS)
 Resource Server (RS) (i.e., API)

Get a token
 Resource Owner (RO)

User a token

RS Client
Copyright © 2013 Twobo Technologies AB. All rights reserved

OAuth Web Server Flow

Copyright © 2013 Twobo Technologies AB. All rights reserved

What OAuth is and is not for

Not for authentication

Not really for authorization

For delegation

Copyright © 2013 Twobo Technologies AB. All rights reserved

Authentication & Federation

 How you authenticate to AS is undefined
 Use SAML or OpenID Connect for SSO to AS
 Relay OAuth token in SAML messages

Copyright © 2013 Twobo Technologies AB. All rights reserved

Push Tokens & Pull Data

IdP & API Provider SaaS App
Data

Get Data

Access token in
federation message

Browser
Copyright © 2013 Twobo Technologies AB. All rights reserved

Overview of SCIM

 Defines RESTful API to manage users & groups
 Specifies core user & group schemas
 Supports bulk updates for ingest
 Binding for SAML and eventually OpenID Connect

Copyright © 2013 Twobo Technologies AB. All rights reserved

Overview of JSON Identity Suite

 Suite of JSON-based identity protocols
 Tokens (JWT) ▪ Encryption (JWE)
 Keys (JWK) ▪ Signatures (JWS)
 Algorithms (JWA)
 Bearer Token spec explains how to use w/ OAuth
 Being defined in IETF

Copyright © 2013 Twobo Technologies AB. All rights reserved

Overview of JWT

 Pronounced like the English word “jot”
 Lightweight tokens passed in HTTP headers &
query strings
 Akin to SAML tokens
 Less expressive
 Less security options
 More compact
 Encoded w/ JSON not XML

Copyright © 2013 Twobo Technologies AB. All rights reserved

SCIM + OAuth

 Use OAuth to secure SCIM API calls
 Use SCIM to create accounts needed to access
APIs secured using OAuth

Copyright © 2013 Twobo Technologies AB. All rights reserved

SCIM + SAML/OIC

 Carry SCIM attributes in SAML assertions
(bindings for SCIM)
 Enables JIT provisioning
 Supplements SCIM API & schema
 Provisioning accounts using SCIM API to be
updated before/after logon

Copyright © 2013 Twobo Technologies AB. All rights reserved

Questions & Thanks

@2botech
@travisspencer
www.2botech.com
travisspencer.com
Copyright © 2013 Twobo Technologies AB. All rights reserved

Weitere ähnliche Inhalte

Was ist angesagt?

Incorporating OAuth: How to integrate OAuth into your mobile app

Nordic APIs

Authorization The Missing Piece of the Puzzle

Nordic APIs

This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden. Description: In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.

OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)

Nordic APIs

Session held by Travis Spencer at PayEx and Nordic APIs event "Secure, flexible and modern APIs for Payments" event in Oslo, May 10th. Description: When opening up secure APIs, OAuth 2 and OpenID Connect are the primary standards being used today. Implementing and using these standards can be challenging. In this session, Travis Spencer, CEO of Twobo Technologies, will provide an in-depth overview of these standards and explain how they can be integrated into financial services apps. The overview will include information on: The actors involved in OAuth and OpenID Connect The flows used in the standards What grant types are, which are defined, and the message exchanges of each What scopes are and examples of their use Different classes of tokens and how they are used Overview of the OpenID Foundation’s work in the Financial API WG Attendees will leave with: An overview of OAuth 2 and OpenID Connect Knowledge of the basics necessary to using these standards Resources and information sources where more information can be found

Secure your APIs using OAuth 2 and OpenID Connect

Nordic APIs

Launching a Successful and Secure API

Nordic APIs

1400 ping madsen-nordicapis-connect-01

Nordic APIs

Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden. Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.

Open APIs - Risks and Rewards (Øredev 2013)

Nordic APIs

Integrated social solutions, the power and pitfalls of mashups

Nordic APIs

OpenID Connect Explained

Vladimir Dzhuvinov

OpenID Connect 101 @ OpenID TechNight vol.11

Nov Matake

Security Cas And Open Id

ConSanFrancisco123

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk

Nov Matake

Windows azure media services overview

Guada Casuso

AT&T 2012 DevLab Speech API Deep Dive

Michael Owens

In this session Novell technical support engineers will cover best practices guidelines for functionality and performance to proactively avoid problems in Novell Access Manager. They will discuss architecture issues and cover the flow of operation of key Access Manager components. Finally, they will describe key troubleshooting tips and tools to enable you to proactively avoid common issues, and solve them more quickly should they occur. Speaker: Neil Cashell Technical Support Engineer

Troubleshooting Novell Access Manager 3.1

Novell

OAuth & OpenID Connect Deep Dive

Nordic APIs

Why Assertion-based Access Token is preferred to Handle-based one?

Hitachi, Ltd. OSS Solution Center.

PKI in today's landscape (Mauritius - Siddick)

Siddick Elaheebocus

This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider. In this session Alvaro will explore standards like OAuth and JWT to achieve a stateless, token-based authentication and authorisation. He will explore the existing impl More specifically, the demonstration will be made using Spring Security REST, a popular Grails plugin written by Álvaro. Authentication is normally a stateful service. Most of the implementations rely on the HTTP session, thus introducing state as the session is an in-memory data structure in the application server. In the microservices era, most of the companies are developing such called RESTful services, where one of the principles is to create stateless systems. In such scenario, authentication should be stateless too. There is a standard specification to secure web application and API's, that is being adopted massively by the industry: OAuth 2. The specification doesn't explicitly cover how to make a stateless implementation. And most of the existing ones depend on some sort of external storage (such as a DB) to store the tokens generated for a later validation. Fortunately, there is another specification by the IETF called JSON Web Token, that can be combined with OAuth 2 to achieve a stateless authentication system. In the session, Alvaro will explain the core concepts of OAuth 2, as well as JWT and how can them be used together to achieve the last 2 letters of REST: State Transfer.

Stateless authentication with OAuth 2 and JWT - JavaZone 2015

Alvaro Sanchez-Mariscal

Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...

Edureka!

Was ist angesagt? (20)

Incorporating OAuth: How to integrate OAuth into your mobile app

Authorization The Missing Piece of the Puzzle

OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)

Secure your APIs using OAuth 2 and OpenID Connect

Launching a Successful and Secure API

1400 ping madsen-nordicapis-connect-01

Open APIs - Risks and Rewards (Øredev 2013)

Integrated social solutions, the power and pitfalls of mashups

OpenID Connect Explained

OpenID Connect 101 @ OpenID TechNight vol.11

Security Cas And Open Id

OAuth 2.0 & OpenID Connect @ OpenSource Conference 2011 Tokyo #osc11tk

Windows azure media services overview

AT&T 2012 DevLab Speech API Deep Dive

Troubleshooting Novell Access Manager 3.1

OAuth & OpenID Connect Deep Dive

Why Assertion-based Access Token is preferred to Handle-based one?

PKI in today's landscape (Mauritius - Siddick)

Stateless authentication with OAuth 2 and JWT - JavaZone 2015

Azure Virtual Network Tutorial | Azure Virtual Machine Tutorial | Azure Train...

Andere mochten auch

Secure Your REST API (The Right Way)

Stormpath

How can we develop websites where the different parts of the pages are developed by different teams? If you work in a large enough organization which has its content and services on the web, this is probably a question you have asked yourself several times. With this talk I want to show that server-side rendered websites integrated on content (using transclusion) allow for high long-term evolvability compared to client-side rendering integrated with shared code. In other words, if you want a system with high long-term evolvability, you should not develop websites using only client-side JavaScript and integrate them using a shared components approach.

Microservice Websites (microXchg 2017)

Gustaf Nilsson Kotte

By now you’ve bought into the idea of using APIs to integrate cloud, mobile devices and the enterprise. But are building safe APIs? One insecure API can increase your organization’s risk profile exponentially. Securing APIs is not like securing the web—a point lost on many developers coming from a web-centric background. Learn what good practices to put in place and the common security anti-patterns you must avoid to ensure your company’s APIs are reliable, safe and secure. You will learn: • The top ways hackers exploit APIs in the wild • Common identity pitfalls and how to avoid them • Why OAuth scopes are essential to master • How to keep web developers from bringing bad habits with them

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

CA API Management

SpringOne Platform 2016 Speaker: David Ferriera; Director, Cloud Technology, Forgerock Microservices architecture elevates the challenges for Authentication and Authorization management. When a single frontend request can result in many backend microservices calls, it is important to balance security and performance. ForgeRock provides a standards-based blueprint that provides a flexible solution for making these choices while protecting your Cloud Foundry services end to end.

An Authentication and Authorization Architecture for a Microservices World

VMware Tanzu

Calling an OAuth 1.0a API from an OAuth 2.0 API

Travis Spencer

Les Hazlewood, Stormpath co-founder and CTO and the Apache Shiro PMC Chair demonstrates how to design a beautiful REST + JSON API. Includes the principles of RESTful design, how REST differs from XML, tips for increasing adoption of your API, and security concerns. Presentation video: https://www.youtube.com/watch?v=5WXYw4J4QOU More info: http://www.stormpath.com/blog/designing-rest-json-apis Further reading: http://www.stormpath.com/blog Sign up for Stormpath: https://api.stormpath.com/register Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.

Design Beautiful REST + JSON APIs

Stormpath

Twobo LDAP Attribute Store for ADFS

Twobo Technologies

Who’s Knocking? Identity for APIs, Web and Mobile

Nordic APIs

This talk is about how to secure your frontend+backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your frontend application is running on a browser and not securely from the server, there are few things you need to consider. In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication using frameworks like Angular JS on the frontend and Spring Security on the backend. Video available at https://skillsmatter.com/skillscasts/6058-stateless-authentication-for-microservices

Stateless authentication for microservices

Alvaro Sanchez-Mariscal

Public and private APIs: differences and challenges

Restlet

Magento database diagram

Tuyến Trần

I den här presentationen diskuteras begreppet tjänsteplattform, e-tjänsteplattform, "kommunal tjänsteplattform" och vad den plattformen egentligen behöver innehålla för att svara upp mot en hållbar e-utveckling. Med hållbar avses här att göra rätt från början, att inte måla in sig i ett hörn, att inte hamna i en återvändsgränd - bara för att man inte hade hela bilden klart för sig när man startade. Och det går att börja smått, ändå. Med enkla e-tjänster.

Tjänsteplattform i mtg - 2014 02-05

Advania

2. Day 2 - Identify and SSO

Huy Pham

SäKerhet I Molnen

Predrag Mitrovic

Samtrafiken - Lessons learned from Trafiklab

Nordic APIs

Criticality of identity

Nordic APIs

State of APIs: Now & Next

Andreas Krohn

Sveriges radio nordic apis 21 mars 2013

Nordic APIs

Java Aktuell Bernd Zuther Canary Releases mit der Very Awesome Microservices ...

Bernd Zuther

Unit Testing, Extreme Programming, Refactoring, Continuous Integration, das Agile Manifest – all das waren Meilensteine auf dem Weg zur modernen Softwareentwicklung. Doch wie behält man immer alle Aktivitäten auf dem Schirm – etwa, wenn man wissen möchte, ob der Build Server einem kurz vor dem nächsten Release einen Strich durch die Rechnung macht? Gut ist es deshalb, wenn man ein sogenanntes Extreme Feedback Device besitzt, dass uns den Status des Build Server direkt visualisiert. In diesem Vortrag wird es darum gehen, wie man ein Extreme Feedback Device selber bauen kann. Dabei werden die folgenden Themen besprochen, wie reengineert man einen USB Treiber und was muss man tun, um einen Microcontroller, wie z.B. einen Arduino, dazu benutzen ein solches Gerät selber zu bauen.

Bau dein eigenes extreme feedback device

Bernd Zuther

Andere mochten auch (20)

Secure Your REST API (The Right Way)

Microservice Websites (microXchg 2017)

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

An Authentication and Authorization Architecture for a Microservices World

Calling an OAuth 1.0a API from an OAuth 2.0 API

Design Beautiful REST + JSON APIs

Twobo LDAP Attribute Store for ADFS

Who’s Knocking? Identity for APIs, Web and Mobile

Stateless authentication for microservices

Public and private APIs: differences and challenges

Magento database diagram

Tjänsteplattform i mtg - 2014 02-05

2. Day 2 - Identify and SSO

SäKerhet I Molnen

Samtrafiken - Lessons learned from Trafiklab

Criticality of identity

State of APIs: Now & Next

Sveriges radio nordic apis 21 mars 2013

Java Aktuell Bernd Zuther Canary Releases mit der Very Awesome Microservices ...

Bau dein eigenes extreme feedback device

Ähnlich wie Nordic APIs - Building a Secure API

Find out how today’s authorization experts are getting maximum value from OAuth OAuth has quickly become the key standard for authorization across mobile apps and the Web. But are you getting the most out of OAuth? Join Mehdi Medjaoul, Co-Founder & Executive Director of Webshell – the company behind OAuth.io – and Scott Morrison, former CTO of Layer 7 and now Distinguished Engineer at CA Technologies, as they discuss how authorization experts are really using OAuth today.

OAuth in the Real World featuring Webshell

CA API Management

OAuth 101 & Secure APIs 2012 Cloud Identity Summit

Brian Campbell

Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...

CA API Management

CIS13: Mobile Single Sign-On: Extending SSO Out to the Client

CloudIDSummit

API Security: Securing Digital Channels and Mobile Apps Against Hacks

Akana

Platform Security that will Last for Decades (Travis Spencer)

Nordic APIs

Over the Air 2011 Security Workshop

Ericsson Labs

In the last 10yrs, our Industry has done a great job defining standards and protocols on federating identities across boundaries. However, at cloud scale, there are still some gaps for distributed and multi-tenant applications. In this presentation, Praerit will explore the current situation with the audience; explore some of the more complex problems around use of identities within applications; and provide insight into some of the work being done in AWS to address these gaps.

CIS 2015- Beyond Federation Protocols- Praerit Garg

CloudIDSummit

Presented at APIdays Paris. API security is the principal concern when it comes to establishing a trusted API ecosystem. Rightly so, because opening up business systems through APIs by definition expands the attack surface that can be exploited. Although many threat vectors and vulnerabilities are well known, we have to remain on the lookout for new threats continuously. On the positive side, open standards that help defend against security threats are constantly being created and refined. What is even more helpful are the specifications that aggregate relevant standards into a comprehensive API security profile. Excellent examples of these are the current specifications that support open banking initiatives like UK Open Banking and PSD2. Could these specifications not have a wider applicability? In other words, would we be able to benefit from the security guidelines captured in these specifications in other verticals like logistics, retail, energy, healthcare and government, too? In this talk, we will compare security guidelines covered in the specifications and see to what extent they may benefit the wider enterprise API developer community.

Leveraging open banking specifications for rigorous API security – What’s in...

Rogue Wave Software

More and more enterprises today are doing business by opening up their data and applications through APIs. Though forward-thinking and strategic, exposing APIs also increases the surface area for potential attack by hackers. To benefit from APIs while staying secure, enterprises and security architects need to continue to develop a deep understanding about API security and how it differs from traditional web application security or mobile application security.

API Security: Securing Digital Channels and Mobile Apps Against Hacks

Akana

5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...

CA API Management

Bridging the Enterprise and the Cloud from Layer 7

CA API Management

Identity and Client Management using OpenID Connect and SAML

pqrs1234

Mulesoft

Melissa Narvaez

Identity 2.0 and User-Centric Identity

Oliver Pfaff

Spellpoint - Securing Access for Microservices

Ubisecure

Soa And Web Services Security

ConSanFrancisco123

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...

APIsecure_ Official

Web Architecture - Mechanism and Threats

Sumedt Jitpukdebodin

I this presentation enterprises will get a practical overview of what they need to know when approaching APIs and technologies like OAuth. Mobile and Cloud initiatives are driving enterprises to expose data and applications to the outside world. Whether SOAP, REST or JSON, these APIs give enterprises an efficient way to open up information to services running in the Cloud and apps running on mobile devices like the iPad. However, securing and governing the lifecycle and operation of these APIs is not straightforward. It requires new approaches to access, protection and management. This invariably requires adoption of new technologies such as OAuth, which are not yet well understood.

API Security and OAuth for the Enterprise

CA API Management

Ähnlich wie Nordic APIs - Building a Secure API (20)

OAuth in the Real World featuring Webshell

OAuth 101 & Secure APIs 2012 Cloud Identity Summit

Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...

CIS13: Mobile Single Sign-On: Extending SSO Out to the Client

API Security: Securing Digital Channels and Mobile Apps Against Hacks

Platform Security that will Last for Decades (Travis Spencer)

Over the Air 2011 Security Workshop

CIS 2015- Beyond Federation Protocols- Praerit Garg

Leveraging open banking specifications for rigorous API security – What’s in...

API Security: Securing Digital Channels and Mobile Apps Against Hacks

5 Reasons Why APIs Must be Part of Your Mobile Strategy - Scott Morrison, Dis...

Bridging the Enterprise and the Cloud from Layer 7

Identity and Client Management using OpenID Connect and SAML

Mulesoft

Identity 2.0 and User-Centric Identity

Spellpoint - Securing Access for Microservices

Soa And Web Services Security

2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...

Web Architecture - Mechanism and Threats

API Security and OAuth for the Enterprise

Kürzlich hochgeladen

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Neo4j

Real Time Object Detection Using Open CV

Khem

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Increase engagement and revenue with Muvi Live Paywall! In this presentation, we will explore the five key benefits of using Muvi Live Paywall to monetize your live streams. You'll learn how Muvi Live Paywall can help you: Monetize your live content easily: Set up pay-per-view access to your live streams and start generating revenue from your content. Increase audience engagement: Provide exclusive, premium content behind the paywall to keep your viewers engaged. Gain valuable viewer insights: Track viewer data and analytics to better understand your audience and tailor your content accordingly. Reduce content piracy: Muvi Live Paywall's security features help protect your content from unauthorized distribution. Streamline your workflow: The all-in-one platform simplifies the process of managing and monetizing your live streams. With Muvi Live Paywall, you can take control of your live stream monetization and create a sustainable business model for your content. Learn more about Muvi Live Paywall and start generating revenue from your live streams today!

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Roshan Dwivedi

Kürzlich hochgeladen (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...

Real Time Object Detection Using Open CV

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Exploring the Future Potential of AI-Enabled Smartphone Processors

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

GenAI Risks & Security Meetup 01052024.pdf

A Domino Admins Adventures (Engage 2024)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

How to Troubleshoot Apps for the Modern Connected Worker

Automating Google Workspace (GWS) & more with Apps Script

HTML Injection Attacks: Impact and Mitigation Strategies

Boost Fertility New Invention Ups Success Rates.pdf

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams

Nordic APIs - Building a Secure API

1. Building a Secure API Overview of techniques and technologies needed to launch a secure API By Travis Spencer, CEO @travisspencer, @2botech Copyright © 2013 Twobo Technologies AB. All rights reserved

5. Neo-security Stack OpenID Connect  SCIM, SAML, OAuth, and JWT are the new standards-based cloud security stack  OAuth 2 is the new meta-protocol defining how tokens are handled  These address old requirements, solves new problems & are composed in useful ways Grandpa SAML & junior  WS- again? Yep Copyright © 2013 Twobo Technologies AB. All rights reserved

6. OAuth Actors  Client AS  Authorization Server (AS)  Resource Server (RS) (i.e., API) Get a token  Resource Owner (RO) User a token RS Client Copyright © 2013 Twobo Technologies AB. All rights reserved

9. Authentication & Federation  How you authenticate to AS is undefined  Use SAML or OpenID Connect for SSO to AS  Relay OAuth token in SAML messages Copyright © 2013 Twobo Technologies AB. All rights reserved

11. Overview of OpenID Connect  Builds on OAuth for profile sharing  Uses the flows optimized for user-consent scenarios  Adds identity-based inputs/outputs to core OAuth messages  Tokens are JWTs Copyright © 2013 Twobo Technologies AB. All rights reserved

12. Overview of SCIM  Defines RESTful API to manage users & groups  Specifies core user & group schemas  Supports bulk updates for ingest  Binding for SAML and eventually OpenID Connect Copyright © 2013 Twobo Technologies AB. All rights reserved

13. Overview of JSON Identity Suite  Suite of JSON-based identity protocols  Tokens (JWT) ▪ Encryption (JWE)  Keys (JWK) ▪ Signatures (JWS)  Algorithms (JWA)  Bearer Token spec explains how to use w/ OAuth  Being defined in IETF Copyright © 2013 Twobo Technologies AB. All rights reserved

14. Overview of JWT  Pronounced like the English word “jot”  Lightweight tokens passed in HTTP headers & query strings  Akin to SAML tokens  Less expressive  Less security options  More compact  Encoded w/ JSON not XML Copyright © 2013 Twobo Technologies AB. All rights reserved

16. SCIM + SAML/OIC  Carry SCIM attributes in SAML assertions (bindings for SCIM)  Enables JIT provisioning  Supplements SCIM API & schema  Provisioning accounts using SCIM API to be updated before/after logon Copyright © 2013 Twobo Technologies AB. All rights reserved

Nordic APIs - Building a Secure API

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Nordic APIs - Building a Secure API

Ähnlich wie Nordic APIs - Building a Secure API (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Nordic APIs - Building a Secure API