CIS14: Knowing vs. Asking: Innovation in User Recognition

•

1 gefällt mir•360 views

Pam Dingle, Ping Identity Walk-through of simple changes in approach—away from the traditional stateless authentication model—that can have radical effect on what a user might be asked to do, and how they are asked to do it, with demonstration of recommended methods.

Technologie

KNOWING VS ASKING
INNOVATION IN USER RECOGNITION
Pamela Dingle
@pamelarosiedee
Office of the CTO, Ping Identity

https://www.flickr.com/photos/bensonkua/
2754312951

https://www.flickr.com/photos/bensonkua/
2754312951/in/photostream/

Our Lexicon must grow to Encompass Hints
•  What is a hint?
– Statement based on probability but lacking authority
– Multiple evolutions evolving into the concept of a
Hint
•  Passive Factors / Real-time analytics
•  Cached previous data
•  Account Chooser

Security Posture should never be OSFA again
•  It isn’t 1995 anymore
•  The device to user ratio has
inverted
•  In the 1st world at least, 5-year
olds have iPads
•  You can’t abandon the 1995
flow but you can choose who to
offer it to

That must be dangerous!
Because, Security

Session bound with Context
allows us to help “friendlies”
But what tooling allows
contextual collaboration
across domains?

Two Flow Elements
•  Continuation Flow
– Is there some context that can forecast an identifier
and/or idp?
•  Bootstrap flow
– No continuation exists
– Is there a way to introduce the user & idp to the flow?

Hint Spectrum
Login Hint Refresh Token
Previously Issued IDToken
Shared Signal
Expired Token & context
assertion embedded in
signed AuthnRequest

Login Hint
•  Exactly the information the user would have to
type themselves anyway
– User Identifier
– IDP
•  Equivalent to
“Remember me”
(but crossing domains)

How can an RP derive a Login Hint?
•  Continuation Flow
–  Check the expired session
cookie
–  Dig up the previous id_token
•  Bootstrapping Flow
–  Ask for it (NASCAR, OpenID)
(ie – stranger flow)
–  Query a common authority
•  CDC,Account Chooser
Dave
Carter
h*ps://www.ﬂickr.com/photos/david_s_carter/3041065755

Bootstrapping
HTTP/1.1 302 Found!
Location: https://server.example.com/authorize!
! ?response_type=code!
&scope=openid%20profile%20email!
&client_id=s6BhdRkqt3!
&state=af0ifjsldkj!
&redirect_uri=https%3A%2F%2Fclnt.example.org%2Fcb!
&login_hint=patty%40integralcurve.com!

$Continuation {! "iss": "s6BhdRkqt3",! "aud": "https://server.example.com",! "response_type": "code id_token",! "client_id": "s6BhdRkqt3",! "redirect_uri": "https://client.example.org/cb",! "scope": "openid",! "state": "af0ifjsldkj",! "nonce": "n-0S6_WzA2Mj",! "max_age": 86400,! "id_token_hint": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc! K5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVV k4XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg"! }!$

An attacker who emulates the
login hint only gets this far

Thanks!
@pamelarosiedee
http://pingidentity.com
http://eternallyoptimistic.com

Weitere ähnliche Inhalte

Andere mochten auch

David Brossard, Product Manager, Axiomatics Application development trends often collide with security best practices, leaving enterprises with a patchwork mix of authorization schemes that are difficult and expensive to operate, modify and certify for compliance. This session will explore the latest trends in authorization and describe standards-based mechanisms to protect APIs, web services, data resources and more. Included in the discussion will be the interaction between XACML, OAuth, REST and JSON.

CIS13: Externalized Authorization from the Developer’s Perspective

CloudIDSummit

Balu Rajagopal, Global Product Marketing, Pivotal While Apache Hadoop represents a core infrastructure driver in the Big Data movement, much it changing on application layer technology landscape in order to cross connect data from different repositories in different domains. A new class of Business Applications are emerging that inherently leverages three major fabrics - Big Data platforms, Cloud and Analytics all together. From a business user perspective, the traditional model of logging into every application to access the data to make decisions (primary purpose of apps) is no longer relevant. This means that new authentication, authorization and access control capabilities are needed that leverages the three fabrics mentioned earlier. Speaker Balu Rajagopal is in Global Product Marketing for Pivotal, a Big Data Analytics spinoff from EMC and VMWare that includes Greenplum. Balu came to VMWare via the earlier VMWare acquisition of Cetas.

CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge

CloudIDSummit

CIS14: Double Trouble—Managing Growth

CloudIDSummit

CIS14: Global Trends in BYOID

CloudIDSummit

Michael Smith, Product Manager, Box Single sign-on support is a prerequisite for any enterprise product, and while SSO has been solved for the web, adapting it to native apps on mobile devices is a tough problem. With the explosion of tablets and mobile devices in business, SSO is a must for any business app developer. In this session learn how Box has tackled SSO in its mobile applications and how it has helped hundreds of other applications build SSO to support some of the biggest enterprises in the world.

CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps

CloudIDSummit

CIS14: Authentication: Who are You? You are What You Eat

CloudIDSummit

CIS13: Bootcamp: PingOne as a Simple Identity Service

CloudIDSummit

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

CloudIDSummit

CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain

CloudIDSummit

CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2...

CloudIDSummit

Andere mochten auch (10)

CIS13: Externalized Authorization from the Developer’s Perspective

CIS13: Big Data Analytics Vendor Perspective: Insights from the Bleeding Edge

CIS14: Double Trouble—Managing Growth

CIS14: Global Trends in BYOID

CIS13: Gateway to the Enterprise: Supporting SSO in Mobile Apps

CIS14: Authentication: Who are You? You are What You Eat

CIS13: Bootcamp: PingOne as a Simple Identity Service

CIS14: Is the Cloud Ready for Enterprise Identity and Security Requirements?

CIS14: Mobile SSO using NAPPS: OpenID Connect Profile for Native Apps-jain

CIS14: Using IDaaS to Enable IAM for Multiple Web-based and Mobile B2B and B2...

Ähnlich wie CIS14: Knowing vs. Asking: Innovation in User Recognition

The Social Layer

Alan Lepofsky

Benefits Of The Social Layer

Blue Economy Agency

Organisaties en leiderschap in 21e eeuw en

Menno Lanting

J. Paul Reed, Director of Site Reliability Services/Principal Consultant, Salesforce Kevina Finn-Braun, Director of Site Reliability Services, Salesforce As organizations experiment with greater concurrency and integration between their departments and move toward a continuous delivery of customer-value, failure is assured. Asking “how can failure be avoided?” isn’t as useful or relevant as focusing on – “How does our organization react when failure occurs?” and – “How do we create a sustainable, actionable process for describing, exploring, and remedying failure?” This is the question that presented itself to Salesforce’s Service Reliability Engineering team. Their SREs had received training in incident response and management, but were still struggling with how to incorporate that feedback into the organization at large, to improve outcomes. Feedback loops weren’t always closed, leaving many opportunities for improvement lost. This is the story of my months-long journey with Kevina and her team to identify the specifics of what made reliability retrospectives difficult to have, why actionable takeaways were often lacking, and how the feedback loops within the company’s operations organization weren’t serving Salesforce’s needs. We then ran a series of experiments together, putting the SRE team on a road to improving their ability to respond, react, remediate, and reincorporate learnings from failure into the organization.

DOES15 - Finn-Braun and Reed - The Blameless Cloud: Bringing Actionable Retro...

Gene Kim

DevOps Enterprise Summit 2015 presentation with Kevina Finn-Braun, Director of SRE Management at Salesforce: this is the story of my months-long journey with Kevina and her team to identify the specifics of what made reliability retrospectives difficult to have, why actionable takeaways were often lacking, and how the feedback loops within the company’s operations organization weren’t serving Salesforce’s needs. We then ran a series of experiments together, putting the SRE team on a road to improving their ability to respond, react, remediate, and reincorporate learnings from failure into the organization.

The Blameless Cloud: Bringing Actionable Retrospectives to Salesforce

J. Paul Reed

The Blameless Cloud: Bringing Actionable Retros to Salesforce

Salesforce Engineering

Ähnlich wie CIS14: Knowing vs. Asking: Innovation in User Recognition (6)

The Social Layer

Benefits Of The Social Layer

Organisaties en leiderschap in 21e eeuw en

DOES15 - Finn-Braun and Reed - The Blameless Cloud: Bringing Actionable Retro...

The Blameless Cloud: Bringing Actionable Retrospectives to Salesforce

The Blameless Cloud: Bringing Actionable Retros to Salesforce

Mehr von CloudIDSummit

CIS 2016 Content Highlights

CloudIDSummit

The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com. Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

CloudIDSummit

Mobile security, identity & authentication reasons for optimism 20150607 v2

CloudIDSummit

In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism. With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments. How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CloudIDSummit

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CloudIDSummit

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them? In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CloudIDSummit

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CloudIDSummit

You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CloudIDSummit

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CloudIDSummit

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CloudIDSummit

The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

Companies and researchers are exploring ways to make software and hardware development easier for the masses. Soon you will be able to build your own autonomous drone, create a sensor that assess the watering needs of your plants, and develop a cat tracking device with minimal coding and hardware skills. What is the place of security and privacy in this exciting development? Are we building the next generation of Internet security vulnerabilities right now? In his talk Hannes Tschofenig will highlight challenges with Internet of Things, what role standardization plays, and what contributions ARM, a provider of microprocessor IP, is making to improve IoT security.

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CloudIDSummit

The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.

CIS 2015 The IDaaS Dating Game - Sean Deuby

CloudIDSummit

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CloudIDSummit

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CloudIDSummit

Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CloudIDSummit

Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit

Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?

CIS 2015 Identity Relationship Management in the Internet of Things

CloudIDSummit

Mehr von CloudIDSummit (20)

CIS 2016 Content Highlights

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

Mobile security, identity & authentication reasons for optimism 20150607 v2

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CIS 2015 The IDaaS Dating Game - Sean Deuby

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CIS 2015 Identity Relationship Management in the Internet of Things

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Victor Rentea

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

ICT role in 21st century education and its challenges

rafiqahmad00786416

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

Keynote 2: APIs in 2030: The Risk of Technological Sleepwalk Paolo Malinverno, Growth Advisor - The Business of Technology Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

apidays

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Kürzlich hochgeladen (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Strategies for Landing an Oracle DBA Job as a Fresher

Artificial Intelligence Chap.5 : Uncertainty

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

How to Troubleshoot Apps for the Modern Connected Worker

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Axa Assurance Maroc - Insurer Innovation Award 2024

ICT role in 21st century education and its challenges

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Corporate and higher education May webinar.pptx

presentation ICT roal in 21st century education

Cyberprint. Dark Pink Apt Group [EN].pdf

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

CIS14: Knowing vs. Asking: Innovation in User Recognition

2. KNOWING VS ASKING INNOVATION IN USER RECOGNITION Pamela Dingle @pamelarosiedee Office of the CTO, Ping Identity

3. day one

5. day two

7. day five-hundred eighty five

9. State of the Industry

10.

11. Compartmentalization

12. https://www.flickr.com/photos/bensonkua/ 2754312951

13. TheUSArmyhttps://flic.kr/p/bExfoR

14. LeoReynoldshttps://flic.kr/p/nfxqQG

15. Ginnyhttps://flic.kr/p/5V9Viy

16. https://www.flickr.com/photos/bensonkua/ 2754312951/in/photostream/

17.

18. TheUSArmyhttps://flic.kr/p/bExfoR

19. IDP Today: Stranger Flow RP

20. We need one more representation

21.

22. Our Lexicon must grow to Encompass Hints •  What is a hint? – Statement based on probability but lacking authority – Multiple evolutions evolving into the concept of a Hint •  Passive Factors / Real-time analytics •  Cached previous data •  Account Chooser

23.

24. Security Posture should never be OSFA again •  It isn’t 1995 anymore •  The device to user ratio has inverted •  In the 1st world at least, 5-year olds have iPads •  You can’t abandon the 1995 flow but you can choose who to offer it to

25. IDP Tomorrow: Friendly Flow RP

26.

27. That must be dangerous! Because, Security

28. XaviTalledahttps://flic.kr/p/997LWwv

29. Session bound with Context allows us to help “friendlies” But what tooling allows contextual collaboration across domains?

30. Two Flow Elements •  Continuation Flow – Is there some context that can forecast an identifier and/or idp? •  Bootstrap flow – No continuation exists – Is there a way to introduce the user & idp to the flow?

31. Hint Spectrum Login Hint Refresh Token Previously Issued IDToken Shared Signal Expired Token & context assertion embedded in signed AuthnRequest

32. Login Hint •  Exactly the information the user would have to type themselves anyway – User Identifier – IDP •  Equivalent to “Remember me” (but crossing domains)

33. How can an RP derive a Login Hint? •  Continuation Flow –  Check the expired session cookie –  Dig up the previous id_token •  Bootstrapping Flow –  Ask for it (NASCAR, OpenID) (ie – stranger flow) –  Query a common authority •  CDC,Account Chooser Dave Carter h*ps://www.ﬂickr.com/photos/david_s_carter/3041065755

34. Bootstrapping == Discovery?

35. Choosers FTW •  d

36.

37. Bootstrapping HTTP/1.1 302 Found! Location: https://server.example.com/authorize! ! ?response_type=code! &scope=openid%20profile%20email! &client_id=s6BhdRkqt3! &state=af0ifjsldkj! &redirect_uri=https%3A%2F%2Fclnt.example.org%2Fcb! &login_hint=patty%40integralcurve.com!

38. Continuation {! "iss": "s6BhdRkqt3",! "aud": "https://server.example.com",! "response_type": "code id_token",! "client_id": "s6BhdRkqt3",! "redirect_uri": "https://client.example.org/cb",! "scope": "openid",! "state": "af0ifjsldkj",! "nonce": "n-0S6_WzA2Mj",! "max_age": 86400,! "id_token_hint": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFlOWdkazcifQ.ewogImlzc! K5hoDalrcvRYLSrQAZZKflyuVCyixEoV9GfNQC3_osjzw2PAithfubEEBLuVV k4XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg"! }!

39. An attacker who emulates the login hint only gets this far

40.

41. https://www.flickr.com/photos/bensonkua/ 2754312951/in/photostream/

42. Thanks! @pamelarosiedee http://pingidentity.com http://eternallyoptimistic.com

CIS14: Knowing vs. Asking: Innovation in User Recognition

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (10)

Ähnlich wie CIS14: Knowing vs. Asking: Innovation in User Recognition

Ähnlich wie CIS14: Knowing vs. Asking: Innovation in User Recognition (6)

Mehr von CloudIDSummit

Mehr von CloudIDSummit (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

CIS14: Knowing vs. Asking: Innovation in User Recognition