Gateway and secure micro services

•

3 gefällt mir•808 views

- Jordan Valdma from TransferWise gave a talk about gateways, services, and APIs at TransferWise. - The talk covered the history of microservices, designing RESTful APIs, and security considerations for microservices including OAuth 2.0 flows, JSON Web Tokens, and combining JWT with OAuth tokens. - Tips were provided for designing RESTful APIs, gateways, services, and security including focusing on interfaces, getting early feedback, and decoupling from data sources.

Software

Gateway and Services
Jordan Valdma, TransferWise Partnerships Tech

Hi, I’m Jordan
TransferWise Global Partnerships Engineering
Estonian
(too few words)
MSc Data Sciences and Machine Learning
Like to organize events, hackathons, ..

This talk
● Intro TransferWise MSs
● RESTful API design
● MicroService Security

Dark Ages - Separation
of Monolith
Separate In-house and pub web
applications. Modular thinking.
First Micro Services
Beginning of life ..
Age of Enlightenment -
DevOps
People wake “Hey, I have a right
to release!”
Good night sleep
Don’t have to worry
about people hacking
Baby Boom of Services
“It’s so easy to make a...Service!”
Modern ages
State of the art tech,
separate codebases
Brief history of What We Have Done

TransferWise RESTFful API
1. Starting point: internal API
a. People were not satisfied with
b. Out of standard (rpc, errorhandling,..) couldn’t give it out
2. Formin focus group (strong stakeholders)
3. Designing resourse model:
a. Base layer is flexible
b. Orcestration layers on top
4. Design Interfaces-Collaborate-REPEAT
5. Implementation and tweaking

Tips
For Designing RESTful API
● “Interfaces over meetings”
● Get the teams talking!!
● Get alpha partners to give
fedbax on interfaces
● Implement against it
● SWAGGER or similar
● Start thinking about dev
support early.

Gateway
● Single entry point
● Protocol translation
● Transformations
● (Auth)

oAuth 2 flows
● Code
● Implicit
● Username and Password
● Client credentials

MicroService auth -
starting point
ie. TransferService
curl /transfers/?createdByUserId={userId}
Gateway
curl /transfers -h "Authorization: Bearer $TOKEN"
TransferService
Is token OK?
Who is the user?

MicroService auth -
JWT
ie. TransferService
curl /transfers/ -h "Authorization: Bearer $JWT_TOKEN"
Gateway
curl /transfers -h "Authorization: Bearer $TOKEN"
TransferService
Is token OK?
Who is the user?
Decode & Validate JWT
JWT Secret
JWT Secret

Problems with
JWT
● Can not be revoked
● Intercepting
● Secret may get compromised

MicroService auth -
JWT + oAuth Token
ie. TransferService
curl /transfers/ -h "Authorization: Bearer $JWT_TOKEN"
Gateway
curl /transfers -h "Authorization: Bearer $TOKEN"
TransferService
AuthorizationServer Is token OK?
Who is the user?
curl /check_token?token=”$JWT_TOKEN”
Decode JWT& Validate oAuthToken

Tips
● Anonymous JWTs
● Pain with Authentication types
● Code grant for legacy token
swapFor Micro Service security

Tips
● Domain driven design
● Move on from testing
infrastructure into staging asap
● Proxy swagger upstream
● Decouple from datasource
early!
● Keep your gateway lean
● Plan ahead for multi-node
setup
For Gateways and Services

Contact
Jordan Valdma
jordan@transferwise.com
Twitter: @JordanValdma

Weitere ähnliche Inhalte

Was ist angesagt?

API Security Best Practices & Guidelines

Prabath Siriwardena

Write smart contract with solidity on Ethereum

Murughan Palaniachari

Как да контролираме достъпа до web API и други защитени ресурси посредством OAuth 2.0, и как да идентифицираме потребители с OpenID Connect. Лекцията е предназначена за уеб архитекти и програмисти, както и за всички разработчици, които искат да научат повече за новите уеб протоколи за авторизация и автентикация.

Protecting web APIs with OAuth 2.0

Vladimir Dzhuvinov

OpenID Connect 1.0 Explained

Eugene Siow

OAuth and OpenID Connect for Microservices

Twobo Technologies

Understanding OpenID

Prabath Siriwardena

Full stack security

DPC Consulting Ltd

The Blockchain, Bitcoin and other Cryptocurrencies

Apondi Kevin Omondi

This talk is about how to secure your frontend+backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your frontend application is running on a browser and not securely from the server, there are few things you need to consider. In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication using frameworks like Angular JS on the frontend and Spring Security on the backend. Video available at https://skillsmatter.com/skillscasts/6058-stateless-authentication-for-microservices

Stateless authentication for microservices

Alvaro Sanchez-Mariscal

Implementation of ssl injava

tanujagrawal

SSL Communication and Mutual Authentication

Cleo

It can be argued that the future of cloud computing is going to be serverless (and containerless) and cloud providers will be responsible for providing the runtime environment and all the building blocks needed for creating large scale, distributed systems. Rafal Gancarz presents how such a future could look like based on currently available AWS stack (Lambda, API Gateway, DynamoDB, S3, Kinesis, CloudWatch and more). Gatling is a scalable performance testing framework providing a rich and flexible DSL written in Scala. If you need to perf/load test a REST API or a web app you can use Gatling to generate a substantial amount of load and define your testing scenarios with ease. Rafal will provide an overview of the DSL and show how easy and productive using Gatling is, including a live demo. About Rafal Gancarz Rafal GanCarz is a Lead Consultant for OpenCredo having joined the company in 2014. Rafal is responsible for leading engagements for OpenCredo with its clients. He is a technologist with experience in high quality distributed systems, improving project delivery and building high performance Agile teams.

Microservices Manchester: Serverless Architectures By Rafal Gancarz

OpenCredo

JWT SSO Inbound Authenticator

MifrazMurthaja

OAuth 2.0 and OpenId Connect

Saran Doraiswamy

In this talk, Nicki Watt will initially look to introduce and highlight some of the typical security challenges which engineers may encounter, and need to be aware of, when trying to develop and deploy a microservices-based architecture. The 2nd half of the talk tries to get a bit more practical, and through some examples, looks to demonstrate how a tool like Vault from HashiCorp can be used as part of your overall security toolkit to address some of these challenges. This talk will not be delving into the depths of cryptography and algorithms, rather it is aimed at highlighting some typical problem areas, and giving practical insight into some of the options which can be used to address them. About Nicki Watt Nicki Watt is a Lead Consultant for OpenCredo having joined the company in 2011. Nicki is responsible for both hands on and overall leadership of engagements for OpenCredo. She has experience leading both development and architectural teams across a wide range of industries including enterprise organisations and start ups.

Microservices Manchester: Security, Microservces and Vault by Nicki Watt

OpenCredo

OpenID Connect - An Emperor or Just New Cloths?

Oliver Pfaff

An Introduction to OpenID

Max Manders

Save 10% off ANY FITC event with discount code 'slideshare' See our upcoming events at www.fitc.ca Yuri will discuss the challenges of authentication and authorization in the MEAN stack. Topics include architecture, best practices for determining client and server responsibilities, and the importance of sharing authorization context with the client logic in order to build an effective user experience. Angular and Node code samples will be used to illustrate. Presented live at FITC's Spotlight: MEAN Stack event held on March 28th, 2014 More info at FITC.ca

Authentication and Authorization Architecture in the MEAN Stack

FITC

Multi-Signature Crypto-Wallets: Nakov at Blockchain Berlin 2018 Speaker: Dr. Svetlin Nakov (co-founder of SoftUni) Multisig Wallets. Sign / Execute Transactions. Implementation in Bitcoin and Ethereum Single-User-Managed Wallets: Problems Multi-Signature Wallets: Concepts Multi-Signature Wallets in Bitcoin Multi-Signature Wallets in Ethereum The Gnosis Multisig Wallet: Demo Slides, demos and videos: https://nakov.com/blog/2018/09/26/speaker-at-the-blockchain-technology-conference-2018-berlin/

Multi-Signature Crypto-Wallets: Nakov at Blockchain Berlin 2018

Svetlin Nakov

Mit 2014 introduction to open id connect and o-auth 2

Justin Richer

Was ist angesagt? (20)

API Security Best Practices & Guidelines

Write smart contract with solidity on Ethereum

Protecting web APIs with OAuth 2.0

OpenID Connect 1.0 Explained

OAuth and OpenID Connect for Microservices

Understanding OpenID

Full stack security

The Blockchain, Bitcoin and other Cryptocurrencies

Stateless authentication for microservices

Implementation of ssl injava

SSL Communication and Mutual Authentication

Microservices Manchester: Serverless Architectures By Rafal Gancarz

JWT SSO Inbound Authenticator

OAuth 2.0 and OpenId Connect

Microservices Manchester: Security, Microservces and Vault by Nicki Watt

OpenID Connect - An Emperor or Just New Cloths?

An Introduction to OpenID

Authentication and Authorization Architecture in the MEAN Stack

Multi-Signature Crypto-Wallets: Nakov at Blockchain Berlin 2018

Mit 2014 introduction to open id connect and o-auth 2

Andere mochten auch

This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider. In this session Alvaro will explore standards like OAuth and JWT to achieve a stateless, token-based authentication and authorisation. He will explore the existing impl More specifically, the demonstration will be made using Spring Security REST, a popular Grails plugin written by Álvaro. Authentication is normally a stateful service. Most of the implementations rely on the HTTP session, thus introducing state as the session is an in-memory data structure in the application server. In the microservices era, most of the companies are developing such called RESTful services, where one of the principles is to create stateless systems. In such scenario, authentication should be stateless too. There is a standard specification to secure web application and API's, that is being adopted massively by the industry: OAuth 2. The specification doesn't explicitly cover how to make a stateless implementation. And most of the existing ones depend on some sort of external storage (such as a DB) to store the tokens generated for a later validation. Fortunately, there is another specification by the IETF called JSON Web Token, that can be combined with OAuth 2 to achieve a stateless authentication system. In the session, Alvaro will explain the core concepts of OAuth 2, as well as JWT and how can them be used together to achieve the last 2 letters of REST: State Transfer.

Stateless authentication with OAuth 2 and JWT - JavaZone 2015

Alvaro Sanchez-Mariscal

Case Study of Django: Web Frameworks that are Secure by Default

Mohammed ALDOUB

JWT Authentication with AngularJS

robertjd

Stateless authentication for microservices - GR8Conf 2015

Alvaro Sanchez-Mariscal

The Role of Enterprise Integration in Digital Transformation

Kasun Indrasiri

Single-Page-Application & REST security

Igor Bossenko

REST API 설계

Terry Cho

RESTful API 제대로 만들기

Juwon Kim

Andere mochten auch (8)

Stateless authentication with OAuth 2 and JWT - JavaZone 2015

Case Study of Django: Web Frameworks that are Secure by Default

JWT Authentication with AngularJS

Stateless authentication for microservices - GR8Conf 2015

The Role of Enterprise Integration in Digital Transformation

Single-Page-Application & REST security

REST API 설계

RESTful API 제대로 만들기

Ähnlich wie Gateway and secure micro services

Banking on a Blockchain

Altoros

With new tools like Angular.js and Node.js, it is easier than ever to build User Interfaces and Single-Page Applications (SPAs) backed by APIs. But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky. In this presentation, Robert Damphousse, lead front-end developer at Stormpath, covers web browser security issues, technical best practices and how you can mitigate potential risks. Enjoy! Topics Covered: 1. Security Concerns for Modern Web Apps 2. Cookies, The Right Way 3. Session ID Problems 4. Token Authentication to the rescue! 5. Angular Examples

Building Secure User Interfaces With JWTs (JSON Web Tokens)

Stormpath

This talk covers the past, present, and future of Microservices at Squarespace. We begin with our journey to microservices, and describe the platform that made this possible. We introduce our idea of the “Pillars of Microservices”, everything a developer needs to have a successful production service. For each pillar we describe why we think it is important and discuss the implementation and how we utilize it in our environment. Next, we look to the future evolution of our microservices environment including how we are using containerization and Kubernetes to overcome some of the problems we’ve faced with more static infrastructure.

2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...

Ambassador Labs

The story of how we broke our Node.js monolith into 15+ services in just a couple of weeks. The talk will focus on what we have learnt during the journey and what technologies we use. This is the tale of how we did this rather than what microservices are in general. Agenda: 1. monolith and microservices in nutshell 2. advantages of microservices from our view - well focused service teams, happy customers - fault tolerance - distributed responsibility - improving quality 3. disadvantages of microservices-based our experience -growing complexity -errors in transactions -response time issue 4. how we did it -service team principles -co-operation between teams -company architecture changes -breaking down via proxy -request signing -circuit breaker -event sourcing

Breaking Down the Monolith - Peter Marton, RisingStack

NodejsFoundation

In this presentation, Java Developer Evangelist Micah Silverman demystifies HTTP Authentication and explains how the Next Big Thing - Token Authentication - can be used to secure web applications on the JVM, REST APIs, and 'unsafe' clients while supporting security best practices and even improving your application's performance and scale. Topics Covered: Security Concerns for Modern Web Apps Cross-Site Scripting Prevention Working with 'Untrusted Clients' Securing API endpoints Cookies Man in the Middle (MitM) Attacks Cross-Site Request Forgery Session ID Problems Token Authentication JWTs Working with the JJWT library End-to-end example with Spring Boot

Securing Web Applications with Token Authentication

Stormpath

Designing Quality-Driven Blockchain Networks

CREST @ University of Adelaide

SECURITY IN THE ERA OF MODERN APPLICATIONS AND SERVICES Security is hard. Old days are over and it requires way more then providing login form, comparing password hash and maintaining HTTP session. With the raise of mobile and client side apps, (micro) services and APIs it has become a fairly complex topic. At the same time with security breaches hitting the news on the monthly basis it is everyone's concern. Being an area every developer or architect needs to understand very well. Thankfully a number of modern standards and solutions emerged to help with current challenges. During this talk you will learn how to approach typical security needs using modern token based security and standards like OAuth2, OpenID Connect or SAML. We’ll discuss wide variety of security related topics around multi factor authentication or identity federation and brokering . You will also learn how you can leverage modern open source identity and access management solutions in your applications.

JDD2015: Security in the era of modern applications and services - Bolesław D...

PROIDEA

New Business Models enabled by Blockchain

Slash

Security is hard. Old days are over and it requires way more then providing login form, comparing password hash and maintaining HTTP session. With the raise of mobile and client side apps, (micro) services and APIs it has become a fairly complex topic. At the same time with security breaches hitting the news on the monthly basis it is everyone's concern. Being an area every developer or architect needs to understand very well. Thankfully a number of modern standards and solutions emerged to help with current challenges. During this talk you will learn how to approach typical security needs using modern token based security and standards like OAuth2, OpenID Connect or SAML. We’ll discuss wide variety of security related topics around multi factor authentication or identity federation and brokering . You will also learn how you can leverage modern open source identity and access management solutions in your applications.

[4developers2016] - Security in the era of modern applications and services (...

PROIDEA

Blockchain technology for the grid

malikmayank

Micro service architecture

uEngine Solutions

Company presentation

Olena Petrashchuk

Progress of JavaScript Architecture

Tonya Mork

How to Create Blockchain Products by Slice.Market CTO

Product School

e’ll explore what a service mesh is and what it can do for your microservices. Are the claims of observability, resiliency, and WAF features real? Are they useful during development, production, or both? Using pictures and demos, we’ll find out! This session will also briefly cover how a service mesh works, giving us a mental model with which to explore and evaluate after the talk. Matt will show a simple installation and demo, giving us all the knowledge to go home and try for ourself.

What is a Service Mesh and what can it do for your Microservices

Matt Turner

A session in the DevNet Zone at Cisco Live, Berlin. Blockchain - the technology best known as the bitcoin enabler – has the potential to create a new wave of disruption and innovation in how applications are built, deployed and run, in a much more de-centralised cloud world. This session provides an introductory overview and demonstration of blockchain in action and how that technology is being used to create decentralised apps (DApps) that move beyond financial use cases toward healthcare, government, IoT.

Introduction to Blockchain and Decentralized Apps

Cisco DevNet

Okay, Microservices are cool. But, as all the new trendy buzzword, it’s not a silver bullet, and there are several problems to manage. One is the authentication, distributed authentication is hard, and there is many ways to achieve it. Configuration is the second issue to be managed when dealing with distributed micro application strategy. This talk is a concrete return of experience to build a strategy on microservice and problems we will have to deal on this occasion.

Problems you’ll face in the Microservices World: Configuration, Authenticatio...

Quentin Adam

You have successfully developed and deployed your microservices architecture, but you find that managing communication between your services and containers is becoming more complex and clumsy as you scale. This talk will begin with a definition of "service mesh" and what potential roles it can play in your microservices architecture. We'll explore the pros and cons of the following popular service mesh implementations: Istio, Linkerd, Conduit. I'll touch on the differences in the ease of implementation, integration with existing monitoring solutions, traffic flow, and service-to-service authentication. After this talk, you will be able to make an informed decision on the best service mesh architecture to implement in your environment.

Bringing it all together - Denver JUG

MelissaMcKay15

How to Create Blockchain Products by Fr8 Network Lead Engineer

Product School

Interledger Overview // Berlin Node.js Meetup

Interledger

Ähnlich wie Gateway and secure micro services (20)

Banking on a Blockchain

Building Secure User Interfaces With JWTs (JSON Web Tokens)

2017 Microservices Practitioner Virtual Summit: Microservices at Squarespace ...

Breaking Down the Monolith - Peter Marton, RisingStack

Securing Web Applications with Token Authentication

Designing Quality-Driven Blockchain Networks

JDD2015: Security in the era of modern applications and services - Bolesław D...

New Business Models enabled by Blockchain

[4developers2016] - Security in the era of modern applications and services (...

Blockchain technology for the grid

Micro service architecture

Company presentation

Progress of JavaScript Architecture

How to Create Blockchain Products by Slice.Market CTO

What is a Service Mesh and what can it do for your Microservices

Introduction to Blockchain and Decentralized Apps

Problems you’ll face in the Microservices World: Configuration, Authenticatio...

Bringing it all together - Denver JUG

How to Create Blockchain Products by Fr8 Network Lead Engineer

Interledger Overview // Berlin Node.js Meetup

Kürzlich hochgeladen

WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity

WSO2

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of Winnipeg back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal. Attraction Spells

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...

masabamasaba

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

masabamasaba

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

masabamasaba

WSO2CON2024 - It's time to go Platformless

WSO2

Announcing Codolex 2.0 from GDK Software

Jim McKeeth

%in Midrand+277-882-255-28 abortion pills for sale in midrand

masabamasaba

In the past six months, the AI landscape has undergone a massive transformation, ushering in a new era of productivity with the latest in Large Language Models (LLMs) and AI technology. This deep dive unlocks how to: Create CustomGPT Models: No coding needed to tailor AI for your unique projects. Integrate your own data, including PDFs and Excel sheets, making information handling a breeze. Plus, discover how to call your own actions/integrations for even more personalized utility. Navigate Advanced Prompting: Overcome AI's memory limits and utilize Retrieval-Augmented Generation for accessing your personalized data, streamlining how you interact with AI. Stay Ahead with AI Trends: Peek into the evolving world of LLMs, featuring newcomers like Google Gemini, Anthropic Claude, Open Sora, and Twitter Grok, and understand what their advancements mean for your productivity. Witness Real-Life Transformations: Through examples and prompt demonstrations, see firsthand how these AI strategies revolutionize routine tasks, from data analysis to content creation. Learn to leverage image output and input for advanced practical use cases, adding a new dimension to your productivity toolkit. No previous coding or AI experience is needed for this talk. Stay ahead in the fast-evolving world of work. Embrace the AI revolution and transform your workflow with advanced LLM techniques. Join us to ensure you're not left behind in the productivity race.

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

VictorSzoltysek

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

masabamasaba

ADR, or Architecture Decision Record, is a valuable tool in software development for several reasons. It provides a centralized location for documenting and tracking architectural decisions, aiding both current and future team members. ADRs enhance communication among team members by documenting the rationale behind architectural decisions, especially beneficial during onboarding of new team members or when revisiting decisions. They serve as a knowledge base, enabling teams to learn from past decisions and refine their decision-making process. Additionally, ADRs contribute to transparency by helping stakeholders understand the reasons behind specific architectural choices. As with any other tool or process, introducing them into an organization can face several obstacles, and overcoming these challenges is crucial for successful implementation. In this talk I go through some common problems and our way of solving them.

Architecture decision records - How not to get lost in the past

Papp Krisztián

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

WSO2

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

masabamasaba

Software Quality Assurance Interview Questions

Arshad QA

%in Soweto+277-882-255-28 abortion pills for sale in soweto

masabamasaba

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

masabamasaba

We specialize in Psychic Readings, Psychic Love Spells, Binding Love Spells, Obsession Spells, Voodoo Spells, Lottery Spells, Marriage Spells, Black Magic Spells, Palm Readings & much more. Are you depressed? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? We perform this come-to-me love spell that works instantly with the aim of bringing back the victim to the person performing the magic. Have you lost your lover? Do u need to solve any relationship problem? Contact the powerful spells caster chief kule with love spells that work overnight and love spells that really work. Have you found yourself infatuated with a special someone you think could be the one? Are you looking for a spell to provide them with a nudge in the right direction? Or maybe the spell you cast didn’t achieve the results you were hoping for? Whether you’re new or versed in the ways of spell casting, we’re here to help. Today we’re going to provide you with a detailed guide on the types of love spells to cast. Not only that but there’s something for those who wish to find outside advice from more advanced spell casters. We’re also going to provide you with the top sites available to help you with your dilemma. Let’s begin our journey by educating ourselves on love magic and what a real love caster looks like. Love Magic and Love Casters Love magic made its first appearance back in Ancient Egypt and has been an active practice since. This type of magic is a branch of traditional magic and can be practiced in various ways. Typically the more common use of love magic is through the work of spells, but other methods look like Charms Rituals-LOVE Potions-Dolls and even Amulets If you are interested in becoming a love caster, be prepared for what’s to come. A genuine love caster knows that the art of love casting is no easy feat and shouldn’t be done casually. You should know that not only does it require you to be gifted spiritually, but you must be ready to serve others. Someone who is considered a real love caster has experience in all manner of spells, no matter the difficulty. Training yourself in attraction, commitment, and marriage spells is an excellent place to start. But this by no means will make you a professional. Practice your craft and expand your knowledge; understand that you will possess the ability to help others in time truly. Types of Love Spells What better way to start broadening your experiences with love spells than by learning more about them? These spells work like just about any other spell. Simply apply your intention, use a medium (sigils, mantras, candles, or charm bags), and top it off with establishing the belief that you will receive what you want. So what kind of spells are available and which ones suit your needs the best? Let’s take a look at the many options you have at your disposal.

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

masabamasaba

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

In today's dynamic e-commerce landscape, the payment gateway emerges as a linchpin, ensuring smooth and secure transactions between buyers and sellers. In this discourse, we delve into the meticulous process of devising test cases tailored for scrutinizing payment gateways. Crafting precise test cases for payment gateways is a quintessential responsibility for testers operating within the service industry. This article meticulously explores pivotal scenarios integral to how to test payment gateways, coupled with essential guidelines for drafting effective test cases.

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

kalichargn70th171

This presentation covers the following topics: What is logging? The purpose of logging: Debugging The purpose of logging: Security The purpose of logging: Stats & analytics Traditional logging Traditional logging: Advantages Traditional logging: Disadvantages The solution: Large-scale logging Large-scale logging: Core principles Large-scale logging: Solution types Large-scale logging: Cloud vs on-prem Large-scale logging: Operational complexity Large-scale logging: Security Large-scale logging: Costs Large-scale logging: On-prem comparison - Elasticsearch - Grafana Loki - VictoriaLogs On-prem comparison: Setup and operation On-prem comparison: Costs On-prem comparison: Full-text search support On-prem comparison: How to efficiently query 100TB of logs? On-prem comparison: Integration with CLI tools VictoriaLogs for large-scale logging VictoriaLogs demo instance - Ingestion rate: 3600 messages / minute - The number of log messages: 1.1 billion - Uncompressed log messages’ size: 1.5TB - Compressed log messages’ size: 23GB - Compression ratio: 47x - Memory usage: 150MB VictoriaLogs CLI integration demo - Which errors have occurred in all the apps during the last hour? - How many errors have occurred during the last hour? - Which apps generated the most of errors during the last hour? - The number of per-minute errors for the last 10 minutes - Status codes for the last hour - Non-200 status codes for the last week - Top client IPs for the last 4 weeks with 404 and 500 response status codes - Per-month stats for the given IP across all the logs Large-scale logging solution MUST provide excellent CLI integration VictoriaLogs: (temporary) drawbacks VictoriaLogs: Recap - Easy to setup and operate - The lowest RAM usage and disk space usage (up to 30x less than Elasticsearch and Grafana Loki) - Fast full-text search - Excellent integration with traditional command-line tools for log analysis - Accepts logs from popular log shippers (Filebeat, Fluentbit, Logstash, Vector, Promtail, Grafana Agent) - Open source and free to use!

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

VictoriaMetrics

Kürzlich hochgeladen (20)

WSO2Con2024 - Enabling Transactional System's Exponential Growth With Simplicity

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...

Define the academic and professional writing..pdf

%in tembisa+277-882-255-28 abortion pills for sale in tembisa

%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein

WSO2CON2024 - It's time to go Platformless

Announcing Codolex 2.0 from GDK Software

%in Midrand+277-882-255-28 abortion pills for sale in midrand

AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques

%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein

Architecture decision records - How not to get lost in the past

WSO2Con2024 - From Code To Cloud: Fast Track Your Cloud Native Journey with C...

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

Software Quality Assurance Interview Questions

%in Soweto+277-882-255-28 abortion pills for sale in soweto

%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...

Microsoft AI Transformation Partner Playbook.pdf

Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf

Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024

Gateway and secure micro services

1. Gateway and Services Jordan Valdma, TransferWise Partnerships Tech

2. Hi, I’m Jordan TransferWise Global Partnerships Engineering Estonian (too few words) MSc Data Sciences and Machine Learning Like to organize events, hackathons, ..

3. This talk ● Intro TransferWise MSs ● RESTful API design ● MicroService Security

4. Dark Ages - Separation of Monolith Separate In-house and pub web applications. Modular thinking. First Micro Services Beginning of life .. Age of Enlightenment - DevOps People wake “Hey, I have a right to release!” Good night sleep Don’t have to worry about people hacking Baby Boom of Services “It’s so easy to make a...Service!” Modern ages State of the art tech, separate codebases Brief history of What We Have Done

5. Designing RESTful API

6. TransferWise RESTFful API 1. Starting point: internal API a. People were not satisfied with b. Out of standard (rpc, errorhandling,..) couldn’t give it out 2. Formin focus group (strong stakeholders) 3. Designing resourse model: a. Base layer is flexible b. Orcestration layers on top 4. Design Interfaces-Collaborate-REPEAT 5. Implementation and tweaking

7. Tips For Designing RESTful API ● “Interfaces over meetings” ● Get the teams talking!! ● Get alpha partners to give fedbax on interfaces ● Implement against it ● SWAGGER or similar ● Start thinking about dev support early.

8. Service Security

9. Gateway ● Single entry point ● Protocol translation ● Transformations ● (Auth)

10. oAuth 2 flows ● Code ● Implicit ● Username and Password ● Client credentials

11. MicroService auth - starting point ie. TransferService curl /transfers/?createdByUserId={userId} Gateway curl /transfers -h "Authorization: Bearer $TOKEN" TransferService Is token OK? Who is the user?

12. Json Web Token jwt.io

13. MicroService auth - JWT ie. TransferService curl /transfers/ -h "Authorization: Bearer $JWT_TOKEN" Gateway curl /transfers -h "Authorization: Bearer $TOKEN" TransferService Is token OK? Who is the user? Decode & Validate JWT JWT Secret JWT Secret

14. Problems with JWT ● Can not be revoked ● Intercepting ● Secret may get compromised

15. Json Web Token + oAuth Token jwt.io

16. MicroService auth - JWT + oAuth Token ie. TransferService curl /transfers/ -h "Authorization: Bearer $JWT_TOKEN" Gateway curl /transfers -h "Authorization: Bearer $TOKEN" TransferService AuthorizationServer Is token OK? Who is the user? curl /check_token?token=”$JWT_TOKEN” Decode JWT& Validate oAuthToken

17. Tips ● Anonymous JWTs ● Pain with Authentication types ● Code grant for legacy token swapFor Micro Service security

18. Tips ● Domain driven design ● Move on from testing infrastructure into staging asap ● Proxy swagger upstream ● Decouple from datasource early! ● Keep your gateway lean ● Plan ahead for multi-node setup For Gateways and Services

19. Contact Jordan Valdma jordan@transferwise.com Twitter: @JordanValdma

Gateway and secure micro services

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (8)

Ähnlich wie Gateway and secure micro services

Ähnlich wie Gateway and secure micro services (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Gateway and secure micro services