What secure standards are there when working with a new API? And why should you care?
Presented by Travis Spencer from Twobo Technologies at Nordic APIs in Trondheim, June 11 - 2013
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.
Secure your APIs using OAuth 2 and OpenID ConnectNordic APIs
Session held by Travis Spencer at PayEx and Nordic APIs event "Secure, flexible and modern APIs for Payments" event in Oslo, May 10th.
Description:
When opening up secure APIs, OAuth 2 and OpenID Connect are the primary standards being used today. Implementing and using these standards can be challenging. In this session, Travis Spencer, CEO of Twobo Technologies, will provide an in-depth overview of these standards and explain how they can be integrated into financial services apps. The overview will include information on:
The actors involved in OAuth and OpenID Connect
The flows used in the standards
What grant types are, which are defined, and the message exchanges of each
What scopes are and examples of their use
Different classes of tokens and how they are used
Overview of the OpenID Foundation’s work in the Financial API WG
Attendees will leave with:
An overview of OAuth 2 and OpenID Connect
Knowledge of the basics necessary to using these standards
Resources and information sources where more information can be found
Authorization The Missing Piece of the PuzzleNordic APIs
XACML (eXtensible Access Control Markup Language) is an OASIS standard for defining and interpreting access control policies across multiple security domains. It provides a policy language and request/response protocol for making authorization decisions based on attributes. XACML policies can be defined in terms of attributes for subjects, resources, actions, and the environment, allowing for fine-grained and context-aware access control (ABAC). The XACML architecture separates policy enforcement from decision making and includes policy administration, information, and retrieval points.
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
This document discusses identity management for APIs, web, and mobile applications. It begins with an overview of trends in cloud computing and APIs. It then discusses how traditional network security is inadequate for these new architectures and that identity has become the new perimeter. The document outlines recommendations for an API identity strategy, including implementing OAuth 2.0 for authorization instead of passwords and leveraging an identity provider to apply enterprise security policies to cloud applications and APIs. It recommends architects design for interoperability across multiple devices, users, locations, and protocols.
This document discusses potential applications and extensions of OpenID Connect and the OAuth 2.0 protocol. It speculates about how OpenID Connect could be used for native single sign-on, mobile information management to encrypt sensitive data on devices, and providing identity capabilities for internet of things devices to authenticate to APIs on behalf of users. The document also outlines proposals for standardizing an authorization agent concept to enable single sign-on across native apps and considers how OpenID Connect could define profiles for new domains like CoAP to support internet-connected devices.
Interoperability in a B2B Word (NordicAPIS April 2014)Nordic APIs
The document discusses how B2B integration is evolving from traditional methods like EDI and FTP to use of APIs and web services. It notes that B2B objectives of securely transacting with partners hasn't changed, but the technologies used are modernizing from SOA, SOAP, and REST to focus on APIs. It emphasizes that B2B strategy should include an API strategy and consider both developers and humans. Whiteboarding APIs and dealing with integration challenges are also discussed.
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden.
Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.
Secure your APIs using OAuth 2 and OpenID ConnectNordic APIs
Session held by Travis Spencer at PayEx and Nordic APIs event "Secure, flexible and modern APIs for Payments" event in Oslo, May 10th.
Description:
When opening up secure APIs, OAuth 2 and OpenID Connect are the primary standards being used today. Implementing and using these standards can be challenging. In this session, Travis Spencer, CEO of Twobo Technologies, will provide an in-depth overview of these standards and explain how they can be integrated into financial services apps. The overview will include information on:
The actors involved in OAuth and OpenID Connect
The flows used in the standards
What grant types are, which are defined, and the message exchanges of each
What scopes are and examples of their use
Different classes of tokens and how they are used
Overview of the OpenID Foundation’s work in the Financial API WG
Attendees will leave with:
An overview of OAuth 2 and OpenID Connect
Knowledge of the basics necessary to using these standards
Resources and information sources where more information can be found
Authorization The Missing Piece of the PuzzleNordic APIs
XACML (eXtensible Access Control Markup Language) is an OASIS standard for defining and interpreting access control policies across multiple security domains. It provides a policy language and request/response protocol for making authorization decisions based on attributes. XACML policies can be defined in terms of attributes for subjects, resources, actions, and the environment, allowing for fine-grained and context-aware access control (ABAC). The XACML architecture separates policy enforcement from decision making and includes policy administration, information, and retrieval points.
Who’s Knocking? Identity for APIs, Web and MobileNordic APIs
This document discusses identity management for APIs, web, and mobile applications. It begins with an overview of trends in cloud computing and APIs. It then discusses how traditional network security is inadequate for these new architectures and that identity has become the new perimeter. The document outlines recommendations for an API identity strategy, including implementing OAuth 2.0 for authorization instead of passwords and leveraging an identity provider to apply enterprise security policies to cloud applications and APIs. It recommends architects design for interoperability across multiple devices, users, locations, and protocols.
This document discusses potential applications and extensions of OpenID Connect and the OAuth 2.0 protocol. It speculates about how OpenID Connect could be used for native single sign-on, mobile information management to encrypt sensitive data on devices, and providing identity capabilities for internet of things devices to authenticate to APIs on behalf of users. The document also outlines proposals for standardizing an authorization agent concept to enable single sign-on across native apps and considers how OpenID Connect could define profiles for new domains like CoAP to support internet-connected devices.
Interoperability in a B2B Word (NordicAPIS April 2014)Nordic APIs
The document discusses how B2B integration is evolving from traditional methods like EDI and FTP to use of APIs and web services. It notes that B2B objectives of securely transacting with partners hasn't changed, but the technologies used are modernizing from SOA, SOAP, and REST to focus on APIs. It emphasizes that B2B strategy should include an API strategy and consider both developers and humans. Whiteboarding APIs and dealing with integration challenges are also discussed.
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden.
Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.
Presentation by Hans Zandbelt from Ping Identity (pingidentity.com) from Nordic APIs (nordicapis.com) Stockholm March 2013 about the need of identity services when publishing an API.
Incorporating OAuth: How to integrate OAuth into your mobile appNordic APIs
The document discusses how to integrate OAuth into mobile apps for security purposes. It provides an overview of OAuth basics, including the actors (client, authorization server, resource server, resource owner), common flows, and use of JSON Web Tokens. It also discusses related standards like SCIM, SAML, and OpenID Connect, with OAuth serving as the meta-protocol for handling tokens across these different approaches. The goal is to explain how OAuth addresses old security requirements and solves new problems in a standardized way for modern app development.
Technologies that are being used together to secure RESTful APIs: SAML (and eventually OpenID Connect), OAuth, SCIM, and the JSON Identity Protocol Suite (esp. JWT).
Discussion how these technologies can be combined to provide enterprise grade security for APIs and put this need into the broader context.
Importance of APIs in the Internet of ThingsNordic APIs
How to design an API for devices - when there's millions of them. Comparing the networking industry with web APIs.
Presented by Jacob Ideskog from Twobo Technologies at Nordic APIs in Trondheim, June 11 - 2013
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
The document discusses how emerging technologies like cloud computing, mobile, social networks and big data are disrupting the technology landscape. It argues that identity management is critical for managing these changes. The potential of social identity and integrating social login is highlighted, though integrating social can be difficult due to changing social networks and APIs. Janrain is presented as a solution that simplifies social integration through a single API and stores social data in the cloud. Combining Janrain with additional authentication provides a secure architecture and better user experience.
The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs
The document discusses identity management standards for APIs, including OAuth 2.0, SAML, and OpenID Connect. It provides an overview of each standard, including how they work and examples of them in action. The document recommends either using SAML + OAuth 2.0 due to broad SAML adoption, or OpenID Connect as it is simpler, works across all clients, and uses OAuth access tokens. It also describes Ping Identity's solution for implementing these identity standards for APIs.
The document discusses API design choices and trends. It covers the history of APIs from early CGI and COM/CORBA standards to modern RESTful approaches. It also discusses targeting the right audience for an API and whether to focus on aggregation by combining multiple APIs or allowing mashups. The document advocates for RESTful design using hypermedia and HTTP verbs at higher levels of the Richardson maturity model. It notes that as an API grows more advanced, aggregation of other APIs becomes necessary but also very challenging.
The document discusses the limitations of using non-Windows LDAP servers with ADFS and introduces the Twobo LDAP Attribute Store as an alternative. It allows ADFS to authenticate to and retrieve attributes from LDAP directories without Windows authentication by supporting simple and anonymous binding. The Twobo store is open source but also commercially supported. The document provides instructions for configuring and using the Twobo store within ADFS rules and policies.
Platform Security that will Last for Decades (Travis Spencer)Nordic APIs
The document discusses building a secure platform for the future. It predicts that identity will be the number one impediment to security with the rise of more devices. The document proposes building upon open standards like OAuth, OpenID Connect, and SCIM to create a future-proof security architecture with an identity management system and API management system. This architecture would be ready to support changes like new communication protocols for internet and IoT, ensuring security lasts for decades to come.
The document discusses using OAuth and OpenID Connect to secure microservices. It describes how OAuth allows for scalable delegation of access across services. OpenID Connect builds on OAuth to also return identity information to clients in a JSON Web Token (JWT), allowing for single sign-on. The document recommends using OAuth/OIDC to authenticate users centrally and issuing JWTs to microservices, translating tokens through an API gateway for service-to-service communication.
This document discusses techniques for building a secure API, including OAuth, OpenID Connect, SCIM, JSON Web Tokens, and other standards. It provides an overview of key concepts like the OAuth authorization framework with clients, authorization servers, and resource servers. Identity management is central, and protocols like SCIM and SAML can be used to provision and manage user accounts. The document also summarizes standards like JWTs and how pieces like OAuth, OpenID Connect, and SCIM can be combined to securely access APIs and manage user identities.
Synergisticly using digital identity to securely adopt cloud computing, mobile, and social. Introduction to the "Neo Security Stack" of digital identity standards, namely OpenID Connect, OAuth, JWT, and SCIM and how to use them together.
OAuth and OpenID Connect are the two most important security specs that API providers need to be aware of. In this session, Travis Spencer, CEO of Curity, will cram in as much about these two protocols as will fit into 20 minutes.
OAuth Assisted Token Flow for Single Page ApplicationsNordic APIs
In this talk, Daniel Lindau, Solution Architect at Curity, will show how OAuth can be integrated into Single Page Applications (SPAs) using the assisted token flow — a new OAuth message exchange pattern introduced at IETF 101. He will contrast it with implicit flow and show how framing, token storage, and other nuances are handled using this new alternative flow. He will highlight the use of the HTML postMessage interface for passing tokens (vis-a-vis redirects used by other flows). He will also demo how this protocol can be used with various JavaScript frameworks, like JQuery, in just a few lines of code. He will conclude by giving a state of the draft and its future.
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
The difference between Web Apps, Web Services, and Web APIs, and how getting into Web APIs will change the way you do authentication and access control.
APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...Nordic APIs
The document discusses building a digital business ecosystem centered around APIs and developers. It involves integrating best of breed applications and multi-channel experiences through a system of records and private clouds. Partners would extend the ecosystem's reach through APIs that allow for multiple interactions across networks, including applications, processes, and business services. The key is providing developers with easy access to understandable, well-supported APIs that can become products in their own right through promotion, documentation, and lifecycle management. This helps drive business outcomes like speed, lower costs, and monetization.
Find out how today’s authorization experts are getting maximum value from OAuth
OAuth has quickly become the key standard for authorization across mobile apps and the Web. But are you getting the most out of OAuth? Join Mehdi Medjaoul, Co-Founder & Executive Director of Webshell – the company behind OAuth.io – and Scott Morrison, former CTO of Layer 7 and now Distinguished Engineer at CA Technologies, as they discuss how authorization experts are really using OAuth today.
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
The document discusses API security and outlines the SOA Software API platform. It describes the evolution of digital channels from client-server/web applications to web services to APIs. It then covers various aspects of API security like authentication, authorization, OAuth, message security, threat protection, content filtering, rate limiting. Finally, it provides an overview of the capabilities of the SOA Software API platform for securing APIs across the lifecycle.
Presentation by Hans Zandbelt from Ping Identity (pingidentity.com) from Nordic APIs (nordicapis.com) Stockholm March 2013 about the need of identity services when publishing an API.
Incorporating OAuth: How to integrate OAuth into your mobile appNordic APIs
The document discusses how to integrate OAuth into mobile apps for security purposes. It provides an overview of OAuth basics, including the actors (client, authorization server, resource server, resource owner), common flows, and use of JSON Web Tokens. It also discusses related standards like SCIM, SAML, and OpenID Connect, with OAuth serving as the meta-protocol for handling tokens across these different approaches. The goal is to explain how OAuth addresses old security requirements and solves new problems in a standardized way for modern app development.
Technologies that are being used together to secure RESTful APIs: SAML (and eventually OpenID Connect), OAuth, SCIM, and the JSON Identity Protocol Suite (esp. JWT).
Discussion how these technologies can be combined to provide enterprise grade security for APIs and put this need into the broader context.
Importance of APIs in the Internet of ThingsNordic APIs
How to design an API for devices - when there's millions of them. Comparing the networking industry with web APIs.
Presented by Jacob Ideskog from Twobo Technologies at Nordic APIs in Trondheim, June 11 - 2013
Nordic APIs - Integrated Social Solutions for a Cloudy, Mobile WorldTwobo Technologies
The document discusses how emerging technologies like cloud computing, mobile, social networks and big data are disrupting the technology landscape. It argues that identity management is critical for managing these changes. The potential of social identity and integrating social login is highlighted, though integrating social can be difficult due to changing social networks and APIs. Janrain is presented as a solution that simplifies social integration through a single API and stores social data in the cloud. Combining Janrain with additional authentication provides a secure architecture and better user experience.
The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs
The document discusses identity management standards for APIs, including OAuth 2.0, SAML, and OpenID Connect. It provides an overview of each standard, including how they work and examples of them in action. The document recommends either using SAML + OAuth 2.0 due to broad SAML adoption, or OpenID Connect as it is simpler, works across all clients, and uses OAuth access tokens. It also describes Ping Identity's solution for implementing these identity standards for APIs.
The document discusses API design choices and trends. It covers the history of APIs from early CGI and COM/CORBA standards to modern RESTful approaches. It also discusses targeting the right audience for an API and whether to focus on aggregation by combining multiple APIs or allowing mashups. The document advocates for RESTful design using hypermedia and HTTP verbs at higher levels of the Richardson maturity model. It notes that as an API grows more advanced, aggregation of other APIs becomes necessary but also very challenging.
The document discusses the limitations of using non-Windows LDAP servers with ADFS and introduces the Twobo LDAP Attribute Store as an alternative. It allows ADFS to authenticate to and retrieve attributes from LDAP directories without Windows authentication by supporting simple and anonymous binding. The Twobo store is open source but also commercially supported. The document provides instructions for configuring and using the Twobo store within ADFS rules and policies.
Platform Security that will Last for Decades (Travis Spencer)Nordic APIs
The document discusses building a secure platform for the future. It predicts that identity will be the number one impediment to security with the rise of more devices. The document proposes building upon open standards like OAuth, OpenID Connect, and SCIM to create a future-proof security architecture with an identity management system and API management system. This architecture would be ready to support changes like new communication protocols for internet and IoT, ensuring security lasts for decades to come.
The document discusses using OAuth and OpenID Connect to secure microservices. It describes how OAuth allows for scalable delegation of access across services. OpenID Connect builds on OAuth to also return identity information to clients in a JSON Web Token (JWT), allowing for single sign-on. The document recommends using OAuth/OIDC to authenticate users centrally and issuing JWTs to microservices, translating tokens through an API gateway for service-to-service communication.
This document discusses techniques for building a secure API, including OAuth, OpenID Connect, SCIM, JSON Web Tokens, and other standards. It provides an overview of key concepts like the OAuth authorization framework with clients, authorization servers, and resource servers. Identity management is central, and protocols like SCIM and SAML can be used to provision and manage user accounts. The document also summarizes standards like JWTs and how pieces like OAuth, OpenID Connect, and SCIM can be combined to securely access APIs and manage user identities.
Synergisticly using digital identity to securely adopt cloud computing, mobile, and social. Introduction to the "Neo Security Stack" of digital identity standards, namely OpenID Connect, OAuth, JWT, and SCIM and how to use them together.
OAuth and OpenID Connect are the two most important security specs that API providers need to be aware of. In this session, Travis Spencer, CEO of Curity, will cram in as much about these two protocols as will fit into 20 minutes.
OAuth Assisted Token Flow for Single Page ApplicationsNordic APIs
In this talk, Daniel Lindau, Solution Architect at Curity, will show how OAuth can be integrated into Single Page Applications (SPAs) using the assisted token flow — a new OAuth message exchange pattern introduced at IETF 101. He will contrast it with implicit flow and show how framing, token storage, and other nuances are handled using this new alternative flow. He will highlight the use of the HTML postMessage interface for passing tokens (vis-a-vis redirects used by other flows). He will also demo how this protocol can be used with various JavaScript frameworks, like JQuery, in just a few lines of code. He will conclude by giving a state of the draft and its future.
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...CA API Management
The difference between Web Apps, Web Services, and Web APIs, and how getting into Web APIs will change the way you do authentication and access control.
APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...Nordic APIs
The document discusses building a digital business ecosystem centered around APIs and developers. It involves integrating best of breed applications and multi-channel experiences through a system of records and private clouds. Partners would extend the ecosystem's reach through APIs that allow for multiple interactions across networks, including applications, processes, and business services. The key is providing developers with easy access to understandable, well-supported APIs that can become products in their own right through promotion, documentation, and lifecycle management. This helps drive business outcomes like speed, lower costs, and monetization.
Find out how today’s authorization experts are getting maximum value from OAuth
OAuth has quickly become the key standard for authorization across mobile apps and the Web. But are you getting the most out of OAuth? Join Mehdi Medjaoul, Co-Founder & Executive Director of Webshell – the company behind OAuth.io – and Scott Morrison, former CTO of Layer 7 and now Distinguished Engineer at CA Technologies, as they discuss how authorization experts are really using OAuth today.
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
The document discusses API security and outlines the SOA Software API platform. It describes the evolution of digital channels from client-server/web applications to web services to APIs. It then covers various aspects of API security like authentication, authorization, OAuth, message security, threat protection, content filtering, rate limiting. Finally, it provides an overview of the capabilities of the SOA Software API platform for securing APIs across the lifecycle.
API Security: Securing Digital Channels and Mobile Apps Against HacksAkana
More and more enterprises today are doing business by opening up their data and applications through APIs. Though forward-thinking and strategic, exposing APIs also increases the surface area for potential attack by hackers. To benefit from APIs while staying secure, enterprises and security architects need to continue to develop a deep understanding about API security and how it differs from traditional web application security or mobile application security.
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.
CIS13: Mobile Single Sign-On: Extending SSO Out to the ClientCloudIDSummit
This document discusses extending single sign-on (SSO) capabilities to mobile clients. It proposes using OAuth and OpenID Connect to implement cross-application SSO on mobile devices while distinguishing between the device, user, and individual apps. A key challenge is the isolation of apps and data on mobile operating systems, which this solution aims to address through a native SDK and centralized management of tokens. The overall architecture features device registration, requesting access tokens via JSON Web Tokens to enable SSO, and administration of tokens.
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
In this webinar from November 2015, John Barco (VP of Product Management) and Tim Sedlack (Sr. Product Manager) take you on a journey:
A long time ago in a technology sector far, far away, organizations were promised a unified platform for centralizing identity and integrating it into resources everywhere. But this promise was never realized. Instead, organizations were forced down a dark path to implement a piecemeal identity infrastructure that was painful, with massive integration costs. Finally, the wait is over. In this webinar, we will provide an overview of ForgeRock's unified platform and highlight all the common services provided across the end-to-end solution to make your life easier.
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
Serverless computing allows developers to build and run applications without having to manage infrastructure. With serverless, applications can automatically scale as usage increases and developers only pay for the resources consumed. Serverless services on AWS include AWS Lambda, API Gateway, DynamoDB, S3 and more which can be combined into serverless applications and architectures. AWS also provides training and certifications to help developers learn serverless concepts and services.
This document discusses API security and authorization in distributed microservice architectures. It introduces concepts of identity, authentication and authorization (IAM) and standards like SAML, OAuth and OpenID Connect (OIDC) that address IAM for APIs. OIDC extends SAML and OAuth by standardizing tokens, scopes and endpoints, making it easier to integrate multiple authorization providers. The document recommends using separate OIDC authorization servers per bounded context to define custom scopes and policies and enforce access control in a distributed way.
Oauth Nightmares Abstract OAuth Nightmares Nino Ho
https://www.hackmiami.com/hmc5-speakers-day-2
OAuth is one of the most popular authorization frameworks in use today. All major platforms such as Google, Facebook, Box etc support it and you are probably thinking of implementi ng OAuth for your product/platform.We are not debating the popularity of the protocol or the limitations that come with it. We are here to help you implement it securely. When you use OAuth, there are three pieces - The Platform , the Application (using the platform) and the User (of the application). We will go over the common flaws we have seen in applications built on a OAuth platform which can lead to complete account takeover, how they can be a security engineer's nightmare, and how to fix them. We will go over security controls that the platform can put in place to help mitigate security vulnerabilities. We will also cover how bad design decisions, if chained with otherwise lower risk vulnerabilities can result in gaping holes in your OAuth implementation. You will leave this session with a deep understanding of how OAuth implementation should be secured both for a platform and in an application and things to test for during a security evaluation of OAuth implementations.
This document provides an overview of OAuth 2.0 and how it addresses issues with the previous "password anti-pattern" approach to API authentication. It describes the key actors in OAuth - clients, authorization servers, and resource servers. It also summarizes the different flows for obtaining access tokens, common use cases for OAuth, and how OAuth compares to SAML for SSO and authorization.
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
This document contains a summary of a workshop on user management and app authentication with Amazon Cognito. The workshop covers setting up Cognito user pools for user sign-up, sign-in, and password management. It also covers getting temporary AWS credentials from Cognito identity pools to access AWS services like S3. The hands-on portion involves building a desktop app for user authentication with Cognito user pools and getting credentials to call AWS services.
The wait is over! ForgeRock is releasing shiny new versions of all solution areas of the ForgeRock Identity Platform. To give you a preview on what’s coming, join this webinar to hear directly from the Product Managers what’s new in:
Access Management
Identity Management
Directory Services
Identity Gateway
Shared Services
Learn more about ForgeRock Access Management:
https://www.forgerock.com/platform/access-management/
Learn more about ForgeRock Identity Management:
https://www.forgerock.com/platform/identity-management/
The document discusses the relationship between APIs and SOA. It notes that while SOA initially focused on machine-to-machine integration and standardization, it forgot about the human element. APIs, on the other hand, focus more on usability but lack management capabilities. An ideal platform supports both APIs and SOA by handling different protocols, descriptors, and security standards to facilitate management of both.
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftJitendra Bafna
This document summarizes an event about identity and client management with MuleSoft. The agenda includes an introduction to API security, discussions of identity management using SAML and OpenID Connect, client management using dynamic client registration, and a live demonstration. The organizers are Jitendra Bafna from Capgemini and Nitish Jain from IBM, both with experience in integration and APIs. The speaker is also Jitendra Bafna. The event aims to help attendees understand how to secure APIs and manage user identities and clients when working with MuleSoft technologies.
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018Amazon Web Services
Encrypting high-value content has long been a challenge for media customers. The number of digital rights management (DRM) schemes, transcoding and packaging vendors, and packaging formats created hundreds of potential integration points, each requiring extensive engineering resources and time. The Secure Packager and Encoder Key Exchange (SPEKE) is a single, open REST API specification for authentication and key exchange between DRM platforms and encryptors (transcoders and packagers) that reduces the number of integration points and accelerates time-to-market for customers for on-premises, hybrid, and cloud video workflows. In this session, learn about the SPEKE API and the Content Protection Information Exchange (CPIX) format, and how SPEKE establishes secure key exchange using Amazon API Gateway, document encryption, IAM roles, and Signature Version 4 signing for live and file-based video workflows.
This document provides guidance on designing secure Azure solutions. It discusses key considerations for infrastructure, topology, identity, authorization, data protection, logging/auditing, key management, and compliance. Specific recommendations are given for securing infrastructure, operating systems, application topology, passwords, access control, encryption, database access, logging, and key vault usage. Compliance with standards like ISO 27001 and audit requirements are also addressed.
Are APIs really that different from SOA? Join Alistair Farquharson, CTO, SOA Software and Sachin Agarwal, VP Product Marketing, SOA Software to learn more about how to build out a combined API and SOA strategy for your business, and understand the real differences between APIs and SOA, and lay down a common long-term unified infrastructure for all your services – past, present and future.
APIs and SOA are closely related but have different focuses. SOA focused on machine-to-machine integration through standards like SOAP, WSDL and UDDI, forgetting about the human element. APIs focus on the developer experience through easy-to-use standards like JSON/HTTP. A unified platform is needed to manage both APIs and services, addressing the full lifecycle from design to monitoring and supporting multiple standards and protocols.
The Business Value for Internal APIs in the EnterpriseAkana
The document discusses the business value of adopting internal APIs within an enterprise. It argues that establishing internal APIs is an important first step before extending APIs externally, as it helps remove silos, enable an internal developer community, and extend the reach of applications within the organization. The document then covers various API adoption patterns, reference architectures for APIs including a unified API gateway and API gateway with ESB. It emphasizes that a unified API gateway can be a good starting point for many organizations.
Ähnlich wie Launching a Successful and Secure API (20)
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...Nordic APIs
A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned!
This presentation will cover topics like:
– How does it work? What does it mean to “train” a bot on your docs?
– Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team?
– The trade-offs around building your own vs. buying a 3rd party solution
– Some decisions around the underlying tech
– How to build a decent “conversational mode” so you can ask follow-up questions
– How you evaluate the quality of a chatbot, and some surprises we ecountered along the way
– What do you do when things go wrong?
– Security considerations
And much more! Actually, probably not that much more. That already sounds like a lot.
The Art of API Design, by David Biesack at ApitureNordic APIs
A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13.
Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind.
A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13.
Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Nordic APIs
A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13.
Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools.
Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss:
1. The platform team model - team topologies and key roles for developing internal API platforms
2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs
3. Applying a "platform as a product" mindset to measure and communicate platform success
4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...Nordic APIs
A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13.
Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach.
Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies.
Key topics include:
- The current challenges in API governance and how federated management addresses these.
- The principles and architecture of Federated API Management, distinguishing it from traditional models.
- Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses.
- Strategies for implementing Federated API Management, focusing on best practices for seamless integration.
- The future outlook of API governance, anticipating emerging trends and technologies.
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLNordic APIs
A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13.
Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.
API Discovery from Crawl to Run - Rob Dickinson, GraylogNordic APIs
A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13.
Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.
Productizing and Monetizing APIs - Derric Gilling, MoseifNordic APIs
A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13.
Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosNordic APIs
A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13.
Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis.
In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows:
- Easily « boosting » any product feature with Generative AI
- Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model
- Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.
Security of LLM APIs by Ankita Gupta, Akto.ioNordic APIs
A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13.
Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs.
1. Overview of Large Language Models (LLMs) APIs
2. Understanding LLM Vulnerabilities:
- Prompt Injections
- Sensitive Data Leakage
- Inadequate Sandboxing
- Insecure Plugin Design
- Model Denial of Service
- Unauthorized Code Execution
- Input attacks
- Poisoning attacks
3. Best practices to secure LLM APIs from data breaches
I will explain all the above using real life examples.
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...Nordic APIs
A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Nordic APIs
A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.
Reigniting the API Description Wars with TypeSpec and the Next Generation of...Nordic APIs
A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13.
Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward?
Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management?
I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyNordic APIs
A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13.
Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Nordic APIs
A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13.
Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsNordic APIs
A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13.
Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13.
Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerNordic APIs
A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13.
Session Description:
GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.
The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...Nordic APIs
A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13.
Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...Nordic APIs
A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology