How to design an API for devices - when there's millions of them. Comparing the networking industry with web APIs.
Presented by Jacob Ideskog from Twobo Technologies at Nordic APIs in Trondheim, June 11 - 2013
Interoperability in a B2B Word (NordicAPIS April 2014)Nordic APIs
The document discusses how B2B integration is evolving from traditional methods like EDI and FTP to use of APIs and web services. It notes that B2B objectives of securely transacting with partners hasn't changed, but the technologies used are modernizing from SOA, SOAP, and REST to focus on APIs. It emphasizes that B2B strategy should include an API strategy and consider both developers and humans. Whiteboarding APIs and dealing with integration challenges are also discussed.
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden.
Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.
This document discusses potential applications and extensions of OpenID Connect and the OAuth 2.0 protocol. It speculates about how OpenID Connect could be used for native single sign-on, mobile information management to encrypt sensitive data on devices, and providing identity capabilities for internet of things devices to authenticate to APIs on behalf of users. The document also outlines proposals for standardizing an authorization agent concept to enable single sign-on across native apps and considers how OpenID Connect could define profiles for new domains like CoAP to support internet-connected devices.
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.
Secure your APIs using OAuth 2 and OpenID ConnectNordic APIs
Session held by Travis Spencer at PayEx and Nordic APIs event "Secure, flexible and modern APIs for Payments" event in Oslo, May 10th.
Description:
When opening up secure APIs, OAuth 2 and OpenID Connect are the primary standards being used today. Implementing and using these standards can be challenging. In this session, Travis Spencer, CEO of Twobo Technologies, will provide an in-depth overview of these standards and explain how they can be integrated into financial services apps. The overview will include information on:
The actors involved in OAuth and OpenID Connect
The flows used in the standards
What grant types are, which are defined, and the message exchanges of each
What scopes are and examples of their use
Different classes of tokens and how they are used
Overview of the OpenID Foundation’s work in the Financial API WG
Attendees will leave with:
An overview of OAuth 2 and OpenID Connect
Knowledge of the basics necessary to using these standards
Resources and information sources where more information can be found
Presentation by Hans Zandbelt from Ping Identity (pingidentity.com) from Nordic APIs (nordicapis.com) Stockholm March 2013 about the need of identity services when publishing an API.
The end of polling : why and how to transform a REST API into a Data Streamin...Audrey Neveu
We know interactivity is the key to keep our user’s interest alive but we can’t reduce animation to UI anymore. Twitter, Waze, Slack… users are used to have real-time data in applications they love. But how can you turn your static API into a stream of data?
When talking about data streaming, we often think about WebSockets. But have you ever heard of Server-Sent Events? In this tools-in-action we will compare both technologies to understand which one you should opt for depending on your usecase and I’ll show you how we have been even further by reducing the amount of data to transfer with JSON-Patch.
And because real-time data is not only needed by web (and because it’s much more fun), I’ll show you how we can make drone dance on streamed APIs.
The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs
The document discusses identity management standards for APIs, including OAuth 2.0, SAML, and OpenID Connect. It provides an overview of each standard, including how they work and examples of them in action. The document recommends either using SAML + OAuth 2.0 due to broad SAML adoption, or OpenID Connect as it is simpler, works across all clients, and uses OAuth access tokens. It also describes Ping Identity's solution for implementing these identity standards for APIs.
Interoperability in a B2B Word (NordicAPIS April 2014)Nordic APIs
The document discusses how B2B integration is evolving from traditional methods like EDI and FTP to use of APIs and web services. It notes that B2B objectives of securely transacting with partners hasn't changed, but the technologies used are modernizing from SOA, SOAP, and REST to focus on APIs. It emphasizes that B2B strategy should include an API strategy and consider both developers and humans. Whiteboarding APIs and dealing with integration challenges are also discussed.
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
Introducing Open APIs and the security risks involved and the great rewards that can be reaped. Going through the advantages of using and publishing APIs and how to get started, how to handle security risks with a "neo-security" stack and how Twitters API has been used to analyse Twitter use in Sweden.
Lightning talk from Øredev 7 november 2013 in Malmö Sweden. Presented by Andreas Krohn, Travis Spencer and Hampus Brynolf. More information at http://nordicapis.com/oredev2013.
This document discusses potential applications and extensions of OpenID Connect and the OAuth 2.0 protocol. It speculates about how OpenID Connect could be used for native single sign-on, mobile information management to encrypt sensitive data on devices, and providing identity capabilities for internet of things devices to authenticate to APIs on behalf of users. The document also outlines proposals for standardizing an authorization agent concept to enable single sign-on across native apps and considers how OpenID Connect could define profiles for new domains like CoAP to support internet-connected devices.
OAuth 2.0 and the Internet of Things (IoT) (Jacob Ideskog)Nordic APIs
This is a session given by Jacob Ideskog at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
In this talk Jacob Ideskog (Identity Expert at Twobo Technologies) address the growing need to secure the emerging devices accessible over the Internet. The Internet of Things has many interpretations, but the common denominator is that there will be a vast number of connected devices, and nobody (almost) want’s those hacked.
Secure your APIs using OAuth 2 and OpenID ConnectNordic APIs
Session held by Travis Spencer at PayEx and Nordic APIs event "Secure, flexible and modern APIs for Payments" event in Oslo, May 10th.
Description:
When opening up secure APIs, OAuth 2 and OpenID Connect are the primary standards being used today. Implementing and using these standards can be challenging. In this session, Travis Spencer, CEO of Twobo Technologies, will provide an in-depth overview of these standards and explain how they can be integrated into financial services apps. The overview will include information on:
The actors involved in OAuth and OpenID Connect
The flows used in the standards
What grant types are, which are defined, and the message exchanges of each
What scopes are and examples of their use
Different classes of tokens and how they are used
Overview of the OpenID Foundation’s work in the Financial API WG
Attendees will leave with:
An overview of OAuth 2 and OpenID Connect
Knowledge of the basics necessary to using these standards
Resources and information sources where more information can be found
Presentation by Hans Zandbelt from Ping Identity (pingidentity.com) from Nordic APIs (nordicapis.com) Stockholm March 2013 about the need of identity services when publishing an API.
The end of polling : why and how to transform a REST API into a Data Streamin...Audrey Neveu
We know interactivity is the key to keep our user’s interest alive but we can’t reduce animation to UI anymore. Twitter, Waze, Slack… users are used to have real-time data in applications they love. But how can you turn your static API into a stream of data?
When talking about data streaming, we often think about WebSockets. But have you ever heard of Server-Sent Events? In this tools-in-action we will compare both technologies to understand which one you should opt for depending on your usecase and I’ll show you how we have been even further by reducing the amount of data to transfer with JSON-Patch.
And because real-time data is not only needed by web (and because it’s much more fun), I’ll show you how we can make drone dance on streamed APIs.
The “I” in API is for Identity (Nordic APIS April 2014)Nordic APIs
The document discusses identity management standards for APIs, including OAuth 2.0, SAML, and OpenID Connect. It provides an overview of each standard, including how they work and examples of them in action. The document recommends either using SAML + OAuth 2.0 due to broad SAML adoption, or OpenID Connect as it is simpler, works across all clients, and uses OAuth access tokens. It also describes Ping Identity's solution for implementing these identity standards for APIs.
Platform Security that will Last for Decades (Travis Spencer)Nordic APIs
The document discusses building a secure platform for the future. It predicts that identity will be the number one impediment to security with the rise of more devices. The document proposes building upon open standards like OAuth, OpenID Connect, and SCIM to create a future-proof security architecture with an identity management system and API management system. This architecture would be ready to support changes like new communication protocols for internet and IoT, ensuring security lasts for decades to come.
The document discusses Keycloak and its capabilities for satisfying the Financial-grade API (FAPI) security profile. It introduces Keycloak and describes how the proposed "Client Policy" feature allows Keycloak to easily meet the FAPI requirements by applying security profiles to client applications based on configurable conditions and executors. It also outlines other efforts like the FAPI-SIG group and implementation of FAPI requirements in the 3scale API gateway to help build fully FAPI-compliant systems.
apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
Building an agile foundation for your Enterprise APIs with SUSE Rancher and Kubernetes
Vishal Ghariwala, CTO, APJ & Greater China at SUSE Software
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
API Horror Stories from an Unnamed Coworking Company
Phil Sturgeon, DevRel at Stoplight
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.
I this presentation enterprises will get a practical overview of what they need to know when approaching APIs and technologies like OAuth.
Mobile and Cloud initiatives are driving enterprises to expose data and applications to the outside world. Whether SOAP, REST or JSON, these APIs give enterprises an efficient way to open up information to services running in the Cloud and apps running on mobile devices like the iPad.
However, securing and governing the lifecycle and operation of these APIs is not straightforward. It requires new approaches to access, protection and management. This invariably requires adoption of new technologies such as OAuth, which are not yet well understood.
Innovation Showcase: Hugo Fiennes, CEO/Co-Founder, Electric ImpProgrammableWeb
The document discusses issues with the current state of connectivity and the potential for improvement. It notes that the world is often broken, inefficient, and insecure. The internet knows things about the world and wants to help fix issues. However, fully connecting everything requires many different skills across hardware, software, security, and other domains. The document introduces Electric Imp as a platform that can help build secure, scalable connected products and BlinkUp as an easy way to connect devices to WiFi networks.
This document discusses techniques for building a secure API, including OAuth, OpenID Connect, SCIM, JSON Web Tokens, and other standards. It provides an overview of key concepts like the OAuth authorization framework with clients, authorization servers, and resource servers. Identity management is central, and protocols like SCIM and SAML can be used to provision and manage user accounts. The document also summarizes standards like JWTs and how pieces like OAuth, OpenID Connect, and SCIM can be combined to securely access APIs and manage user identities.
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Identification & Authentication for Individuals with API at eIDAS Substantial Security Level
Nicolas Bigand, CTO & COO at L'identité Numérique La Poste at Groupe La Poste
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...apidays
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
How APIs are making innovation exponential
Shailesh Nalawadi, Head of Product at Sendbird
The document discusses WebAuthn support that was contributed to the keycloak identity management software. It provides an overview of WebAuthn, describes how registration and authentication work, and details the contributions made to keycloak including implemented features and pull requests. It also discusses potential future work and gives an example use case using keycloak and WebAuthn for multi-factor authentication in financial applications.
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...Akana
The document discusses how to define an API business strategy. It outlines key considerations such as understanding stakeholder needs, defining business models, developing communication and marketing plans, addressing legal and security concerns, and establishing teams for product management, development, operations, and more. It emphasizes the importance of treating APIs as products and having tools to help all stakeholders be successful.
Presentation on Intuit's new (beta) QuickBooks Payments API. Prepared for and presented to a developer audience at the QuickBooks Connect Hackathon, Oct 20, 2014.
Find out how today’s authorization experts are getting maximum value from OAuth
OAuth has quickly become the key standard for authorization across mobile apps and the Web. But are you getting the most out of OAuth? Join Mehdi Medjaoul, Co-Founder & Executive Director of Webshell – the company behind OAuth.io – and Scott Morrison, former CTO of Layer 7 and now Distinguished Engineer at CA Technologies, as they discuss how authorization experts are really using OAuth today.
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...apidays
apidays LIVE Hong Kong - The Open API Economy: Finance-as-a-Service & API Ecosystems
The Future of Legacy - How to leverage legacy and on-prem assets in your digital transformation with Digital-Driven Integration
Zeev Avidan, Chief Product Officer of OpenLegacy
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays
Dr. Omaru Maruatona discusses protecting the API ecosystem. He advocates for a holistic approach to security that recognizes how vulnerabilities in one component can expose others. He suggests layered security with multiple checkpoints to increase the cost and effort of attacks. Dynamic threat intelligence sharing is key to mitigate zero-day vulnerabilities and proactively manage risks. Standards need to be easily implemented, regularly updated, product-agnostic and accessible. Emerging trends include API security guidelines from Monetary Authority of Singapore and establishing trusted service provider registers. However, security must be balanced with user experience.
The document discusses API design choices and trends. It covers the history of APIs from early CGI and COM/CORBA standards to modern RESTful approaches. It also discusses targeting the right audience for an API and whether to focus on aggregation by combining multiple APIs or allowing mashups. The document advocates for RESTful design using hypermedia and HTTP verbs at higher levels of the Richardson maturity model. It notes that as an API grows more advanced, aggregation of other APIs becomes necessary but also very challenging.
"Industrial Internet IoT bootcamp" meetup, 11-5-2015 hosted by GE Digital at HackerDojo. Discussing topics ranging from IoT architecture to connectivity and protocols, cyber security, data science and industrial UX design.
Platform Security that will Last for Decades (Travis Spencer)Nordic APIs
The document discusses building a secure platform for the future. It predicts that identity will be the number one impediment to security with the rise of more devices. The document proposes building upon open standards like OAuth, OpenID Connect, and SCIM to create a future-proof security architecture with an identity management system and API management system. This architecture would be ready to support changes like new communication protocols for internet and IoT, ensuring security lasts for decades to come.
The document discusses Keycloak and its capabilities for satisfying the Financial-grade API (FAPI) security profile. It introduces Keycloak and describes how the proposed "Client Policy" feature allows Keycloak to easily meet the FAPI requirements by applying security profiles to client applications based on configurable conditions and executors. It also outlines other efforts like the FAPI-SIG group and implementation of FAPI requirements in the 3scale API gateway to help build fully FAPI-compliant systems.
apidays LIVE Australia 2021 - Building an agile foundation for your Enterpris...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
Building an agile foundation for your Enterprise APIs with SUSE Rancher and Kubernetes
Vishal Ghariwala, CTO, APJ & Greater China at SUSE Software
apidays LIVE Australia 2021 - API Horror Stories from an Unnamed Coworking Co...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
API Horror Stories from an Unnamed Coworking Company
Phil Sturgeon, DevRel at Stoplight
Mobile Single-Sign On: Extending SSO Out to the Client - Layer 7's CTO Scott ...CA API Management
Think SSO is just about reducing logins across servers? Think again. In the mobile world, the new twist is sharing sessions across mobile apps on a device. Learn how technologies like OAuth and OpenID Connect can be leveraged by native apps to achieve MSSO.
I this presentation enterprises will get a practical overview of what they need to know when approaching APIs and technologies like OAuth.
Mobile and Cloud initiatives are driving enterprises to expose data and applications to the outside world. Whether SOAP, REST or JSON, these APIs give enterprises an efficient way to open up information to services running in the Cloud and apps running on mobile devices like the iPad.
However, securing and governing the lifecycle and operation of these APIs is not straightforward. It requires new approaches to access, protection and management. This invariably requires adoption of new technologies such as OAuth, which are not yet well understood.
Innovation Showcase: Hugo Fiennes, CEO/Co-Founder, Electric ImpProgrammableWeb
The document discusses issues with the current state of connectivity and the potential for improvement. It notes that the world is often broken, inefficient, and insecure. The internet knows things about the world and wants to help fix issues. However, fully connecting everything requires many different skills across hardware, software, security, and other domains. The document introduces Electric Imp as a platform that can help build secure, scalable connected products and BlinkUp as an easy way to connect devices to WiFi networks.
This document discusses techniques for building a secure API, including OAuth, OpenID Connect, SCIM, JSON Web Tokens, and other standards. It provides an overview of key concepts like the OAuth authorization framework with clients, authorization servers, and resource servers. Identity management is central, and protocols like SCIM and SAML can be used to provision and manage user accounts. The document also summarizes standards like JWTs and how pieces like OAuth, OpenID Connect, and SCIM can be combined to securely access APIs and manage user identities.
apidays LIVE Paris 2021 - Identification & Authentication for Individuals wit...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Identification & Authentication for Individuals with API at eIDAS Substantial Security Level
Nicolas Bigand, CTO & COO at L'identité Numérique La Poste at Groupe La Poste
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...apidays
INTERFACE, by apidays 2021 - It’s APIs all the way down
June 30, July 1 & 2, 2021
How APIs are making innovation exponential
Shailesh Nalawadi, Head of Product at Sendbird
The document discusses WebAuthn support that was contributed to the keycloak identity management software. It provides an overview of WebAuthn, describes how registration and authentication work, and details the contributions made to keycloak including implemented features and pull requests. It also discusses potential future work and gives an example use case using keycloak and WebAuthn for multi-factor authentication in financial applications.
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...Akana
The document discusses how to define an API business strategy. It outlines key considerations such as understanding stakeholder needs, defining business models, developing communication and marketing plans, addressing legal and security concerns, and establishing teams for product management, development, operations, and more. It emphasizes the importance of treating APIs as products and having tools to help all stakeholders be successful.
Presentation on Intuit's new (beta) QuickBooks Payments API. Prepared for and presented to a developer audience at the QuickBooks Connect Hackathon, Oct 20, 2014.
Find out how today’s authorization experts are getting maximum value from OAuth
OAuth has quickly become the key standard for authorization across mobile apps and the Web. But are you getting the most out of OAuth? Join Mehdi Medjaoul, Co-Founder & Executive Director of Webshell – the company behind OAuth.io – and Scott Morrison, former CTO of Layer 7 and now Distinguished Engineer at CA Technologies, as they discuss how authorization experts are really using OAuth today.
apidays LIVE Hong Kong - The Future of Legacy - How to leverage legacy and on...apidays
apidays LIVE Hong Kong - The Open API Economy: Finance-as-a-Service & API Ecosystems
The Future of Legacy - How to leverage legacy and on-prem assets in your digital transformation with Digital-Driven Integration
Zeev Avidan, Chief Product Officer of OpenLegacy
apidays LIVE Singapore 2021 - Protecting the API ecosystem by Omaru Maruatona...apidays
Dr. Omaru Maruatona discusses protecting the API ecosystem. He advocates for a holistic approach to security that recognizes how vulnerabilities in one component can expose others. He suggests layered security with multiple checkpoints to increase the cost and effort of attacks. Dynamic threat intelligence sharing is key to mitigate zero-day vulnerabilities and proactively manage risks. Standards need to be easily implemented, regularly updated, product-agnostic and accessible. Emerging trends include API security guidelines from Monetary Authority of Singapore and establishing trusted service provider registers. However, security must be balanced with user experience.
The document discusses API design choices and trends. It covers the history of APIs from early CGI and COM/CORBA standards to modern RESTful approaches. It also discusses targeting the right audience for an API and whether to focus on aggregation by combining multiple APIs or allowing mashups. The document advocates for RESTful design using hypermedia and HTTP verbs at higher levels of the Richardson maturity model. It notes that as an API grows more advanced, aggregation of other APIs becomes necessary but also very challenging.
"Industrial Internet IoT bootcamp" meetup, 11-5-2015 hosted by GE Digital at HackerDojo. Discussing topics ranging from IoT architecture to connectivity and protocols, cyber security, data science and industrial UX design.
The document discusses Acision's SDK for building real-time communication applications. It provides an overview of Acision, examples of using the SDK for Android, iOS and JavaScript, and how the SDK integrates with authentication providers. The SDK provides libraries for messaging, presence, WebRTC calls and more through a single API.
HTTP colon slash slash: end of the road? @ CakeFest 2013 in San FranciscoAlessandro Nadalin
The HTTP protocol has been there for more than 20 years, almost untouched, but the current needs of the web are pushing towards adding some spices into the mix.
In this talk we will have a brief look at the history of HTTP, what SPDY - the "new" protocol proposed by google - brings into the table and how HTTP/2.0 will look like.
The document discusses the evolution of web applications and the need for asynchronous architectures to handle increasing traffic loads. It introduces Node.js and Vert.x as examples of asynchronous frameworks. Node.js uses an event-driven, non-blocking I/O model to improve performance and allow for many concurrent connections. Vert.x is built on the JVM and supports multiple languages through asynchronous programming. The document recommends using asynchronous approaches like Node.js and Vert.x for high performance, real-time, or I/O intensive applications.
The document introduces Aruba's new 7200 Controller Series, which provides improved performance, scale, and cost savings compared to prior solutions. Key points include:
- The 7200 series supports up to 2048 access points, 32,000 clients, and 40Gbps of throughput to handle more bandwidth-intensive applications and 802.11ac networks.
- Aruba's AppRF technology analyzes traffic and prioritizes applications like voice and video for improved quality of experience.
- Models range from the 7210 for small/medium deployments up to the 7240 for large enterprises, with pricing nearly half of comparable Cisco solutions.
- Aruba is offering migration incentives include license transfers from existing
This document discusses innovation in SDN tools and platforms. It describes exponential growth in the SDN market and standardization efforts from 2012 to early 2013. It then provides summaries of several key SDN tools and platforms developed by ON.LAB, including Mininet for emulation, FlowVisor for network slicing, ONOS for a distributed SDN control plane, and TestON for SDN automation and testing.
The document summarizes Samidip Basu's presentation to the Central Ohio Windows Phone User Group about developing for Windows Phone 7 and Mango. Some key points from the presentation include:
- An overview of push notifications, live tiles, and the different types of notifications in Windows Phone.
- A demonstration of building shopping list, social, and music apps that utilize Mango features like multitasking and background agents.
- A discussion of developing mobile applications using services on Windows Azure, including storage, SQL databases, and integrating with OData services.
- A preview of new features coming in the Mango update like multi-tasking, sockets, and enhanced push notifications.
HTTP/2 Comes to Java discusses the new features of HTTP/2 and how Servlet 4.0 will expose these features. Key features of HTTP/2 include request multiplexing over a single TCP connection, header compression, and server push. Servlet 4.0 will allow Java applications to take advantage of HTTP/2 without changes to application code through non-blocking I/O and asynchronous processing features.
Working with the Mainstay team, the Cisco IOT Manufacturing Marketing team combined research from manufacturing trade associations, management consulting research and an internal benchmarking project to create an Executive Briefing Presentation that would educate CxOs on the opportunities IOT can provide. This content was also repurposed to create a manufacturing IOT whitepaper to provide an asset to entice prospective customers to consider Cisco’s IOT offerings.
This document provides tutorials and information about developing applications using Oracle Application Framework (OAF). It includes steps for creating an OAF search page, including creating an application module, entity object, view object, and page with a query region to display search results. Contact information is provided for consulting and training services related to OAF application development.
tado° Makes Your Home Environment Smart with InfluxDBInfluxData
Michal Knizek, Head of Research and Development at tado° GmbH, will share how they use InfluxData to gather data collected from their Smart Thermostat to help turn any home thermostat into a smart device. This device uses a variety of information collected (geo-location, temperature, user settings, current device functional state) to serve information to automatically control the environment temperature as well as letting users know when the device may need maintenance.
WebRTC Tutorial by Dean Bubley of Disruptive Analysis & Tim Panton of Westhaw...Dean Bubley
Tutorial on WebRTC technologies, standards, use-cases and business models. First given at the ICIN conference in Venice, October 2013.
By Dean Bubley, analyst at Disruptive Analysis, and Tim Panton, WebRTC developer at Westhawk Ltd
The document provides an overview of iRidium Server, which is responsible for storing and processing automation system data, as well as logic, scenes, schedules, and trends. It discusses how server solutions work, how to choose hardware, licensing, and how to set up a server project. The server allows for failover protection, storing historical data, and processing tasks to enable visualization on less powerful devices. Examples of when to use a server include large KNX or HDL installations, systems with many simultaneous connections, installations requiring long scenes or logics, and systems requiring continuous operation.
The document provides an introduction to back-end development, including definitions of the internet, World Wide Web, and request-response cycle. It explains the differences between front-end and back-end development and lists common front-end and back-end programming languages. Main protocols like IP, TCP, UDP, and HTTP are described. Additional back-end concepts covered include CRUD functionality, securing passwords, HTTPS, and APIs. Resources for further learning back-end development with languages like Python, Node.js, and PHP are also provided.
Ähnlich wie Importance of APIs in the Internet of Things (20)
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...Nordic APIs
A presentation given by Todd Kerpelman, Developer Advocate at Plaid, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever thought about building your own chatbot to help developers be more successful using your APIs? Well, we made one for Plaid’s documentation site, and in this talk, I’ll cover some of the things we learned!
This presentation will cover topics like:
– How does it work? What does it mean to “train” a bot on your docs?
– Setting appropriate expectations: Do you still need to write documentation? Do you still need a support team?
– The trade-offs around building your own vs. buying a 3rd party solution
– Some decisions around the underlying tech
– How to build a decent “conversational mode” so you can ask follow-up questions
– How you evaluate the quality of a chatbot, and some surprises we ecountered along the way
– What do you do when things go wrong?
– Security considerations
And much more! Actually, probably not that much more. That already sounds like a lot.
The Art of API Design, by David Biesack at ApitureNordic APIs
A presentation given by David Biesack, Chief API Officer at Apiture, at our 2024 Austin API Summit, March 12-13.
Session Description: API Design is truly an art. While ChatGPT can spit out seemingly detailed APIs, there is still much to be said for well-crafted, consistent APIs designed by organic intelligence, in a broader context, with the consumer and Developer Experience in mind.
A good (or dare we dream, great) Developer Experience (DX) is an important aspect of API design and the success of your API program. Attendees will grok the interplay of API design, patterns, and language constraints and limitations. See how and why artful API Design Matters to DX and "good" API outcomes, and why fluency in the myriad languages of APIs matters. Learn how choosing guiding principles can shape all your APIs for success. Learn how to stay relevant as an API designer when the API generating robots are breathing down your neck.
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...Nordic APIs
A presentation given by David Brossard, CTO at Axiomatics, at our 2024 Austin API Summit, March 12-13.
Session Description: So you've just built your cool new API and figured out the authentication part. You're even using OAuth for access delegation, scopes, and claims. So, you're good, right? Well what about fine-grained authorization? What about OWASP's #1 security threat, broken access control? How do you handle that? Maybe you need an authorization framework to help with that. But which one? Is ABAC the way to go? Policies? Graphs? In this presentation, we'll give you the tools to understand what authorization for APIs entails, what options you have, and how to successfully implement a secure authorization strategy for your APIs. We will cover approaches such as ALFA, ReBAC, and Zanzibar and illustrate with a live demo.
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Nordic APIs
A presentation given by Budhaditya Bhattacharya, Developer Advocate at Tyk, at our 2024 Austin API Summit, March 12-13.
Session Description: APIs and microservices are powering domain-driven design architectures and have become the fabric of modern cloud-native applications. However, focusing on technology isn't enough - there is a need for a synergy between people, processes, and tools.
Based on the CNCF platform maturity model, we will look to bridge the gap between an org's current and desired platform maturity level when creating cloud-native API platforms. We'll discuss:
1. The platform team model - team topologies and key roles for developing internal API platforms
2. Processes like platform discovery, jobs-to-be-done analysis, and continuous feedback loops to understand and meet developer needs
3. Applying a "platform as a product" mindset to measure and communicate platform success
4. Architecting for discoverability, security, observability and integration capabilities 5. The role of technologies like service meshes, API gateway, identity management, internal developer portals and OpenAPI specifications
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...Nordic APIs
A presentation given by Markus Müller, CTO at APIIDA, at our 2024 Austin API Summit, March 12-13.
Session Description: In an era where digital transformation is pivotal, the management and governance of APIs have emerged as critical components in the technological infrastructure of businesses. "The Federated Future: Pioneering Next-Gen Solutions in API Management" is a forward-looking talk that delves into the evolving landscape of API governance, with a particular focus on Federated API Management as a groundbreaking approach.
Over the course of this presentation, we will explore the paradigm shift from traditional, centralized API management towards a more dynamic, federated model. This approach not only offers scalability and flexibility but also fosters innovation by enabling diverse teams to collaboratively manage APIs while adhering to consistent governance policies.
Key topics include:
- The current challenges in API governance and how federated management addresses these.
- The principles and architecture of Federated API Management, distinguishing it from traditional models.
- Real-world implications of adopting a federated approach, including case studies that illustrate its transformative impact on businesses.
- Strategies for implementing Federated API Management, focusing on best practices for seamless integration.
- The future outlook of API governance, anticipating emerging trends and technologies.
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLNordic APIs
A presentation given by Aldo Pietropaolo, Director of Solutions Engineering at SGNL, at our 2024 Austin API Summit, March 12-13.
Session Description: Securing APIs and ensuring you are protected from threats by implementing authentication and authorization while keeping the request context intact can be challenging. This session will show us how to leverage SGNL, Curity, and the Kong API Gateway to protect fictitious patient records. The session will be a technical session focused on the architecture and integration points for implementing continuous access management.
API Discovery from Crawl to Run - Rob Dickinson, GraylogNordic APIs
A presentation given by Rob Dickinson, VP of Engineering at Graylog, at our 2024 Austin API Summit, March 12-13.
Session Description: Discovering the attack surface presented by your APIs is the first step to improving API security. But APIs are fundamentally dark and constantly changing, which presents serious challenges for security teams trying to assess and manage new risks. There are several reasonable ways to perform API discovery, but each has its own tradeoffs and implications about what is actually being counted. This talk covers taking an API discovery program from start to best-of-breed, and strategies for measuring and monitoring your API attack surface.
Productizing and Monetizing APIs - Derric Gilling, MoseifNordic APIs
A presentation given by Derric Gilling, CEO of Moseif, at our 2024 Austin API Summit, March 12-13.
Session Description: The talk would target product owners looking to turn APIs into revenue centers. Specifically, how to price and package APIs, different strategies around prepaid, postpaid, and PAYG billing, and how to choose the right metric to charge, etc. Then, we’ll chat on the go-to-market to drive developer adoption.
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosNordic APIs
A presentation given by Ruben Sitbon, Lead Solutions Architect at Sipios, at our 2024 Austin API Summit, March 12-13.
Session Description: ChatGPT has been a tidal wave, changing forever the way people and companies perceive the value of Artificial Intelligence. Many startups have launched products with ChatGPTI at its core, innovative SaaS players have all integrated Generative AI extensions or plugins, but it is now clear that users will be expecting more and more Generative AI to boost the features of products they use on a daily basis.
In this talk, I will describe how a framework relying on Generative AI in-house APIs that allows:
- Easily « boosting » any product feature with Generative AI
- Improving the answers through a « trainer API » that allows experts to improve the accuracy and tone of the model
- Bundling security and continuous compliance in the APIs to enjoy the benefits even within risk averse large corporates.
Security of LLM APIs by Ankita Gupta, Akto.ioNordic APIs
A presentation given by Ankita Gupta, Co-Founder and CEO, Akto.io, at our 2024 Austin API Summit, March 12-13.
Session Description: In this session, I will talk about API security of LLM APIs, addressing key vulnerabilities and attack vectors. The purpose is to educate developers, API designers, architects and organizations about the potential security risks when deploying and managing LLM APIs.
1. Overview of Large Language Models (LLMs) APIs
2. Understanding LLM Vulnerabilities:
- Prompt Injections
- Sensitive Data Leakage
- Inadequate Sandboxing
- Insecure Plugin Design
- Model Denial of Service
- Unauthorized Code Execution
- Input attacks
- Poisoning attacks
3. Best practices to secure LLM APIs from data breaches
I will explain all the above using real life examples.
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...Nordic APIs
A presentation given by Katie Paxton-Fear, API Security Educator, Traceable AI, at our 2024 Austin API Summit, March 12-13.
Session Description: Have you ever wanted to be the villain or anti-hero? In this talk, we'll cover how to hack APIs, with permission, of course. First, we'll look at the tools of the trade for API hackers, some of the most common security vulnerabilities and how we test for them, and finally, I'll tell some of my API hacking stories. The aim of the session will be to learn a little API hacking and encourage people to have a go at API hacking themselves. Participants will also join me as I hack live, giving suggestions for the next steps, for an interactive and engaging session.
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Nordic APIs
A presentation given by Kishore Banala, Senior Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: Extend the advantages of GraphQL beyond the UI layer by creating data streams that seamlessly transfer data from Federated GraphQL to your preferred destination. This presentation explores the myriad use cases that can be unleashed, such as Search, Analytics etc., sparing you from the complexity of extensive ETL jobs. Join us for an in-depth exploration of the advantages that arise from seamlessly connecting GraphQL with data streams, opening new dimensions of efficiency and capability.
Reigniting the API Description Wars with TypeSpec and the Next Generation of...Nordic APIs
A presentation given by Gareth Jones, API Architect at Microsoft, at our 2024 Austin API Summit, March 12-13.
Session Description: Didn't the API description wars end in 2017 when we all agreed that OAS was the way forward?
Yes, and yet how satisfied with your API descriptions are you? Are they thousands of lines of hard to read yaml or JSON? When someone makes a change, is it easy to review for correctness and completeness? Do visual tools make this easier? Do they support change management?
I'll make the case that the next generation of more abstract DSLs for defining APIs such as Smithy from Amazon and TypeSpec, open sourced by Microsoft, move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design-time.
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyNordic APIs
A presentation given by James Higginbotham, Executive API Consultant, LaunchAny, at our 2024 Austin API Summit, March 12-13.
Session Description: Building and growing an API platform takes more than building and organizing your APIs. It requires understanding the needs of your ecosystem, establishing lightweight processes that drive discoverability, providing the resources for self-service enablement, and delivering a federated API coach program to scale your efforts. This talk will explore the practices and patterns implemented by global organizations that will help your API ecosystem shift from a functional program to a transformational API platform.
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Nordic APIs
A presentation given by Adrienne Moherek, Developer Experience Technical Leader, Cisco, at our 2024 Austin API Summit, March 12-13.
Session Description: Heard of suss? You can suss out more information or you can find someone’s information to be suss. “Suss” shows the flexibility of language. It’s an ongoing process to change how we use certain words. It’s important to choose words carefully to convey the correct meaning and avoid harmful subtext or exclusion. Let’s explore some of the tools and triage methods that it takes from an engineering viewpoint to make bias-free choices. How can you ensure that biased words do not sneak into code, UI, docs, configurations, or our everyday language? First, let’s walk through how to take an inventory of assets from code to config files to API specifications to standards. Next, by placing those findings into categories, prioritize the work to substitute with inclusive alternatives. Let’s examine some examples using both API and code assets. Next is a demonstration of how to automate analyzing your source code or documentation with a linter, looking for patterns based on rules that are fed into the tool. What’s in the future for these efforts? Inclusive language should expand beyond English and North America efforts. To do so, let’s organize the work with automation tooling, as engineers do.
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsNordic APIs
A presentation given by Bill Doerrfeld, Editor in Chief of Nordic APIs, at our 2024 Austin API Summit, March 12-13.
Session Description: As it turns out, making a hit API is a lot like making a hit music album. You have to find a niche, you need good naming, and you need quality content. Also, on the production side, design, style, experience, and collaboration all matter a lot. At the end of the day, both are products, requiring the right management tools, marketing know-how, and infrastructure to scale. In this SXSW-inspired opening keynote, I'll look into the parallels between the two endeavors, providing a fun and informative look into specific things API providers should be considering on their journey toward becoming API platform rockstars.
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Nordic APIs
A presentation given by Raghavan Sadagopan, Sr. Director from CapitalOne & Lakshmi Narayana, Sr. Lead Software Engineer from CapitalOne, at our 2024 Austin API Summit, March 12-13.
Session Description: Managing Risk is critical to the success of an organization. Managing Risks starts with identifying potential Risks which in the digital world are signals emanating from varying source systems. Identifying potential risks real-time enables organizations to mitigate / better prepare for potential exposures. The session will share our point of view on implementing an API centric event mesh architecture that routes events in real-time through a scalable and resilient cloud-native service on AWS.
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerNordic APIs
A presentation given by Paul Dumas, Senior Director Analyst at Gartner, at our 2024 Austin API Summit, March 12-13.
Session Description:
GenAI will be, well, generating APIs. We are entering the era where software creates software. It will develop APIs faster than humans are capable of. Humans cannot compete with this compute power. How do we marshal this power, govern what it produces, and leverage it to support our business objectives and strategies? We will become more dependent on the capabilities we have as humans that elude machines. This talk provides insight to software leaders about the challenges of leading and managing this new software development power. The key lies in skills that are unique to humans: foresight, intuition, and agility.
The SAS developer portal –developer.sas.com 2.0: How we built it by Joe Furb...Nordic APIs
A presentation given by Joe Furbee, Developer Advocate and Developers Communities Manager at SAS Institute, at our 2024 Austin API Summit, March 12-13.
Session Description: Sure, we could have hired someone to (re)create our developer portal, developer.sas.com. However, we wanted the freedom to build our portal from the ground up. But, it takes more than an API architect and a developer advocate to create a modern, interactive developer experience. This session provides an overview of the steps we took to relaunch the SAS AI and analytics platform developer portal. Who was involved? How did we accomplish what we wanted to build? We’ll explore the stakeholders involved, the importance of open-source technologies, and why focusing on the developer’s perspective matters. This is not a marketing pitch to promote SAS services. Instead, it’s a detailed look at the process we followed to deploy our new developer portal.
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...Nordic APIs
A presentation given by Vidhya Arvind, Staff Software Engineer, Netflix, at our 2024 Austin API Summit, March 12-13.
Session Description: At Netflix, Data abstraction plays a pivotal role in hosting 100s of use cases that scale, they are widely adopted and depended on by mission-critical systems. In this talk, I show how to design reliable APIs and layout data for Key-Value services for petabyte-scale datasets. Key-value service uses a control plane and data plane to abstract the data, uses some novel techniques to reliably store and safely scale the service to 100s of instances.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Webinar: Designing a schema for a Data WarehouseFederico Razzoli
Are you new to data warehouses (DWH)? Do you need to check whether your data warehouse follows the best practices for a good design? In both cases, this webinar is for you.
A data warehouse is a central relational database that contains all measurements about a business or an organisation. This data comes from a variety of heterogeneous data sources, which includes databases of any type that back the applications used by the company, data files exported by some applications, or APIs provided by internal or external services.
But designing a data warehouse correctly is a hard task, which requires gathering information about the business processes that need to be analysed in the first place. These processes must be translated into so-called star schemas, which means, denormalised databases where each table represents a dimension or facts.
We will discuss these topics:
- How to gather information about a business;
- Understanding dictionaries and how to identify business entities;
- Dimensions and facts;
- Setting a table granularity;
- Types of facts;
- Types of dimensions;
- Snowflakes and how to avoid them;
- Expanding existing dimensions and facts.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.