Foundation top ~5 issues. Scott’s Top 6 Messy Items Authentication and delegated auth Application runtime model URL Design, representations What is a.

Slides:

Advertisements

Similar presentations

OWASP Secure Coding Practices Quick Reference Guide

Advertisements

1 Actuate Corporation © 2010 THE BIRT COMPANY THE BIRT COMPANY THE BIRT COMPANY THE BIRT COMPANY THE BIRT COMPANY THE BIRT COMPANY THE BIRT COMPANY THE.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

CHAPTER 7 Roderick Dickson Kelli Grubb Tracyann Pryce Shakita White.

ECHO: NASA’s E os C learing HO use Integrating Access to Data Services Michael Burnett Blueprint Technologies, 7799 Leesburg.

Microsoft ® Official Course Developing Remote-hosted Apps for SharePoint Microsoft SharePoint 2013 SharePoint Practice.

Domain Modeling (with Objects). Motivation Programming classes teach – What an object is – How to create objects What is missing – Finding/determining.

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Modern app development Continuous value delivery and rapid response to change.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

11 Games and Content Session 4.1. Session Overview  Show how games are made up of program code and content  Find out about the content management system.

Chapter 16 The World Wide Web. 2 Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Write basic HTML.

Data Flow Methodology Sriram Mohan/Steve Chenoweth.

Content Management Interoperability Services (CMIS)

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

Trimble Connected Community

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Chapter 16 The World Wide Web. 2 The Web An infrastructure of information combined and the network software used to access it Web page A document that.

The role of metadata schema registries XML and Educational Metadata, SBU, London, 10 July 2001 Pete Johnston UKOLN, University of Bath Bath, BA2 7AY UKOLN.

SiS Technical Training Development Track Day 8. Agenda  Quick Overview of PeopleSoft Security  Understand Permission Lists, Roles, User and Tree Security.

Designing and Implementing Web Data Services in Perl

Goals Consensus on “What is Jazz Foundation?” –What’s in it? –Who is it? –How will it be organized and managed? –How do we ensure it’s the platform Rational.

Open Data Protocol * Han Wang 11/30/2012 *

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Sponsors Gold Silver Bronze Custom REST services and jQuery AJAX Building your own custom REST services and consuming them with jQuery AJAX.

Tony Goodhew Product Planner DEV328.

Timeouts: The Missing Piece James Whorley. IMPLEMENTING TIMEOUTS IN JAVA SOCKETS Java Socket Programming.

1 Cisco Unified Application Environment Developers Conference 2008© 2008 Cisco Systems, Inc. All rights reserved.Cisco Public Introduction to Etch Scott.

Windows Role-Based Access Control Longhorn Update

VENUE FINDER. This application provide up to date information of locations where particular music events are taking place on an specific date. The application.

Chapter 11 Using SAS ® Web Report Studio. Section 11.1 Overview of SAS Web Report Studio.

1 © Donald F. Ferguson, All rights reserved.Modern Internet Service Oriented Application Development – Lecture 2: REST Details and Patterns Some.

Presented by: SIF 3.0 Environments, Zones & Contexts Environments, Zones, Contexts and their Relationship Joerg Huber.

Satisfy Your Technical Curiosity 27, 28 & 29 March 2007 International Convention Center (ICC) Ghent, Belgium.

HOW AND WHY TO LOVE CUCUMBER By Dana Scheider. Is This Your Programming Experience?

CS 4720 Model-View-Controller CS 4720 – Web & Mobile Systems.

Esri UC 2014 | Demo Theater | Using ArcGIS Online App Logins in Node.js James Tedrick.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

© 2008 IBM Corporation Presentation URLs from Resource URLs Last updated Sep. 22, 2008.

A Technical Overview Bill Branan DuraCloud Technical Lead.

September 2010 Arlene W. Williams Marshall School of Business PLEASE SIT IN TEAMS.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Microsoft Visual Studio 2005 Tools for the Office System: Building Office Solutions Using Visual Studio 2005 Tools for Office Andrew Coates Developer Evangelist.

ASP.NET MVC An Introduction. What is MVC The Model-View-Controller (MVC) is an architectural pattern separates an application into three main components:

Course Aims This course will help you understand the latest technologies & how they work. You will lean how to develop computer programs to solve problems.

Persistence Maintaining state: Queries. State is the Problem What is state? facebook status logins (which user are you?) conversations talking about what?

Secure Mobile Development with NetIQ Access Manager

The Database Concept and the Database Management System (DBMS) Databases.

Martina Grom MVP Office 365 How to (remote) control Office 365 with Azure Toni Pohl MVP Client Dev

What if your app could put the power of analytics everywhere decisions are made? Modern apps with data visualizations built-in have the power to inform.

Introduction to Item Connector and ClearQuest Synchronizer Matthew Alexander June 2014.

The Holmes Platform and Applications

Microsoft Foundation Classes MFC

Containers as a Service with Docker to Extend an Open Platform

Open Source distributed document DB for an enterprise

Creating Novell Portal Services Gadgets: An Architectural Overview

Unlocking the mysteries of distributed microservice authorization

Ben Burbridge, Rebecca Jones, Hilary Newman Product Development

Interactive Learning An empFinesseTM Smart Atomic Learning Solution.

IOS SDK v1.0 with NAM 4.2.

Welcome to SQLSaturday #767! Hosted by Lincoln SQL Server User Group

AI Discovery Template IBM Cloud Architecture Center

.NET Framework V3.5+ & RESTful web services

9/8/ :03 PM © 2006 Microsoft Corporation. All rights reserved.

Blazor A new framework for browser-based .NET apps Ryan Nowak

The photo app every contractor & supplier needs

Presentation transcript:

Foundation top ~5 issues

Scott’s Top 6 Messy Items Authentication and delegated auth Application runtime model URL Design, representations What is a “Project”? De-Normalized resources (DTO’s) Query language, runtime, performance Read ACLs

Read ACLs - Scott The Foundation will provide Read access control at a Security Context (Project, Team may be examples) –Requires a URL be mappable to a Security Context (the faster the better) Can Applications further constrain read access? –Requires that we give apps exclusive control of reads Needs a Storage Service and RTC solution

Application Runtime Model - James This must solve the DTO problem by allowing you to write code to produce one or more de- normalized forms from the normalized form which is also available to clients –Multi-get might be a variant of this Java-based, Jazz Foundation provided Hard problem: read ACLs for a composite Don’t invent anything Thought exercise: RTC, RRC, RQM arrive as VMWare images, you fire them up and they hook into discovery and admin

1A’. App-specific implementation of REST API App logicClient REST API App data Dumb data store Basics Client talks to apps through REST APIs Apps talk to dumb data store Clients to not access data store directly Storage App REST API

URL Design, representations - Ed Input from Bill Tension between URL stability and ability to see context in the URL Maybe we can separate stable URIs and pretty URLs which include context

What is a “Project”? - Kai Consensus on projects of projects and relationships between them –Requirements project->Dev Project->Test project Can we continue with Project Area as a place to do many Projects? “Project” gets closer to PMI def. short-term, people come together and produce a deliverable AIG discussion supported this direction We could support a project-less product, like a Glossary tool. It would want an associated security context, teams, users, roles and permissions. Explore mapping Jazz Project into the new model, dev lines may transform into sub-projects

Authentication and delegated auth - Pat Focus on server-to-server Reconcile with Ed’s solution Hopefully DAFilter is a good start

Query language, runtime, performance – Simon What to do after XQuery? Work with IM

Linking – James Resource formats for links –Embedded –Free-standing Permissions for links Query for embedded back-links Tagging and navigation, bookmarks