The following are different ways of implementing simple loops in Scala While loop The Scala while loop executes a certain block of code, as long as a certain condition is true. while(someObject.hasNext()) process(someObject.next()); Do While Loop The Scala do while loop is similar to the while loop except the condition is executed after the loop body. This means that the loop body… Continue reading Loops in Scala (Imperative & Tail Recursive)
Cross Domain Identity Patterns: Mapped Federation
With Mapped Federation users need to exist in both the identity provider and the service provider. As per transient federation a metadata exchange contract is defined between the identity provider and the service provider. With Mapped Federation further attributes for uniquely identifying the user are required. This may be the UID (e.g. email address) that… Continue reading Cross Domain Identity Patterns: Mapped Federation
Cross Domain Identity Patterns: Chained Federation & Service Broker
Chained Federation allows access to multiple Service Providers to be granted to multiple trusted Identity Providers. The identity provider request access to the service provider via the Service Broker which authorises the request and forwards to the appropriate service provider based on the TargetURL. This is useful where an enterprise is providing multiple services to… Continue reading Cross Domain Identity Patterns: Chained Federation & Service Broker
Cross Domain Identity Patterns: Transient Federation
A transient federation agreement is a pre-negotiated (trusted metadata exchange) set of contracts (normally bilateral) which enable trusted pairs to recognise each other's identities. The contract may specify user roles, governance, security and verification policies, or specific technical methods. The implementation may utilise a Trust Broker (possibly a 3rd party credential authority) for validating the… Continue reading Cross Domain Identity Patterns: Transient Federation
Identity Management Business Case Drivers for both Customer and Workforce
Developing a business case for identity management is often a challenge because there are not always immediate tangible benefits. Furthermore the legal or security need to maintain separation between customer and workforce will create overlap between architecture that may necessitate separate business cases. It is therefore important to explicitly align the business case with the… Continue reading Identity Management Business Case Drivers for both Customer and Workforce
Daft Punk’s Get Lucky & Authentication Systems
Is Daft Punk's Get Lucky a simile for a brute force attack? Is your authentication system vulnerable to this risk and its implication? Have you considered Risk Based Access Management systems and Password Management systems? Or have you considered not going to nightclubs that play Daft Punk?
Moving Away from a Push Model for Enterprise Identity Architecture
The discipline of Enterprise Architecture and an architecture for identity management do not currently have a best practice. The TOGAF discipline of Enterprise Architecture promotes a holistic and systemic view for interoperable systems; these may be supply chains, business processes or identity repositories. The Emerging Architecture of Identity Management argues that identity management is based… Continue reading Moving Away from a Push Model for Enterprise Identity Architecture
Safe Harbour, Data Privacy and Scottish Independence
The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data is a European Union directive which regulates the processing of personal data within the European Union. The Criteria for Safe Harbour privacy are incorporated into the Directive… Continue reading Safe Harbour, Data Privacy and Scottish Independence
Statutory & Contract
You may have a customer with multiple different statutory legal compliance criteria and you may also have a customer with highly specific contractual hosting & data sovereignty NFRs. The latter often comes from the sales guy abandoning the normal contract template on any fear of losing their commission and promising any physical hosting model that… Continue reading Statutory & Contract
OAuth Terminology in SAML2
A Resource Server in OAuth is a Service Provider in SAML2An Authorization Server in OAuth is an Identity Provider in SAML2Thankfully a Client is a UserI still often say SPIL (SAML2.0 Service Provider Initiated Login) and IDIL (SAML2.0 Identity Provider Initiated Login) on a regular basis. I find RSIL and ASIL harder.
API Crazy 