This document discusses Open Policy Agent (OPA), an open source general-purpose policy engine. It provides examples of how OPA can be used to enforce various types of policies across complex environments in a flexible way. OPA treats policy decisions as separate from enforcement, stores policies and data in-memory, and uses partial evaluation and indexing to evaluate policies efficiently. It allows policies to be written declaratively using Rego and enforced for services, infrastructure, and other resources regardless of how they are implemented. The document demonstrates examples of using OPA for authorization, RBAC, and other policies across multiple domains.
Open Policy Agent Deep Dive Seattle 2018Torin Sandall
Topics:
* Background on Open Policy Agent project: users, use cases, and stats.
* How OPA works (decoupling policy decision-making from enforcement)
* Hands-on example: Users can view their own account details and support staff can view accounts they have are assigned to via a ticketing system.
* SQL data filtering use case: writing policy in OPA and enforcing policy in SQL.
* WebAssembly compiler.
Enforcing Bespoke Policies in KubernetesTorin Sandall
Kubernetes enables fully-automated, self-service management of large-scale, heterogenous deployments. These deployments are often managed by distributed engineering teams that have unique requirements for how the platform treats their workloads, but at the same time, they must conform to organization-wide constraints around cost, security, and performance. As Kubernetes matures, extensibility has become a critical feature that organizations can leverage to enforce their organization’s bespoke policies.
In this talk, Torin explains how to use extensibility features in Kubernetes (e.g., External Admission Control) to enforce custom policies over workloads. The talk shows how to build custom admission controllers using Initializers and Webhooks, and shows how the same features lay the groundwork for policy-based control through integration with third party policy engines like the Open Policy Agent project.
This document discusses OPA Gatekeeper, which is an admission webhook that helps enforce policies and strengthen governance in Kubernetes clusters. It provides customizable admission controls via configuration instead of code. Gatekeeper uses the Open Policy Agent (OPA) to evaluate policies written in Rego against objects in the Kubernetes API. It started as kube-mgmt and has evolved through several versions. Gatekeeper allows defining policies as templates with parameters and matching rules, and instances of those policies that are enforced as custom resources. It provides capabilities like auditing, CI/CD integration, and replicating cluster state for offline policy checking. The document demonstrates example policies and invites the reader to get involved in the open source project.
Open Policy Agent (OPA) is a general purpose policy engine that can be used to enforce policies across cloud native applications and infrastructure. It decouples policy from application logic by offloading policy decisions. REGO is OPA's declarative language used to write policies. OPA has over 30 integrations and is widely used for Kubernetes policy enforcement through the Gatekeeper project.
How Netflix Is Solving Authorization Across Their CloudTorin Sandall
The document discusses Netflix's approach to authorization across their cloud infrastructure. They use the Open Policy Agent (OPA) to define and enforce authorization policies for all identities, operations, and resources. OPA allows policies to be defined declaratively and enforced programmatically. It is flexible, high performance, and can be used across different protocols and languages. Netflix's authorization architecture includes OPA, a policy portal for rule definition, and authorization agents that enforce policies during requests using OPA.
The document provides an overview of secret management solutions and architectures. It discusses what secrets are and why secret management is important. Some key points:
- Secrets include authentication credentials, API keys, passwords, and certificates that need access control. As services increase, so do secrets.
- An ideal secret management solution provides security, encryption, access control, auditing, ease of use, and integration with other tools.
- Version control systems and orchestration tools like Kubernetes can be used for secrets but have limitations compared to dedicated secret management solutions.
- AWS offers Parameter Store, Secrets Manager, and KMS for secret management. Parameter Store is generally recommended, while Secrets Manager is better for database
The Istio service mesh provides a highly extensible platform to connect, manage, and secure microservices. Istio’s highly extensible nature is one of the main selling points as it allows you to enforce your own organization-specific policies across large fleets of microservices. At the same time, new technology always has a learning curve, and with all this extensibility and generality the task can be quite daunting.
In this talk, Limin Wang (Software Engineer at Google) and Torin Sandall (Technical Lead of the Open Policy Agent project) explain how Istio’s Mixer works and lead a deep dive into Mixer Adapter development. The talk shows (with demos) how the Mixer Adapter model enables custom policy enforcement and how the model is used to integrate third party policy engines like the Open Policy Agent.
This talk is targeted at platform engineers interested in using the Istio service mesh to enforce custom policies in their microservices. The talk also provides new ideas about the kinds of policies that can be enforced in Istio today.
Nomad is popular as an efficient, lightweight container orchestrator. But a truly efficient, lightweight deployment environment can only be built on a minimal Linux that is designed specifically for running containers.
In this talk, we introduce Flatcar Container Linux to the Hashicorp/Nomad community. Already well known and widely deployed by Kubernetes users, Flatcar works just as well – or perhaps even better! – for Nomad.
Flatcar Container Linux is a secure, immutable, auto-updating, lightweight Linux operating system. This makes Flatcar a perfect match for Linux containers running on Nomad: nodes will update automatically and stay secure in a simple way, without the administrator having to do the heavy lifting.
This talk will explain best practices for deploying Nomad on Flatcar and demonstrate a Nomad cluster running on Flatcar.
Docker Kubernetes Istio
Understanding Docker and creating containers.
Container Orchestration based on Kubernetes
Blue Green Deployment, AB Testing, Canary Deployment, Traffic Rules based on Istio
User authentication and authorizarion in KubernetesNeependra Khare
This document discusses user authentication and authorization in Kubernetes. It describes how Kubernetes uses external services like Active Directory and LDAP for user authentication. It also explains the different types of users in Kubernetes including normal users, service accounts, and how kubeconfig files are used. The main authorization mechanism in Kubernetes is Role-Based Access Control (RBAC) which uses roles and role bindings to control access to Kubernetes API resources and operations.
The slides from the talk I gave in Java.IL's Apr 2019 session.
These slides describe Keycloak, OAuth 2.0, OpenID and SparkBeyond's integration with Keycloak
This document summarizes a presentation about OpenID Connect. OpenID Connect is an identity layer on top of the OAuth 2.0 protocol that allows clients to verify the identity of the user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the user. It defines core functionality for modern identity frameworks by standardizing how clients and servers discover and use identity data exposed by identity providers and how clients can verify that identity data. The presenter discusses how OpenID Connect provides a simple yet powerful way to authenticate users and share attributes about them between websites and applications in an interoperable manner.
NGINX Kubernetes Ingress Controller: Getting Started – EMEAAine Long
This webinar gets you started using the Kubernetes Ingress controllers for NGINX & NGINX Plus to load balance, route, and secure Kubernetes applications
Join this webinar to learn:
- The benefits of using Kubernetes and why it's become the de facto container scheduler
- About the Kubernetes Ingress resource and Ingress controllers
- How to use NGINX and NGINX Plus Ingress controllers to load balance, route traffic to, and secure applications on Kubernetes
- How to monitor the NGINX Plus Ingress controller with Prometheus
Slides used in following Udemy training: https://www.udemy.com/course/monitoring-and-alerting-with-prometheus/?referralCode=6E2F738124DB09FA4C21
Prometheus is the leading open-source monitoring system that can collect metrics from all your systems, including Linux servers, Windows Servers, Database Servers and any application you have written. It's inspired on Google's Borgmon, which uses time-series data as a datasource, to then send alerts based on this data.
This course will show you how to install and configure Prometheus on a Linux server. This course will use a VM on DigitalOcean, but you can install Prometheus on any modern Linux OS. We'll show you how to make visualizations (graphs) using Grafana. When building these graphs, you'll get to know PromQL, the language to query Prometheus and get meaningful data displayed. You'll also learn how to setup alerts to receive notifications when something goes wrong. Lastly, we have a section on use-cases to showcase you some real world examples.
Operating PostgreSQL at Scale with KubernetesJonathan Katz
The maturation of containerization platforms has changed how people think about creating development environments and has eliminated many inefficiencies for deploying applications. These concept and technologies have made its way into the PostgreSQL ecosystem as well, and tools such as Docker and Kubernetes have enabled teams to run their own “database-as-a-service” on the infrastructure of their choosing.
All this sounds great, but if you are new to the world of containers, it can be very overwhelming to find a place to start. In this talk, which centers around demos, we will see how you can get PostgreSQL up and running in a containerized environment with some advanced sidecars in only a few steps! We will also see how it extends to a larger production environment with Kubernetes, and what the future holds for PostgreSQL in a containerized world.
We will cover the following:
* Why containers are important and what they mean for PostgreSQL
* Create a development environment with PostgreSQL, pgadmin4, monitoring, and more
* How to use Kubernetes to create your own "database-as-a-service"-like PostgreSQL environment
* Trends in the container world and how it will affect PostgreSQL
At the conclusion of the talk, you will understand the fundamentals of how to use container technologies with PostgreSQL and be on your way to running a containerized PostgreSQL environment at scale!
Keycloak is an open source identity and access management solution that can securely authenticate and authorize users for modern applications and services. It supports OpenID Connect, SAML, and Kerberos for single sign-on and includes features like social login, user federation, account management, and authorization. Keycloak provides a standardized JSON web token to represent user identities across systems and services.
GraphQL is a query language for APIs and a runtime for fulfilling those queries. It gives clients the power to ask for exactly what they need, which makes it a great fit for modern web and mobile apps. In this talk, we explain why GraphQL was created, introduce you to the syntax and behavior, and then show how to use it to build powerful APIs for your data. We will also introduce you to AWS AppSync, a GraphQL-powered serverless backend for apps, which you can use to host GraphQL APIs and also add real-time and offline capabilities to your web and mobile apps. You can follow along if you have an AWS account – no GraphQL experience required!
Level: Beginner
Speaker: Rohan Deshpande - Sr. Software Dev Engineer, AWS Mobile Applications
Connect Intergration Patterns: A Case Study - Patrick StreuleAtlassian
The document provides an overview of Connect integration patterns at Atlassian, including how add-ons can integrate with Connect applications using authentication methods like JWT. It discusses the development process from creating a descriptor and add-on service locally to deploying to staging and production. Examples are given of how add-ons can be installed across multiple applications and handle events through webhooks.
JMP103 : Extending Your Application Arsenal With OpenSocial
Yun Zhi Lin, IBM China Investment Company Limited; Ryan Baxter, IBM
OpenSocial. You have heard the hype, maybe you have even seen the demos, but what is all the fuss about? This is your chance to get all your questions answered. In this session we’ll not only teach you about OpenSocial and how IBM is using it to enable exciting new features in IBM Notes and Domino Social Edition, IBM Connections, and IBM Connections Mail, but how you can use it to enhance your applications. You’ll walk away from this session armed with the knowledge to build compelling social apps and all the code you need to get started!
Sun, 26/Jan 08:00 AM – 10:00 AM
JMP103 : Extending Your App Arsenal With OpenSocialRyan Baxter
OpenSocial: You have heard the hype, maybe you have even seen the demos, but what is all the fuss about? This is your chance to get all your questions answered. In this session we will not only teach you about OpenSocial and how IBM is using it to enable exciting new features in Notes and Domino Social Edition, IBM Connections, and IBM Connections Mail, but how you can use it to enhance YOUR applications. You will walk away from this session armed with the knowledge to build compelling social apps and all the code you need to get started!
How Open Policy Agent (OPA) helps in externalizing authorization from Code in Micro Services world. Before that let's look how Authorization evolved in last decade.
Joget Workflow v5 Training Slides - Module 18 - Integrating with External SystemJoget Workflow
List of Modules
1-Introduction to Joget Workflow
2-Setting up Joget Workflow
3-Designing your first Process
4-Localizing your Joget Workflow
5-Designing your first Form
6-Using your first Process Tool
7-Designing your first Datalist
8-Designing your first Userview
9-Hash Variable
10-SLA and Deadlines
12-Version Control
13-Improving your Form design and Presentation
14-Introduction to Reporting
15-Introduction to Plugin Architecture
16-Preparing Development Environment
17-Building Plugins
18-Integrating with External System
19-Doing more with your Process Design
20-Basic System Administration
21-Best Practices on Application Building
Agile methodologies based on BDD and CI by Nikolai ShevchenkoMoldova ICT Summit
BDD is an agile methodology that focuses on describing an application from stakeholders' perspectives using scenarios written in a common language like Gherkin. It revolves around user stories made up of scenarios and executable steps. This ensures collaboration between business analysts, QA teams, and developers. CI integrates source code and runs tests after each commit for near-immediate feedback to catch errors early. BDD and CI provide benefits like lower barriers to entry, greater ROI, and predictability through automated tests that validate business needs are met.
[Test bash manchester] contract testing in practicePierre Vincent
End-to-end integration plays a strong part in testability, unfortunately when an application grows, these kind of tests become a burden: brittleness, slower feedback and overall poor return on investment to improve quality.
Contract testing brings an alternative approach for validating integration points in fast-changing distributed systems. Because contracts don’t need integration environments, they can give very fast feedback to prevent API and messaging breaking changes from being introduced early-on.
Contracts are also a catalyst for inter-team communications. They help interactions between services become a central attribute in designing solutions, as opposed to an emergency concern when they break at a late integration stage.
This workshop covers the core concepts of contracts testing and contracts can play a part in reducing the struggles of integration tests. The attendees will be working on practical examples of defining contracts between teams and services, as well as implement them using the Pact tool-chain.
The Open & Social Web - Kings of Code 2009Chris Chabot
The document discusses the Open & Social Web and OpenSocial. It provides an overview of OpenSocial, how it differentiates views like home, profile, and canvas. It explains how to write OpenSocial gadgets using XML, JavaScript, and fetching data. It also covers OpenSocial client libraries, Google Friend Connect, proxied content, templating, and future directions like OSML tags. Resources mentioned include documentation, videos from Google I/O, and the OpenSocial website.
IBM Connections Activity Stream 3rd Party Integration - Social Connect VI - P...James Gallagher
Have you ever thought that your organisation could be utilising IBM Connections more? The session will demonstrate the highly flexible and integratable component that is the IBM Connections' Activity Stream. The stream can be integrated into different IBM products such as IBM Notes and IBM WebSphere Portal but is also an Open Social Gadget and therefore can run within any OpenSocial container such as Apache Shindig. This stream is based on an open standard and the content within does not have to be from Connections alone. One business partner integrated Atlassian JIRA and Confluence content into the Activity Stream. This presentation explains and demonstrates how to utilise this functionality in your organisation.
The document provides instructions for integrating Bitbucket with HipChat using webhooks and APIs. It outlines the steps to install the Bitbucket integration in HipChat, including generating API keys and tokens. It also discusses HipChat add-ons and how they connect external services like Stripe to HipChat using APIs and the HipChat marketplace. The document contains examples of HipChat API calls to send messages to rooms and get room details.
OpenSocial aims to make the web more social by allowing developers to add social features to websites and applications. The OpenSocial APIs allow gadgets to access user profile data and enable social interactions through features like activities. Developers can focus on building engaging experiences while OpenSocial handles user management and relationships through standards-based gadget specifications and JavaScript APIs.
Back to Basics, webinar 2: La tua prima applicazione MongoDBMongoDB
Questo è il secondo webinar della serie Back to Basics che ti offrirà un'introduzione al database MongoDB. In questo webinar ti dimostreremo come creare un'applicazione base per il blogging in MongoDB.
Chaos Engineering is used in a distributed system to test integrally all the application by simulating error conditions within the system and observes how the application reacts to that stimulus. With all this information and analyzing it correctly, you can write applications more resilient to the failures. This talk will provide an introduction to the principles of Chaos Engineering, how to perform experiments, identify the weakness of the architecture and fix these problems.
Come to this session to learn different tools like Istio, Chaos Toolkit or Glooshot to run Chaos Engineering in Kubernetes and what strategies you can use to prevent chaos from taking over your system.
PuppetDB: A Single Source for Storing Your Puppet Data - PUG NYPuppet
James Sweeney presents on "PuppetDB: A Single Source for Storing Your Puppet Data" at Puppet User Group NYC.
Video: http://www.youtube.com/watch?v=HTr4b02aU7A
Puppet NYC: http://www.meetup.com/puppetnyc-meetings/
MongoDB in the Middle of a Hybrid Cloud and Polyglot Persistence ArchitectureMongoDB
The Sage Data Cloud enables next-generation cloud and mobile services via a Hybrid Cloud and Polyglot Persistence Architecture. Come learn how MongoDB and other cloud data stores make this a reality, and get an insight into our learnings and operations.
Every enterprise system has tons of sensitive data like database passwords or third-party API keys. Quite often people store this data openly in internal repositories, continuous integration pipeline or configuration managements systems. The bigger company the stricter security rules. It is more complex and important when you have thousands of different applications and each one has its own secrets. In this talk I am giving an overview of my personal experience on Vault technology and will show by example how you can build your own policies and move your secrets to the Vault.
This document discusses supercharging organic click-through rate (CTR) through the use of JSON for Linked Data (JSON-LD). It covers:
1. What JSON-LD is and the benefits it provides like rich snippets and action buttons
2. Different implementation methods like using WordPress plugins or Google Tag Manager
3. Examples of JSON-LD markup for things like products, reviews, and local businesses
4. Testing and monitoring the impact on organic CTR before and after implementing JSON-LD
The Enterprise Architecture you always wanted: A Billion Transactions Per Mon...Thoughtworks
The document describes an enterprise architecture for a telecoms service provider that was struggling with scalability and system resilience issues. A previous consultancy had proposed a complex and expensive solution, but ThoughtWorks was tasked with delivering the same capabilities more cheaply. They prioritized building a storage manager service to offload storage responsibilities from the integration database. This improved performance and allowed other parts of the system to be simplified, delivering business value by resolving customers' issues.
This document discusses documentation vs tests for the Cucumber tool and provides examples of how to write Cucumber features and scenarios using tags like @i1 and @m1. It also includes information about synchronization of remote branches for stories and integrating Cucumber with other tools. Contact and resource details are provided at the end.
Evolving your Data Access with MongoDB StitchMongoDB
MongoDB Stitch is a platform that allows developers to build and deploy applications with MongoDB. It consists of four main services - QueryAnywhere for data access, Functions for server-side logic, Triggers for real-time notifications, and Mobile Sync for offline data synchronization. Stitch handles infrastructure concerns so developers can focus on writing code. It provides global data access, integrated authorization rules, and serverless hosting of business logic. This allows applications to be built more easily and deployed seamlessly across different platforms and locations.
Similar to OPA: The Cloud Native Policy Engine (20)
Implementations of Fused Deposition Modeling in real worldEmerging Tech
The presentation showcases the diverse real-world applications of Fused Deposition Modeling (FDM) across multiple industries:
1. **Manufacturing**: FDM is utilized in manufacturing for rapid prototyping, creating custom tools and fixtures, and producing functional end-use parts. Companies leverage its cost-effectiveness and flexibility to streamline production processes.
2. **Medical**: In the medical field, FDM is used to create patient-specific anatomical models, surgical guides, and prosthetics. Its ability to produce precise and biocompatible parts supports advancements in personalized healthcare solutions.
3. **Education**: FDM plays a crucial role in education by enabling students to learn about design and engineering through hands-on 3D printing projects. It promotes innovation and practical skill development in STEM disciplines.
4. **Science**: Researchers use FDM to prototype equipment for scientific experiments, build custom laboratory tools, and create models for visualization and testing purposes. It facilitates rapid iteration and customization in scientific endeavors.
5. **Automotive**: Automotive manufacturers employ FDM for prototyping vehicle components, tooling for assembly lines, and customized parts. It speeds up the design validation process and enhances efficiency in automotive engineering.
6. **Consumer Electronics**: FDM is utilized in consumer electronics for designing and prototyping product enclosures, casings, and internal components. It enables rapid iteration and customization to meet evolving consumer demands.
7. **Robotics**: Robotics engineers leverage FDM to prototype robot parts, create lightweight and durable components, and customize robot designs for specific applications. It supports innovation and optimization in robotic systems.
8. **Aerospace**: In aerospace, FDM is used to manufacture lightweight parts, complex geometries, and prototypes of aircraft components. It contributes to cost reduction, faster production cycles, and weight savings in aerospace engineering.
9. **Architecture**: Architects utilize FDM for creating detailed architectural models, prototypes of building components, and intricate designs. It aids in visualizing concepts, testing structural integrity, and communicating design ideas effectively.
Each industry example demonstrates how FDM enhances innovation, accelerates product development, and addresses specific challenges through advanced manufacturing capabilities.
In this follow-up session on knowledge and prompt engineering, we will explore structured prompting, chain of thought prompting, iterative prompting, prompt optimization, emotional language prompts, and the inclusion of user signals and industry-specific data to enhance LLM performance.
Join EIS Founder & CEO Seth Earley and special guest Nick Usborne, Copywriter, Trainer, and Speaker, as they delve into these methodologies to improve AI-driven knowledge processes for employees and customers alike.
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
Quality Patents: Patents That Stand the Test of TimeAurora Consulting
Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality.
Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality.
Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality.
Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank?
** Episode Overview **
In this first episode of our quality series, Kristen Hansen and the panel discuss:
⦿ What do we mean when we say patent quality?
⦿ Why is patent quality important?
⦿ How to balance quality and budget
⦿ The importance of searching, continuations, and draftsperson domain expertise
⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications
https://www.aurorapatents.com/patently-strategic-podcast.html
AI_dev Europe 2024 - From OpenAI to Opensource AIRaphaël Semeteys
Navigating Between Commercial Ownership and Collaborative Openness
This presentation explores the evolution of generative AI, highlighting the trajectories of various models such as GPT-4, and examining the dynamics between commercial interests and the ethics of open collaboration. We offer an in-depth analysis of the levels of openness of different language models, assessing various components and aspects, and exploring how the (de)centralization of computing power and technology could shape the future of AI research and development. Additionally, we explore concrete examples like LLaMA and its descendants, as well as other open and collaborative projects, which illustrate the diversity and creativity in the field, while navigating the complex waters of intellectual property and licensing.
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
Performance Budgets for the Real World by Tammy EvertsScyllaDB
Performance budgets have been around for more than ten years. Over those years, we’ve learned a lot about what works, what doesn’t, and what we need to improve. In this session, Tammy revisits old assumptions about performance budgets and offers some new best practices. Topics include:
• Understanding performance budgets vs. performance goals
• Aligning budgets with user experience
• Pros and cons of Core Web Vitals
• How to stay on top of your budgets to fight regressions
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
AC Atlassian Coimbatore Session Slides( 22/06/2024)apoorva2579
This is the combined Sessions of ACE Atlassian Coimbatore event happened on 22nd June 2024
The session order is as follows:
1.AI and future of help desk by Rajesh Shanmugam
2. Harnessing the power of GenAI for your business by Siddharth
3. Fallacies of GenAI by Raju Kandaswamy
Are you interested in learning about creating an attractive website? Here it is! Take part in the challenge that will broaden your knowledge about creating cool websites! Don't miss this opportunity, only in "Redesign Challenge"!
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
9. @sometorin @OpenPolicyAgent
"QA must sign-off on
images deployed to the
production namespace."
"Restrict ELB changes to
senior SREs that are on-call."
"Analysts can read client data
but PII must be redacted."
"Give developers SSH access to
machines listed in JIRA tickets
assigned to them."
11. @sometorin @OpenPolicyAgent
Tribal knowledge provides NO guarantee
that policies are being enforced.
"Tribal knowledge" is the know-how or collective wisdom of the organization.
22. @sometorin @OpenPolicyAgent
Declarative Language (Rego)
● Is user X allowed to call operation Y on resource Z?
● Which annotations must be added to new Deployments?
● Which users can SSH into production machines?
39. @sometorin @OpenPolicyAgent
RBAC is not enough.
"QA must sign-off on images
deployed to the production
namespace."
"Analysts can read client data but
PII must be redacted."
"Restrict employees from accessing
the service outside of work hours."
"Allow all HTTP requests
from 10.1.2.0/24."
"Restrict ELB changes to senior
SREs that are on-call."
"Give developers SSH access to machines
listed in JIRA tickets assigned to them."
"Prevent developers from running
containers with privileged security
contexts in the production
namespace." "Workloads for euro-bank must be
deployed on PCI-certified clusters in
the EU."
51. @sometorin @OpenPolicyAgent
"QA must sign-off on
images deployed to the
production namespace."
"Restrict ELB changes to
senior SREs that are on-call."
"Analysts can read client data
but PII must be redacted."
"Give developers SSH access to
machines listed in JIRA tickets
assigned to them."
54. @sometorin @OpenPolicyAgent
● Complex environment
○ >1,000 services
○ Many resource and identity types
○ Many protocols, languages, etc.
● Key requirements
○ Low latency
○ Flexible policies
○ Ability to capture intent
● Using OPA across the stack
○ HTTP and gRPC APIs
○ Kafka producers
○ SSH (coming soon)
User Study: Netflix
How Netflix is Solving Authorization Across Their Cloud
(KubeCon US 2017)
55. @sometorin @OpenPolicyAgent
orchestrator
API
ssh
app
host
container
dbcloud
20+ companies using OPA. Financial institutions,
service providers, IT companies, software vendors, etc.
Used across the stack. Microservices, orchestration,
provisioning, host daemons, data layer, security groups, etc.
Bring more use cases. RBAC, ABAC, admission
control, data protection, risk management, rate liming, auditing, etc.