August 30, 2016

Matthew Gertner - AllPeersNatural Ways To Replenish The Energy You Lost [Technorati links]

August 30, 2016 05:02 PM

Daily energy is really important for all of us. It is vital that your daily energy levels are as high as they need to be in order to perform the daily demands of the body, the family life and the work that you do. Jason Camper highlights that replenishing the energy that you lost is not at all something that is simple., It is a process that lasts much longer than what many think. You will need to be sure that you always do what it takes. Thankfully, there are so many natural ways available for those that want to replenish lost energy. They are going to be discussed in the following lines.

Take A Fast Walk

One of the easiest ways to replenish your energy sources is to take a pretty short work. If you walk around at your pace for just a quarter of an hour, you will end up with enough energy to last you for one hour and a half. It is something that is counter intuitive by many since you end up spending energy as you walk. However, after you try it you will realize the fact that this is something that helps out much more than what you initially thought.

maxresdefault-1

Meditation

Just sit back, let the muscles rest, relax and make sure that the cells inside your body will be filled with that all important oxygen. When you are tense, the cells end up being starved for this important nutrient. That means that energy is not going to be produced in an ideal way. As you stay and meditate combined with deep breathing, the body will end up generating much more energy as it starts working as it should again.

Start Writing What Bothers You

This is quite an interesting trick that you should take into account. Stress and tension are normally the reasons why the mind ends up wondering and why you worry. Take a piece of paper and write down everything that bothers you or that creates stress. When you do this you instantly feel better and you will notice that energy levels go up. This is actually the precise way in which the asthma patients are enhancing lung function and how rheumatoid arthritis patients manage do deal with the pain. Writing what bothers you basically releases that tension that is stress-induced.

Pay Close Attention To Hydration

This is something that so few people know, although everyone will tell you that they know how important it is to remain hydrated. When you are dehydrated, the body ends up being more fatigued. All that is necessary to get rid of the fatigue and end up with an almost instant energy source is to drink water. You should always go for as much water as the body requires. Do not believe the 7 glasses per day rule or something similar that some will tell you. Whenever you feel thirsty, drink and your energy will be replenished. The great thing about this trick is that you can use it several times per day, whenever you feel a little thirsty.

The post Natural Ways To Replenish The Energy You Lost appeared first on All Peers.

Matthew Gertner - AllPeersTop Podcasts and Online Radio Shows on Wealth Management [Technorati links]

August 30, 2016 03:34 PM

Podcast and digital radio have come a long way with over a billion downloads and subscribers on Apple podcasts alone.

Podcasts and digital radio is an excellent way to learn more about specific topics such as wealth management. They’re convenient to listen to while driving and easily accessible from your iPod, smart phone, and even your computer.

10960938633_a0e7007b0f_b

Here is a list of some of the best shows available for streaming right now.

BiggerPockets Podcast

Rated as the number one real estate podcast on iTunes, the BiggerPockets Podcast is hosted by Josh Dorkin and Brandon Turner who deliver interviews, and tips to their listeners each week for those looking to grow their real estate business.

The show is popular because the advice, tips, and the information is full of real, practical advice. If you are thinking about starting a real estate career or want to brush up on the goings on in the real estate industry, this could be the podcast for you.

Smart Money with Keith Springer

Invest for need, not greed is the motto of this twice-weekly broadcast by financial advisor Keith Springer. Recent podcasts include 5 Secret Do’s and Don’ts that Drive Successful Investors, How the 2016 Tax Code Changes Will Affect You!, The Top 10 Secrets Retirees Don’t Tell You and an interesting podcast with Two Superstar Billion Dollar Money Managers. You can find the podcast on iTunes or listen live on Saturday at 1 pm and Sunday at 6 am each week.

The Clark Howard Show

A longstanding name in the world of personal finance Clark Howard is an expert on financial matters and a host of a podcast and radio show. The syndicated “Clark Howard Show” covers how to save money, spend less money and avoid the many consumer rip-offs. You can listen live and even call into Howard who is on the air every day Monday to Friday or you can listen to his podcasts at your convenience. This is a great show for getting straightforward advice on saving money and preparing for the future.

Freakonomics Radio

The Freakonomics Radio Show is an extension of the popular

“Freakonomics,” and “SuperFreakonomics” books that were co-authored by journalist Stephen Dubner and economist Steven Levitt. An award-winning weekly podcast (with millions of downloads a month) Freakonomics Radio airs on public-radio stations across the country. On Freakonomics Radio, Dubner uncovers “the hidden side of everything” and he routinely covers topics ranging from racially profiling employees to how to win games and beat people. The podcast covers how to think creatively, rationally and productively, particularly about finances and other resources.

The post Top Podcasts and Online Radio Shows on Wealth Management appeared first on All Peers.

Matthew Gertner - AllPeersTips for How to Become an Engineer [Technorati links]

August 30, 2016 02:18 PM

The World of engineering can provide you with a fantastic career filled with innovation, design, job security and for the most part, an excellent salary. The basic requirements to be an engineer are that you have a creative mind and a strong understanding of maths and science, you should also have a passion for it, like anything, if you are not passionate in what you are doing then you are unlikely to be successful and there really is no point in doing it at all. If you meet the criteria and are considering engineering as a viable career path for you then here are some tips on how to get into the industry.

Learn From Those Who Have Done It

On your journey to become an engineer it is important that you allow yourself to be influenced by those in the industry. Successful people like Anura Leslie Perera for example can provide great inspiration, a man who has worked in many fields of engineering such as construction and ship building and who now owns a very successful aerospace engineering firm. Looking at how people like Anura have gone about their career can provide you with a great model to follow.

Education Requirements

When it comes to education it is important that you work hard at gaining strong results in maths and science, these are the cornerstones of engineering regardless of which sector you plan to go into. If you are looking towards going into computer engineering then naturally IT should also be studied at high school level. When it comes to colleges, unlike many fields of work, there isn’t as much emphasis on which college you attend when it comes to engineering jobs. Attending a college like MIT will increase your opportunities in the jobs market and help you to demand a higher salary but it is not a prerequisite.

Helping Yourself

As with many careers it really pays to put in your own work in away from the classroom, when it comes to engineering you should be a 24 hour student. Having side projects that center around your chosen field of engineering will help you to keep your mind focussed on engineering and improve your ability to see projects through from beginning to end. You should be trying to make friends and contacts within the industry, there is no harm in emailing a group of professionals asking for their help and advice. If you start building up a network early on it can pay great dividends in the future.

Widen Your Abilities

When it comes really succeeding in the engineering industry it takes more than just being a great engineer, it is also important that you have a wide variety of skills. These skills can be business acumen, leadership ability, interpersonal skills or knowledge of a wide variety of sectors, if you want to stand out when it comes to getting a job then it is vital that you have plenty of strings to your bow.

The post Tips for How to Become an Engineer   appeared first on All Peers.

KatasoftDesigning the Stormpath SDK for Asynchrony in .NET [Technorati links]

August 30, 2016 11:19 AM

We designed the Stormpath .NET SDK with asynchrony in mind. Since the goal of the SDK is to make network calls to the Stormpath API, it’s a great fit for the Task-based asynchrony pattern introduced in .NET 4.5. Every network method returns a Task<T>, which can be awaited to get the result.

Native support for Tasks in ASP.NET and ASP.NET Core means that your application can intelligently pause threads that are waiting on asynchronous operations, which increases performance.

Embracing the Task pattern in the SDK has the side benefit of making it clear when and where network access will occur in your code: if a method doesn’t return a Task, it won’t make a network call. Nice and readable, just like it should be.

However, using Tasks in a library leads to a problem: what happens when your consuming code can’t use await?

The problem of blocking

It’s possible to synchronously block on an asynchronous Task by calling task.Result or task.Wait(). However, it’s a really bad idea. In a web application, it can lead to deadlocks. Don’t do it!

The await keyword provides a way to wait for a Task without actually blocking, using compiler-generated magic continuations. This requires you to mark the method body as async. In most cases, this is the perfect solution. The only problem areas are:

  • Existing applications that can’t use async without significant refactoring of existing code.
  • Methods that cannot be marked as async, like void Main() or OWIN Startup methods.
  • These edge cases don’t happen often. However, when they do, the library experience is poor: the developer is forced to use a bad pattern (blocking) without any other option.

    To provide a solution for situations where the SDK needs to operate synchronously, we decided to implement every relevant SDK method twice — once as an asynchronous method, and once as a (natively) synchronous method. We were inspired by StackExchange’s Dapper library, where they call it “dual-stack design”. Entity Framework 6 and later also uses this pattern.

    For example, on the IApplication interface, there are two methods that represent the same operation:

    public interface IApplication
    {
      public Task<IAccount> CreateAccountAsync(...);
      public IAccount CreateAccount(...);
    }

    Providing two versions of each method solves one problem, but introduces another: now the interfaces are bloated with similar-looking methods, which could be confusing for a newcomer. (Should I use CreateAccount or CreateAccountAsync? Why are there two?)

    I’m a big believer that SDKs should guide developers toward best practices whenever possible. Using the asynchronous method is a best practice, but a synchronous method sitting on the interface is so tempting! What if the synchronous methods were only visible when you needed them?

    Hiding methods behind a namespace

    To create an “opt-in” experience for the Stormpath SDK’s synchronous methods, we used C# extension methods to implement a mixin pattern and hide the methods behind the Stormpath.SDK.Sync namespace.

    Now, instead of both methods living on the interface as shown above, the synchronous method lives in an extension class:

    namespace Stormpath.SDK.Application
    {
      public interface IApplication
      {
        public Task<IAccount> CreateAccountAsync(...);
      }
    }
    
    namespace Stormpath.SDK.Sync
    {
      public class ApplicationSyncExtensions
      {
        public IAccount CreateAccount(this IApplication application, …)
        {
          // (sync implementation)
        }
      }
    }

    Now the synchronous “overloads” are only available if the developer imports the Stormpath.SDK.Sync namespace at the top of their code file. Otherwise, they aren’t visible.

    Why our solution?

    I like the solution that we used in the Stormpath .NET SDK because it:

  • Suggests async best practices by default
  • Supports the edge cases where asynchrony isn’t available
  • Exposes additional behavior in an intuitive way
  • If you have any thoughts or critiques, share them with me on twitter or below in the comments! And, if you’re interested in learning more about the Stormpath .NET SDK, you can check out these resources:

  • The .NET SDK Documentation
  • Simple Social Login in ASP.NET Core
  • 10 Minutes to User Authentication in ASP.NET
  • The post Designing the Stormpath SDK for Asynchrony in .NET appeared first on Stormpath User Identity API.

    IS4UMIM2016 Troubleshooting: MIM Portal Performance Issue [Technorati links]

    August 30, 2016 09:13 AM

    Issue

    After experiencing a decrease in MIM portal responsiveness after installation, I checked the server resources to see following memory consumption: task manager

    Solution

    The solution to this problem is quite simple. Since MIM is not using any search capabilities of the underlying Sharepoint engine, we can just remove the search component. You can do this either via the Central Administration or via Powershell.

    $spapp = Get-SPServiceApplication -Name "Search Service Application"
    Remove-SPServiceApplication $spapp -RemoveData
    Remove search application

    Related resources

    August 29, 2016

    Matthew Gertner - AllPeersWhat You Should be Doing if You Plan to Invest [Technorati links]

    August 29, 2016 11:17 PM

    Investing has long been a great way to make your money work for you, if you are sitting on some savings then you should consider what investment opportunities can do for you and your wealth. It may seem a little scary at first, placing your money into what is essentially a gamble, once you get started however you will see that it can be very rewarding. Regardless of whether you have strong knowledge of the markets or not, you can still get started with various forms of investment and look to increase your savings. If investment is something that you’re looking to get involved in then here are the things that you should be considering.

    stock-investing

     Personal or Private

     One of the first decisions that you need to make is whether you will control all of your investments or if you will hire a private company or fund to do your investments for you. Unless you know your market of choice very well then I would recommend that you used professionals. My investment manager Javier Garcia Teruel Avila is incredibly experienced in the finance industry, he has spent much of his career in private equity investment and gained an MBA from Harvard University. Juan, has helped me gain some strong returns over the years and more importantly, I have faith that he will invest my money wisely. If you are going to go private then you need to ensure that you have faith and trust in the company that you use.

     What do You Want to Gain

     It is important to decide what you are looking to make out of your investments, not necessarily a financial figure, more a time frame and what kind of percentage yield it is that you want from your money. You could opt to invest low-risk and look to gain regular dividends over a long period of time, alternatively you could be looking for a riskier strategy that makes you faster money by buying and selling. Once you know what you are looking to get out of your investments then it will be easier to form a strategy for how you will approach the market.

    Studying

     Even if you plan to use a professional to make your investments for you, it is imperative that you not only have a strong understanding of how the market works, but stay well informed of its daily movements and potential impacts. Not having sufficient market knowledge will mean that you will be blindly investing, a certain way to lose money, if you are working with professionals then you will leave yourself open to the possibility of people taking advantage of you. Make sure that you study the market that you want to go into and make the effort to check daily what is happening with your investments.

     Caution

     Finally, it is important that during your first year at least, that you approach investment with caution, keep your level of investment low and make sure that you can afford to lose a percentage of however much you decide to invest. Once you have found your feet in the market then you can take on a different strategy but my advice would be to play it safe when you first start out.

    The post What You Should be Doing if You Plan to Invest   appeared first on All Peers.

    Matthew Gertner - AllPeersWhere Will Your Next Great Vacation Be? [Technorati links]

    August 29, 2016 09:16 PM
    Where Will Your Next Great Vacation Be?Photo by CC user toasty on Flickr

    Deciding where to go on a vacation can sometimes leave you feeling like you need a vacation just planning one.

    Whether you are sticking close to home or heading to a different part of the world you’ve never seen before, the choices can certainly be tantalizing.

    That said taking the time to plan the best vacation possible is something that you should never take for granted.

    As you plan your vacation of choice, know that there are companies out there waiting to help you get it right the first time around.

    So, where will your next great vacation be?

    Put the Plans in Motion Today

    In order to nail the best trip possible, here are a few pointers to not miss out on:

     

    As you make plans for your next fun-filled vacation, remember to lean on the pros for help.

    Along with their experience in helping travelers around the globe find experiences of a lifetime, you too can do your part, turning to the worldwide web for assistance in mapping out your trip.

    Whether your trip is soon or later down the road; take the time to properly plan it out, leaving less chance for a dream vacation turning into a nightmare.

    With all the money that goes along with a vacation, you want to make it a great one.

    The post Where Will Your Next Great Vacation Be? appeared first on All Peers.

    Matthew Gertner - AllPeersWhy Do So Many Business Leaders Fail? [Technorati links]

    August 29, 2016 09:10 PM

    It is interesting to notice the fact that most of the successful business leaders of today were faced with some sort of failure in the past. That is something that became quite common in business. As an example, previously president of Oracle, Charles Phillips is now Infor’s CEO. When he led Oracle, he did many great moves but he did have problems, mainly caused by others. He learned from that even if it was not a failure. He treated it as such and when he became CEO of Infor many changes were made. This led towards the huge growth that Infor sees right now, quickly growing from 4 employees to number 3 in the ERP service provider market.

    Charles-Phillips-CEO-Infor

    The success of a company is basically highly connected with the leadership skills of the manager and the owner. However, many business leaders fail. Let’s see the most common reasons why this tends to happen.

    Not Listening To The Complaints Of The Employees

    The people that fuel the growth of a company are not the business leaders. They are basically the facilitators, those that help the growth happen. The backbone is always the workforce. It is really important that a business leader listens to the staff members. When this does not happen, it is a certainty that morale will go down. If there are employees that complain, listen to them. See what causes the complaint and see if there is something that can be done to improve the working environment.

    Lack Of Planning

    There is a lot of talk about vision these days. Successful business leaders always have a great vision but that is never enough for success. It is also really important that the steps necessary to actually achieve the growth in the future are taken. This automatically involves planning. The business leaders that are successful will always take their time to plan all the steps that will be taken to improve growth speed.

    Stopping The Learning Process

    You can be a really great business leader today and tomorrow you end up making many mistakes that make staff members lose all respect for you. It is really important as any person in a leadership position to keep learning. Do not believe that you know everything. Business can change from one month to the next. You need to be sure that you are going to always see what you can do in order to improve your personal skills. There are always things that you can work on.

    Positive Attitude Lacks

    When you are negative, you cannot be a successful business leader. This is something that absolutely nobody should neglect. Attitude can be changed and you can learn how to be a more positive person. Business leaders that have a negative attitude will surely end up faced with employee related problems. Make sure that you always look at the bright side of things. If something bad happens, highlight that in a positive way. There is such a thing called constructive criticism. This comes out of a positive attitude.

    The post Why Do So Many Business Leaders Fail? appeared first on All Peers.

    Matthew Gertner - AllPeersWill Your Resume Properly Define You? [Technorati links]

    August 29, 2016 07:54 PM
    Will Your Resume Properly Define You?Photo by CC user 124247024@N07 on Flickr. Image courtesy www.flazingo.com

    When you stop for a moment to think about it, your resume is as important a document in your life as you will ever have.

    With a winning resume, you open yourself up to myriad of job opportunities over the years, opportunities that can leave you with a career one day to look back on with much happiness and pride.

    On the other side of the coin, a resume that is average at best or worse can leave you with a lot of broken dreams, something that can haunt you many years from now.

    That said how can you position your career for good things to happen now and down the road?

    While hard work and dedication of course are the biggest components of that success, having a top-notch resume to lead you to quality jobs and opportunities is imperative.

    So, will your resume properly define you?

    Go to the Pros When Necessary

    In the event your current resume is leaving you feeling like something is missing, don’t wait around to figure out how to improve it.

    When you turn to a professional resume writing service, you know that you have professionals in your corner, professionals who will see to it that your resume is given the utmost care.

    One of the first questions you are likely to have is how do you go about finding such a service in the first place?

    In today’s Internet-driven world, starting your search online is a good way to go.

    By doing a Google search of resume writing services or using information you found through family and/or friends, check out different resume writing service websites.

    You want to find those who have the experience of doing the job right the first time around, along with providing stellar customer service.

    Once you have found the service you feel is best for your job pursuits, sit down with the pros and get started.

    As any professional resume writer will tell you, your resume should bring out only the best in what you have to offer prospective business owners.

    Yes, you obviously went to school, perhaps even graduated with a four-year degree or more. That said don’t waste too much time focusing on grades and school achievements, instead zeroing in on your prior job experience. In the event you are going after your first-ever full-time job, try to at least highlight relative part-time jobs and/or internships in your resume.

    Being Active in the Digital Age

    Another important item to keep in mind is the importance of today’s digital age.

    Many business owners are yearning for applicants who get the Internet and have no problem moving around on it, especially when it comes to areas such as social media.

    If you have Internet skills, by all means make sure they are highlighted on both your resume and in your cover letter.

    Even though you may end up with a job that is not immediately tied to marketing and/or advertising/sales, you may be asked by your employer to help promote the company’s brand on social media. Being able to do so will increase your chances of getting and keeping a position with a business that gets how important social networking is in today’s world.

    Finally, although paper resumes have not quite gone the way of the dinosaurs, they are becoming less and less the norm in today’s business world.

    As a result of this, having an online resume that shines is vital to your chances of landing the job that you really want.

    One of the advantages to going with an online resume is that you can go into your computer whenever necessary and update the resume. This makes things much easier in the event you want to send off resumes to a bunch of jobsites and companies at the last minute, albeit needing a change or two on your document.

    When it comes to finding a job in 2016 (and beyond for that matter), winning resumes and cover letters still matter a great deal.

    If you are not 100 percent confident in your abilities to turn out such documents, go the pros.

    In the end, it will be one of the best moves you ever made.

    The post Will Your Resume Properly Define You? appeared first on All Peers.

    Matthew Gertner - AllPeersVacation Rentals vs Hotels, Which is the Best? [Technorati links]

    August 29, 2016 06:45 PM

    Vacation rentals have gained great popularity in the last decade and more people are shunning hotels in favor of a privately rented property or home. Websites such as AirBnb allow peer-to-peer rentals whereby people rent out their own houses or apartments for short term stays, this method of private rental has really struck a chord with holiday makers. There are also people like Brian Ferdinand Liquid Holdings’ president who works with vacation rental properties, this sector has also seen a dramatic rise in popularity as people seek something different than a hotel. Here we look at which is the best option for you, a hotel or a vacation rental.

    1280px-Hotel_room_beds_at_GRT_Temple_Bay_Resorts,_Mahabalipuram

     Space

    The space that you pay for in a hotel is usually just a room and a bathroom, there are of course many areas for you to enjoy in a hotel such as the pool area, restaurant, public spaces and offices but these are shared spaces.

    In a vacation rental, all of the space is your own from the living area to the kitchen, you can feel comfortable and relaxed in the knowledge that nobody can interrupt your space. Many private rentals offer their own pool, perfect for a secluded swim.

    Price

     To work out the best price option for you depends very much on how many nights you are going away for. If your plan is to go away for 2 or 3 nights then a hotel will give you far better value, the reason for this is that most vacation rentals charge discounted prices for longer periods of time.

    If you plan to go away for more than three nights then the rental is the best choice for you and your wallet. Equally, if you plan on going away in a group or with a large family then a rental will also offer you the best value as the cost of individual hotel rooms will be far larger than the cost of a big property that accommodates the whole group.

    Food

    Most hotels have restaurant options and a pool side snack bar where you can eat, many are also situated in busy areas surrounded by local restaurants and eateries giving you a great deal of choice for where to eat. With this however, comes the added costs of restaurant food and eating out in general.

     At a rental property, you of course still have the option of eating out in restaurants but with the added option of cooking at home. Cooking on your property can be done easily in fully equipped kitchens and barbecue areas. Cooking a few meals when your away can be a cost effective way of eating and having this option gives you the flexibility to eat when you want and what you want.

    Amenities

    Hotels can offer swimming pools, tennis courts, bars, restaurants, work spaces and daily cleaning services that are designed to make the guest feel welcome. In a hotel setting you can also arrange tours and visits to local places of interest that you would have to arrange yourself in a vacation rental.

    Private rentals often come with TV, free flowing wi-fi, DVD players and even games consoles meaning that there is plenty to do to keep you occupied on an evening. Cleaning will be your responsibility and any adventures that you want to do will have to be arranged by you. Less options on hand but far more flexibility.

    The post Vacation Rentals vs Hotels, Which is the Best?   appeared first on All Peers.

    KatasoftAnnouncing Stormpath’s Java SDK 1.0 Release [Technorati links]

    August 29, 2016 05:50 PM

    Big, big news, people: The Stormpath Java SDK has left release candidates behind and is now at 1.0!

    The goal for any Stormpath SDK has always been to make it super easy for developers to work with Stormpath using the latest in technologies and integrations. With the 1.0 release of our Java SDK, it’s a snap to integrate Stormpath’s Identity Management platform into your application. Little to no additional coding is required. It’s easier than ever to use popular frontend technologies (such as ReactJS and Angular) along with the Stormpath Java integrations (such as Servlet and Spring Boot).

    We’ve added a ton of new features to the Java SDK, including the servlet integration and integrations for Spring, Spring Security, and Spring Boot (see the laundry list at the end).

    One of the most important new features in this release is compliance with the Stormpath Framework Specification. Spec compliance guarantees that all our SDKs work the same way, and gives you the ability to create SPAs (Single Page Applications) using any of our client-side integrations, like Angular, with any of our Java integrations.

    With the 1.0 release, we pack lots of features into the Java SDK and integrations, provide examples and tutorials right in the github repo, and make it nearly code-less to integrate Stormpath with modern frameworks like Angular and Spring Security.

    But, don’t just take our word for it. Here’s an easy Angular SPA example.

    Angular + Spring Boot

    To demonstrate the new SPA capability, I copied the client folder from an Angular + Express + Stormpath example into a basic Spring Boot + Stormpath example. The result is a basic Angular + Spring Boot + Stormpath example application.

    There’s a single Spring controller that simply forwards back to the angular app for the auth endpoints (like /login and /register). Using simple properties configuration, we delegate responsibility for the HTML views to the angular app and responsibility for the JSON models (GET) and form submissions (POST) to the Spring Boot app.

    Here’s the entire login.html file from the Angular app in the example:

    <div class="container">
      <div class="row">
        <div class="col-xs-12 text-center">
          <h3>Login</h3>
          <hr>
        </div>
      </div>
      <div sp-login-form></div>
    </div>

    So, how do we get from that to this?

    loginviewfb

    The sp-login-form makes use of the Stormpath Angular SDK. It retrieves the login model, which is served by the Spring Boot app.

    You can see this in action using the httpie command line http client:

    http localhost:8080/login

    produces:

    HTTP/1.1 200
    Content-Type: application/json
    Date: Thu, 18 Aug 2016 02:35:40 GMT
    Transfer-Encoding: chunked
    
    {
        "accountStores": [
            {
                "href": "https://api.stormpath.com/v1/directories/12OvcZl9yQuldBGw7X0LZs",
                "name": "Demo-Facebook",
                "provider": {
                    "clientId": "794907687304823",
                    "href": "https://api.stormpath.com/v1/directories/12OvcZl9yQuldBGw7X0LZs/provider",
                    "providerId": "facebook"
                }
            }
        ],
        "form": {
            "fields": [
                {
                    "label": "Username or Email",
                    "name": "login",
                    "placeholder": "Username or Email",
                    "required": true,
                    "type": "text"
                },
                {
                    "label": "Password",
                    "name": "password",
                    "placeholder": "Password",
                    "required": true,
                    "type": "password"
                }
            ]
        }
    }

    The Angular app uses this login model to render the login view, including the Facebook button. When you submit the login form, it makes a POST to the /login endpoint, which again is handled by the Spring Boot app. Easy peasy!

    The Full Java SDK 1.0 Feature List

    In addition to SPA support across all the integrations, the following is included in the 1.0 release:

    1. Angular Example: This new example joins the other examples we have in the SDK repo in the examples folder. It demonstrates how easy it is to create an application with an Angular front end and Spring Boot backend, all integrated with Stormpath.
    2. Content Negotiation: The rules spelled out in the framework specification determine whether to return JSON or HTML responses. This makes it very easy to configure a mixed application, such as Angular on the front end and Spring Boot on the back end. This is done in configuration with no additional coding.
    3. Social Providers: Login and registration support for Google, Facebook, Linkedin and Github. Simply map the appropriate Directory type to your application and the Login View will show the correct button for the Social Provider. No additional coding is needed.
    4. SAML Providers: You can easily add external SAML providers to your application. Simply maps the SAML Directory to your application and the Login view will show a button with the Directory name. No additional coding is needed.
    5. OAuth2 client_credentials grant type: You can allocate and manage API keys for your users with Stormpath. Now, you can use those API keys to get an Access Token for use in hitting protected endpoints in your application with support for the client_credentials grant type.
    6. Single Sign-on: Support for Stormpath’s SSO service – ID Site – is now available in the Servlet integration (ID Site is already supported in the other integrations)
    7. Event Handlers: Support for Pre and Post login and register handlers makes it easy to have side effects, such as logging, when these events occur.
    8. Custom Registration Fields: Easily add additional fields to the default registration form. This is expressed in properties with no additional coding required. Non-standard fields are automatically stored as Custom Data.
    9. Profile Endpoint: Added /me endpoint to return JSON profile information for authenticated users.

    Additionally, the following dependency and code updates are included in this release:

    1. Significant Spring Security performance improvements
    2. Internationalization (i18n) support / improvements
    3. Our account cookie (the way we used to keep client-side state) has been replaced by an access_token and refresh_token cookie.
    4. All our controllers are filters now (we were previously using handlers). This allows a request to pass through to be handled by custom client code.
    5. Removed support for JDK 6
    6. Removed all code and docs for previously deprecated interfaces
    7. Upgraded all external dependencies to latest versions, including Spring Security 4.1.2 and Spring Boot 1.4.0

    Along the way, we built a Framework Test Compatibility Kit for all of Stormpath’s integration developers to use. It ensures that whether you’re using the Node.js Express integration or the PHP Laravel integration, you can expect uniform responses to your requests as defined in the Stormpath Framework Specification.

    The five primary Java integrations in the Java SDK project (Servlet, Spring WebMVC, Spring Security Spring WebMVC, Spring Boot WebMVC, and Spring Security Spring Boot WebMVC) each pass all 112 tests in the TCK.

    All the things! – Java SDK Documentation Edition

    You can get to all of the Java SDK documentation here. Or get started with Java and Stormpath in 10 minutes or less? Check out our Quickstart.

    If you want to take a deep dive into the Core Java SDK, jump into the Product Guide. We’ll take you from a basic Spring Boot application to a Stormpath integrated Spring Security Spring Boot WebMVC application, complete with fine-grained access controls in our Spring Boot Tutorial.

    The post Announcing Stormpath’s Java SDK 1.0 Release appeared first on Stormpath User Identity API.

    KatasoftWatch: Token Authentication with ASP.NET Core [Technorati links]

    August 29, 2016 11:31 AM

    Token authentication a critical element of building scalable identity, authentication, and authorization management. The token-based approach is stateless, secure, mobile-ready, and designed to scale with the size of your user base (without additional burden on your servers).

    This Token Authentication webinar from Stormpath’s .NET Evangelist, Nate Barbettini breaks down both token verification and token generation in the new ASP.NET Core stack. He also covers:

  • Sessions vs. tokens
  • Statelessness
  • The anatomy of a JWT
  • Signature cryptography
  • Hosted user identity
  • You can view the slides that accompany this webinar on Slideshare.

    Excited to learn more about authentication and JSON web tokens? Check out these resources:

  • Token Authentication in ASP.NET Core
  • 10 Minutes to USer Authentication in ASP.NET Core
  • OAuth with JSON Web Tokens in .NET
  • Where to Store Your JWTs — Cookies or HTML5 Web Storage
  • Token Authentication with Stormpath
  • The post Watch: Token Authentication with ASP.NET Core appeared first on Stormpath User Identity API.

    Matthew Gertner - AllPeers3 Tips for Making Board Portal Software Work for You [Technorati links]

    August 29, 2016 12:15 AM

    The people who sit on the board of your organization are busy individuals. Many of them come from across the country (or farther yet) for the quarterly meeting, and distributing information in a timely manner can be quite a challenge if you still rely on printing and couriering. That’s why more and more organizations are finally making the shift to paperless meetings. It makes distributing financial reports, agendas, and binders much easier, especially for organizations who draw on directors from different parts of the country.

    Better board of governance software apps are not just designed to make it easier to distribute binders digitally. They are also made with productivity in mind, which means that they make it simpler for directors to read, annotate, and collaborate on documents. Software such as that offered by Aprio also makes it easier for the board administrator as well as the chair responsible for keeping meetings on time and moving. These board portals are designed to make governance more efficient, ultimately giving directors more time to discuss important decisions.

    How can Board Portal Software work for you?

    Below are just some of the simple, streamlined features effective board portal software should offer.

    1) Single Step PDFs

    It can be incredibly frustrating how much time gets wasted converting files originally created in Word, Excel, and PowerPoint into PDFs. A good board portal makes it simple to display files as PDFs with the mere click of a button. It’s always advisable to double check the formatting quality of rich documents before sending them. It may not seem like a significant feature, but without it, you can wind up wasting a surprising amount of time converting and formatting documents.

    2) Digitally Track and Approve Expenses

    Tracking and approving director expenses used to be a nightmare. Administrators face all kinds of spreadsheets, receipts, and disorganized claims. When they use portals such as Aprio’s, directors can enter their expenses directly into an Expense library. The portal even allows them to scan and upload all of their necessary receipts and submit them for payment by email. Administrators get to track expenses as they accumulate and, if necessary, remind directors of bylaws and practices governing expenses. Early stage companies are often advised that they should only be reimbursing directors for reasonable expenses, i.e., if the executives are traveling coach, the company should only be reimbursing coach class tickets for directors, too.

    3) Using Links in Your Agenda

    It’s always a struggle to keep to meetings on time and productive, but you’re not running an effective board without the ability to stay on schedule. If you’re using portals such as the latest board management software from Aprio, it’s easy to keep meetings running productively. One of the ways everyone can save time during a meeting is by retrieving important reference documents digitally, via hyperlinks attached to the meeting agenda. One exceptional feature you should look for is the ability to attach links that are unique to the user, a useful feature when you’re dealing with in camera meetings. If you’ve been wasting time in meetings, distributing materials, tracking expenses, or even something as simple as formatting PDF files, it’s time to improve your efficiency with a board portal.

    The post 3 Tips for Making Board Portal Software Work for You appeared first on All Peers.

    August 28, 2016

    Matthew Gertner - AllPeersSurgical suction: Not a one-fits-all system [Technorati links]

    August 28, 2016 11:24 PM
    Good surgical suction is integral to a successful operationPhoto by KRISTOPHER RADDER/U.S. Navy

    Whether you have been the subject of a procedure involving surgical suction, or if you have just seen it on the television dramas, it’s fair to say that most of us think that it comes in one shape, and one form. Its importance means that the wrong selection can endanger the health of a patient. 

    As the title may have given away, this isn’t necessarily the case. When surgeons turn to suction during a procedure, they are left with several drain choices. It means that not all surgeries will involve the same type of suction, but more on that later.

    To give more of an idea of suction, and just why and how it is used, here’s a lowdown on how surgeons approach it.

    What is suction and why is it used?

    Suction is something which will be used in the vast majority of surgeries around the world, usually with aspirator pumps. The main aim is to drain fluid from an area or to decompress it. Fluid could come in the form of blood or pus, or in some cases a surgeon might simply want to prevent air accumulating in a certain area of the body. There are even times where fluid might be removed to identify possible leakages.

    In truth, the list for surgeries involving suction could be endless. It ranges from plastic surgery, to breast surgery to chest drainage.

    One of the most interesting parts about surgical drainage is that there isn’t really a set amount of “rules” for surgeons to follow. In other words, most surgeons will simply use their own preferences – there is little scientific backing which highlights how suction should be performed effectively.

    What are the different types of suction available to surgeons?

    As we’ve pointed out, suction isn’t necessarily a one-fits-all solution. There tends to be three types of surgical drain.

    The first comes in the form of the open or closed drain. In the case of the former, this involves draining fluid into something like a stoma bag or a gauze pad. A closed drain meanwhile will be within a tube, with the fluid draining into a bag. The latter tends to be more common as there is a smaller chance of infection, due to the fact that fluid isn’t in the open.

    The other type of drain available to surgeons is one which is active or passive. Active drains have constant suction, which will be either low or high pressure. On the flip side, if the surgeon opts for a passive drain, it means that there isn’t any suction and they only work courtesy of the differential pressure which is formed between the body and outside of the body.

    The final suction option is whether or not the drain is made out of rubber or silastic. In the case of rubber, these tend to exhibit more pressure on tissue and can result in a tract forming. In some cases this is a positive thing, but in others a surgeon may opt for the silastic drain which has softer reactions on tissue.

    The post Surgical suction: Not a one-fits-all system appeared first on All Peers.

    Matthew Gertner - AllPeersWhy Is Online Reputation Management Difficult? [Technorati links]

    August 28, 2016 01:05 AM
    Online reputation management is hard work that needs to be taken seriouslyPhoto by CC user 132604339@N03 on Flickr and http://joethegoatfarmer.com/

    The truth is that online reputation management is not at all difficult these days. However, most people from around the world lack the necessary knowledge to make the correct steps when they are needed. The truth is that the main reason why online reputation management is difficult is the lack of knowledge about what online reputation management actually means.

    In order to better highlight the topic, let us think about some of the misconceptions that appear and discuss different reasons that people highlight when referring to the difficulty associated with online reputation management. That should put you on the right path.

    Low Investment Budgets

    In order to properly set up a reputation management strategy on the internet you will need to be aware of what happens in real time. This can be a little difficult. You will need to invest money in various different special tools. While this is definitely something that is not available for many companies, especially the small to medium sized ones, alternatives are always available. For instance, why not set up simple Google News alerts for the keywords you are interested in? This is free and you can learn about the mentions that are of importance for you.

    Not Being Able To Respond To Negative Reviews

    If a negative review appeared so many simply ignore them. This is not a good approach for your business. The problem is not that the negative review appeared. The real reputation management problem in this case is that the review was not taken into account. You have so many different ways in which you can respond to a negative review.

    The trick is to highlight the fact that you took notice and that you take the feedback that is offered in order to improve the services/products that you are currently selling. Even if the mention is personal and really negative, by remaining positive and letting the reviewer know that you respect what was said will help you to improve your reputation.

    Getting Feedback From Customers

    In order to work on your reputation on the internet, you have to receive feedback from your past customers. Also, you need to learn from the potential customers, why they think about buying and why they might not actually make the purchase. A problem appears because reputation managers think that it is tough to get feedback. Most commonly the mention is about conducting online surveys. They can be pretty expensive.

    What you should know is that different ways to get feedback are now available. They are either really cheap or completely free. For instance, a great example of a free channel that can be used to get feedback from customers is social media. When you engage in conversations with your followers and fans you will be able to ask questions, receive answers and get all that important feedback you need.

    Never think that reputation management is not possible and that you cannot do anything about it. Just think outside of the box, come up with great ways to manage your reputation. Alternatively, seriously consider hiring professionals to get the work done for you.

    The post Why Is Online Reputation Management Difficult? appeared first on All Peers.

    August 27, 2016

    Matthew Gertner - AllPeersThe not-so-obvious reasons behind the surge in weight loss treatment [Technorati links]

    August 27, 2016 07:49 PM
    There are a number a factors behind the surge in weight loss treatmentPhoto by CC user http://www.cgpgrey.com

    It doesn’t matter who you are, body image is something that seemingly every person in the world wishes to change. Even if a person is always found in the gym, with the near-perfect physique, there will always be minor parts that they would fine-tune if given the opportunity.

    For those people who are overweight, to a clinically concerning extent, it goes without saying that the body image issues perhaps play even more on their mind.

    However, it’s not just “looking good” which has caused an increase in the number of people undergoing bariatric surgery for weight issues. There are umpteen other reasons behind the surge in weight loss treatment, many of which are unknown, which we will now mull over.

    Asthma

    There are some pretty interesting stats out there in relation to asthma and weight loss. While it may appear quite unrelated on first look, one study found that bariatric surgery significantly helped those who previously took steroids for the condition. Most people in this group were able to stop their steroids completely 18 months after the surgery – highlighting just how effective it can be.

    Depression

    Considering the body image issues we have discussed, the link with obesity and depression probably isn’t all that surprising.

    It has been found that those people who are obese are 25% more likely to suffer with a condition such as depression. There are also indirect factors to look at here; due to all of the separate conditions that obesity can cause, depression can occur as a result of one of those.

    Sleep apnea

    Sleep apnea is arguably one of the least understood problems which can be caused by obesity. In short, it refers to a condition where a person will stop breathing in short stints during sleep – with this having the knock-on effect that the person is much more tired than they really should be during the day.

    Experts believe that excess fat around the chest and neck can restrict the amount of air that enters the lungs and ultimately cause this problem. Therefore, by rectifying it, there’s every chance a person can become more alert during the day.

    Infertility

    Statistics have shown that more and more women who are attempting to conceive are obese. This is undoubtedly a problem; particularly when you consider the fact that one study showed that almost half of obese women have irregular menstrual cycles.

    Ultimately, it means that the chances of conceiving are much lower. As well as this, if a woman does fall pregnant, there is also a higher risk of miscarriage due to obesity.

    Urinary stress

    Another surprising condition which can be caused through obesity comes in the form of urinary stress incontinence. While bladder control issues can occur due to a number of reasons, obesity is something which can be a major risk factor.

    The reasons are very straightforward to understand as well. Due to the additional weight which is accumulated on the midsection, it means that the bladder comes under increasingly more pressure.

    The post The not-so-obvious reasons behind the surge in weight loss treatment appeared first on All Peers.

    Matthew Gertner - AllPeersThree Things That Tell You Your Work Life Balance Is Out of Balance [Technorati links]

    August 27, 2016 03:48 PM

    There are a number of things that are indicative of having a poor work life balance. For Charles Phillips, Infor CEO,’s wife Karen, these things were all evident in her husband. She decided that he was ready for a change, and she became more involved in his work, while also showing him the importance of family time. She got through to him, and Phillips is now a role model for not just his staff, but also other CEOs and executives the world over. He spends time with his family, talks about his family, and expects the same of his staff. So what are some of the signs that Karen noticed and that made her force her husband to change, and to take more of an active role in things he finds enjoyable, such as their joined philanthropic organization, Phillips Charitable Organizations? Let’s take a look.

    business men phonecallbusiness men phonecall
    1. Phantom Vibration Syndrome

    Phantom vibration syndrome was unheard of just a few years ago. Today, however, it is a recognized thing. In fact, it is one of the biggest things to look for if you feel that you are married to the job, and that this is affecting your negatively. Basically, it means that you will feel your phone buzz, even when you don’t have it on you. Sometimes, it feels so real that you end up searching through your phone because you’re sure you missed a call, text message, WhatsApp, Tweet, or Facebook notification! This encounter is known as a ‘tele normal’ one, and most of us have experienced it at least once in our lives. But for overworked CEOs, it becomes an almost constant occurrence, and it can be devastating.

    1. Refusing to Sleep

    Everybody needs sleep, preferably eight hours. Research upon research has demonstrated that people who sleep more are happier and healthier, and therefore also productive. But for overly busy executives, sleep is time that they feel could be better spent doing “important” things relating to work. Very often, CEOs survive on just four or five hours of sleep per night. You can keep this up for a short time, but not too long, unfortunately, and it will go to the detriment of your health, wellbeing and productivity.

    1. Emailing During Personal Time

    As the world is changing, more and more executives are starting to schedule in ‘personal time’. That way, it looks to themselves, their family, and their staff as if they are committed to taking time out and spending it with the family. In reality, however, the vast majority ends up checking their email constantly, even in the company of their family. As such, they don’t really have any personal time, they simply use it to catch up on administration and things they didn’t get to in the office.

    If you recognize these three signs, do what Karen Phillips made her husband Charles do: recognize that things are getting too much, and make a real change for the better.

    The post Three Things That Tell You Your Work Life Balance Is Out of Balance appeared first on All Peers.

    Matthew Gertner - AllPeersUnderstanding the Role of a CEO [Technorati links]

    August 27, 2016 03:16 PM

    CEOs are very important people, but few people truly know what they do. This is due to a variety of reasons. Firstly, CEOs are often too busy to sit down and talk about their job. Secondly, they have so much to do that they would need to write an encyclopedia to write it all down. Thirdly, it all depends on what company they are CEO of. Finally, their personal leadership style makes the role vary. Take, for instance, Infor CEO Charles Phillips, who will do very different things than Xerox CEO Ursula Burns, for instance. That said, there are a number of commonalities that you will find across the board.

    charles_phillips_wife

    The Main Duty of a CEO

    Setting vision and strategy is a CEO’s main duty. In order to develop the strategy, the CEO will be assisted by their senior management team. This team will write a business plan, which will be approved by investors. However, the true direction is set solely by the CEO. They are the ones who will give the final go ahead in terms of entering new markets, which competitors to take on, which product lines to run, how the company will be different from all the others. The CEO is responsible for making final decisions, also in terms of budget allocation and partnership. They also hire the team that will be able to steer their business towards achieving that strategy and vision.

    CEOs Build Culture

    Another important thing that only the CEO can truly do is build the culture. No matter what line of work a business is in, it needs people to get the job done. People, in turn, act according to the culture of the business. If the workplace is lousy, people, and particularly high performers, will be driven away. They can choose where to work, at the end of the day. This is again seen in Infor, which is headed by Charles Phillips, previously President of Oracle. A large proportion of his executive team is made up by past Oracle employees, who all see something better in the culture that he has built at Infor.

    Building culture is a complex thing, but the CEO is the one who sets the tone towards creating it. Everything the CEO does or doesn’t do is a cultural message, and this goes down to the very smallest details. The clothes a CEO wears, for instance, will say a lot about the level of formality in the workplace. The people the CEO talks to demonstrates whether someone is or isn’t important. The way a CEO handles their own mistakes, whether they see a mistake as feedback or as a failure, determines how other people feel about taking risks. What people the CEO gets rid of, who they decide to keep on, and who they reward, all shows the rest of the team what the culture of the organization is.

    The CEO must live and breathe the culture of their company. For instance, if a deadline is set and this means some of the team has to work outside of regular office hours to achieve it, they cannot then ignore the team when they work those hours by keeping their own personal life sacred. If they decide to do this, the rest of team is unlikely to work as hard again – if the CEO doesn’t work outside office hours, why should they?

     

    The post Understanding the Role of a CEO appeared first on All Peers.

    Matthew Gertner - AllPeersInfor Before and After Phillips [Technorati links]

    August 27, 2016 01:52 PM

    Infor has been around for a very long time, but it actually only became a real player when Charles Phillips Infor CEO made it his affair. Before Phillips, Infor was reluctant to embrace new technology and wanted nothing to do with the cloud. After Phillips, Infor turned all that around. In fact, the cloud is just one of the bold moves that Infor has made. They have committed to working together with Amazon Web Service to do this, using Cloudsuite.

    The_Infor_logo

    According to Phillips, going on Amazon using Cloudsuite is really going to set them apart from today. It means they are one of the first companies of its kind to truly move to the cloud with its full infrastructure, instead of only a few operations. Committing to the cloud on such a large skill is risky, but it will bring about some significant benefits. One of those is that Infor doesn’t have to build its own data center, which means they can keep the prices lower as well.

    Cloud companies usually start by building a data center. In fact, that is often the main investment for new companies. Infor, instead, will build a relationship with Amazon, which will also ensure that Infor doesn’t have to deal with the data sovereignty issues that many are dealing with.

    Not Everyone Is Happy

    Moving everything onto the cloud is a move that hasn’t made everybody happy. Some businesses are conservative by nature, and see the cloud as nothing but a system over which they have no control, and that others can easily hack in to. Phillips understands this, and wants to ensure customers understand that on premise solutions will continue to exist. However, what he does not want to do is enable clients to create their own cloud, in a way that Hewlett Packard has done. If they do this, then they will also start to want customizations, and they will need to upgrade as and when it is right for them. What Infor wants is to develop Software as a Service (SaaS), in which there is no room for this.

    How to Convince Clients

    What Phillips wants prospective cloud clients to do is to forget about the apps they have right now, which have been customized and customized again. Rather, he wants them to look at what the business processes they need are, and will then build a demo based on that. By using the demo, people can see for themselves whether or not it will work for them.

    Infor is making big changes, and with big changes come big ripples. But Phillips is happy to ride those ripples and he has his team behind him for that. Plus, it seems that his strategy is working, because at his latest report, the tipping point between in house applications and SaaS applications was at 50/50, and he expects it will soon tip in the favor of SaaS overall. It seems that when Phillips says he will do something, he will do it.

    The post Infor Before and After Phillips appeared first on All Peers.

    August 26, 2016

    Kaliya Hamlin - Identity WomanIIW 23! Register. Its going to be great! [Technorati links]

    August 26, 2016 02:13 PM
    Powered by Eventbrite

    Matthew Gertner - AllPeersBrainwave Entrainment and How You Can Reap the Benefits [Technorati links]

    August 26, 2016 01:26 AM

    Brainwave Entrainment can help you become more of a success

    The human brain is one of the perplexed organs in the body. The way a person talks, walks, acts, and feel are all determined by the brain. The body responds from electrical impulses that are produced by this mighty organ and without them, people would become lifeless or in a zombie state. Unfortunately the day to day trials and tribulations tend to get the best of us causing high levels of stress. When the mind or body is stressed; health issues are sure to follow, but there is one way to get yourself back on track or maintain at peak levels.

         Brainwave Entrainment is a proven method for getting your mind and body back in sync with one another. It’s basically cycles of rhythmic synchronization of soundwaves that will increase relaxation or concentration. For Example: Two unsynchronized pendulum clocks sitting side by side will surely synchronize after a period of time. It’s not telekinesis, but more so energy that feeds off one another and that’s where Revolutioner comes into play. Revolutioner provides you with a sense of mental healing by use of soundwaves and this method of brainwave entrainment is giving it’s users many benefits such as:

     
    Whatever you goals may be whether it’s sports, business, or health; training your mind will give you the upper edge. Of course you can’t be a one and done kind of guy. You’ll need to be consistent with the program to receive the benefits of service. It’s time to step your game up and if you want a more detailed look at Revolutioner.com.

    The post Brainwave Entrainment and How You Can Reap the Benefits appeared first on All Peers.

    August 25, 2016

    KatasoftTutorial: Get Started with Xamarin in Visual Studio [Technorati links]

    August 25, 2016 09:59 PM

    Xamarin is a cross-platform technology that makes it possible to build native mobile apps for Android, iOS, and Windows Phone using C# and a shared codebase. Like its younger siblings NativeScript and React Native, it allows development teams to build mobile applications using the skills they already have, and spend less time writing code for each platform.

    If you haven’t tried Xamarin yet, now is a great time to get started! Earlier this year, Microsoft bought Xamarin and made it free (and open-source). You can build Xamarin projects on Windows (using Visual Studio), or Mac/Linux (using Xamarin Studio).

    I’m excited to dig into Xamarin because mobile apps need authentication and authorization, which Stormpath makes easy. We already have rich SDKs for .NET and ASP.NET, as well as SDKs for iOS and Android separately, but a Xamarin-specific SDK could provide even more value and make it super simple to secure your apps. It’s something I’m currently digging into, so stay tuned!

    In this tutorial, I’ll show you how to use Visual Studio and Xamarin to build a basic app for iOS and Android — even if you’ve never done any app development before!

    Setting Up Visual Studio and Xamarin

    If you don’t have Visual Studio 2015 installed, download the free Community Edition from Microsoft. If you already have Visual Studio, make sure you have the latest update (Update 3 at the time of writing).

    You’ll also need to install some optional components for Visual Studio. If you’re setting up Visual Studio from scratch, make sure these items are selected:

  • C#/.NET (Xamarin 4.1.1)
  • Visual Studio Emulator for Android
  • Choosing Visual Studio options

    If you have an existing installation, you can verify that these components are installed by opening the Control Panel, choosing Uninstall or change a program, and selecting Microsoft Visual Studio 2015. Follow the installation wizard to make sure the above items (at a minimum) are checked.

    Once you have the tools set up, you’re ready to create a Xamarin project!

    Xamarin vs. Xamarin.Forms

    The Xamarin SDK provides bindings to the platform-specific APIs on each mobile platform, so you can call Android or iOS APIs from C# code. This allows you to build native apps using C#, but you still need to design the UI separately for each platform.

    Xamarin.Forms is an additional layer on top of the Xamarin SDK that makes it possible to build your UI once (in XAML markup) and let Xamarin do the hard work of translating it into the appropriate UI elements on the target platform. You can drop down to the Xamarin SDK level and interact with the platform APIs if you need to.

    Should you use “raw” Xamarin, or Xamarin.Forms? It depends on what you are building:

  • If you’re building an app that needs little platform-specific functionality or custom UI, go with Xamarin.Forms. This is a good choice for straightforward data-entry apps and prototypes.
  • If you’re building an app that needs UI customized for each platform, or includes a lot of complex interactions, you’re better off with straight Xamarin.
  • Since the goal of this tutorial is building a simple app, Xamarin.Forms is the fastest and easiest way to go!

    Creating a New Xamarin.Forms Project

    First, create a new project in Visual Studio. In the New Project window, choose the Cross-platform category, and the Blank App (Xamarin.Forms Portable) template. Name the project HelloWorldApp.

    Creating a new Xamarin.Forms project

    Scaffolding the project may take a minute. Dismiss any dialogs that pop up during the process. When the scaffolding is complete, right-click on the top-level solution and choose Manage NuGet Packages for Solution. Update the Xamarin.Forms package, if applicable.

    Updating the Xamarin.Forms package

    Leave the other packages alone, even if they have available updates. I ran into a few issues when I enthusiastically updated everything. Some of the available packages are newer than what Xamarin.Forms supports and shouldn’t be updated.

    The Blank App template creates a number of projects in the solution:

    Xamarin.Forms solution

  • HelloWorldApp (Portable) – Contains the XAML and shared code for each platform-specific project.
  • HelloWorldApp.Droid – Android-specific code. For a simple project, you won’t have to change much here.
  • HelloWorldApp.iOS – iOS-specific code. You won’t have to change much here, either.
  • The template also includes projects for UWP (Windows 10 and Windows 10 Mobile) apps, Windows 8.1 (Metro) apps, and Windows Phone 8.1 apps.

    In this tutorial, you’ll only need to modify the shared (portable) library project.

    Adding a View

    To create a new UI view (called a “page” in Xamarin.Forms lingo), right-click on the HelloWorldApp (Portable) project, and choose New Item. Pick the Forms Xaml Page template and name the new page HelloWorldPage.

    Adding a XAML page

    Replace the generated XAML with this markup:

    <?xml version="1.0" encoding="UTF-8"?>
    <ContentPage xmlns="http://xamarin.com/schemas/2014/forms"
                 xmlns:x="http://schemas.microsoft.com/winfx/2009/xaml"
                 x:Class="HelloWorldApp.HelloWorldPage">
      <ContentPage.Padding>
        <OnPlatform x:TypeArguments="Thickness"
                    iOS="20, 40, 20, 20"
                    Android="20, 20, 20, 20"
                    WinPhone="20, 20, 20, 20" />
      </ContentPage.Padding>
      <ContentPage.Content>
        <StackLayout VerticalOptions="FillAndExpand"
                     HorizontalOptions="FillAndExpand"
                     Orientation="Vertical"
                     Spacing="15">
          <Label Text="Enter your name:" />
          <Entry x:Name="NameEntry" Text="Jane Doe" />
          <Button x:Name="SayHelloButton" Text="Say Hello" Clicked="SayHelloButton_OnClicked" />
        </StackLayout>
      </ContentPage.Content>
    </ContentPage>

    This XAML code creates a basic layout containing Label, Entry (text box), and Button controls. The control names (specified with x:Name) will be used to refer to the controls in code.

    The Clicked= attribute on the Button element wires up the button click event to a handler called SayHelloButton_OnClicked, which doesn’t exist yet (but it’s about to!)

    Open up the code-behind for the XAML file by expanding it in the Solution Explorer and double-clicking on the HelloWorldPage.xaml.cs file.

    Opening the code-behind

    Replace the generated C# code with the following:

    using System;
    using Xamarin.Forms;
    
    namespace HelloWorldApp
    {
        public partial class HelloWorldPage : ContentPage
        {
            public HelloWorldPage()
            {
                InitializeComponent();
            }
    
            private async void SayHelloButton_OnClicked(object sender, EventArgs e)
            {
                var name = NameEntry.Text;
                await DisplayAlert("Greeting", $"Hello {name}!", "Howdy");
            }
        }
    }

    Looks familiar, doesn’t it? The SayHelloButton_OnClicked method will run when the SayHelloButton is clicked on the XAML page. First, the value of the textbox is assigned to the name variable, and then the DisplayName method is called to display a modal popup on the device.

    There’s one more thing to do before you’re done: telling the app to use the new page. In App.cs, replace the constructor method with this:

    public App()
    {
        MainPage = new HelloWorldPage();
    }

    That’s it! Your new Xamarin app is ready to go.

    Testing Your Xamarin App on Android

    If you have the Visual Studio Android Emulator installed, testing the Android version of your Xamarin app is simple. In the Visual Studio toolbar, pick the HelloWorldApp.Droid project and choose an Android device to emulate. Then, click the green Play button to start the emulator.

    Starting the Android emulator

    The Android emulator can be slow to load, so give it some time. If everything builds properly, you should see your app running on Android.

    Testing the app on Android

    Testing Your Xamarin App on iOS

    Testing your Xamarin app on iOS is a little trickier, because it requires a Mac to provide the emulator. If you have a Mac handy, follow the official instructions to set up the Mac agent and connect it to Visual Studio. Then, pick the HelloWorld.iOS project, and switch the architecture to iPhone Simulator. Choose a device version and click Play.

    Starting the iOS emulator

    After the project builds, the simulator will launch on the Mac.

    Testing the app on iOS

    Next steps

    This tutorial only scratches the surface. There’s plenty more you can do with Xamarin! Here’s some further reading:

  • Xamarin.Forms sample apps
  • Custom animations in Xamarin.Forms
  • Xamarin .NET Platform Standard support
  • If you’ve built something cool with Xamarin, let me know in the comments or on Twitter @nbarbettini!

    The post Tutorial: Get Started with Xamarin in Visual Studio appeared first on Stormpath User Identity API.

    Matthew Gertner - AllPeersImportance of Resolving Lower Back Pain Early [Technorati links]

    August 25, 2016 03:52 AM
    Resolving Lower Back Pain can be done with early interventionPhoto by CC user 134351668@N07 on Flickr and via www.sandiegopersonalinjuryattorney.net  

    The intensity and severity of the lower back pain vary from person to person. If the pain is left untreated, it can worsen and have an even bigger impact on a person’s quality of life. However, most individuals affected by this problem are reluctant to seek help or manage the pain promptly. The primary reason for not doing anything is the belief the problem will, simply, go away. In order to avoid unfortunate scenarios and mobility limitations, it is crucial to resolve the lower back pain in its early stages.

    Why is early intervention significant?

    The team of scientists led by Benedict M. Wand of the University of Notre Dame Fremantle, Australia conducted a study whose primary objective was to compare two research-based models of acute lower back pain care and analyze the effect of the physical intervention timing.

    Out of 804 referred participants, 102 individuals met the team’s criteria for admission into the study. The subjects were randomly assigned to assess/advise/wait group or assess/advise/treat group. After six weeks, the Treat group showcased greater improvements in mood, disability, general health, and quality of life comparing to individuals in the wait group.

    Findings from the study, published in the journal Spine, demonstrate that the timing of intervention affects the development of psychosocial features. For instance, if treatment is provided later, these psychosocial benefits are not achieved. Scientists concluded the study explaining that the assess/advise/treat model of care offers better outcomes. One of the major benefits of early management of low back pain is the fact it improves overall quality of life, which can be severely affected if the pain is left untreated.

    Furthermore, timely management of lower back pain has a tremendous potential to reduce the number of people with severe, disabling lower back pain and thereby, decrease the personal, economic, and social impact of the lower back pain.

    Education is important

    In order to truly understand the importance of early management of lower back pain, Chiropractors and other healthcare providers should educate their patients about benefits of management and different methods to relieve the pain. Chiropractors reassure the patient that the prognosis usually requires little intervention, when resolving lower back pain in early stages. Patients should be advised to stay active and to avoid twisting and bending.

    Conclusion

    In most instances, people don’t manage lower back pain until its severity becomes unbearable. However, in order to prevent it from affecting one’s quality of life and to avoid potential serious consequences, resolving lower back pain early should be done as soon as possible.

    The post Importance of Resolving Lower Back Pain Early appeared first on All Peers.

    August 24, 2016

    OpenID.netRegistration Open for OpenID Foundation Workshop on Monday, October 24, 2016 [Technorati links]

    August 24, 2016 07:31 PM

    OpenID Foundation Workshops provide insight and influence on important Internet identity standards. The workshop provides updates on the development of profiles of OpenID Connect as well as review progress on OpenID Connect Certification and an update on Relying Party certification.

     

    We will introduce the FastFed (Fast Federation) while providing updates on others including Connect, Account Chooser, Financial API (FAPI), HEART, iGov, MODRNA (mobile operator discovery, registration & authentication) and RISC. Leading technologists from Amazon, Oracle, Microsoft, Google, Ping Identity and others will update key issues and discuss how they help meet social, enterprise and government Internet identity challenges.

     

    This event precedes the IIW #23 Mountain View October 2016.

     

    Registration can be found here: https://www.eventbrite.com/e/openid-foundation-workshop-tickets-27312519481

     

    The OpenID Foundation Workshop Agenda

     

     

    Thank you to VMware for hosting and directed funding support of this event.

     

    Don Thibeau

    The OpenID Foundation

    KatasoftWhat’s New in Entity Framework Core 1.0? [Technorati links]

    August 24, 2016 05:04 PM

    As part of Microsoft’s effort to modernize and make the .NET framework multi-platform, modular and open-source, a new lightweight and extensible version of Entity Framework, Entity Framework Core 1.0, has been released. Nate recently shared a post on how he used Entity Framework Core to rapidly prototype and test ASP.NET Core applications. So, we thought we’d share an overview of all the new stuff in EF Core!

    Entity Framework is a Microsoft Object Relational Mapper (ORM) which allows .NET developers to forget about database complexity and work directly with domain-specific objects. This keeps developer focus on application logic rather than the complexities of where data is stored, how to retrieve data, and how to map database objects to domain entities.

    Entity Framework Core is a new codebase and some of the features that were present on previous versions are not yet available. Most of the top-level APIs remain the same, so developers coming from Entity Framework 6.x will feel comfortable working with it. The source code is public on GitHub (previous versions were originally available in CodePlex).

    Features Available in Entity Framework Core 1.0

    Cross-platform

    EF Core, like ASP.NET Core, is cross-platform so applications written on these frameworks can run on Linux and Mac OS, not just Windows. Like its predecessor, Entity Framework Core is modular and can connect to a variety of database providers. Providers for SQL Server, SQLite, and Postgres are available today, with MySQL and others (like NoSQL) coming soon. There are community-built providers available on Github as well.

    In-memory provider

    Mocking and testing your data-access layer can be time-consuming and painful, but not anymore! EF Core comes with an in-memory provider, which helps to test applications without writing code to mock your database context. Using an in-memory data store, you can exercise your data access code against a real database that only exists in memory.

    Lightweight, modular, and extensible

    Following modern application framework philosophy, EF Core has been decomposed into smaller manageable packages/components and you can use only those that are useful to your project. These components can also be extended to add additional functionality.

    To get started, simply install the packages for the providers you will use. For example, if you want to use the SQL Server provider, you can install it using the NuGet Package Manager:

    Install-Package Microsoft.EntityFrameworkCore.SqlServer

    Or we can edit the project.json file and add this line to the dependencies section:

    "Microsoft.EntityFrameworkCore.SqlServer": "1.0.0"

    Then (re)install all your dependencies either in Visual Studio or with the brand new .NET CLI using the restore command:

    dotnet restore

    Shadow Properties

    Shadow properties make it possible to add properties without affecting the domain model.
    This is useful both to avoid contaminating the domain model and also when source code is not available to the developer. The values can be changed and maintained by the Change Tracker API. They can also participate in LINQ to Entity query, database migration, and Create/Update operation.

    For example, you can define a LastUpdated shadow property on Course entity:

    public class CoursesContext : DbContext
    {
        public DbSet<Course> Courses { get; set; }
        public DbSet<Student> Students { get; set; }
    
        protected override void OnModelCreating(ModelBuilder modelBuilder)
        {
            modelBuilder.Entity<Course>()
                .Property<DateTimeOffset>("LastUpdated");
        }
    }

    Setting the shadow property value:

    context.Entry(myCourse).Property("LastUpdated").CurrentValue = DateTimeOffset.Now;

    Reference it on LINQ queries:

    var courses = context.Courses
        .OrderBy(c => EF.Property<DateTimeOffset>(c, "LastUpdated"));

    Mixed client/server evaluation

    When you write a query which involves client-side methods, EF Core is smart enough to identify which part of the query can run on the database and which part can only be run in-memory. Of course, this can lead to performance issues in some scenarios so this feature can easily be toggled off within your configuration.

    In the following example, I defined a helper “GetDurationDetail” method which calculates the duration of a course in weeks and returns a string with this information.

    var courses = context.Courses
        .Where(course => course.StartDate.Year == DateTimeOffset.Now.Year)
        .Select(course => new
        {
            Id = course.Id,
            Name = course.Name,
            Duration = GetDurationDetail(course.StartDate, course.EndDate);
        })
        .ToList();
    
    public static string GetDurationDetail(DateTimeOffset startDate, DateTimeOffset endDate)
    {
        var weeks = (endDate - startDate).Days / 7;
        var detail = String.Format("This course has a duration of {0} weeks", weeks);
        return detail;
    }

    As the SQL provider has no idea how the helper method is implemented and how to translate it to SQL, it will be not evaluated in the database. However, the rest of the query is evaluated and once the data is returned to the client the StartDate and EndDate properties are passed to the method and performed on the client side.

    As I mentioned above, this feature can lead to performance issues depending
    on the amount of data, and how much of that data is filtered out, so be sure to pay attention to what is added into your queries.

    var shortCourses = context.Courses
        .Where(course => GetDurationDetail(course.StartDate, course.EndDate).Contains("1 weeks"))
        .ToList();

    In this scenario, the helper method is used in the Where clause as a filter, so all the data is pulled into memory and then the filter is applied on the client side. EF will log a warning when client evaluation is performed, but this can be changed to either throw an exception or do nothing by configuring your context in the OnConfiguring method.

    protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
    {
        optionsBuilder
            .UseSqlServer(@"Server=(localdb)\mssqllocaldb;Database=EFQuerying;Trusted_Connection=True;")
            .ConfigureWarnings(warnings => warnings.Throw(RelationalEventId.QueryClientEvaluationWarning));
    }

    Bonus: Asynchronous LINQ Methods and SaveChanges

    Entity Framework 6 introduced task-based asynchronous methods alongside the traditional methods methods that represent querying and update operations. Entity Framework Core continues this effort and includes native asynchronous LINQ and SaveChanges methods that you can use in your async methods. This means that the current thread will be released while waiting for the query to complete, allowing other requests to be processed while the database is working.

    If you haven’t taken advantage of the asynchronous methods in EF6, migrating to Entity Framework Core is a great excuse to start!

    Features Expected in Future Entity Framework Core Releases

    There are several features from previous EF versions that are not yet implemented on EF Core 1.0. The most critical missing feature is the ability to use lazy loading on your entities. The only way to access related data in EF Core is to eagerly load it via the Include method. This has a big impact on the performance of your application because EF will query and load all the data on navigation properties as soon as the LINQ query is created, instead of querying it when they are accessed. This can be really dangerous on dense one-to-many relationships.

    Also missing is a more efficient translation of queries with more logic evaluated in the database rather than in memory.

    Updating a model from a database, which was previously reverse engineered from the database will be not available. Another visual miss will be the ability to see a graphical representation of the code-based model.

    And last but not least, we’re still missing filtered loading to allow a subset of related entities to be loaded and many-to-many relationships without join entities, which means that you will need to create an entity class to represent the join table and map the two separate one-to-many relationships.

    Next Steps

    In this article, we have reviewed new and pending EF Core 1.0.0 features. This is by no means the complete list of all new features. To learn more about what’s new in EF Core 1.0.0 check next resources:

  • Tutorial: Using Entity Framework Core as an In-Memory Database for ASP.NET Core
  • Entity Framework Core 1.0 Release Announcement
  • EF Core vs. EF6.x
  • Or, dive into authentication with .NET and Stormpath:

  • 10 Minutes to User Authentication in ASP.NET
  • Token Authentication in ASP.NET Core
  • Tutorial: Deploy an ASP.NET Core Application on Linux with Docker
  • The post What’s New in Entity Framework Core 1.0? appeared first on Stormpath User Identity API.

    Mike Jones - MicrosoftSession ID semantics aligned across OpenID Connect front-channel and back-channel logout specs [Technorati links]

    August 24, 2016 01:42 AM

    OpenID logoSession ID definitions in the OpenID Connect front-channel and back-channel logout specs have been aligned so that the Session ID definition is now the same in both specs. The Session ID is scoped to the Issuer in both specs now (whereas it was previously global in scope in the front-channel spec). This means that the issuer value now needs to be supplied whenever the Session ID is. This doesn’t change the simple (no-parameter) front-channel logout messages. The back-channel specification is now also aligned with the ID Event Token specification.

    The new specification versions are:

    Matthew Gertner - AllPeers5 Moments You’ll Wish You Had Hired a Wedding Videography Specialist [Technorati links]

    August 24, 2016 01:04 AM

    The first stage of planning a wedding is usually the budget. The typical costs include the reception, ceremony, attire, flowers, entertainment, rings and photographer. Unfortunately, Wedding Videography specialists are often overlooked. When preparing your budget for the photography, incorporate the cost of a wedding videographer so that you get a complete 360° of your special day.

    Here are 5 wedding moments that you will not want to miss on film.

    The first moment the couple see each other as she walks down the aisle has emotions welling up for everyone, but especially for the bride and groom. A wedding videographer captures the raw emotion happening at that very moment, the joyful gasps, the happy tears rolling down cheeks, the grin turning into a wide smile. The significant advantage of hiring a wedding videography specialist is having people’s reactions are captured from start to finish.

    Will you remember the way your voices broke from holding back the tears as you recited the vows to love and honor each other for the rest of your lives? Will you remember the ebullience of the crowd as you both leaned in for that special first kiss as a married couple? By hiring a wedding videography specialist, you will have your matrimonial vows captured in a way you can revisit for years to come. You’ll be able to witness again and again how happy your family and friends were for you in that special moment.

    The majority of your wedding portraits will be taken on the idyllic grounds of the reception or service. This is one of the rare moments on your big day that it will be just the two of you, reveling in happiness together in the commitment you’ve just made. While the photographer captures these moments posing for the camera, wedding videography will capture the affection behind the scenes from these moments of just the two of you.

    Wedding speeches bring laughter and tears and are made by the nearest and dearest to the bride and groom. For the fathers that don’t have a lot to say, the wedding speech to their child on their big day can often be the most precious and heartfelt message you’ll hear from a usually quiet individual. Friends and family don’t live forever and to capture a special moment like a speech to a loved one can be the most treasured piece once they have passed.

    The first dance is a special moment in the wedding reception that usually kicks off the most jovial part of the celebrations. The advantage of having a wedding videographer capture the first dance alongside a photographer means you also capture the music you chose and the emotions that accompanied it from yourselves and the crowd.

    Your big day can fly by so fast that it can become a bit of a blur. By hiring a wedding videographer specialist, you are capturing the happiest day of your life and every last detail involved. From the moment you first laid eyes on each other at the ceremony, to the first dance as a married couple; you will get to revisit your special day whenever you want and witness it the way that your family a friends did. It will be a priceless memento that you will be able to share with generations to come.

    Video Supplied by Directors Edge of Jo & Chayne

    The post 5 Moments You’ll Wish You Had Hired a Wedding Videography Specialist  appeared first on All Peers.

    August 23, 2016

    Matthew Gertner - AllPeersHeavy Duty Pop Up Gazebo: Key Benefits [Technorati links]

    August 23, 2016 08:40 PM

    Using a heavy duty pop up gazebo has many benefits

    Whether you’re a vendor at a market, trade show or any other outdoor event for that matter, a heavy duty pop up gazebo is a very cost-effective way to promote your business to the people walking by. A strong and sturdy design allows you to showcase your products, your produce and it provides the perfect shelter for your sports team during outdoor sporting events. Most marquee manufacturers also offer customised branding solutions, providing maximum awareness to the masses.

    Farmers Market or Trade Show Vendor Benefits

    If you’re a vendor that earns a living by visiting and selling at food stalls, outdoor trade shows and farmers markets, then a pop up gazebo is a fantastic investment for you. High quality, heavy duty pop up gazebo’s provide the perfect shelter for you, your products or produce, and more importantly your customers while they browse. Higher quality pop up gazebo’s also offer fantastic UV protection if so you can stay outdoors for longer without being constantly exposed to the dangerous UV rays of the sun.

    Being a farmer’s market or trade show vendor also means you’re more than likely to be on the road a lot, travelling from one location to the other. A good quality pop up gazebo is designed to be highly practical, meaning they are light weight (although still very strong), easy to set-up and pack up, and compact so they don’t take up a lot of room when not being used.

    Full Colour Sublimation Printing Technology

    If you’re taking the next step in your business and need some branding for your pop up gazebo, then be sure to ask about the printing service available. High quality pop up gazebo manufacturers offer full color sublimation to ensure your brand logo is razor sharp, never fades and remains appealing for years to come.

    The post Heavy Duty Pop Up Gazebo: Key Benefits appeared first on All Peers.

    Katasoft7 Tips for Writing Better Unit Tests in Java [Technorati links]

    August 23, 2016 04:43 PM

    Testing is a very important aspect of development and can largely determine the fate of an application. Good testing can catch application-killing issues early on, but poor testing invariably leads to failure and downtime.

    While there are three main types of software testing: unit testing, functional testing, and integration testing, in this blog post, I am going to talk about developer-level unit testing. Before I dive into the specifics, let’s review – at a high level – what each type of testing entails.

    Types of Software Development Tests

    Unit tests are used to test individual code components and ensure that code works the way it was intended to. Unit tests are written and executed by developers. Most of the time a testing framework like JUnit or TestNG is used. Test cases are typically written at a method level and executed via automation.

    Integration Tests check if the system as a whole works. Integration testing is also done by developers, but rather than testing individual components, it aims to test across components. A system consists of many separate components like code, database, web servers, etc. Integration tests are able to spot issues like wiring of components, network access, database issues, etc.

    Functional tests check that each feature is implemented correctly by comparing the results for a given input against the specification. Typically, this is not done at a developer level. Functional tests are executed by a separate testing team. Test cases are written based on the specification and the actual results are compared with the expected results. Several tools are available for automated functional testing like Selenium and QTP.

    As mentioned earlier, unit testing helps developers to determine whether the code works correctly. In this blog post, I will provide helpful tips for unit testing in Java.

    Check out this blog post to learn more about the testing tools our development team uses and loves!

    1. Use a framework for unit testing

    Java provides several frameworks that for unit testing. TestNG and JUnit are the most popular testing frameworks. Some important features of JUnit and TestNG:

  • Easy to setup and run
  • Supports annotations
  • Allows certain tests to be ignored or grouped and executed together
  • Supports parameterized testing, i.e. running a unit test by specifying different values at run time
  • Supports automated test execution by integrating with build tools like Ant, Maven, and Gradle
  • EasyMock is a mocking framework that is complementary to a unit testing framework like JUnit and TestNG. EasyMock is not a full-fledged framework by itself. It simply adds the ability to create mock objects to facilitate testing. For example, a method we want to test may invoke a DAO class that gets data from the database. In this case, EasyMock can be used to create a MockDAO that returns hard-coded data. This allows us to easily test the method that we intend to without having to bother about the database access.

    2. Use Test Driven Development – Judiciously!

    Test-driven development (TDD) is a software development process in which tests are written based on the requirements before any coding begins. Since there is no code yet, the test will initially fail. The minimum amount of code is then written to pass the test. The code is then refactored until it is optimized.

    The goal is to write tests that cover all the requirements as against simply writing code first that may not even meet the requirements. TDD is great as it leads to simple modular code that is easy to maintain. Overall development speeds up and defects are easily identified. Also, unit tests get created as a by-product of the TDD approach.

    However, TDD may not be suitable in all situations. In projects where the design is complicated, focusing on the simplest design to pass the test cases and not thinking ahead can result in huge code changes. Also the TDD approach is difficult to use for systems which interact with legacy systems, GUI applications or applications that work with databases. Also, the tests need to be updated as the code changes.

    So before deciding on TDD approach, the above factors should be kept in mind and a call should be taken based on the nature of the project.

    3. Measure code coverage

    Code coverage measures (in percentage) how much of the code is executed when the unit tests are run. Normally, code with high coverage has a decreased chance of containing undetected bugs, as more of its source code has been executed in the course of testing. Some best practices for measuring code coverage include:

  • Use a code coverage tool like Clover, Corbetura, JaCoCo, or Sonar. Using a tool can improve testing quality, as these tools can point out areas of the code that are untested, allowing you to develop additional tests to cover these areas.
  • Whenever new functionality is written, immediately write new tests to cover.
  • Ensure that there are test cases that cover all the branches of the code, i.e. if/else statements.
  • High code coverage does not guarantee the tests are perfect, so beware!

    The concat method below accepts a boolean value as input, and appends the two strings passed in only if the boolean value is true:

    public String concat(boolean append, String a,String b) {
    
            String result = null;
            If (append) {
                result = a + b;
                                }
            return result.toLowerCase();
    
        }

    The following is a test case for the above method:

    @Test
            public void testStringUtil() {
             String result = stringUtil.concat(true, "Hello ", "World");
             System.out.println("Result is "+result);
    
            }

    In this case, the test is executed with a value of true. When the test is executed, it will pass. When a code coverage tool is run, it will show 100% code coverage as all the code in the concat method is executed. However, if the test is executed with a value of false, a NullPointerException will be thrown. So 100% code coverage is not really an indication of whether the test has covered all the scenarios and the test is good.

    4. Externalize test data wherever possible

    Prior to JUnit4, the data for which the test case was to be run has to be hardcoded into the test case. This created a restriction that in order to run the test with different data, the test case code had to be modified. However, JUnit4 as well as TestNG support externalizing the test data so that the test cases can be run for different datasets without having to change the source code.

    The MathChecker class below has a method which checks if a number is odd:

    public class MathChecker {
    
            public Boolean isOdd(int n) {
    
                if (n%2 != 0) {
                    return true;
                } else {
                    return false;
                                             }
            }
        }

    The following is a TestNG test case for the MathChecker class:

    public class MathCheckerTest {
    
            private MathChecker checker;
    
            @BeforeMethod
            public void beforeMethod() {
              checker = new MathChecker();
            }
    
            @Test
            @Parameters("num")
            public void isOdd(int num) { 
              System.out.println("Running test for "+num);
              Boolean result = checker.isOdd(num);
              Assert.assertEquals(result, new Boolean(true));
            }
        }

    TestNG

    The following is the testng.xml (the configuration file for TestNG) that has the data for which the test is to be executed:

    <?xml version="1.0" encoding="UTF-8"?>
        <suite name="ParameterExampleSuite" parallel="false">
        <test name="MathCheckerTest">
        <classes>
          <parameter name="num" value="3"></parameter>
          <class name="com.stormpath.demo.MathCheckerTest"/>
        </classes>
         </test>
         <test name="MathCheckerTest1">
        <classes>
          <parameter name="num" value="7"></parameter>
          <class name="com.stormpath.demo.MathCheckerTest"/>
        </classes>
         </test>
        </suite>

    As can be seen, in this case the test will be executed twice, once each for the values 3 and 7. In addition to specifying the test data via the XML configuration file, it can also be provided in a class via the DataProvider annotation.

    JUnit

    Similar to TestNG, test data can also be externalized for JUnit. The following is a JUnit test case for the same MathChecker class as above:

    @RunWith(Parameterized.class)
        public class MathCheckerTest {
         private int inputNumber;
         private Boolean expected;
         private MathChecker mathChecker;
    
         @Before
         public void setup(){
             mathChecker = new MathChecker();
         }
    
            // Inject via constructor
            public MathCheckerTest(int inputNumber, Boolean expected) {
                this.inputNumber = inputNumber;
                this.expected = expected;
            }
    
    
            @Parameterized.Parameters
            public static Collection<Object[]> getTestData() {
                return Arrays.asList(new Object[][]{
                        {1, true},
                        {2, false},
                        {3, true},
                        {4, false},
                        {5, true}
                });
            }
    
            @Test
            public void testisOdd() {
                System.out.println("Running test for:"+inputNumber);
                assertEquals(mathChecker.isOdd(inputNumber), expected);
            }
        }

    As can be seen, the test data for which the test is to be executed is specified by the getTestData() method. This method can easily be modified to read the data from an external file instead of having hardcoded data.

    5. Use assertions instead of print statements

    Many new developers are in the habit of writing a System.out.println statement after each line of code to verify the code executed correctly. This practice often extended to unit tests, leading to cluttered test code. Along with the clutter, this requires manual intervention by developers to verify the output printed on the console to check if the test ran successfully or not. A better approach is to use assertions which automatically indicate test results.

    The following StringUtil class is a simple class with one method that concatenates two input strings and returns the result:

    public class StringUtil {
    
        public String concat(String a,String b) {
    
            return a + b;
        }
    
        }

    The following are two unit tests for the method above:

    @Test
            public void testStringUtil_Bad() {
             String result = stringUtil.concat("Hello ", "World");
             System.out.println("Result is "+result);
    
            }
    
         @Test
            public void testStringUtil_Good() {
             String result = stringUtil.concat("Hello ", "World");
             assertEquals("Hello World", result);
    
            }

    The testStringUtil\_Bad will always pass as it has no assertions. A developer manually needs to verify the output of the test at the console. The testStringUtil\_Good will fail if the method returns a wrong result and does not require developer intervention.

    6. Build tests that have deterministic results

    Some methods do not have a deterministic result, i.e. the output of that method is not known beforehand and can vary each time. For example, consider the following code that has a complex function and a method that calculates the time required (in milliseconds) for executing the complex function:

    public class DemoLogic {
    
        private void veryComplexFunction(){
            //This is a complex function that has a lot of database access and is time consuming
            //To demo this method, I am going to add a Thread.sleep for a random number of milliseconds
            try {
                int time = (int) (Math.random()*100);
                Thread.sleep(time);
            } catch (InterruptedException e) {
                // TODO Auto-generated catch block
                e.printStackTrace();
            }
    
        }
    
        public long calculateTime(){
    
            long time = 0;
            long before = System.currentTimeMillis();
            veryComplexFunction();
            long after = System.currentTimeMillis();
            time = after - before;
            return time;
    
    
        }
    
        }

    In this case, each time the calculateTime method is executed, it will return a different value. Writing a test case for this method would not be of any use as the output of the method is variable. Thus, the test method will not be able to verify the output for any particular execution.

    7. Test negative scenarios and borderline cases, in addition to positive scenarios

    Often, developers spend a huge amount of time and effort in writing test cases that ensure the application works as expected. However, it is important to test negative test cases as well. A negative test case is a test case that tests if a system can handle invalid data. For example, consider a simple function which reads an alphanumeric value of length 8, typed by a user. In addition to alphanumeric values, the following negative test cases should be tested:

  • User specifies non – alphanumeric values like special characters
  • User specifies blank value
  • User specifies a value which is larger or smaller than 8 characters
  • Similarly, a borderline test case tests if the system works well for extreme values. For example, if a user is expected to enter a numeric value from 1 to 100, 1 and 100 are the borderline values and it is very important to test the system for these values.

    Ready to get testing? Great! Want to learn more about adding authentication to your webapp or API? We’ve got you covered there too! Learn more about how Stormpath supports complete Identity Management across the Java and Spring ecosystems in our product documentation, or through any of these great resources:

  • A Simple WebApp with Spring Boot, Spring Security, and Stormpath — In 15 Minutes
  • A Beginner’s Guide to JWTs in Java
  • Singly Sign-On for Java in 20 Minutes with Spring Boot and Heroku
  • The post 7 Tips for Writing Better Unit Tests in Java appeared first on Stormpath User Identity API.

    August 22, 2016

    KatasoftWatch: Mobile Authentication for iOS Applications [Technorati links]

    August 22, 2016 01:50 PM

    When building an iOS app, figuring out how to handle mobile authentication is always a huge challenge. It’s often the last thing you and your team want to think about, so unfortunately, teams often ship apps with weak user and authentication security in the name of speed. In a world where security and privacy matter more every day and consumers are increasingly concerned about their own data security and privacy, authentication has become an area where your app cannot afford a misstep. So, what to do?

    In this presentation, Stormpath iOS Evangelist Edward Jiang gives an overview of the current mobile authentication ecosystem, including:

  • Stormpath Customer Identity Management
  • What does authentication mean?
  • Common methods of mobile authentication
  • OAuth 2.0 token authentication
  • Building login and registration with Stormpath
  • Making authenticated network requests
  • Add Facebook or Google login with one line of code
  • You can find the slides for this presentation on Slideshare.

    Excited to learn more about authentication for iOS? Check out these resources:

  • Tutorial: Build an iOS App in Swift that Uses a REST API and Stormpath
  • How to Manage API Authentication Lifecycle on Mobile Devices
  • Tutorial: Build a REST API for Your Mobile Apps Using Node.js
  • Tutorial: Build Your First Swift WebApp with Vapor
  • Where to Store Your JWTs — Cookies or HTML5 Web Storage
  • The post Watch: Mobile Authentication for iOS Applications appeared first on Stormpath User Identity API.

    Drummond Reed - CordanceEven Just Two Days Can Be a Vacation [Technorati links]

    August 22, 2016 06:44 AM

    “Summer vacation” this year consisted of just two days—the only two days my two sons could free up to take off with my wife and I. There wasn’t even enough time to go out of town, so finally we had a real “staycation”. The first day we did classic Seattle tourist gigs like Waterfall Garden Park, Pioneer Square, the Underground Seattle Tour (a real hoot), the Seattle Center Chihuly Garden and Glass Exhibit (mind-blowing), and dinner at the Pike Place Market (Shiro’s new place Sushi Kashiba—fantastic).

    The second day was even more domestic: together we disassembled one of the icons of the boy’s childhood—the treehouse we spent a whole summer building fifteen years ago (but which now had become a full-blown hazard due to a rotting floor).

    reed-treehouse.png

    Yes, there were some sad moments—but all of us sweating together on it (it was a record-breaking Seattle afternoon) made it more of a wake than a funeral. And we left the swings (far left of the picture), which were always the most-used part of the whole contraption anyway. Given the size of the beam they are hanging from, those swings should be still be there for our grandchildren’s grandchildren.

    Afterwards, as I lounged in the pool-temperature water of Haller Lake, I didn’t regret for a second that I only had two days of vacation. Rather I marveled at how much beauty, joy, and satisfaction one can soak in from even the briefest breaks from the grindstone. Which is why I make it a habit to blog this as I reminder to myself after every vacation—no matter how short.


    August 20, 2016

    Mark Dixon - OracleFirst Round-the-World Telegram – 105 Years Ago! [Technorati links]

    August 20, 2016 04:42 PM

    Oh, how far technology has come in the last century!  As related by History.com, on August 20, 1911 (105 years ago today) a dispatcher in the New York Times office sent the first telegram around the world via commercial service. 

    The Times decided to send its 1911 telegram in order to determine how fast a commercial message could be sent around the world by telegraph cable. The message, reading simply “This message sent around the world,” left the dispatch room on the 17th floor of the Times building in New York at 7 p.m. on August 20. After it traveled more than 28,000 miles, being relayed by 16 different operators, through San Francisco, the Philippines, Hong Kong, Saigon, Singapore, Bombay, Malta, Lisbon and the Azores–among other locations–the reply was received by the same operator 16.5 minutes later. It was the fastest time achieved by a commercial cablegram since the opening of the Pacific cable in 1900 by the Commercial Cable Company.

    Telegram

    In these days of ubiquitous, near instantaneous global communications at our fingertips, it is a bit hard to fathom that a round-the-world message took over 16 minutes to reach its destination.  But in a time not too far removed from the Pony Express, 16 minutes was a real breakthrough.

    As my Dad likes to say, “We stand on the broad shoulders of those who have gone before!”

    August 19, 2016

    Matthew Gertner - AllPeersGetting fit for your travels [Technorati links]

    August 19, 2016 10:33 PM
    Pilates is a great way of Getting fit for your travelsPhoto by CC user Amanda Mills, USCDCP and http://www.public-domain-image.com/

    Given the pace of modern life and how hard we work it is understandable that many of us want to make the most of our travels. People go on vacation for various reasons; some want nothing more than to relax by a pool or on a beach, while others want to be on the move and sightsee. Whatever you want to do on your travels, it makes sense to prepare, and this means getting fit for your travels.

    You may not think that lazing on a sun-lounger requires a good level of fitness, but if you are going to do very little on your break, you want to be in good shape before you go. Conversely, if you are looking to enjoy an all-action trip or you plan on walking around tourist attractions, you want to be in peak condition. Activities such as climbing stairs at your hotel, carrying your luggage, or enjoying a dance late at night will place your body under pressure that it is not used to, so take the time to improve your health.

    In order to help yourself get fit for traveling, here is a list of tips that will help you reach your goal:

    When it comes to health and fitness, the two key areas where you can make a difference are based on eating and exercise.

    Eat healthier

    A lot of people tend to diet or eat healthier before they travel. This is often related to looking as good as possible in their new clothes and the photos they take, but eating healthier can help people enjoy their vacation. Cutting down portion sizes or adding more fruit, vegetables, and salad to your daily routine can give you more energy.

    Different people need different nutrients and energy, so it is important to find the healthy eating plan that is best-suited to your needs. Whether you’re looking to be in shape for your trip or you want more energy, changing your eating plans before you go can work wonders.

    Get more exercise

    The exercise that you do should be focused on what you plan on doing on your vacation. If you intend to do a lot of walking, try to build up the amount of walking you do before you go. Simple tips such as getting off the bus a stop earlier or walking to the shops as opposed to taking the car will prepare your body for the physical exertions of traveling. It will also be of benefit to get into the habit of stretching your legs and warming up before you leave your home.

    It is easy to take walking for granted, but if you intend to do a lot more walking on vacation than you would normally do at home, you need to build up your strength. This is the case for any activity. If you are worried about carrying your luggage, start carrying heavier bags at home or lifting light weights.

    While the sort of activity you plan on enjoying during your trip will impact on how you should plan ahead, the length of your trip and travel time will also be a factor. It has never been easier to travel the world, so you may be away from home for a long time or in the air for a considerable amount of time.

    Flying for a continuous period of time is a concern for some people, and there are steps that you can take to minimize any risk of health problems. Stretching your legs and walking up and down the aisle every so often on a long-distance flight will help keep you active. You should also consider compression stockings as a way of supporting your feet and legs, while also ensuring a healthy circulation of blood around your body. The specifications for women’s compression socks offer a range of colors and sizes, so it is possible to look good while taking good care of your body.

    Feeling fit and healthy on your vacation will help you make the most of your journey. This is why getting fit for your travels makes sense and will provide you with more fun and enjoyment.

    The post Getting fit for your travels appeared first on All Peers.

    August 18, 2016

    KatasoftWatch: No-Code SAML Support for SaaS Applications [Technorati links]

    August 18, 2016 01:39 PM

    SAML (Security Assertion Markup Language) is an XML-based standard for securely exchanging authentication and authorization information between entities — specifically between identity providers, service providers, and users. Stormpath supports SAML login without any XML. You simply configure the appropriate language or framework-specific SDK and the Stormpath Admin Console. From there, your application can consume SAML assertions from any SAML IdP. By offloading the burden of user identity management, including authentication and authorization, to Stormpath, your team resources can remain focused on building the core functionality of your application.

    In this presentation, Stormpath Head of Product Tom Abbott gives an overview of Stormpath’s no-code SAML support, including:

  • SAML Support for multi-tenant SaaS applications
  • SAML and ID Site – prebuilt workflows and screens to speed your development time
  • Quickstart Demo – enable SAML in your application without code
  • You can find the slides for this presentation on Slideshare.

    Excited to learn more about authentication for iOS? Check out these resources:

  • Developer-Friendly SAML Single Sign-On Support
  • SAML Support for Your Customer Apps
  • 3 Classic User Management Mistakes (& How to Avoid Them)
  • The post Watch: No-Code SAML Support for SaaS Applications appeared first on Stormpath User Identity API.

    August 17, 2016

    Katasoft5 Ways to Build Routing in ASP.NET Core [Technorati links]

    August 17, 2016 06:23 PM

    In software development, routing serves to map all incoming requests to handlers and generate the URLs used in responses. In ASP.NET Core, routing has been rewritten from the roots up. Previously, routing with MVC and Web API was very similar, but both were using different frameworks (and code) to do the same thing. An important difference was that Web API supported RESTful routes by default. For example, if a controller’s action method name started with Post, then invoking an HTTP Post would call that method by default.

    Since Microsoft decided to rebuild and unify the routing framework, what applies now for MVC, applies also for Web API. Before we dig into how to build routing, however, let’s review why routing is so important for your application.

    Why Routing?

    SEO friendly

    RESTfully configured routing facilitates the Search Engine Optimization (SEO) of your content. A site’s URL is one of the top criteria that impacts site ranking. By converting www.yourwebsite.com/articles/show/123 to www.yourwebsite.com/how-to-peel-potatoes you encourage search engines to rank it higher for keyphrases related to “how to peel potatoes.”

    Also, when you have a URL that is more descriptive, it is easier for users to correctly anticipate the content, leading to increased time on page, which also impacts SEO and your overall page authority.

    URLs do not need to map a file

    Without routing, an incoming request would be mapped to a physical file. With routing we have full control of the request, allowing us to decide what action and controller we execute when a certain HTTP request comes in.

    Long URLs and file extensions can be eliminated

    Routing helps to shorten the URL in instances where many parameters and filters are in play. By eliminating the file extension, we can hide what kind of environment we are working in.

    So, how do we take advantage of these benefits? Let’s look at five ways you can build routing in your ASP.NET Core application.

    1. Creating Default Routes

    You can define the default route by convention in your project’s Startup class.

    public class Startup
        {
            public void ConfigureServices(IServiceCollection services)
            {
                services.AddMvc();
            }
    
            public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
            {
                app.UseMvc(routes =>
                {
                    routes.MapRoute(
                        name: "default",
                        template: "{controller=Home}/{action=Index}/{id?}");
                });
            }
        }

    With the above, we assure the essential configuration exists in our project for the standard MVC pattern of Controller + Action + ID (Optional) route. You can also declare the routing pattern like this:

    routes.MapRoute(
        name: "default_route",
        template: "{controller}/{action}/{id?}",
        defaults: new { controller = "Home", action = "Index" }
    );

    (This is how we used to do routing in ASP.NET Core.)

    2. Extending Default Routes

    Once we have the default route configured, we might want to extend it by adding customized routes based on specific needs. For this, we can add configurations using the MapRoute() method.

    app.UseMvc(routes =>
            {
                //New Route
                routes.MapRoute(
                   name: "about-route",
                   template: "about",
                   defaults: new { controller = "Home", action = "About" }
                );
    
            routes.MapRoute(
                name: "default",
                template: "{controller=Home}/{action=Index}/{id?}");
            });

    We added an extra route which grants access to the About action on the Home controller with an /about route. Because the default pattern route is still present, we can also access the About page with the conventional /home/about route.

    3. Using Attributes

    You can also configure routes using attributes in your controller and actions.

    [Route("[controller]")]
        public class AnalyticsController : Controller
        {
            [Route("Dashboard")]
            public IActionResult Index()
            {
                return View();
            }
    
            [Route("[action]")]
            public IActionResult Charts()
            {
                return View();
            }
        }

    In this sample we can access to the controller actions with the following routes:

  • /Analytics/Dashboard
  • /Analytics/Charts
  • You can see the two tokens [controller] and [action] indicate that we have to refer to the controller and action name that has been declared. In this case, “Analytics” is the name of the controller, and “Charts” the name of the action, therefore it the name of the route.

    4. Building RESTful Routes

    In order to declare a RESTful controller, we need to use the following route configuration:

    [Route("api/[controller]")]
    public class ValuesController : Controller
    {
        // GET api/values
        [HttpGet]
        public IEnumerable<string> Get()
        {
            return new string[] {"hello", "world!"};
        }
    
        // POST api/values
        [HttpPost]
        public void PostCreate([FromBody] string value)
        {
        }
    }

    Here we are telling to our RESTful service to accept calls under the /api/values route. Note that we no longer use the Route attribute for actions. Instead we decorate it with HttpGet, HttpPost, HttpPut, HttpDelete attributes.
    Or, we can take a look at a different scenario:

    // POST api/values/5
    [HttpPost("{id}")]
    public void PostUpdate(int id, [FromBody] string value)
    {
    }

    Here we have the following routes for the controller Values

  • HTTP Post of /values route will invoke Post() action
  • HTTP Post of /values/PostName route will invoke Post([FromBody]string value) action
  • 5. Using Constraints

    We can restrict the type of value that we pass to actions using constraints. For example, if we expect an argument that is a number we have to restrict it to an integer type. Declare constraints in attributes using curly brackets {id:int}.

    [HttpGet("{id:int}")]
    public string GetById(int id)
    {
        return "item " + id;
    }

    Here, we are telling the action GetByID to accept only an integer argument. Adding a question mark to the constraints {id:int?} indicates that the parameter is optional. Therefore with a question mark we can call /GetByID/123 or /GetByID without additional parameters. We can also define constraints in default routes declared in the Startup class this way:

    routes.MapRoute(
        name: "getProductById",
        template: "Products/{id:int}",
        defaults: new { controller = "Products", action = "GetById" });

    There are several available constraints like bool, datetime, decimal, min, max, regex, etc.

    If you’re ready to learn more about RESTful application design in ASP.NET Core, check out these resources:

  • Token Authentication in ASP.NET Core
  • Tutorial: Deploy an ASP.NET Core Application on Linux with Docker
  • Tutorial: Using Entity Framework Core
  • The post 5 Ways to Build Routing in ASP.NET Core appeared first on Stormpath User Identity API.

    ForgeRockSydney Identity Summit & Unconference Snapshots [Technorati links]

    August 17, 2016 01:11 AM

    Last week marked the first Identity Summit and Unconference in Sydney. A big thank you to our phenomenal speakers, sponsors and attendees for making the events such a success. We’ve been collecting and publishing highlights on Facebook and Twitter, so wanted to share with you something of a timeline of the two memorable days. What follows below is a Storify collection of photos and Tweets where you can revisit your favourite moments.

    The Sydney Identity Unconference, in particular, was the second event of its kind that we’ve run at ForgeRock and we’re getting unanimous feedback that these kinds of informal learning and sharing days are exactly what our customers, partners and the identity community value most. Having the opportunity to get hands-on advice from our product and subject matter experts – which is exactly what the unconference format is designed to support – provides immediate and measurable impact for the identity professionals in the ForgeRock community.

    With the backdrop of Sydney Harbour, the day kicked off with Daniel Raskin, SVP Product Management at ForgeRock, opening the event and sharing an update on the new capabilities released only a few weeks earlier as part of the ForgeRock Identity Platform Mid-Year Release 2016. In true Unconference style, as a team, the agenda was built and the discussions were underway! Throughout the day a number of in-depth technical sessions were held, ranging in topics from User-Managed Access, DevOps, Stateless Sessions, Mobile Push Authentication, Privacy and Consent, Cloud Readiness and Microservices ‘Funfest’ – to name a few!

    Many thanks to everyone who made both the Sydney Identity Summit and Unconference a smashing success! In particular we’d like to recognise our Platinum sponsor Accenture, Gold sponsor Deloitte and Silver sponsor Aurionpro for their efforts and support.

    View the Sydney Identity Summit session recordings and event highlights video!

    Next up, the ForgeRock Identity Summit World Tour travels to London and Paris.

    The post Sydney Identity Summit & Unconference Snapshots appeared first on ForgeRock.com.

    August 16, 2016

    KatasoftWatch: JWTs in Java for Microservices and CSRF Prevention [Technorati links]

    August 16, 2016 03:52 PM

    A microservices architecture connects many independent processes that communicate with one another over an API, or multiple APIs. These processes, and there are often a lot of them, need to exchange information and each communication exposes your application to vulnerabilities and latency.

    In this presentation, Stormpath Java Evangelist Micah Silverman gives an overview of the JJWT library, how it can be used in a CSRF (Cross Site Request Forgery) prevention implementation, and a simple (but powerful) PKI (Public Key Infrastructure) approach to secure communication between microservices.

    Follow along with the resources demonstrated in this presentation:

  • JJWT library
  • JWT CSRF Tutorial
  • JWT Microservices Tutorial
  • Excited to learn more about JWTs and authentication? Check out these resources:

  • How to: Secure Connected Microservices in Spring Boot with OAuth and JWTs
  • A Beginner’s Guide to JWTs in Java
  • 5 Practical Tips for Building Your Spring Boot API
  • OZorkAuth — Learn OAuth2 + Spring Boot the Fun Way!
  • Where to Store Your JWTs — Cookies or HTML5 Web Storage
  • The post Watch: JWTs in Java for Microservices and CSRF Prevention appeared first on Stormpath User Identity API.

    GluuAre you making it personal? Amido report identifies six key verticals as the biggest players facing customer identity challenges [Technorati links]

    August 16, 2016 02:38 PM

    Earlier this year one of our partners, Amido, commissioned a piece of research to uncover how senior IT and marketing decision makers across six vertical markets are utilizing ever-increasing amounts of customer data to identify customers and personalize the customer experience.

    Amido spoke to leaders across the following six vertical markets: retail, media, financial services, utilities, logistics, and automotive to find out:

    The full report explores a new world of information management and how customer data, if harnessed and utilized effectively across the organization, has the potential to provide greater customer insight, long term customer engagement and the ability to predict future behavior. Giving people what they want, before they want it, is next-generation personalization.

    To download the full report, please click here. Amido is also hosting an exclusive event for senior IT and marketing decision makers to discuss the findings at the Soho Hotel on Thursday 6 October. For more information or to request a space, please visit the website.

    Gerry Beuchelt - MITRELinks for 2016-08-15 [del.icio.us] [Technorati links]

    August 16, 2016 07:00 AM
    August 15, 2016

    ForgeRockWhy Open Source? Ask The U.S. Government [Technorati links]

    August 15, 2016 09:15 PM

    Big news from the open source world! The U.S. government just announced the finalized Federal Source Code Policy that requires agencies to release at least 20 percent of new custom developed code as Open Source Software for three years. Wired has a great article that goes in-depth into this new policy and discusses the sea change that has led to the newfound popularity of open source software, not only in government, but with major corporations as well. The article sums it up best: “…governments and corporations are realizing that open source is often the best way to develop software.”

    We can’t agree more with the government’s reasoning:

    Making source code available as OSS can enable continual improvement of Federal custom-developed code projects as a result of a broader user community implementing the code for its own purposes and publishing improvements. This collaborative atmosphere can make it easier to conduct software peer review and security testing, to reuse existing solutions, and to share technical knowledge.

    Source: Federal Source Code Policy

    As a commercial open source identity and access management vendor, ForgeRock is excited to see open source get this level of validation. It’s an acknowledgement that our goal of building the best open source IAM platform is only going to see more support as organizations realize the benefits of open source.

    We’ve been ardent advocates of open source since day one and continue to participate and support the community. Our customers benefit from our open source approach because they get access to the source code, have transparency around the entire development process, and can contribute code back to ForgeRock for potential incorporation into the product. Developers can also freely download our software for use in development environments and POCs. At its core, our commercial open source model gives you the benefits of an enterprise vendor as well as the benefits of the open source model. It’s really the best of both worlds. ForgeRock is part of what Accel partner, Jake Flomenberg calls the new wave of “open adoption software”, open source software solutions that are enabling innovative organizations.

    Our developer friendly platform is the foundation of digital businesses around the world. We give organizations a simple approach to deliver identity services for users, devices, connected things, and cloud services that helps them to bring new products and services to market much faster and more efficiently legacy vendors. Our customers like TomTom are driving innovative initiatives like the Internet of Things while others like GEICO are focused on delivering an omnichannel customer experience and unifying customer identities. Open source is primed to take a greater role in government and enterprise software deployments and we’re excited to be a part of the revolution.

    Visit our website for more information on our commercial open source model
    The ForgeRock Identity Platform
    Download a free trial of the ForgeRock Identity Platform
    Join our open source community

    The post Why Open Source? Ask The U.S. Government appeared first on ForgeRock.com.

    KatasoftTutorial: Use Spring Boot to Build and Deploy WAR Files [Technorati links]

    August 15, 2016 06:23 PM

    Spring Boot makes it easy to create stand-alone Java web applications. However in production environments, a web container often already exists. How do we deploy our apps in these situations and have them run side-by-side with other servlets? In this tutorial, we’ll walk through how to use WAR files to do just that.

    Getting Started with With Spring Boot, Tomcat, and WAR Files

    In a previous tutorial, we built a simple RESTful web app using Spring Boot. I’m going to use this as a base and show how to deploy it into a container. You can grab the code for this tutorial on GitHub.

    To ensure an existing Spring Boot app is container-ready one needs do three things
    – Renaming the embedded Tomcat libraries
    – Repackage the output file as a WAR
    – Wire the application up as a servlet

    Tomcat Libraries

    Building a Spring Boot application produces a runnable jar file by default. If your app includes server functionality, then Tomcat will be bundled with it. We need to ensure the Tomcat libraries don’t clash with an existing container (since the container will include the same libraries).

    When we do a clean clone of our repo (grab the code on GitHub if you haven’t yet) and do an mvn clean package we end up with a target directory containing our runnable jar.

    $ mvn clean package

    This jar contains Tomcat libraries. To confirm this, we can rename it to .zip and look at the lib directory.
    LIB Tomcat

    You’ll see various .jar files starting with tomcat-. Some of these will clash with a running instance of Tomcat. We need to tell Spring Boot to move them.

    To WAR! AKA: Build Your WAR Files

    First, we must tell Spring Boot we want a WAR file as output. This is as easy as adding one line to our pom.xml.

    <packaging>war</packaging>

    Now when we build the package with

    $ mvn clean package

    we will see a .war file inside our target directory:
    WAR file in target directory

    As before we can rename the file to .zip to see what’s inside. Everything is basically the same, just slightly re-ordered. Now lib is inside of WEB-INF anddemo` (where our project code sits) is in WEB-INF/classes.
    Web INF Files

    Renaming Tomcat

    Next, we tell Spring Boot to move our Tomcat libraries out of this folder. In our previous pom.xml we included three dependencies for our project – one for REST, one for data access, and another for the database.

    <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-data-rest</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-data-jpa</artifactId>
            </dependency>
            <dependency>
                <groupId>com.h2database</groupId>
                <artifactId>h2</artifactId>
            </dependency>
        </dependencies>

    Now we append the Spring Boot Tomcat Starter to this (which links to the Tomcat libraries you need when embedding) and set the scope of the dependency to provided.

    <dependencies>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-data-rest</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-data-jpa</artifactId>
            </dependency>
            <dependency>
                <groupId>com.h2database</groupId>
                <artifactId>h2</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-tomcat</artifactId>
                <scope>provided</scope>
            </dependency>
        </dependencies>

    This will still include the .jar files as before but will put them in a new folder called lib-provided.

    We can see this if we follow the same procedure as before. Once we mvn clean package and rename our .war to .zip we’ll see inside WEB-INF the new folder has appeared. Inside are all the embedded Tomcat libraries (and you’ll see they are no longer in lib).
    Embedded Tomcat Libraries

    Now our application will happily reside in a servlet container without clashing with its libraries.

    Setting Up a Servlet

    The only other thing we need to do is wire our application up to start as a servlet. And to do this we need to modify our application definition.

    In the REST app mentioned our Application.java used the SpringBootApplication annotation on the main class and defined a main method.

    package demo;
    
    import org.springframework.boot.SpringApplication;
    import org.springframework.boot.autoconfigure.SpringBootApplication;
    
    @SpringBootApplication
    public class Application {
    
        public static void main(String[] args) {
            SpringApplication.run(Application.class, args);
        }
    }

    To set the app up as a servlet we extend the main class with SpringBootServletInitializer and override the configure method using SpringApplicationBuilder.

    package demo;
    
    import org.springframework.boot.SpringApplication;
    import org.springframework.boot.autoconfigure.SpringBootApplication;
    import org.springframework.boot.context.web.SpringBootServletInitializer;
    import org.springframework.boot.builder.SpringApplicationBuilder;
    
    @SpringBootApplication
    public class Application extends SpringBootServletInitializer {
    
        @Override
        protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
            return application.sources(Application.class);
        }
    
        public static void main(String[] args) {
            SpringApplication.run(Application.class, args);
        }
    }

    And that’s it! This application will now happily run inside a Tomcat container!

    Installing Tomcat

    Deploying WAR files to Tomcat is as easy as copying the file to Tomcat’s webapps directory. But first, you need to install Tomcat. On Ubuntu, you can use apt-get.

    $ sudo apt-get install tomcat7

    This will install and start the server automatically on port 8080.

    On Windows it’s just as easy – download and extract the binary distribution .zip file and run startup.bat in the bin directory. This will open up a console window showing the output of Catalina.
    Tomcat Console

    In both cases, you can check to see if everything is running by browsing to localhost:8080. You should see the Tomcat default homepage.
    Tomcat

    (Who knew Tomcat was so easy to use?!)

    Copy the WAR File

    The last step is copying the WAR to webapps. Here the name is important – whatever filename we choose will be used to map HTTP requests to our application. (All done automatically! I think this is amazing.) In an attempt to be more URL-friendly, I’m going to use demo.war.

    On Ubuntu, this can be done with:

    $ sudo cp target/demo-0.0.1-SNAPSHOT.war /var/lib/tomcat7/webapps/demo.war

    In Windows, use Explorer for the copy and then wait for the console window to show deployment messages.
    WAR Deployment Message

    And that’s it! Just by copying one file across our app is automatically booted and running side-by-side with the default Tomcat servlet.

    Test Your WAR File Deployment

    As before we test this by making calls using curl. Normally we called get on localhost but now our application is mapped to /demo/.

    $ curl localhost:8080/demo/

    This shows you available URLs. To see what people objects are available you can use:

    $ curl localhost:8080/demo/people

    Or, create new ones with:

    $ curl -X POST -H "Content-Type:application/json" -d '{ "firstName" : "Karl", "lastName" : "Penzhorn" }' localhost:8080/demo/persons

    Note: In my testing I found the deploy on Windows to be somewhat brittle. Sometimes I needed to close and rerun startup.bat.

    Run as a Standalone Application

    One last thing – because our Tomcat libraries are still there (just moved) we are able to run this application on it’s own. So mvn spring-boot:run still works !

    $ mvn spring-boot:run

    Learn More

    Ready to add authentication and user management to your application? Interested in learning more about Spring Boot? We’ve got some other great resources to help you out:

  • A Simple WebApp with Spring Boot, Spring Security, and Stormpath — In 15 Minutes
  • Write Once Multi-Tenancy with Subdomains and Spring Boot
  • Build a No-Database Spring Boot Application with Stormpath CustomData
  • How to: Secure Connected Microservices in Spring Boot with OAuth and JWTs
  • 5 Practical Tips for Building Your Spring Boot API
  • Happy coding!

    The post Tutorial: Use Spring Boot to Build and Deploy WAR Files appeared first on Stormpath User Identity API.

    Julian BondWeatherland: Writers & Artists Under English Skies by Alexandra Harris [Technorati links]

    August 15, 2016 08:31 AM

    [from: Librarything]
    August 14, 2016

    Matthew Gertner - AllPeersHow to Be a Safer Trucker [Technorati links]

    August 14, 2016 08:48 PM

    Learning How to Be a Safer Trucker makes the roads better for all

    In response to a particularly heinous act in Nice, France, world leaders and scared citizens are beginning to call for better truck control. What started as satire has developed into sincere calls for regulation of heavy-duty machinery in and around cities, as misuse of large trucks could result in catastrophe ― even if it is not intentional, as it was in Nice.

    Commercial truckers tend to demonstrate safer driving habits than any other section of the population, but that doesn’t mean there aren’t ways truckers can be even safer on the road. Trucking companies can do more to ensure their drivers and those around them remain as safe as possible no matter the conditions on the road. Here are a few suggestions for employers and drivers to learn how to be a safer trucker.

    Safer Driving Rules

    A trucking company usually constructs a number of hoops for its drivers to jump through to ensure that no reckless, irresponsible truckers can endanger others, their loads, and themselves with unsafe driving practices. The commercial driver’s license itself requires some amount of practice and training as well as a passing grade on a three-part skills test designed to prevent careless drivers from ever getting behind the wheel of a big truck.

    Generally, companies must trust that their drivers are doing two things on the road: making inspections and driving defensively. With so many moving parts on a truck, one thing or another usually cracks, breaks, or runs dry on long hauls. Therefore, vehicle inspections are mandated by law before every trip, and most companies should encourage an inspection after every stop.

    Meanwhile, as truckers are moving, they must be patient, courteous, and observant. Driving defensively is a strategy that many young, inexperienced drivers initially ignore, so companies should definitely emphasize its importance before allowing new drivers on the road.

    In addition to these fundamental rules, there are a few more safety strategies that some companies may want to put into practice:

    New Regulations After Nice

    Knowing How to Be a Safer Trucker is vital during the winter

    Though no regulations have been signed into law as yet, in the days following the Nice attack, hundreds of lawmakers threatened incredibly off-putting rules restricting the movement of trucks through big cities. For example, Andrew Cuomo, New York’s governor, immediately issued directions to law enforcement regarding commercial truck movement.

    In an attempt to prevent what happened in Nice from occurring again in his state, Cuomo ordered more security in popular gathering spots, such as airports, bridges, tunnels, and mass transit systems.

    Thanks to a number of truck-based attacks in America’s history, including the Oklahoma City bombing and the first attempt to destroy the World Trade Center, the Department of Homeland Security has long held a list of indicators that flag potentially dangerous vehicles. Companies and drivers should avoid the following to ensure they can move freely about the country:

    Generally, companies can expect the most incendiary reactions to fade with time, but a number of restrictions may persist. It is important for companies and drivers to be aware of potential regulations now so they can avoid possible infractions.

    The post How to Be a Safer Trucker appeared first on All Peers.

    August 13, 2016

    Gerry Beuchelt - MITRELinks for 2016-08-12 [del.icio.us] [Technorati links]

    August 13, 2016 07:00 AM
    August 12, 2016

    Matthew Gertner - AllPeersHalloween is For Adults Too [Technorati links]

    August 12, 2016 10:50 PM

    When Halloween time comes around, kids become incredibly excited at the prospect of dressing up in ghoulish outfits and heading around the streets trick or treating looking to get some candy treats from the neighbors. As exciting as this time of year is for kids, they are not the only ones who can have a bit of fun when Halloween comes around, adults can too. This year why not try and inject a bit of fun into your Halloween with these ideas.

    1-1266336600cyWL

    Hold a Party

    Holding a Halloween party for you and your friends can be a lot of fun, going to a party is one thing but I always find hosting one to be more enjoyable. You can pick up loads of ghoulish decorations for your house for little money and turn your house into a haunted one. Adult Halloween costumes are just as varied and elaborate as those for kids, if not more so and you should spend a good amount of time looking for your costume, as the host the pressure is on for you to look the best. Your party can feature games like bobbing for apples and there is so much food and drink that you can prepare with a Halloween style twist.

    Head out on the Town

    Not that we need a reason to hit the town but Halloween is a great time to go out in your best costume. Many don’t like to dress up very often unless they are in a big crowd but on Halloween there will be plenty of people dressed up in all kinds of crazy outfits so you can go out in costume and feel comfortable. For you ladies out there who want to head out this Halloween, start taking a look at some sexy costumes for you to wear, there is plenty available on 3wishes.com that ticks both the Halloween costume and the looking sexy boxes. Dressing up doesn’t mean that you have to look silly, add some pizzazz to your outfit this Halloween.

    Go to a Haunted Place

    Heading to a haunted place or going on a ghost walk on Halloween will not only scare the bejeezus out of you but also provide a whole lot of fun. Do some research online about what there is in your vicinity by way of haunted places, this could be a castle, a disused building or even underground tunnels. More often than not at Halloween, these places are opened up to the public and there are usually guides who will talk you through these eerie places and talk to you about its history and why it became haunted, you may even see some strange goings on. Even if you are a non believer in paranormal activity you can still have a great deal of fun heading to these strange locations. Many events like this will sell out quite quickly so it’s important that you work out where you want to go and book up quickly before everyone else takes the tickets.

    The post Halloween is For Adults Too appeared first on All Peers.

    August 10, 2016

    ForgeRockWrapping up the Inaugural Sydney Identity Summit [Technorati links]

    August 10, 2016 11:41 PM

    As everyone tuning into the Olympics this week has heard, August is winter time in the southern hemisphere. Which means cool, breezy days here in Sydney – perfect weather for ForgeRock’s first-ever Identity Summit in Australia. We had a perfect venue also in the Museum of Contemporary Art (MCA), Australia’s premier museum for modern art from the region and globally. MCA has a world-class meeting space on Level 6 of its art deco headquarters, a building that formerly functioned as home base for Australia’s Maritime Services Board, and on Tuesday morning that’s where we greeted our Summit attendees – a diverse mix of identity professionals from top brands and government agencies throughout the region.

    Identity Summit SlideShareAll presentation decks from the Sydney Identity Summit can be accessed on the ForgeRock SlideShare page.

    ForgeRock CEO Mike Ellis kicked things off, providing a brisk 20-minute overview of how and why digital identity has become central to so many industries and life online in general. In short, Mike asserts, identity has become the centre of everything because customers are the centre of everything. More and more organisations are realising that creating frictionless user experiences are critical to their success, whether that’s measured by share of wallet, stronger brand or competitive differentiation. To enable omni-channel digital engagement, organisations require a single persistent view of the customer, and digital identity is the key enabling technology here.

    Keynote Presentations

    Immediately following Mike were our two keynotes: Graham Williamson, APAC Director & Senior Analyst at KuppingerCole; and Rachel Dixon, Head of Identity at the Digital Transformation Office of the Australian Government. Graham’s talk centred on how identity management and CRM strategies are converging, bringing us into a new age of Connected Customers. He pointed out that since these technologies are already in place, from the corporate point of view, it’s never been easier to understand customer preferences, to develop meaningful programs to suit individual requirements and to measure the results.

    Rachel’s presentation was a highlight of the morning, as the Australia DTO is widely regarded as a leader among public sector entities pushing the envelope on using identity to securely extend better services to citizens. Rachel’s team has been engaged in a major project to create a genuinely whole-of-government identity solution for Australia, and among the key things they learned is that people don’t actually want a digital identity. They just want to get stuff done. Because the need for digital identity is contextual, it’s more important for government IT architects to watch how people do things, rather than asking them what they think. This is where good service design originates. Rachel’s team is approaching Australia’s identity challenges from exactly this standpoint – centred on standards, not guidelines. We’re looking forward to the public beta launch of the DTO’s identity solution, which is scheduled to roll out for individuals in July 2017.

    @rachel_DTO Rachel Dixon, Head of Identity at Australia’s Digital Transformation Office, speaking at the 2016 ForgeRock Identity Summit

    Customer Case Studies and Executive Presentations

    The rest of the day at the summit was given over to presentations on real-world implementations from ForgeRock customers, and updates on product and industry developments from ForgeRock execs:

    Sydney Identity SummitAt the Sydney Identity Summit.

    The day closed out with Mike Ellis hosting a roundtable discussing why identity is a critical element to enabling digital business, how to plan for the future of identity and the impact of IoT. Mike was joined by KuppingerCole’s Graham Williamson, Oliver Lee from TomTom, Steve Wilson from Constellation Research, David Cook from Sunsuper, and Digital Transformation Consultant John Dobbin.

    Finishing Up the Identity Summit and Looking to the Unconference

    We finished up with drinks and hors d’oeuvres on the deck overlooking Sydney Harbour – a great way to bring a successful event to a successful close. Discussion centred primarily on proposed agenda items for our Unconference, which was taking place the next day in the same location at the MCA, but in the Quayside Room, rather than the Harbourside Room. We’ll have a brief recap of that event on the blog soon – stay tuned.

    View the Sydney Identity Summit session recordings and event highlights video!

    Finally, many thanks to all who contributed to making our first Sydney Identity Summit a winning affair – the first of many to come, no doubt. Onward to London and Paris – the final two stops in our 2016 Identity Summit series.

    John Donovan is ForgeRock Regional Vice President for Australia, New Zealand and ASEAN.

    The post Wrapping up the Inaugural Sydney Identity Summit appeared first on ForgeRock.com.

    Nat SakimuraOAuthに対するWPAD/PAC攻撃と対策 [Technorati links]

    August 10, 2016 06:54 AM

    8月3日のBlackhat 2016で発表された、HTTPSのURLが読めるというWPAD/PAC Attack[1]、なるほどねぇ、と思わせるアタックですな。

     HTTPS自身を攻撃するわけじゃなくて、HTTPSのhostに対するproxy resolveの時に、PACファイルを使ってURLの内容をフィルタリングして攻撃者のホストに送るというやり口。
     
    毎回proxy resolveが走るブラウザ(例:Firefox, Chrome)とそうでないブラウザがあって、後者だとあまり攻撃は成功しないが、FirefoxやChromeなどでは効果的。ただし、LANのProxy設定などで、「設定を自動的に検出する」がオンになっていなければならない。でもこれは、企業システムなどでは割りとONになっていることが多いのではないだろうか。
     
    ちなみに、スライドに
     
    というのがあるけど、これは、
    の間違いかな?OpenID authentication URLPassword reset URLなんてものは無いから。
     
    OAuthのAuthz req/res のqueryは両方共盗られてしまう。つまり、response_type=code * なら codeが、response_type=token * ならばtokenが奪取されて、リアルタイムに攻撃者のサーバに送られてしまいます。
    もちろん、ユーザが上記のプロキシ設定自動取得オプションをオフにしていれば大丈夫ですが、これは、OAuth Server/Client側ではいかんともし難いです。できる対策としては、
    といったところですね。
    Password Reset URLは、やられてしまいますね。むしろこっちの方が問題ですな。あと、DropboxなどでのURLによるファイル共有もやられます。サーバ側でできる対策としては、ファイル識別子を別途Formで入れさせるとかなんだろうけど、多くの人には使えなくなってしまうだろうことがちょっと悩ましいですね。
     

    Copyright © 2016 @_Nat Zone All Rights Reserved.

    August 09, 2016

    GluuWebViews are bad — Use AppAuth [Technorati links]

    August 09, 2016 05:04 PM
    Google, Okta, Ping and Gluu support appAuth, PKCE for OpenID Connect

    Google engineers promoting which OpenID Connect providers support appAuth

    In a WebView any malicious code in the page has the same rights as your application, so you should make sure you only load trusted content. But there is another risk–a malicious app may also have access to browser content (like cookies) and may snoop passwords or intercept OAuth codes. So if you download some fun app, and it asks you to login somewhere, you may be in trouble. For this reason, Google will not let employees use apps that use WebViews to login to Google. Even more, Google engineers have suggested that they may eventually remove support for WebView authentication in whole.

    To counter this risk, new features have been introduced at the mobile operating system level. iOS has introduced SafariViewController for Secure WebViews and Google has introduced Android Custom Tabs. These components render web pages, but are opaque to the application. The URL is also displayed, so you can make sure you are connected to the right page, including the https certificate information.

    At the same time, a new workflow for mobile application security has been developed and documents the best practices for OAuth2 Security. Its a simple, yet innovative design that leverages another innovation in mobile security called RFC 7636: Proof Key for Code Exchange by OAuth Public Clients (PKCE). This adds an extra secret code that can be sent along with the authorization code request. This helps to mitigate the risk of some malicious code running in the browser intercepting the authorization code (without the PKCE secret, the code can’t be exchanged for a token).

    The other creative solution introduced by this design is the use of custom URI schemes. Instead of registering https and the redirect_uri, the application uses a custom scheme, like myapp://, enabling the browser to send the response from the OpenID Provider to the mobile application.

    That’s all well and good, but how can your mobile developers use this tecnology without spending hours researching and writing complex client code? Luckily, Google has recently released two mobile client libraries that help you put the power of this security goodness to work. Its called AppAuth, and there are libraries for Android and IOS.

    There are currently four OpenID Connect providers that support AppAuth: Google, Ping, Okta, and Gluu.

    One of Gluu’s partners in Finland, Nixu, did some excellent work testing the library. They provided some interesting feedback to the Google AppAuth team to improve the library. An overview of their project is below:

    appAuth-overview

    The project showed that we could achieve authentication, SSO between the applications, and single logout (SLO) (although this required us to patch AppAuth, adding a LogoutService class). Ping Identity has also published an Ping AppAuth sample application which is a good reference.

    In a recent study of over 600 popular mobile applications, 60% incorrectly implemented OAuth and were thus vulnerable. It’s probably time to review your mobile application security code. And at that time, stop using WebViews for authentication, and upgrade existing applications to use AppAuth.

    August 08, 2016

    Matthew Gertner - AllPeersWhy Location Matters When You Apply to MBAs [Technorati links]

    August 08, 2016 10:57 PM

    There are dozens of factors you need to consider when applying for your MBA. You want to attend a school with successful faculty members who have real experience and valuable insight. If you’re considering taking the CFA exams, you will want to consider what a university’s pass rates are, and how they can help you prepare. You should also be looking into the kinds of specializations different schools offer, since not all programs are created equally. While you may find the essentials like finance, marketing, and accounting across the board, if you’re looking for a niche specialization like supply chain or golf and resort management, you may need to dig deeper.

    image1

    Among the most important factors to consider is location. Business schools are increasingly marketing themselves to prospective students by promoting the advantages of living and studying in a particular city. Your MBA can take you anywhere in the world, but where you study will have a big impact on how you start your career. If you’re looking at options for MBA programs in Ontario, two cities stand out: Toronto and Waterloo. Here’s how they stack up against each other in three important criteria:

    Where you want to work: Toronto is the centre of Canada’s finance and banking industries, so it’s an obvious choice for anyone specializing in finance or accounting. Toronto hosts major offices of finance-industry firms like KPMG and Deloitte, and the headquarters of TD Bank, CIBC, and RBC. Marketers will want to take advantage of its thriving creative industries, while it also enjoys a growing technology sector. The GTA is also the centre of Canada’s manufacturing sector, and it still accounts for 13% of Toronto’s economy.

    By comparison, Waterloo is one of the most competitive regions in North America for technology. With a thriving startup culture and an abundance of technology talent, Waterloo is a great place for aspiring entrepreneurs with a plan. However, the city has long been an important centre for the insurance industry in Ontario as well, not to mention the manufacturing sector’s prominent role in the economies of adjoining Kitchener and Cambridge.

    Opportunities to grow: Waterloo is home to a number of institutions that exist to help entrepreneurs start their businesses. Incubators like the Communitech Hub are available to qualifying business school MBA students through their LaunchPad program, while there are also a number of institutional supports for funding and recruiting.

    Where you work already: If you are a working professional and pursuing your MBA part time, your job will be your biggest location constraint. Part time MBAs in Toronto are popular because of the high concentration of finance, insurance, accounting, and marketing jobs in the city’s financial district. If you’re working in Toronto and you’re ready to take your career to the next stage, it is wise to find a downtown campus so that you can take a part time MBA on evenings and weekends.

    The city where you decide to study will have a big impact on the early part of your career. It will determine the kind of network you develop while you’re in school and the kind of companies that recruit from your program.

    The post Why Location Matters When You Apply to MBAs appeared first on All Peers.

    August 05, 2016

    Mike Jones - MicrosoftInitial OpenID Connect Enhanced Authentication Profile (EAP) Specifications Published [Technorati links]

    August 05, 2016 12:52 PM

    The OpenID Enhanced Authentication Profile (EAP) working group was created to enable use of the IETF Token Binding specifications with OpenID Connect and to enable integration with FIDO relying parties and/or other strong authentication technologies. The OpenID Foundation has now published the initial EAP specifications as a first step towards accomplishing these goals. See the announcement on openid.net.

    OpenID.netInitial OpenID Connect Enhanced Authentication Profile (EAP) Specifications [Technorati links]

    August 05, 2016 12:41 PM

    The OpenID Enhanced Authentication Profile (EAP) working group charter states that:

    The purpose of this working group is to develop a security and privacy profile of the OpenID Connect specifications that enable users to authenticate to OpenID Providers using strong authentication specifications. The resulting profile will enable use of IETF Token Binding specifications with OpenID Connect and integration with FIDO relying parties and/or other strong authentication technologies.

    I’m pleased to announce that two new draft OpenID specifications have been adopted by the EAP working group to meet those two goals:

    Please give them a read and give your feedback to the working group. Or even better yet, implement them (they’re both very straightforward) and send us your feedback!

    Julian BondThe Causal Angel (Jean le Flambeur) by Hannu Rajaniemi [Technorati links]

    August 05, 2016 11:59 AM

    [from: Librarything]

    Julian BondThe Fourth Wall (Dagmar Shaw) by Walter Jon Williams [Technorati links]

    August 05, 2016 11:59 AM

    [from: Librarything]

    Julian BondThe Annihilation Score (A Laundry Files Novel) by Charles Stross [Technorati links]

    August 05, 2016 11:55 AM

    [from: Librarything]

    Julian BondThe Peripheral by William Gibson [Technorati links]

    August 05, 2016 11:54 AM

    [from: Librarything]