Videos and Slides



OW2con'16 Conference Opening Address by OW2 President and CEO,
Yuri Glickman, Fraunhofer FOKUS and Cedric Thomas, OW2

view the speaker's slides 

Settying the stage for OW2con'16, OW2 President Yuri Glickman will provide a quick overview of OW2 and OW2 CEO Cedric Thomas will share his thouhgts on this year's conference theme in his keynote address: "Lessons from the Open Source Value Chain".

more

KEYNOTE The Linux Foundation's CII Badge Program , David A. Wheeler, Institute for Defense Analyses

view the speaker's slides 

Introduction to the CII Badge Programe. The Core Infrastructure Initiative (CII) Best Practices Badge is an open source secure development maturity model. Projects having a CII badge will showcase the project's commitment to security. Open source project maintainers answer a short questionnaire to be awarded a "Best Practices Badge".

more

KEYNOTE Kubernetes: the Rising Tide of Systems Administration, Craig Box, Google

view the speaker's slides 

Kubernetes, the rising tide of systems administration Containers and cloud have moved from "why" to "how and when?" Learn how Google is helping the world go Cloud Native.

more

Panel: Code to Product 

Experienced software and community practitionners will discuss the challenges of developing and supporting a market-ready open source software.

more

European Open Data Portal and Policy Compass: from national Open Data repositories to European scale , Yury Glikman, Fraunhofer FOKUS

view the speaker's slides 

In November 2015 the European Commission officially lunched the European Data Portal http://www.europeandataportal.eu . The mission of the portal is to become the catalogue of all European public data providing them in all official languages of the European Union. The portal is harvesting metadata from heterogeneous open data portals of 28 EU and other 11 European countries. It lists over 580 000 datasets and it is the biggest Open Data portal worldwide. From the techincal perspective, it is the first official Open Data portal implementing the new DCAT Application Profile specification.
The portal is the place to find European public data and it is a basis for other innovative services. One of them is Policy Compass https://policycompass.eu. It brings together open public data, social media, e-participation platforms, causal models, and argumentation technology for constructing, sharing, visualizing and debating progress metrics and impacts of policies.
Both portals are Open Source. They provide rich APIs and may become a data source for other applications.

more

DocDokuPLM : Domain Specific PaaS and Business Oriented API, Morgan Guimard, DocDoku

view the speaker's slides 

Totally replacing our SOAP web services with HTTP web services behind an API has been a real challenge for us this year. We made the choice to generate our Java and JavaScript API by using Swagger. Swagger allows us to generate a JSON file describing our REST layer services, and thus generate code from this description file. We're now able to deliver a SDK to other applications in Java and JavaScript today.

Using same codebase and same method names are really useful for developers, and modifying our REST layer doesn't mean modifying our SDKs by hand: it's generated! It's quite easy to deploy and/or use: our APIs are simply Maven and NodeJS modules. Having a interactive documentation for all SDKs is really appreciable, it allows us to discover every services and test them.

We can now resolve specific use-cases by developing new applications with this API. Currently our SDK is in use in 2 separate projects and languages (a GUI written with NodeWebkit and a JEE server application), and fits as needed.

more

Automating performance testing over the cloud with CLIF and ProActive Workflows, Brian Amedro, Denis Caromel, Bruno Dillenseger , ActiveEon, Orange

view the speaker's slides 

During the two last years, the CLIF project focused on demonstrating fully automated performance testing including deploying and configuring both the distributed CLIF load injection system and the distributed application under test over an IaaS cloud. Integrated to an automation server like Jenkins, these demonstrations provided a valuable support for achieving performance testing in continuous integration. However, the underlying technical solutions for orchestrating nodes instantiation and configuration were very adherent to specific technologies, like Java wrappers, shell scripts or yaml definitions, which drastically reduces the community of potential adopters.
With the fresh work reported here, we believe that devOps teams must be given the choice of their favorite scripting or programming language for performing the nodes configuration, while benefiting from high level graphical tooling to specify the deployment process of their distributed architectures.
While OW2 projects ProActive and CLIF collaborate since years at the middleware level (distributed communication, test scheduling and execution resources management), the CLIF project was very excited to experiment the brand new ProActive Workflows module to respond to these new deployment orchestration challenges.

more

Industrializing the Creation of Machine Images and Docker Containers for Cloud Environments, Joris  Bremond , UShareSoft 

view the speaker's slides 

Hammr is an OW2 open source, command-line tool for creating consistent and repeatable machine images for different cloud or virtual environments, or migrating live systems from one environment to another. Agility and automation are key factors in today’s cloud era. It has never been easier to provision new instances on-demand with a few command lines. However, the actual machine images used to provision these instances, are typically still created and maintained by hand. Hammr helps organizations automate the creation of these images. This presentation will provide an overview of the hammr project, including a focus on Docker integration and how hammr can be used to quickly build and run Docker images, helping accelerate development and test processes among other benefits. The presentation will also help attendees understand how they can become involved in, and benefit from, the hammr project.

more

ActiveEon’s OW2 ProActive accelerates, automates and scales Metagenomics analytics as well as IoT treatments , Denis Caromel, ActiveEon

view the speaker's slides 

ActiveEon is an Open Source ISV offering automation and scalability solutions for IT, Big Data and Internet of Things to accelerate, automate and scale their business processes and reduce their infrastructure cost.
ActiveEon recently worked with two customers in very different areas:
- INRA, the French National Institute for agronomics, in order to integrate a portal dedicated to metagenomics analysis. ActiveEon’s ProActive accelerates the treatments of more than 500 terabytes of metagenomics data per year in R language, and 10 scientists received a week of training by their dedicated ActiveEon’s engineer
- A Fortune 1000 company which works in the area of mining machines and wanted to improve their IoT in order to better analyse incoming information from the captors and automate more actions. ActiveEon’s workflows run hourly as well as are triggered on events, run on Amazon Web Services, and helps our customer control and optimize its machines usage.

more

Turn any (legacy) application into a SaaS solution without any code rewrite!, Cedric CARBONE, Nanocloud

In this session, you will see how to transform a legacy (heavy/rich client) windows application like Open Office into a full SaaS solution thanks OW2 Nanocloud Community platform. Nanocloud Community enable new uses and business models by pushing software vendor application portfolio into the cloud without any code rewrite. You can run and access them from anywhere, directly from your preferred browser.

more

Extensible and Standard-based XaaS Platform To Manage Everything in The Clouds, Marc Dutoo, Openwide

view the speaker's slides 

The OCCIware project aims at managing in a unified manner all layers and domains of the Cloud (XaaS), by building on the Open Cloud Computing (OCCI) standard. OCCIware Metamodel formally specifies the main OCCI concepts. Today a first EMF metamodel is defined that adds to OCCI new concepts such as Extension, Configuration, and EDataType, addressing some limitations of OCCI.
This session highlights OCCIware platform two main components:

- The OCCIware Studio Factory, allowing to produce visually customizable diagram editors for any Cloud configuration business domain modeled in OCCI using the OCCI Extension Studio, such as the flagship Docker Studio ;

- The OCCIware Runtime, based on OW2 erocci project, including the tools for deployment, supervision and administration, and allowing to federate multiple XaaS Cloud runtimes, such as the Roboconf PaaS server and the ActiveEon Cloud Automation multi-IaaS connector.

This talk includes a demonstration of the Docker connector and of how to use the OCCIware Cloud Designer to configure a real life Cloud application (a Java API server on top of a MongoDB cluster)'s business, platform and infrastructure layers seamlessly on both VirtualBox and OpenStack infrastructure.

more

erocci - A Scalable Model-Driven API Framework, Jean Parpaillon, KBRW Adventure

view the speaker's slides 

Jean Parpaillon has been working in open source infrastructure softwares for 10 years. He has contributed to HPC and cloud computing projects like Kerrighed and CompatibleOne. He is now the main developer of erocci, the first generic OCCI implementation, based on erlang/OTP platform. He has also co-funded the Lizenn company, aiming at developing and commercializing OCCI based platform for cloud computing and internet of things.

more

Software Heritage: Building the Universal Software Archive, Stefano Zacchiroli, Software Heritage

view the speaker's slides 

The goal of the Software Heritage project is to collect, preserve, and share all publicly available software in source code form. Forever.
By doing so Software Heritage will serve the needs of: Society, by preserving our collective technological heritage; Industry, by building the largest software provenance open database; Science, by assembling the largest curated archive for software research; and Education, by creating the ultimate anthology for programming curricula.
Although still in Beta, Software Heritage has already archived more than 2.5 billion unique source code files and 600 million unique commits, spanning more than 20 million projects from major software development hubs, GNU/Linux distributions, and upstream software collections.
Software Heritage is developed transparently as a collaborative project and all its own source code is available as Free/Open Source Software. Currently incubated by Inria, the project will graduate soon to an independent charitable, nonprofit organization.

more

What's new in AppHub, the European Open Source Marketplace, Alexandre Lefebvre (UShareSoft) and Stéphane Laurière, OW2 CTO

view the speaker's slides 

AppHub is the European Open Source marketplace. Open source software is a powerful enabler for collaborative innovation. However, making the source available does not automatically attract contributors or grant immediate market access. AppHub's mission is to help users find and implement the software outcomes of your open source projects more easily. AppHub is designed to make it easier for open source projects to connect with their potential markets.

This presentation will provide an overview of AppHub since its launch early last year. We will review the services offered to open source projects for exposing their outcome to the market, using a template factory for packaging their software, and also for assessing their market readiness, using the Oscar platform provided by OW2. We will also show how end users can use AppHub for deploying pre-configured open source projects to the virtual or cloud format of their choice, and how AppHub will evolve to a marketplace for the OW2 projects beyond the end of the EU project itself.

more

Improving software quality and devop automation with STAMP , Benoit Baudry, INRIA

view the speaker's slides 

DevOps has emerged, as a major cultural movement to handle the need for increased agility in software development. While this movement is loosely bound to development methods, a number of practices have emerged to operationalize this extreme agility: loosely coupled software architectures meant to support incremental updates and build (services or micro services with clear APIs); a very high degree of automation at multiple stages of the development lifecycle. Quality assurance is a major challenge in this context. There is very little time for manual testing and the responsibility of bug detection is placed upon the automated test suites.
STAMP (Software Testing AMPlification), is a new European R&D project, which aims to bolster automated test suites through the automatic transformation of test assets.  The key technical challenge that STAMP aims at overcoming is to reduce the cost due to regression bugs that propagate to production, through advanced research in automatic test generation. The key novelty of our research agenda is to leverage existing assets (such as test cases or execution logs) in order to increase test effectiveness. This innovative research is at the crossroads of program analysis and transformation, software testing, automatic deployment and search-based software engineering.

more

Measure It! How to measure quality in (not only) large software projects, Daniele Gagliardi, Engineering Group

view the speaker's slides 

You can control what you can measure: this is particularly true for software quality. Measures means attributes (to be measured) and tools (to measure).
We have a pletora of tools to support entirely the Application Lifecycle Management: companies and communities can leverage open source to set up infrastructures filled with SCMs, issue trackers, static analyzers, wikis, planners, and so on. These infras can become mines of raw quality data: selecting and defining measures, metrics and ways to represent them is core to achieve a complete control of the quality of your developments.
In this talk Daniele will show you the experience in a large software company, involved both in open and closed source projects: processes, tools, measures adopted to let people to deliver software satisfying common quality attributes, shared across the organization by the means of guidelines and a common culture of quality.  This approach can be adopted by companies and communities as well: quality is the value perceived by end-users, who often aren’t interested in knowing whether the software they are using is built by a community or a company. You will see how close this experience is to OW2 OSCAR quality analysis pillars.

more

Preparing your source code for distribution, Nuno Brito, TripleCheck

view the speaker's slides 

When I was a young engineer, I grew listening to an old software engineer that said too often: You don't know, what you don't know.
As years passed, that strange motto started to make more sense for software development. We send zip files or gits with the code of our products to other people in a professional context, too often without really knowing what kind of third-party code and licenses are inside.

In this session we go through simple techniques to clearly list the third-party libraries, code snippets and marking your own software as yours in a standardized manner. So that the next time you share code professionally, it is easy for others to understand the applicable licenses and copyrights within.

more

Dependency management and licence compliance, Camille Moulin, Inno³

view the speaker's slides 

Code reuse is a major aspect of Open Source and most development languages have developed dependency management systems to enable this practice in a more efficient and secure way. Licencing is another key aspect of Open Source, as it defines it as such.
Convergence of those two aspects is then somehow natural and is embodied in the metadata of the package systems.
Combined with the general evolution of licencing compliance and its closer integration into development workflows, this angle seems to gain relevance but is still facing limitations, due to (lack of) metadata quality.

more

From Code to Product  to Startup “The challenges for building successful business model with open source code”, Roger Essoh, SAAKAI Inc - SAAKAI Pte Ltd

view the speaker's slides 

We have mainly two categories of products in the world of open source products, the one targeting the B2C segment and the other targeting B2B.

In one side, we have open source B2B startups facing challenges to build successful and sustainable business models to leverage their open source positioning and to convince enterprises and partners to engage with their products; and, on the other side, we have open source startups with successful B2C products who are facing challenges to convince their large communities to accept even the idea of monetization. 

When the open source startup with a B2B model main challenge is clearly to execute as a software company, the open source startup with a popular B2C product has to deal with a more complex challenge.
I will base the presentation on two open source startups I’m currently advising. One is a promising startup with an open source platform for building web and mobile application, and the other is a behind a well-known open source product used by million of users around the word.

more

Open Source Software Editor without raising capital: can it be done and how?, Ludovic Dubost, XWiki SAS

view the speaker's slides 

Open Source Software can be produced in many ways. One of them is to build a company that will lead and finance the development of the Open Source Software. Most of such companies have raised capital and are using the "Open Core" business model.
This talk aims to present the way XWiki has evolved over the last 12 years, without raising capital and without restraining it's licence, reaching 1,5 MEuros of revenues in the competitive space of collaboration and information management software, contributing year after year to all it's production as Open Source Software. The XWiki Software is now being used around the world by thousands of organizations.

We will go through the ways this was achieved, the way we were helped, the difficulties we had and the way we managed them, the lessons we learned over time and how we believe we can continue to grow in the future while staying an "Open" company.

more

Boosted Framework for Web Accessible and Responsive Websites, Loïc Laussel, Orange

view the speaker's slides 

Training developer to accessibility is not enough; they need ready-to-use tools.

Responsive Design has been the trigger for many web sites refactoring that gave opportunity for accessibility improvement. By the end of 2014 we compared the major market solutions and Bootstrap appeared to be the best. They benefited from a really big support community, a robust and functional framework, open source and of course with a quite good accessibility level. So we decided to use this framework. We studied how to make its accessibility even better and submitted our improvements to the community. That was a good starting point but not enough, we’ve also got some Orange specific components, our brand is not blue and we want to share our work easily with everybody. That’s why we created an open source fork of Bootstrap, called Boosted, providing the best from native Bootstrap and adding up the Orange Brand, some specific components, and an even higher accessibility level.

more

AcceDe Web, a Guide for Accessibility Web Projects, David Monnoehay, Atalan

view the speaker's slides 

The AcceDe Web set of guides is offering best practices to all the key project stakeholders, including web developers and graphic designers. These documents are based on the experience of a range of seasoned professionals representing web agencies, corporate companies, public agencies and associations. They provide project teams with practical step by step instructions, and project managers with useful project management tools.

more

Main Actions to improve Accessibility in Open Source Projects, Armony Altinier, Koena

view the speaker's slides 

Open source accessibility technologies can serve people inclusion. They can generate new links between employees, partners or individuals with visual or hearing impairments. But traditional projects are managed from a technical angle, trying to deal with a form of disability or another. This is a frequent error, as organisational challenges have to be addressed in the first place. Let's check some tangible actions and methodologies that could be used in the ongoing OSAi open source accessible projects.

more

Automatizing SpagoBI, Davide Zerbetto, SpagoBI by Engineering Group

view the speaker's slides 

Installing and deploying an application can be messy and may result in time lost, unexpected results and, finally, discarding the application itself. A valid solution for this could be providing different automitizing techniques, and publish the application on the most popular marketplaces of cloud services providers at the same time. In this spech I will present the experience we gained and the route for future enhancements for the SpagoBI suite in order to make its adoption easier and increase its visibility, exploting well known automation tools (Docker, Chef, Juju) and cloud facilities.

more

CHOReVOLUTION project to facilitate cross-organization service integration, Sébastien  Keller, Thales

view the speaker's slides 

From Code to Product, the CHOReVOLUTION Studio is addressing scalable IoT/IoS applications based on choreography modelling, synthesis, adaptation, service bus, security, and cloud. It aims at integrating as much as possible existing web services to create new innovative solutions. The first applications being developed are in the Intelligent Transportation Systems and Smart Tourism domains, with benefits in terms of time-to-market, agility, dynamism and cross-organization coordination. The CHOReVOLUTION software are published under an open source licence and made publicly available through the OW2 community.

more

SeedStack - the lean development stack, Marius Matei, PSA Group

view the speaker's slides 

SeedStack is an enterprise application development environment designed for Open Source and using worldwide standards.
SeedStack is a high productivity end-to-end tool that encompasses all the application layers: business, persistence, security, Application Program Interface connection, web-friendly interfaces with ready to use open source standard components.

SeedStack boosts development efficiency and removes trouble and complexity of installation, by providing a ready-to-use modular environment of well-chosen components, Convention-over-Configuration, sensible defaults and opinionated APIs. Developers can then focus on their core activity: business code. Open-source software and agile development approach transform application development experience to deliver innovative business products.

SeedStack integrates standard components and provides its own high-value technologies. The result is a full-stack open environment suitable for rapid application development. While the highly modular Java framework may be compared to Spring, the choice of the technologies is more opinionated and less coupled; the web framework combines two User Interface mainstream technologies, Google AngularJs and Twitter Bootstrap. The main piece of the stack is the Business Framework which focuses on the importance of the investment and reusability of the business domain. SeedStack can be used in a large spectrum of platforms, from Cloud to command-line or common enterprise application servers.


SeedStack is used in numerous production environments in domains as manufacturing, retail, enterprise administration, human resources, trade, connected vehicle, research and development. It is reliable and highly scalable.
  

more

Why no one loves me? Using BI techniques to make my business more attractive, Alberto Ghedin, SpagoBI by Engineering Group

view the speaker's slides 

The most successful companies are those that can get value and knowledge out of information. We immediately think of Google, Amazon or Microsoft but even a small company has its own data and can access a variety of external information. In this speech we’ll create a use case around a family company that aims at becoming 3.0. So we’ll see how to enhance the corporate data using business intelligence techniques, but also how to use big data technologies to enrich the knowledge, getting data from open data sources, comparing company business with market researches and matching it with socials.

more

LUTECE, the City of Paris CMS and Development Platform, Jon Harper, City of Paris

view the speaker's slides 

Lutece became an OW2 project two years ago. It recently became a mature project. This java framework is used to build applications totaling more than 2 million lines of code. It features a powerful and expressive plugin system. More than 400 plugins have been developed. This presentation will explain how we manage all these components.

more

Beyong OW2 : Open Source School, Jennifer Châtelet, Smile - Open Source School

view the speaker's slides 

In France alone, the IT industry is short of 40,000 engineers with appropriate open source skills, and over 3,000 are missing each year in the only field of open source.
This is one of the reasons why Smile decided to create a school entirely dedicated to the teaching of open source : Open Source School.
This unique school in France is divided into three mail activities :

  • First degree courses ((from Bac+3 to Bac+5)
  • In-service training
  • Occupational retraining

Come and learn about the Open Source School.

more

Monitoring File transfert (MFT) WAARP R66, CARLIN BRUNO, WAARP

view the speaker's slides 

At Waarp, we have one goal: provide companies with a complete and scalable solution to secure their transfers at a reasonable cost.
Our philosophy is simple: instead of buying costly licenses, prohibitive for many, we provide professional services around Waarp Platform.
That is why the majority of the platform is Free Software released under the GNU GPLv3 license.
With a team of experts, the R66 protocol has been designed to address the needs, constraints, and requirements of most public and private organizations.

more

BlueMind : next gen mail and collaboration solution, Pierre CARLIER, BlueMind

view the speaker's slides 

Blue Mind is the next generation messaging and collaborative platform.
BlueMind provides a complete unified enterprise messaging and communications solution that offers a credible alternative to Exchange, Domino or Google. BlueMind is available in the cloud or on premises. It brings scalable, featured-packed and user-oriented shared messaging, calendars, address books, instant messaging and unified communication with advanced mobility, Outlook, Mac and Thunderbird connectivity. BlueMind leverages the latest technologies: offline web, services-oriented and pluggable architecture and API with the support of an extensive ecosystem of partners and resources. BlueMind is used by many companies, cities, universities and governments.

more

VideoLabs: business around VLC, Jean-Baptiste Kempf, VideoLabs

view the speaker's slides 

VideoLabs is a service company around the technologies of VLC and VideoLAN.

This presentation will detail the story about VideoLabs, the subjects we are working on and the services we deliver.

more

Wakanda: the Open Soure platform to develop Apps, Samir Salibi, Wakanda

view the speaker's slides 

Digital transformation is now and everywhere; any business is impacted today! Digital means connected devices, IoT and Apps! How can enterprises follow this transformation and deliver quickly Digital Apps on the market? 

Wakanda is an Open Source Digital App Factory to develop and deploy Apps faster. Named Cool Vendor 2016 in Application Development by Gartner. Wakanda It is the fruit of five years of research and development in 4D’s labs. 

Come and discover Wakanda's vision, the platform and our roadmap.

Wakanda the Mobile dev platform for Digital transformation!

more

OW2 Technology Council Update and Outlook, Daniele Gagliardi, Software Engineer, Engineering Group and  Stéphane Lauriere, CTO, OW2

view the speaker's slides 

The OW2 Technology Council (TC) makes project lifecycle decisions, builds the overall technical architecture, defines technical guidelines and provides technology validation. It is run by its elected Chairman, Daniele Gagliardi, from Engineering Group, and by the OW2 CTO, Stéphane Laurière. The Council is composed of 50+ OW2 project leaders and additional hands-on open-source practitioners. This presentation will describe the overall role of the Technology Council, the main achievements carried out in 2016 and the outlook for 2016 and 2017.

more

The Open Source at the hearth of the Cyber Security innovation, Mathieu Poujol, PAC

view the speaker's slides 

Our economies are digitalizing with more and more added value coming from the infrastructure. This is also true for one on the main catalyst of the digital transformation, Cyber Security. Due to this digitalization, Cyber Security is also in the middle of a paradigm shift, with many innovations developed in the Open Source communities. In this presentation, we will focus on the two most important of those innovations:
• Cognitive, contextual and behavioural technologies
• Blockchain
Those two innovations with strong Open source roots are now changing the Cyber Security landscape, but are not limited to this as they also changing the business models of several industries.

more

IDMEF, the universal format for security alerts, Thomas ANDREJAK, Communication & Systèmes

view the speaker's slides 

The constant growth of cybercrime requires that nations are organizing to unite their defense and protection. In the area of cyber-detection federation requires standardizing in two fields:
- Communications between the various tools and security solutions in order to consolidate and correlate information simply, we will call this communication “intra” Security Centers.
- Communications between different Security Centers Teams  to share information on incidents, we will call this communications “inter” Security Centers (between CSIRT).

Both recognized standards at IETF in this field are:
- IDMEF (Intrusion Detection Message Exchange Format) – RFC 4765
- IODEF (Incident Object Description Exchange Format) – RFC 5070

These two standards are still relatively new and insufficiently deployed on a market still dominated by proprietary formats.

Prelude is a SIEM (Security Information & Event Management). This is a security control tool that fully use IDMEF. Prelude collects and centralizes the company security information of to provide a central point of steering. Thanks to the analysis and correlation of logs, Prelude alerts in real time of intrusion attempts and threats on the network. Prelude offers several tools of investigation and reporting on your big data to identify the weak signals which may prefigure of advanced persistent threats (APT). Finally, Prelude has all the tools to help the operation to simplify operators’ work and risk management.

Subjects of the talk:
- Presentation of Prelude
- The IDMEF format
- How to make an IDMEF sensor in 5 minutes

more

One year solving infrastructure management with FusionDirectory and OpenLDAP, Benoit Mortier, OpenSides

view the speaker's slides 

Today the world of infrastructure moves. the advent of cloud, Infrastructure on demand, SAS mode are innovative concepts
requiring a change in our methods. But what about managing these platforms, security, systems and users.

The infrastructure is not necessarily internal anymore, establishing a workflow has become indispensable. The Daily operations by less skilled people and the delegation of operations.

At this conference we will see on concrete cases and details how FusionDirectory daily support to solve these problems thanks to its modularity, its API, and webservices.

more

AuthzForce - Open Source Next-gen Access Control Framework for the Enterprise, Romain FERRARI, Thales Services

view the speaker's slides 

  1. The presentation will first give an brief overview of the AuthzForce project with a bit of history, i.e. where we come from (SunXACML project), up to where we arrive today (AuthzForce Core and Server); the licensing model (Community vs Enterprise version); and the main features, mentioning the main standard implemented (XACML, i.e. OASIS standard for access control).

2. Then we will present the main concepts and standards behind Authzforce: Attribute-Based Access Control, XACML and evolution from v2.0 to v3.0.

3. We will focus on Authzforce features:
- REST API: multitenancy, XACML PAP and PDP interfaces, policy versioning, Fast Infoset support;
- Extra XACML profiles implemented: REST, Hierarchical RBAC, Multiple Decision profile, etc.
- Extensibility (PDP extensions)
- Code to Product: quality & assurance testing, continuous integration, standards conformance testing, Docker and Ubuntu (.deb) packaging, etc.
- Comparison to open source alternatives (e.g. WSO2 Balana, OpenAZ)

3. Authzforce use cases:
- Thales internal projects
- Collaborative projects (French/European): OpenCloudware, FIWARE, AU2EU, 5G-Ensure (IoT), etc.

4. Roadmap (What is missing)
- Administration dashboard
- JSON support
- More data storage options
- Performance testing (e.g. PDP clustering)
- Other unaddressed needs from Thales internal and collaborative projects
- OW2 collaboration opportunities

more

The Zero Knowledge Economy, Aaron MacSween, XWiki SAS

view the speaker's slides 

You've probably heard the phrase: If a Service is Free, You Are the Product.

While there are exceptions, it's definitely the norm when it comes to web services.
Our interactions with online portals expose a wealth of personal information.
When such services become compromised, the exposure of that information can have far reaching consequences for their users.
The damage to a company's reputation is often irreversable, and at the very least such events put marketing departments on the defensive.

Yet, few who are in a position to attract attention have been immune to attacks. Well-intentioned employees get manipulated, and customer details get exposed.
With each high profile data leak, it becomes more apparent that the only way to keep private information secret is to ensure that it remains inaccessible even to yourself.

At XWiki we've been developing systems which use cryptography and distributed computing to offer real time collaboration systems which keep the server oblivious of the contents of a session's contents.
Zero Knowledge systems protect not just your customers, but your reputation.

This talk will focus on how an organization can use such systems, and keep its information safe, even from itself.

more

More video about OW2con'16