WebGL From Chips to 3D
How can you efficiently integrate 3D content into your web applications? This showandtell presentation includes catchy 3D demos, followed by a technical discussion of a MontageJSbased solution that allows you to import and interact with 3D content. It also explores how to optimize your workflow using Node.js, WebGL, COLLADA and the glTF Khronos initiative.
Security Leaks: HTTPS and Caching Issues
Justin JD Nir
Associate Security Consultant
It seems that we either feast or famine. Either a developer restricts HTTPS to the point where the protocol is not taking advantage of the local storage, or they enable local storage to the point where HTTPS has a time to live independent of the application. This Security session shows the way to optimize for the BYOD world and at the same time maintain Security.Most web browsers, historically, were cautious about caching content delivered over an HTTPS connection to disk—to a greater degree than required by the HTTP standard. In recent years, in response to the increased use of HTTPS for nonsensitive data, and the proliferation of bandwidthhungry AJAX and Web 2.0 sites, some browsers have been changed to strictly follow the standard, and cache HTTPS content far more aggressively than before. HTTPS web servers must explicitly include a response header to block standardscompliant browsers from caching the response to disk—and not all web developers have caught up to the new browser behavior. ISE identified 21 70% of sites tested financial, healthcare, insurance and utility account sites that failed to forbid browsers from storing cached content on disk, and as a result, after visiting these sites, unencrypted sensitive content is left behind on endusers machines.
Consumer/Enterprise Identity Realities in a Cloud/Mobile World
Director of Technology Partnerships
The rise of consumerdriven identity across web and mobile apps has made Google and Facebook the defacto identity providers for choice, not just for personal apps but increasingly for enterprise apps as well, because the cost and complexity of traditional enterprise identity approaches are struggling to remain relevant in a world where SaaS services and mobile apps value the speed and simplicity of these new identity models. In addition to consumerization, bring your own device trends mean enterprise mobile devices themselves are increasingly employeeowned with a mix of identities that are mostly under the control of the employee. This session will explore the implications for the app developer, the identity provider, the consumer/employee, and the enterprise. Well also look at the longterm ecosystem impacts that evolving identity models will have on how organizations and applications will interact with management, policy, and provisioning systems for applications and devices as identity moves deeper into both the cloud itself and the mobile devices we depend on.