Brian Sletten

Forward Leaning Software Engineer @ Bosatsu Consulting

Brian Sletten
 

Brian Sletten is a liberal arts-educated software engineer with a focus on forward-leaning technologies. His experience has spanned many industries including retail, banking, online games, defense, finance, hospitality and health care. He has a B.S. in Computer Science from the College of William and Mary and lives in Auburn, CA. He focuses on web architecture, resource-oriented computing, social networking, the Semantic Web, AI/ML, data science, 3D graphics, visualization, scalable systems, security consulting and other technologies of the late 20th and early 21st Centuries. He is also a rabid reader, devoted foodie and has excellent taste in music. If pressed, he might tell you about his International Pop Recording career.

Presentations

Identity

Tuesday, 8:30 AM EST

How do we define identity in a distributed software system? How do we manage it securely? How do we make identity assertions and verify those claims?

Technologies don't magically become solutions. They are used within domain, design and deployment contexts. This talk will focus on the singular notion of Identity and how it cross-cuts the distributed systems we are building.

We will focus on a variety of technologies and standards that help us make, identify, claim and verify identities.

Privilege

Tuesday, 10:30 AM EST

Authenticated Identities are the first step to establish Privilege. Most systems fail to have sufficiently, deeply entrenched notion of how to apply and minimize privilege to avoid data and systems from being abused.

Technologies don't magically become solutions. They are used within domain, design and deployment contexts. This talk will focus on the singular notion of Privilege and how it cross-cuts the distributed systems we are building.

This talk will focus on the Valet Key problem and how to avoid it. We will visit various standards and technologies that help us strengthen our security profiles by reducing our dependence on open-ended and unfettered access to our systems and data.

Integration

Tuesday, 1:30 PM EST

Data integration costs are well beyond what they should be for such a crucial business function. The good news is that they needn't be. By relying on integration-friendly standards and technologies that were designed to support sharing information, we can reduce these costs while increasing our business capabilities.

Technologies don't magically become solutions. They are used within domain, design and deployment contexts. This talk will focus on the singular notion of Integration and how it cross-cuts the distributed systems we are building.

We will look at how the REST Architectural style leads us to integration-friendly standards such as RDF, Linked Data, SPARQL and JSON-LD. These technologies are useful both within our firewalls and with third party partners.

Evolution

Tuesday, 3:15 PM EST

Our biological world changes gracefully. Our information world changes much less so. How can we embrace the inevitable technological, procedural and schematic flux that we know is going to visit upon us at some point?

Technologies don't magically become solutions. They are used within domain, design and deployment contexts. This talk will focus on the singular notion of Evolution and how it cross-cuts the distributed systems we are building.

We will focus on strategies from the Web standards space to define information systems that embrace change and handle it with relative ease.

This will include strategies for dealing with changing technologies, changing schemas and more.

Secrecy

Tuesday, 5:00 PM EST

Information conveys value as it travels around our systems, resting for a time in our data stores. The value we get out of it is sometimes matched by the value others would get from it as well. We need mechanisms to protect sensitive information from prying eyes and control with whom we share it.

Technologies don't magically become solutions. They are used within domain, design and deployment contexts. This talk will focus on the singular notion of Secrecy and how it cross-cuts the distributed systems we are building.

This talk will focus on strategies from the world of encryption to keep secrets secret as we produce, store and transfer information in distributed systems. A successful strategy for doing so will rely on notions of Identity and a strong Privilege model, but we will mostly focus on specific building blocks upon which we maintain Privacy and Confidentiality.

We will also address the forces that undermine our ability to trust encryption such as bugs, design flaws and those who wish to actively undermine our need to maintain Secrecy.

Resource-Oriented Architecture Patterns for Webs of Data

Tuesday, 8:30 PM EST

The surge of interest in the REpresentational State Transfer (REST) architectural style, the Semantic Web, and Linked Data has resulted in the development of innovative, flexible, and powerful systems that embrace one or more of these compatible technologies. However, most developers, architects, Information Technology managers, and platform owners have only been exposed to the basics of resource-oriented architectures.

This talk, based upon Brian Sletten's book of the same name, is an attempt to catalog and elucidate several reusable solutions that have been seen in the wild in the now increasingly familiar “patterns” style. These are not turn key implementations, but rather, useful strategies for solving certain problems in the development of modern, resource-oriented systems, both on the public Web and within an organization's firewalls.

Web Security Workshop

Thursday, 9:00 AM EST

If you're not terrified, you're not paying attention.

Publishing information on the Web does not require us to just give it away. We have a series of tools and techniques for managing identity, authentication, authorization and encryption so we only share content with those we trust.

Before we tackle Web Security, however, we need to figure out what we mean by Security. We will pull from the worlds of Security Engineering and Software Security to lay the foundation for technical approaches to protecting our web resources. We will also discuss the assault on encryption, web security features and emerging technologies that will hopefully help strengthen our ability to protect what we hold dear.

Topics include:

  • Security Engineering
  • Software Security
  • Encryption
  • Authentication and Authorization Mechanisms
  • Emerging Web Security Technologies

Web Security Workshop

Thursday, 10:45 AM EST

If you're not terrified, you're not paying attention.

Publishing information on the Web does not require us to just give it away. We have a series of tools and techniques for managing identity, authentication, authorization and encryption so we only share content with those we trust.

Before we tackle Web Security, however, we need to figure out what we mean by Security. We will pull from the worlds of Security Engineering and Software Security to lay the foundation for technical approaches to protecting our web resources. We will also discuss the assault on encryption, web security features and emerging technologies that will hopefully help strengthen our ability to protect what we hold dear.

Topics include:

  • Security Engineering
  • Software Security
  • Encryption
  • Authentication and Authorization Mechanisms
  • Emerging Web Security Technologies

Taming the Blockchain with Ethereum

Thursday, 1:30 PM EST

Bitcoin has roundly entered the public consciousness, but it is limited in its use beyond the specific constraints of the cryptocurrency. Ethereum is a new platform that has enabled developers to innovate in creating their own cryptocurrencies, platforms, smart contracts and more.

This talk will introduce the larger concepts of blockchains and decentralized applications as well as details on how to build running applications on the Ethereum platform.

These ideas and tools will help innovators disrupt organizations, markets, entire industries and even aspects of society. It's sounds like science fiction, but these thing are already happening. Come learn how.

We will cover:

  • The basics of Bitcoin and blockchains
  • Smart contracts
  • The Solidity Contract Language
  • Setting up Ethereum clients
  • Running private networks for development and testing
  • Sample Decentralized Applications (DApps)

Macaroons: More Cookie Than Cookie

Thursday, 3:15 PM EST

Understand a modern, flexible and decentralized way to provide authorization controls on resources and microservices

Google Research has given us Macaroons (no, not the fancy, delicious cookies). Google’s Macaroons are an authorization model with support for contextually controlled caveats and the simplicity of a regular cookie. This allows a fine-grained and flexible approach to delegating privilege to principals in a decentralized way, allowing you to protect resources.

Brian Sletten introduces the underlying principles of Macaroons as he walks you through applying them in practice with nontrivial delegation scenarios, demonstrating how to build systems with strong controls as well as the freedom to transfer privileges to others with more narrow constraints.

The combination of simplicity, flexibility, and sophistication is a rare and desirable goal for modern security controls. Even if you aren’t interested in putting Macaroons in practice in your own work, it is worth diving deeper just to gain exposure to a technology with these properties.