Quote

"Between stimulus and response there is a space. In that space is our power to choose our response.
In our response lies our growth and freedom"


“The only way to discover the limits of the possible is to go beyond them into the impossible.”


Wednesday 13 June 2018

Coarse Grained Authorization vs Fine Grained Authorization

Authentication is just validation of identity. For example when I rent a car at an airport, I have to show my driver’s license and credit card, where names on both of them have to match. Together these two forms of identity are used by the rental car company to validate my identity (i.e. authentication). Authorization is where they actually give me the car i.e. access to the car is the authorization. In US once the rental car company verifies a user’s identity and holds certain amount of money (as deposit) on the credit card, the end user is guaranteed access to the car. The car company is out of loop once I have the car is in my possession. They cannot regulate my driving habits, speed and where I drive the car. This in essence is coarse grained authorization. The rental car company:
  1. Authenticates customers using drivers license and credit card
  2. Authorization essentially involves holding back some money (i.e. deposit) on the credit card
  3. At the end of authorization, the car company hands off the car to its customer and is essentially out of loop

Many legacy applications work the same way, they have some checks upfront and then they hand off the keys to the end user. From that point, applications only have limited ability to control individual actions of the end user.

Now, imagine if cars supported fine grained authorization. After authenticating a customer, rental Car Company would load customer’s authorization policies into the car such as:
  1. Drivers cannot exceed the speed limit
  2. Maximum speed allowed in 60 MPH
  3. Acceleration of the car is limited based on user’s past driving record
  4. Users are warned when they are driving outside of the designated area
As you may have noticed, with fine grained authorization the rental company has never given up control of their car vs. coarse grained authorization, where they perform some checks and then handed off the keys.

Coarse grained authorization essentially focuses on controlling access to URL (i.e. car keys), once a user is authorized to access the URL, you loses all further control. Fine grained authorization focuses on securing the underlying services and data.

The reason both coarse grained and fine grained authorization products exist in the market place is because each offer certain advantages. Based on the problem at hand, you need to pick the best approach.

This real life explanation of fine grained authorization and coarse grained authorization has been beautifully explained here.  

Monday 30 April 2018

SSL Handshake Phases

SSL handshake can be split into 4 phases as follows:

SSH Handshake Phases
SSH Handshake Phases

Monday 8 January 2018

The Rise of Machine Learning

Spurt in the availability of digital data, the amplified power of computing power and the efficiency of algorithms has fueled excitement about this formerly obscure corner of computer science. The largest tech firms on the planet, including Alphabet, Apple, Amazon, Facebook, IBM and Microsoft are investing crazy sums to foster their AI capabilities. So far in 2017 only, more than 23 billion have been spent in mergers and acquisitions related to building/enhancing AI capabilities.

One way to understand AI’s potential impact is to look at databases. From the 1980s these made it cheap to store information, pull out insights and handle cognitive tasks such as inventory management. Databases powered the first generation of software; AI will make the next generation of software far more predictive and responsive. An application such as Google’s Gmail, which scans the content of e-mails and suggests quick, one-touch replies on mobile devices, is an early example of what is coming or is already there.

In the coming years, large tech firms are going to go compete in three area. One, compete for talent, two, apply machine learning in existing business, and try creating new profit centers using AI