- What is SAML?
- Security Assertion Markup Language
- It’s an XML variant language used to encode security credentials and sharing those among parties across a network
- It is an open standard
- It describes framework that allows one computer to perform below security functions:
- Authentication: Determining that the users are who they claim to be
- Authorization: Determining if users have the right to access certain systems of content
- Versions:
- Current: SAML 3.0
- Most Popular: SAML 2.0
- Previous: SAML 1.1
- Identity Provider:
- Performs authentication and authorization
- References:
- What is SAML? How it works and how it enables single sign on – https://www.csoonline.com/article/3232355/what-is-saml-how-it-works-and-how-it-enables-single-sign-on.html
- Official SAML Wiki: https://wiki.oasis-open.org/security/FrontPage
RPA – Robotic Process Automation
- What is RPA?
- Its a concept called Robotic Process Automation which essentially means automation of processes by giving it to a robot to do
- How it is different than IA which uses ML and AI?
- Intelligent Automation (IA) uses Machine Learning (ML) and Artificial Intelligence (AI) to enable self-automation of processes/tasks which also is aimed to automate further tasks in future using its learning and intelligence abilities
- However, RPA is seen as an early step to IA meaning RPA is missing self-automation capabilities of IA. With RPA, we can configure tasks to run.
- Popular Tools:
- EPAM
- Automation Anywhere
- AssistEdge
- Blue Prism
- UIpath
- Pega
- Contextor
- Comparison of RPA Tools
- Check related reference link in “References” section below
- References:
- Introduction to RPA – https://www.cio.com/article/3236451/what-is-rpa-robotic-process-automation-explained.html
- Comparison of RPA Tools – https://www.softwaretestinghelp.com/robotic-process-automation-tools/
SOC – Compliance
- Service Organization Control
- Current version of the SOC is SOC 3
- SOC 2 & 3 are based on these 5 Trust Services Principles:
- Security
- Availability
- Processing Integrity
- Confidentiality
- Privacy
Web Application Security Standards
- OWASP – Open Web Application Security Project – https://www.owasp.org/
- CWE – Common Weakness Enumeration – https://cwe.mitre.org/
- CAWE – Common Architecture Weakness Enumeration – http://blog.ieeesoftware.org/2016/04/common-architecture-weakness.html
- CAPEC – Common Attack Pattern Enumeration and Classification – https://capec.mitre.org/
Single vs Multi Tenant SaaS App Comparison
Reference links: https://www.systoolsgroup.com/updates/single-tenant-vs-multi-tenant-saas/
| # | Single | Multi |
| Infra | Single instance of app, database and infra for each company | One instance of app, database and infra serves multiple companies |
| Resource sharing | Not shared | Shared |
| Customizations | Possible at every level | Limited customization as provided within the applications and not outside of it |