{"componentChunkName":"component---src-templates-blog-list-template-js","path":"/engineering/32","result":{"data":{"allMarkdownRemark":{"edges":[{"node":{"excerpt":"Overview Each business relies on a specific target set of users, who has a problem area. Analysis and further finding out the right solution…","fields":{"slug":"/engineering/design-led-thinking/"},"html":"

Overview

\n

Each business relies on a specific target set of users, who has a problem area.

\n

Analysis and further finding out the right solution for the identified problem hence helps businesses to meet their target user’s needs.

\n

If the solution meets the needs completely and resolves the pain area, at the right time, acts as an ointment and proves and builds trust for businesses.

\n

Design Thinking plays an important role to reiterate the understanding of problems, causes, environmental changes leading innovation and experimentation for a competitive advantage.

\n

How to define a problem for the business problem with DESIGN THINKING

\n

\n \n \n

\n
    \n
  1. Empathise the emotions\nObservation of user needs with past and market trends and economic forecasts. It includes interaction with the target user to hear and see the user’s desire and the real cause within the contextual area.
    2. \n
  2. \n

    Define the problem - based on\n5 W’s- who, what, where, why, when

    \n
      \n
    1. Why-What user needs?
      2. \n
    2. What is the pain area of the problem?
      3. \n
    3. When the problem arises?
      4. \n
    4. Who-For whom the problem exists?
      5. \n
    5. Where-What are the driving aspects of the problem which increases the problem impact- like legal compliance?
      6. \n
    \n
    3. \n
  3. \n

    Ideation - Design Thinking solutions

    \n\n
    4. \n
  4. \n

    User Experience - prototype

    \n\n
    5. \n
\n

5.Testing of design and solution

\n

Match the solution ideas demonstrated via designs to target users, to make sure every detail of the solution chosen matches the requirements and observations made.

\n
    \n
  1. Evaluate and reiterate the solution for measuring user needs.
    2. \n
\n

New Design Thinkings VS Traditional Business Thinking

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CriteriaDesign ThinkingTraditional Problem Solving
NatureVisual Thinking ProcessOld traditional documented process
Initial StageObservation, based on Emotional intelligenceProblem Defining, based on intelligence
Based Depends onExperiment, Innovation based on user needsBased on founders vision
Focussed OnWhat People needsBusiness model
User meansReal HumansCustomers
Solution ProposalRestricts proposing solutions within the problem definition stage.Includes proposing solutions while problem understanding
Future ScopeVisualize the future of business organization via innovation thinking, via releasing products before actual development.Rework and re-iteration with improvement are supported to reach final product deliverable.
MeaningDiscovery of what WORKS.So encourages Multiple POSSIBLE answersDiscovery of what is RIGHT = CORRECT solution.
ApproachBased on storytelling following a bottom-up approachBased on facts and figures, based on top-down approach
Testing with real usersUser is unaware that he is in test mode and experiences the service he expects to perceive. Example- ability to customize furniture without buying.User is well aware that he is using test services and does not expect much.
PhaseThere is no planning, instead there exists building of Prototypes and presenting fast to get feedback without delaying the GO-TO market.Follows conventions process of THINKING and PLANNING
FailureFailure Driven- learn from failure and read to fail anytime as the cost associated is low. FAIL EARLY- FAIL FASTFailure Restrictor- Tries to avoid failure, to avoid huge money loss involved.
\n

How is it useful for business Organizations?

\n
    \n
  1. Real-Time- Feedback from the end-user is instant and does not take months to develop.
    2. \n
  2. Low Cost- Just involves a small team, rather than a big team, processes, roles, etc.
    3. \n
  3. Prototype instead of Planning- providing better visual experience to users instead of lengthy documents to analyze a viable solution.
    4. \n
  4. Leads to EXPERIMENTS, INNOVATIONS of -\n-Experience\n-Emotions\n-Processes\n-Features or functionality
    5. \n
\n

Successful Case Studies

\n
    \n
  1. \n

    Pepsico design-led problem-solving\nFor female user experience, it released a new line of Doritos in china in a stack of the tray and packaged in a canister, instead of a snack bag, so that women can use it opening the drawer and push it back when done, as they don't like other to notice them munching.

    \n

    Ref: How Indra Nooyi Turned Design Thinking Into Strategy

    \n
    2. \n
  2. \n

    Samsung’s design-led innovation\nIt realized the need of Korean and Japanese business users who had common practice to note or schedule events or important points in small pocket-sized notebooks, This led to an innovative idea where the user was observed and the need was created and hence realized to users.\nSamsung launched a successful Galaxy Note series. with the innovation of “smart diary” a 5.5-inch interface with a stylus pen to pair.

    \n

    Ref: How Samsung Became a Design Powerhouse

    \n
    3. \n
  3. \n

    Samsung design concept used for experimenting\nWhere it experimented with TV units, realizing the fact that users are spending more time on furniture, so TV ‘s are supposed to be a bit more attractive. This led to the radical change for the speaker’s positioning at the TV sets to be hidden at the bottom instead of the traditional side panes. This has experimented in the European market first and after a successful adaption, Samsung experimented more with visual appearance and by the time it was building the product, it had already sold a million units.

    \n

    Ref: How Samsung Became a Design Powerhouse

    \n
    4. \n
  4. IBM - It got an ROI of 301 %, by investing in Design Thinking services which can be experienced at IBM
    5. \n
  5. \n

    Stanford Hospital for improvement\nIt worked on improving the experience of a patient within the emergency room and for staff to serve patients a better way

    \n

    Ref: What Is Design Thinking and Design Thinking Process?

    \n
    6. \n
\n

Last but not least

\n

It is very important to drive and extract meaningful images out of the observations from real humans.\nThis requires an influencing processor who can drive the team to opt for an approach for DESIGN THINKING. Here even the market leaders are at risk to sustain with innovations and experiments involved with Early FAILURES.

\n","frontmatter":{"date":"August 06, 2020","updated_date":null,"description":"Design thinking is a solution-oriented, iterative process where the team creates the design while keeping the end customers in mind. This blog guides you about how does design-led thinking works.","title":"DESIGN THINKING -A visual approach to understand user’s needs","tags":["Design","Design Thinking","UX"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/86c25548974790cc4477586bd28eee2e/ee604/design_led_thinking.png","srcSet":"/static/86c25548974790cc4477586bd28eee2e/69585/design_led_thinking.png 200w,\n/static/86c25548974790cc4477586bd28eee2e/497c6/design_led_thinking.png 400w,\n/static/86c25548974790cc4477586bd28eee2e/ee604/design_led_thinking.png 800w,\n/static/86c25548974790cc4477586bd28eee2e/f3583/design_led_thinking.png 1200w,\n/static/86c25548974790cc4477586bd28eee2e/e4d72/design_led_thinking.png 1280w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Deepali Soni","github":null,"avatar":null}}}},{"node":{"excerpt":"Audience: Anyone who wishes to deliver secure code to the rest of the world. Answer to What it is? At the heart of any image scanning tool…","fields":{"slug":"/engineering/container-security-scanning/"},"html":"

Audience: Anyone who wishes to deliver secure code to the rest of the world.

\n

Answer to What it is?

\n

At the heart of any image scanning tool is static analysis against a “Common Vulnerabilities and Exposures” (CVE) database. Each layer within the container image is analyzed and queried to discover known vulnerabilities.

\n

In addition to vulnerability scanning, a comprehensive tool should compare the architecture of your application against best practices to identify potential vulnerabilities.

\n

Answer to Why it is important?

\n

While tools like Kubernetes and Container Registries have become household names for developer community because these tools make their life much easier to develop and deploy applications, many are still catching up on the need to integrate container security tools to secure their containerized application throughout the container lifecycle. As the world is already shifted to containerized applications, taking good care of you docker images is also equally important.

\n

One of the main unique features of containers is how layers are used to build a container image. A service is piled up with an application server layer, a Linux layer and so on. One of these layers is updated, we can rebuild the application with a new updated version.

\n

It would be an unthinking idea to get into a container-based strategy without integrating a well-grounded and inclusive container scanning security solution into the CI/CD setup.

\n

What are the factors to keep in mind while selecting the right tool?

\n\n

Let's get Implemented.

\n

I am here, implementing a Clair tool in gitlab-ci.yml to get secure docker images.

\n
image_scanning:\n  stage: scan\n  image: docker:stable\n  tags:\n    - gitlab-org-docker\n  services:\n    - docker:19.03.8-dind   \n  variables:\n    DOCKER_DRIVER: overlay2\n  allow_failure: true\n  before_script:\n    - echo $CI_BUILD_TOKEN | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY\n  script:\n  - docker run -d --name db arminc/clair-db:latest\n  - docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1\n  - apk add -U wget ca-certificates\n  - docker pull $CI_REGISTRY_IMAGE:$PROJECT_NAME-latest || true\n  - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64\n  - mv clair-scanner_linux_amd64 clair-scanner\n  - chmod +x clair-scanner\n  - touch clair-whitelist.yml\n  - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done\n  - retries=0\n  - echo "Waiting for clair daemon to start"\n  - while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done\n  - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml $CI_REGISTRY_IMAGE:$PROJECT_NAME-latest || true\n  - cat gl-container-scanning-report.json\n  artifacts:\n    paths: [gl-container-scanning-report.json]\n  rules:\n    - if: '$CI_COMMIT_BRANCH == "staging"'\n      when: always
\n

gitlab-org-docker is a GitLab shared-runner to run this analysis (an agent on which the above-described job will run), it will fetch the latest ms image and will run it against the CVE database, at last record the report in the JSON file which we can store as artifacts. These artifacts can be further used by the developer to see and resolve the vulnerabilities.

\n","frontmatter":{"date":"August 04, 2020","updated_date":null,"description":"At the heart of any image scanning tool is static analysis against a “Common Vulnerabilities and Exposures” (CVE) database. Each layer within the container image is analyzed and queried to discover known vulnerabilities.","title":"Deep Dive into Container Security Scanning","tags":["Docker","Container","Security"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5625,"src":"/static/860e2776d69822d2fd8a8d8185ad6411/ee604/cover_container_security.png","srcSet":"/static/860e2776d69822d2fd8a8d8185ad6411/69585/cover_container_security.png 200w,\n/static/860e2776d69822d2fd8a8d8185ad6411/497c6/cover_container_security.png 400w,\n/static/860e2776d69822d2fd8a8d8185ad6411/ee604/cover_container_security.png 800w,\n/static/860e2776d69822d2fd8a8d8185ad6411/f3583/cover_container_security.png 1200w,\n/static/860e2776d69822d2fd8a8d8185ad6411/5707d/cover_container_security.png 1600w,\n/static/860e2776d69822d2fd8a8d8185ad6411/eeb1b/cover_container_security.png 1920w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Rashmi Jain","github":null,"avatar":null}}}},{"node":{"excerpt":"Before You Get Started This tutorial assumes you have: A basic understanding of Go Language Latest GoLang version installed on your system A…","fields":{"slug":"/engineering/sending-emails-with-golang/"},"html":"

Before You Get Started

\n

This tutorial assumes you have:

\n\n

In this blog, we’ll look at different methods to send an email with Go, First, we will explore inbuilt smtp package, then we will move to use a popular package Gomail and finally, we will send HTML emails using custom templates.

\n

Package smtp

\n

smtp is an inbuilt package provided with Golang. It implements the Simple Mail Transfer Protocol and has multiple functionalities related to it. Here to send the email we will be using only two functions PlainAuth and SendMail from the package.

\n
\n

Note: Click here for an overview on Go Functions

\n
\n\n

Below is the complete code to send a plain text email with smtp package in golang.

\n
package main\n\nimport (\n  "fmt"\n  "net/smtp"\n)\n\nfunc main() {\n\n  // Sender data.\n  from := "from@gmail.com"\n  password := "<Email Password>"\n\n  // Receiver email address.\n  to := []string{\n    "sender@example.com",\n  }\n\n  // smtp server configuration.\n  smtpHost := "smtp.gmail.com"\n  smtpPort := "587"\n\n  // Message.\n  message := []byte("This is a test email message.")\n  \n  // Authentication.\n  auth := smtp.PlainAuth("", from, password, smtpHost)\n  \n  // Sending email.\n  err := smtp.SendMail(smtpHost+":"+smtpPort, auth, from, to, message)\n  if err != nil {\n    fmt.Println(err)\n    return\n  }\n  fmt.Println("Email Sent Successfully!")\n}
\n
\n

In the above code example we have used smtp details of a Gmail account, you should update the smtp detail according to your email provider.

\n
\n
\n

Just to explain things easily, In the above snippet, we have written all the smtp and email credentials in the main function, Though in a production app you should always use env variables for configurations. You can check Viper to manage configurations in production apps.

\n
\n

Package Gomail

\n

Below is the complete code to send a plain text email with Gomail package in golang.

\n
package main\n\nimport (\n  "crypto/tls"\n  "fmt"\n\n  gomail "gopkg.in/mail.v2"\n)\n\nfunc main() {\n  m := gomail.NewMessage()\n\n  // Set E-Mail sender\n  m.SetHeader("From", "from@gmail.com")\n\n  // Set E-Mail receivers\n  m.SetHeader("To", "to@example.com")\n\n  // Set E-Mail subject\n  m.SetHeader("Subject", "Gomail test subject")\n\n  // Set E-Mail body. You can set plain text or html with text/html\n  m.SetBody("text/plain", "This is Gomail test body")\n\n  // Settings for SMTP server\n  d := gomail.NewDialer("smtp.gmail.com", 587, "from@gmail.com", "<email_password>")\n\n  // This is only needed when SSL/TLS certificate is not valid on server.\n  // In production this should be set to false.\n  d.TLSConfig = &tls.Config{InsecureSkipVerify: true}\n\n  // Now send E-Mail\n  if err := d.DialAndSend(m); err != nil {\n    fmt.Println(err)\n    panic(err)\n  }\n\n  return\n}
\n

Custom HTML Templates

\n

Now, let's send an HTML email with smtp package, for this, we need to create two files in the root folder.

\n\n
<!-- template.html -->\n<!DOCTYPE html>\n<html>\n<body>\n    <h3>Name:</h3><span>{{.Name}}</span><br/><br/>\n    <h3>Email:</h3><span>{{.Message}}</span><br/>\n</body>\n</html>
\n

We are using text/template package to parse HTML files and use it in smtp SendMail function.

\n
package main\n\nimport (\n  "bytes"\n  "fmt"\n  "net/smtp"\n  "text/template"\n)\n\nfunc main() {\n\n  // Sender data.\n  from := "from@gmail.com"\n  password := "<Email Password>"\n\n  // Receiver email address.\n  to := []string{\n    "sender@example.com",\n  }\n\n  // smtp server configuration.\n  smtpHost := "smtp.gmail.com"\n  smtpPort := "587"\n\n  // Authentication.\n  auth := smtp.PlainAuth("", from, password, smtpHost)\n\n  t, _ := template.ParseFiles("template.html")\n\n  var body bytes.Buffer\n\n  mimeHeaders := "MIME-version: 1.0;\\nContent-Type: text/html; charset=\\"UTF-8\\";\\n\\n"\n  body.Write([]byte(fmt.Sprintf("Subject: This is a test subject \\n%s\\n\\n", mimeHeaders)))\n\n  t.Execute(&body, struct {\n    Name    string\n    Message string\n  }{\n    Name:    "Puneet Singh",\n    Message: "This is a test message in a HTML template",\n  })\n\n  // Sending email.\n  err := smtp.SendMail(smtpHost+":"+smtpPort, auth, from, to, body.Bytes())\n  if err != nil {\n    fmt.Println(err)\n    return\n  }\n  fmt.Println("Email Sent!")\n}
\n

Once done you need to run below command to send the emails

\n
go run main.go
\n
\n

If you don't want to create your custom HTML emails, Hermes is a package that generates clean, responsive HTML e-mails for sending transactional e-mails.

\n
\n

Now you can send beautiful emails to the customer by your golang application, You can found the complete code used in this blog on our Github Repo

\n","frontmatter":{"date":"August 03, 2020","updated_date":null,"description":"In this blog, we’ll look at different methods to send an email with Go, First we will explore inbuilt smtp package, then we will move to use a popular package Gomail and finally we will send HTML emails using custom templates.","title":"Different ways to send an email with Golang","tags":["Go","Email"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/0ac40484af2392675963fb3327b3dbb4/14b42/email_cover.jpg","srcSet":"/static/0ac40484af2392675963fb3327b3dbb4/f836f/email_cover.jpg 200w,\n/static/0ac40484af2392675963fb3327b3dbb4/2244e/email_cover.jpg 400w,\n/static/0ac40484af2392675963fb3327b3dbb4/14b42/email_cover.jpg 800w,\n/static/0ac40484af2392675963fb3327b3dbb4/47498/email_cover.jpg 1200w,\n/static/0ac40484af2392675963fb3327b3dbb4/0e329/email_cover.jpg 1600w,\n/static/0ac40484af2392675963fb3327b3dbb4/52258/email_cover.jpg 1800w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Puneet Singh","github":"puneetsingh24","avatar":null}}}},{"node":{"excerpt":"Snapshot Testing Snapshot tests as the name implies, is a very powerful tool to test whether you the UI has change or not. A typical…","fields":{"slug":"/engineering/snapshot-testing-using-nightwatch-and-mocha/"},"html":"

Snapshot Testing

\n

Snapshot tests as the name implies, is a very powerful tool to test whether you the UI has change or not. A typical snapshot test case for a website/mobile app renders a UI component, takes a snapshot, then compares it to a reference snapshot file stored alongside the test.

\n

Snapshot Testing Benefits

\n

For QA Manual And Automation

\n\n

For Developer Unit Testing

\n\n

Need to install NPM

\n
    \n
  1. npm i mocha
    2. \n
  2. npm i clean-html
    3. \n
  3. npm i snap-shot
    4. \n
  4. npm i jsdom
    5. \n
  5. npm i jsdom-global
    6. \n
\n
\n

NightWatch does not have snapshot feature. So, We will use mocha to take snapshots. But Mocha will be run by NightWatch.

\n
\n

Directory Structure

\n

As per over automation project. We have created a \"snapshot\" folder under the \"test\" folder and we will be following the same structure as per the below project menu bar.

\n

\"N|Solid\"

\n

We also need to add Mocha test files, which will use to take snapshot and store under the root folder \"__snapshots__\".

\n

\"(https://cdn.filestackcontent.com/XGkI0wDrQoGDSp2djINg)\"

\n

If you are running automation code via visual code editor, then you can setup a launch.json file which helps you to debug your test code with all file/individual file.

\n

You can see the settings below of the launch.json file.

\n

\"(https://cdn.filestackcontent.com/qDjAHwHIQtKp2hmBdaEn)\"

\n
\n

Update Snapshot

\n

After creating a snapshot, sometimes we need to update snapshot due to improvement, customer requirements, and any valid changes on UI. So here, we can have some other settings which will help us.

\n
    \n
  1. \n

    If we want to update all snapshots by single command then we need to follow below instruction.

    \n

    Create a root folder file(update_snapshot.js) and paste code on it.

    \n
    (function(){\n      process.env.UPDATE\\=1;\n})()
    \n

    Add in package.json

    \n

    \"(https://cdn.filestackcontent.com/TTvchMDTW6F5x87J0688)\"

    \n
    2. \n
\n
\n

We can update all snapshot by using → npm run snapshot-u

\n
\n
    \n
  1. If we want to update the single snapshot then we can use the above technique but we just need to update the file name against \"test/snapshot\".
    2. \n
  2. \n

    If we use vscode, then we need to update launch.json as per above information

    \n

    \"(https://cdn.filestackcontent.com/uWX0pIUaSzKFyVKJGIYB)\"

    \n

    and need to create a file(\"snapshot.config.js\") in the root folder and paste the below code.

    \n

    \"(https://cdn.filestackcontent.com/Hh3PNxKmSo2pSFRA9YeM)\"

    \n
    3. \n
\n
\n

Important-: If we want to run only a snapshot test then we will need a small change in the nightwatch.json file.

\n
\n

\"(https://cdn.filestackcontent.com/EkBrPZffRv2ElZ0Qez36)\"

\n

You can find the complete reposrtory link here

\n","frontmatter":{"date":"July 29, 2020","updated_date":null,"description":"Snapshot testing is one of many different testing tools, which compares the previous and current snapshot. Unlike TDD, snapshot testing relies on the fact that your component renders correctly already. ","title":"Snapshot testing using Nightwatch and mocha","tags":["QA","Nightwatch","snapshot-testing"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.7699115044247788,"src":"/static/000213fd5d498be6b65615f968bd3343/ee604/snapshot_nightwatch.png","srcSet":"/static/000213fd5d498be6b65615f968bd3343/69585/snapshot_nightwatch.png 200w,\n/static/000213fd5d498be6b65615f968bd3343/497c6/snapshot_nightwatch.png 400w,\n/static/000213fd5d498be6b65615f968bd3343/ee604/snapshot_nightwatch.png 800w,\n/static/000213fd5d498be6b65615f968bd3343/f3583/snapshot_nightwatch.png 1200w,\n/static/000213fd5d498be6b65615f968bd3343/e4d72/snapshot_nightwatch.png 1280w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Nitesh Jain","github":"niteshjain1987","avatar":null}}}},{"node":{"excerpt":"Agile is becoming another SDLC methodology but in reality, it is beyond normal project management. With time It’s been accessorized a lot…","fields":{"slug":"/engineering/agile-development-team/"},"html":"

Agile is becoming another SDLC methodology but in reality, it is beyond normal project management. With time It’s been accessorized a lot and leaving behind the basic building blocks and the important entity the Agile Development Teams.

\n

Does anybody want a product full of bugs, non-scaleable, difficult to maintain?, certainly No.\nNo matter whatever the agile framework we use, the ultimate goal is a wonderful product with complete customer satisfaction. And it's the developers who sit in the centre and build the product and are responsible for the quality.

\n

Agile + Development Team = Agile Development Team

\n

What is Agile Development Team

\n

Before that let’s see who are the developers and what is a development team. A developer is a proficient individual in his technical skills. And a group of such individuals working on a project/product makes a development team. Then how does an Agile Development Team differ?

\n

The three attributes bring that difference.

\n

“A group of proficient individuals who are cross-functional, autonomous and self-organised sharing the same goal of building a bug-free product or delivering the project with proven quality”

\n

Cross-functional

\n

This doesn’t mean that every team member is 'master of all' or even a 'jack of all trades'. In fact, every individual carries their proficiency. But the important thing is that each team member is capable of building additional skills and as and when required can be applied during the development journey.

\n

It reduces the dependency and overall predictability increases and gives better room for risk management.

\n

Self-organised

\n

There is no right or wrong way to organise and hence sometimes teams fail. This attribute of the Agile development team gives freedom based on the maturity of the team to organise and plan the work for themselves. If in scrum team plans the daily work on their own. No one assigns the work.

\n

This helps in prevailing the high motivation, team members can better innovate and work towards the quality of deliverables. They can act without escalations without any unnecessary commands and control.

\n

Autonomy

\n

This brings the sense of ownership, a mental state when the team feels the accountability of the results. Team members voluntarily take ownership and make themselves responsible for the results of the product and project deliveries. Team members collaborate, work together, learn and share the feedback with an open mind. Help each other and grow together.

\n","frontmatter":{"date":"July 27, 2020","updated_date":null,"description":"Agile is becoming another SDLC methodology but in reality, it is beyond normal project management. With time It’s been accessorized a lot and leaving behind the basic building blocks and the important entity the Agile Development Teams.","title":"Qualities of an agile development team","tags":["Agile","Development","Teamwork"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/1acfbdd4ea318c142272c6adad88697f/14b42/agile.jpg","srcSet":"/static/1acfbdd4ea318c142272c6adad88697f/f836f/agile.jpg 200w,\n/static/1acfbdd4ea318c142272c6adad88697f/2244e/agile.jpg 400w,\n/static/1acfbdd4ea318c142272c6adad88697f/14b42/agile.jpg 800w,\n/static/1acfbdd4ea318c142272c6adad88697f/47498/agile.jpg 1200w,\n/static/1acfbdd4ea318c142272c6adad88697f/0e329/agile.jpg 1600w,\n/static/1acfbdd4ea318c142272c6adad88697f/77d93/agile.jpg 3600w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Vikram Jain","github":null,"avatar":null}}}},{"node":{"excerpt":"Digital Identity and IAM Domain have been the talk of the technology town for decades. There has been plenty of research, innovation, and…","fields":{"slug":"/engineering/difference-between-iam-ciam-and-idaas/"},"html":"

Digital Identity and IAM Domain have been the talk of the technology town for decades. There has been plenty of research, innovation, and information around these two, which led to many terminologies for the platforms providing the relevant features. Some of these terminologies are specific to the characteristics of the platform, while others are used interchangeably.

\n

In this article, let’s discuss the following commonly used terminologies for the platforms providing the relevant features:

\n\n

These terminologies revolve around the IAM, CIAM, and IDaaS platforms. The infographic below categorizes these terminologies within these platforms:

\n

\n \n

CIAM is a subset of the broader concept of identity access management (IAM). It explicitly focuses on managing customers' identities who need access to websites, web portals, and mobile apps.

\n

IDaaS is an authentication infrastructure that is built, hosted, and managed by a third-party service provider. IDaaS companies supply cloud-based authentication or identity management to enterprises who subscribe. It allows enterprises to use single sign-on, authentication, and access controls to provide secure access to their growing number of software and SaaS applications.

\n

IAM Features and Use Case

\n

IAM is used for employee/internal-facing identity and access management solutions. The following explains a typical example of the IAM implementation within an organization:

\n

John, a new employee, joins the organization, and the application allows provisioning of his organizational identity. John can then login to his organization's portal, and based on the access configuration, he is either authorized or denied access to information or a resource.

\n

Besides, the organization has multiple portals, and John is allowed to access these portals using the same credentials. Throughout the job tenure, John's profile is maintained or updated from time to time. Eventually, when John decides to move on, deleting John's account from one portal revokes his access to all other portals.

\n

IAM has the following four components:

\n\n
\n

Organizations earlier used on-premises IAM software for identity and access management. Now the identity management process is getting more complicated as organizations add more cloud services to their environments. Thus, as a logical step, the organizations adopt cloud-based Identity-as-a-Service (IDaaS) and cloud IAM solutions.

\n
\n

CIAM Features and Use Case

\n

CIAM is used for customer-facing solutions. The capabilities of IAM are followed in the CIAM solutions; however, the use cases and requirements vary. Common features of CIAM include:

\n\n

The following explains a typical example of the CIAM implementation in a customer-facing application:

\n

Sarah, a new customer registers on the application. If applicable, the application should request for Sarah’s consent on business privacy policies and get her social profile data. The application must ensure the security and privacy of the captured data during registration, social login, or activities performed during her life cycle. Besides, Sarah should be allowed to manage access to her profile data and delete her account from the application. On the other hand, the business should be allowed to get insights on their customer to understand and deliver their needs.

\n

The core components of IAM remain the same across areas like authentication, authorization, user management, and central user repository. Thus, the need for Single Sign-On, Authentication Protocols, Access Management, Centralized and Universal Directories, User Lifecycle Management and Authorization, etc remains the same.

\n
\n

It is a common misconception that the technology required for CIAM is the same for IAM. CIAM is far more challenging irrespective of the similarities with the IAM, and it is recommended to have a CIAM solution in place for your customers.

\n
\n

IDaaS Features and Use Case

\n

The enterprises typically use IDaaS to extend their existing IAM infrastructure. Thus, enterprise IDaaS providers must deploy solutions that can:

\n\n

The following are the critical features of IDaaS:

\n\n
\n

The enterprises use several applications, mostly cloud-based services, while some of the applications hosted on-premise. Managing the credentials and access to each of those applications has become hectic.

\n
\n
\n

Since IDaaS provides a single point of user and access management for all the applications, granting or revoking access to users becomes very easy. Besides, it enables SSO to avoid managing separate login credentials for different service providers.

\n
\n

If you are looking for information on more terminology around the platforms mentioned in this article, add your request in the comments below. I will either address them here or write another article dedicated to your requests and questions!

\n","frontmatter":{"date":"July 24, 2020","updated_date":null,"description":"Over time, organizations are using many terminologies for IAM, CIAM, and IDaaS platforms. This article clarifies the use of these terms, key features, and common use cases of IAM, CIAM, and IDaaS platforms.","title":"IAM, CIAM, and IDaaS - know the difference and terms used for them","tags":["iam","ciam","idaas","identity"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/edb0f0ef03462cf5772f0f1c54a7b27a/14b42/triplets.jpg","srcSet":"/static/edb0f0ef03462cf5772f0f1c54a7b27a/f836f/triplets.jpg 200w,\n/static/edb0f0ef03462cf5772f0f1c54a7b27a/2244e/triplets.jpg 400w,\n/static/edb0f0ef03462cf5772f0f1c54a7b27a/14b42/triplets.jpg 800w,\n/static/edb0f0ef03462cf5772f0f1c54a7b27a/47498/triplets.jpg 1200w,\n/static/edb0f0ef03462cf5772f0f1c54a7b27a/0e329/triplets.jpg 1600w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Archna Yadav","github":null,"avatar":null}}}}]},"markdownRemark":{"excerpt":"Google has prepared a roadmap to restrict third-party cookies in Chrome. Since 04 January 2024, Chrome has rolled out third-party cookie…","fields":{"slug":"/engineering/identity-impact-of-google-chrome-thirdparty-cookie-restrictions/"},"html":"

Google has prepared a roadmap to restrict third-party cookies in Chrome. Since 04 January 2024, Chrome has rolled out third-party cookie restrictions for 1% of stable clients and 20% of Canary, Dev, and Beta clients.

\n

What does it mean for user authentication?

\n

On one hand, Google believes third-party cookies are widely used for cross-site tracking, greatly affecting user privacy. Hence, Google wants to phase out (or restrict) supporting third-party cookies in Chrome by early Q2 2025 (subject to regulatory processes).

\n

On the other hand, Google introduced Privacy Sandbox to support the use cases (other than cross-site tracking and advertising) previously implemented using third-party cookies.

\n

In this article, we’ll discuss:

\n\n

How is User Authentication Affected?

\n

Third-party cookie restrictions affect user authentication in three ways, as follows.

\n

External Identity Providers

\n

If your website or app uses an external Identity Provider (IdP) — like LoginRadius, the IdP sets a third-party cookie when the user authenticates on your app.

\n

Web SSO

\n

If you have multiple apps across domains within your organization and authentication is handled using an IdP (internal or external) with web SSO, you already use third-party cookies to facilitate seamless access for each user using a single set of credentials.

\n

If you have implemented web SSO with one primary domain and multiple sub-domains of the primary domain, third-party cookie restrictions may not apply. For now, Google doesn’t consider the cookies set by sub-domains as third-party cookies, although this stance may change in the future.

\n

For example, you have apps at example.com, travel.example.com, stay.example.com, and web SSO is handled by auth.example.com. In this case, third-party cookie restrictions don’t apply.

\n

Federated SSO

\n

Federated SSO is similar to, albeit different from, web SSO. It can handle multiple IdPs and applications—aka., Service Providers (SPs)—spanning multiple organizations. It can also implement authentication scenarios that are usually implemented through web SSO.

\n

Usually, authentication is handled on a separate pop-up or page when the user wants to authenticate rather than on the application or website a user visits.

\n

For example, you already use federated SSO if you facilitate authentication for a set of apps through multiple social identity providers as well as traditional usernames and passwords.

\n
\n

Note: It is also possible to store tokens locally, not within cookies. In this case, third-party cookie restrictions won’t affect token-based authentication. However, the restrictions still affect authentication where tokens are stored within third-party cookies (a common and secure method).

\n
\n

Chrome’s Alternatives for Third-Party Cookies

\n

Google has been developing alternative features and capabilities for Chrome to replace third-party cookies as part of its Privacy Sandbox for Web initiative.

\n

Specific to authentication, Google recommends the following:

\n
    \n
  1. Cookies Having Independent Partitioned State (CHIPS)
    2. \n
  2. Storage Access API
    3. \n
  3. Related Website Sets
    4. \n
  4. Federated Credential Management (FedCM) API
    5. \n
\n

Cookies Having Independent Partitioned State (CHIPS)

\n

CHIPS are a restricted way of setting third-party cookies on a top-level site without making them accessible on other top-level sites. Thus, they limit cross-site tracking and enable specific cross-site functionalities, such as maps, chat, and payment embeds.

\n

For example, a user visits a.com with a map embed from map-example.com, which can set a partitioned cookie that is only accessible on a.com.

\n

If the user visits b.com with a map embed from map-example.com, it cannot access the partitioned cookie set on a.com. It has to create a separate partitioned cookie specific to b.com, thus blocking cross-site tracking yet allowing limited cross-site functionality.

\n

You should specifically opt for partitioned cookies (CHIPS), which are set with partitioned and secure cookie attributes.

\n

If you’re using an external identity provider for your application, CHIPS is a good option to supplant third-party cookie restrictions.

\n

However, CHIPS may not be ideal if you have a web SSO or federated SSO implementation. It creates separate partitioned cookies for each application with a separate domain, which can increase complexity and create compatibility issues.

\n

Storage Access API

\n

With Storage Access API, you can access the local storage in a third-party context through iframes, similar to when users visit it as a top-level site in a first-party context. That is, it gives access to unpartitioned cookies and storage.

\n

Storage Access API requires explicit user approval to grant access, similar to locations, camera, and microphone permissions. If the user denies access, unpartitioned cookies and storage won’t be accessible in a third-party context.

\n

It is most suitable when loading cross-site resources and interactions, such as:

\n

Verifying user sessions when allowing interactions on an embedded social post or providing personalization for an embedded video.\nEmbedded documents requiring user verification status to be accessible.

\n

As it requires explicit user approval, it is advisable to use Storage Access API when you can’t implement an identity use case with the other options.

\n

Related Website Sets

\n

With Related Website Sets, you can declare a primary website and associatedSites for limited purposes to grant third-party cookie access and local storage for a limited number of sites.

\n

Chrome automatically recognizes related website sets declared, accepted, and maintained in this open-source GitHub repository: Related Website Sets

\n

It provides access through Storage Access API directly without prompting for user approval, but only after the user interacts with the relevant iframe.

\n

It is important to declare a limited number of domains in related website sets that are meaningful and used for specific purposes. Google may block or suspend any exploitative use of this feature.

\n

The top-level site can also request approval for specific cross-site resources and scripts to Storage Access API using resuestStorageAccessFor() API.

\n

If you’re using an external identity provider for your web application, you can declare the domain of the identity provider in the related set to ensure limited third-party cookies and storage access to the identity provider, thus ensuring seamless user authentication.

\n

Related Website Sets can also work to supplement third-party cookie restrictions in web SSO and federated SSO if the number of web applications (or domains) is limited.

\n

Federated Credential Management (FedCM) API

\n

FedCM API enables federated SSO without third-party cookies.

\n

With FedCM API, a user follows these steps for authentication:

\n
    \n
  1. The User navigates to a Service Provider (SP) — aka., Relying Party (RP)
    2. \n
  2. As the user requests to authenticate, the SP requests the browser through FedCM API to initiate authentication.
    3. \n
  3. The browser displays a list of available identity providers (supported by the RP), such as social IdPs like Google, Apple, LinkedIn, and Facebook, or other OAuth IdPs like LoginRadius.
    4. \n
  4. Once the user selects an IdP, the browser communicates with the IdP. Upon valid authentication, the IdP generates a secure token.\nThe browser delivers this secure token to the RP to facilitate user authorization.
    5. \n
\n

You can access a user demo of FedCM here: FedCM.

\n

For more information about implementing federated SSO with FedCM API, go through the FedCM developer guide.

\n\n

Firstly, we’re committed to solving our customers' user identity pain points — and preparing for the third-party cookies phase-out is no different.

\n

We’ll implement the most relevant and widely useful solutions to facilitate a smooth transition for our customers.

\n

Please subscribe to our blog for more information. We’ll update you on how we help with the third-party cookie phase-out.

\n

In Conclusion

\n

The proposed changes to phase out third-party cookies and suggested alternatives are evolving as Google has been actively collaborating and discussing changes with the border community.

\n

Moreover, browsers like Firefox, Safari, and Edge may approach restricting third-party cookies differently than Google does.

\n

From LoginRadius, we’ll keep you updated on what we’re doing as a leading Customer Identity and Access Management (CIAM) vendor to prepare for the third-party cookie phase-out.

\n

Glossary

\n

Top-level site: It is the primary site a user has visited.

\n

First-party cookie: A cookie set by the top-level site.

\n

Third-party cookie: A cookie set by a domain other than the top-level site. For example, let’s assume that a user has visited a.com, which might use an embed from loginradius.com to facilitate authentication. If loginradius.com sets a cookie when the user visits a.com, it is called a third-party cookie as the user hasn’t directly visited loginradius.com.

\n

References

\n\n","frontmatter":{"date":"July 08, 2024","updated_date":null,"description":"Google Chrome has planned to phase out third-party cookies, which will affect different website functionalities depending on third-party cookies. This blog focuses on how this phase-out affects identity and user authentication and discusses alternatives for overcoming challenges.","title":"How Chrome’s Third-Party Cookie Restrictions Affect User Authentication?","tags":["Identity","Cookies","Chrome"],"pinned":null,"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/eb7396060c0adc430dbed2d04b63d431/ee604/third-party-cookies-phaseout-chrome.png","srcSet":"/static/eb7396060c0adc430dbed2d04b63d431/69585/third-party-cookies-phaseout-chrome.png 200w,\n/static/eb7396060c0adc430dbed2d04b63d431/497c6/third-party-cookies-phaseout-chrome.png 400w,\n/static/eb7396060c0adc430dbed2d04b63d431/ee604/third-party-cookies-phaseout-chrome.png 800w,\n/static/eb7396060c0adc430dbed2d04b63d431/f3583/third-party-cookies-phaseout-chrome.png 1200w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Raghunath Reddy","github":"raghunath-r-a","avatar":null}}}},"pageContext":{"limit":6,"skip":186,"currentPage":32,"type":"//engineering//","numPages":52,"pinned":"17fa0d7b-34c8-51c4-b047-df5e2bbaeedb"}},"staticQueryHashes":["1171199041","1384082988","2100481360","23180105","528864852"]}