DEVOXX FR 2016 We're Watching You (Apache Unomi)
168
-
Upload
serge-huber -
Category
Software
-
view
168 -
download
2
Transcript of DEVOXX FR 2016 We're Watching You (Apache Unomi)
#DevoxxFR
INTRO
2
#DevoxxFR
About me
3
Co-founder & CTO of Jahia 17 years Web Dev
experience
Apache committer
Coder at heart (since I’m 7)
Very interested in UX
Mobile App with over 1.2 million
downloads
#DevoxxFR 4
#DevoxxFR 5
Code started in 1999
#DevoxxFR 6
Company created in 2001
#DevoxxFR 7
(Web) CMS
#DevoxxFR 8
WYSIWYG
(What You See Is What You Get)
In-context editing
#DevoxxFR 9
#DevoxxFR 10
NOW
#DevoxxFR 11
Delivering tools to accelerate
#DevoxxFR 12
Customer Experience (CX)
Agility
#DevoxxFR
Our Products
13
incubating
#DevoxxFR 14
#DevoxxFR
THE PROBLEMS
15
#DevoxxFR 16
Tracking
#DevoxxFR
Tracking
17
#DevoxxFR
Tracking
18
DO NOT TRACK
#DevoxxFR
Tracking
20
Reality check:
Tracking is not always bad
#DevoxxFR
Tracking
21
Third parties
#DevoxxFR
Tracking
23
66 trackers !
#DevoxxFR
Tracking
24
No way to guarantee privacy!
#DevoxxFR 25
Security
#DevoxxFR 26
Layers
#DevoxxFR
Layers
27
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Layers
28
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
User
29
Doesn’t know much about technical privacy
#DevoxxFR
User
30
Doesn’t care about it
#DevoxxFR
User
31
Will (probably) be manipulated
#DevoxxFR
User
32
An (easy) target
#DevoxxFR
Layers
33
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Applications
34
Can be compromised (hacked)
#DevoxxFR
Applications
35
Might be old (not updated)
#DevoxxFR
Applications
36
Virus or keyloggers might intercept data
#DevoxxFR
Layers
37
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Operating system
38
Might be compromised (if not updated)
#DevoxxFR
Operating system
39
Might be part of the problem !
#DevoxxFR
Operating system
40
Windows 10
#DevoxxFR
Operating system
41
Default settings
#DevoxxFR
Operating system
42
Send typed words back to Microsoft !
#DevoxxFR
Layers
43
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
The Network
44
Wifi
#DevoxxFR
The Network
45
False open Wifi networks
#DevoxxFR
The Network
46
SSID :
“Free Airport”
“Lobby”
#DevoxxFR
The Network
47
Routes traffic through computer and relay to
internet
-> Intercepts all traffic in clear !
#DevoxxFR
Layers
48
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Servers
49
Cloud
#DevoxxFR
Servers
50
Safe ?
#DevoxxFR
Servers
51
Hackers like centralized public targets
#DevoxxFR
Servers
52
Easy Target Harder Target
#DevoxxFR
Servers
53
#DevoxxFR
Servers
54
"Bad news first, folks. LastPass, our favorite password manager (and yours) has been hacked. It’s time to change your master
password."LifeHacker.com
#DevoxxFR
Layers
55
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Server administrators
56
Even the best might get hacked !
#DevoxxFR
Server administrators
57
Social engineering
#DevoxxFR
Server administrators
58
Kevin Mitnick
#DevoxxFR
Server administrators
59
Previously “America's Most Wanted Computer Outlaw"
#DevoxxFR
Server administrators
60
Now a security consultant
#DevoxxFR
Server administrators
61
What's the hacking activity you are most proud of?…I guess my intrusion into Motorola. I was able to call an employee at Motorola and convince her to send me the code for the MicroTAC Ultra Lite cell phone...Motorola had their whole campus protected by SecurID and I was able to use an elaborate social-engineering scheme by also manipulating the telephone network and set up call-back numbers within Motorola's campus. So I convinced a manager in operations to tell one of the employees to read off his RSA SecurID code any time I needed it so I could access the network remotely.
Kevin Mitnick Q&A, CNet, June 22nd 2009
#DevoxxFR
Security
62
cloud != safer
#DevoxxFR
Security
63
nothing is (really) safer
#DevoxxFR 64
as a company…
#DevoxxFR 65
you need to keep…
#DevoxxFR 66
control of data
#DevoxxFR 67
trust of customers
#DevoxxFR 68
respect privacy (laws)
#DevoxxFR 69
improve customer experience
#DevoxxFR 70
better than your competition
#DevoxxFR 71
will be hard(er) to do with (some) cloud services
#DevoxxFR 72
Example
#DevoxxFR
Example
73
Native mobile application
#DevoxxFR
Example
74
App Analytics
#DevoxxFR
Example
75
Flurry (Yahoo)
#DevoxxFR
Example
76
#DevoxxFR
Example
77
Apple
#DevoxxFR
Example
78
Sending your precious customer (behavior) data
#DevoxxFR
Example
79
largest web companies
#DevoxxFR
Example
80
no (real) control over the data
#DevoxxFR
Example
81
they get more value out of it than you do !
#DevoxxFR
Example
82
every company gets the same analytics at the same
time
#DevoxxFR
Example
83
how can you compete on customer experience ?
#DevoxxFR
THE SOLUTIONS
84
#DevoxxFR 85
Security
#DevoxxFR
Layers
86
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Users
87
security training
(including social engineering)
#DevoxxFR
Layers
88
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Applications
89
updates
#DevoxxFR
Applications
90
security tools
(anti-malware, firewalls)
#DevoxxFR
Layers
91
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Operating systems
92
review all (default) settings
#DevoxxFR
Operating systems
93
make installs minimal (do you really need solitaire?)
#DevoxxFR
Layers
94
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Network
95
HTTPS
#DevoxxFR
Network
96
(Very) secure VPNs
#DevoxxFR
Layers
97
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Servers
98
publicly available infrastructure software
#DevoxxFR
Servers
99
(tested)
open source solutions
#DevoxxFR
Servers
100
agile tools and technologies
#DevoxxFR
Layers
101
Applications
Operating System
Network
Servers
Server Administrators
User
#DevoxxFR
Server administrators
102
Penetration testing (including dumpster diving)
#DevoxxFR 103
Tracking
#DevoxxFR 104
Tracking standards?
#DevoxxFR 105
Tracking preference expression (DNT) W3C
#DevoxxFR 106
Browser side
#DevoxxFR 107
Basic browser support (on/off)
#DevoxxFR 108
Too extreme
#DevoxxFR 109
Limited server support
#DevoxxFR 110
Doesn’t work in native mobile apps
#DevoxxFR 111
W3 Customer Experience Digital Data
#DevoxxFR 112
Client-side Javascript Object
#DevoxxFR 113
digitalData = { pageInstanceID: "MyHomePage-Production", page:{ } }; pageInfo: { pageID: "Home Page", destinationURL: "http://mysite.com/index.html"}, category:{ primaryCategory: "FAQ Pages", subCategory1: "ProductInfo", pageType: "FAQ"}, attributes:{ country: "US", language: "en-US"}
#DevoxxFR 114
Again browser only
#DevoxxFR 115
Won’t work for server-to-server
#DevoxxFR 116
Data Management Platforms?
#DevoxxFR 117
Seems (partly) relevant
#DevoxxFR 118
Some implementations
#DevoxxFR 119
Not open source
#DevoxxFR 120
And no standard !
#DevoxxFR 121
Well, we didn’t find what we need…
#DevoxxFR 122
So let’s start it ourselves !
#DevoxxFR 123
Introducing…
#DevoxxFR 124
OASIS Context Server Technical Committee
#DevoxxFR 125
A REST API standard
#DevoxxFR
To turn this
126
BI
SALES
SUPPORT
REPORT
CMS
ANALYTICSCRM
ID
MA
?
#DevoxxFR
Into this
127
@
#DevoxxFR 128
An API that’s…
#DevoxxFR 129
Easy to Use
#DevoxxFR 130
Easy to integrate
#DevoxxFR 131
Just HTTPS + JSON
#DevoxxFR 132
Apache Unomi (Open Source Reference Implementation of
OASIS Standard)
#DevoxxFR 133
+
UNOMI CORECXSID directory
Segmentation Engine
Events
Tracking Engine
RESTFUL API
+
DATA
BA
CK
-EN
D
FR
ON
T-E
ND
+
Apache
BI
SALES
REPORT
ANALYTICS
CRM
ID
MA
…
#DevoxxFR 134
RULES
ACTIONS
ProtocolsHTTP REST + JSON
SEGMENTSEVENTS
CONTEXT
CONDITIONS
PROFILES
CONTEXT SERVER
BIG DATA FRAMEWORKS
#DevoxxFR 135
Deploy
#DevoxxFR 136
Cloud
#DevoxxFR 137
On-premise !
#DevoxxFR 138
CONTEXT SERVER CMS
Issue trackingCRMSocial
BIG DATA SYSTEMS
#DevoxxFR 139
You (and your customers) are in control
#DevoxxFR 140
No need for third parties
#DevoxxFR 141
Real Privacy Management
#DevoxxFR 142
#DevoxxFR 143
How it works
#DevoxxFR 144
Load HTML page
Load HTML + JS to connect Context Server
Load context.js
Context for current request
(Optional) Load content based on context
(Optional) Send event such as login / hover
BROWSER CMS CONTEXT SERVER
JS callbacks
#DevoxxFR 145
What it does
#DevoxxFR 146
UNOMI
User tracking
Event tracking
Goal tracking, scoring Segmentation Form Input
tracking
Download tracking
Impersonification (personas)
A/B testing
Profile (visitor,contact,leads)
management and exportReporting
Privacy management
#DevoxxFR 147
Commercial Applications ?
#DevoxxFR 148
Angular UI built on top of Apache Unomi REST services
#DevoxxFR 149
Build your own ! It’s the beauty
of the Apache License !
#DevoxxFR
LIVE DEMO
150
#DevoxxFR 151
Improving shopping experience
Brick-and-mortar to online digital transformation
#DevoxxFR 152
Beacons
#DevoxxFR 153
Great for indoor positioning
#DevoxxFR 154
#DevoxxFR 155
1 2
3
Enter shop Browse soda aisle
Browse alcohol aisle
Digital signage in alcohol aisle
Remember: client has nothing in cart !
#DevoxxFR 156
Demo
#DevoxxFR 157
How it works
#DevoxxFR 158
Unomi Context Server
Content Server (Jahia Digital
Factory)
Push Notification
service
#DevoxxFR 159
Unomi Context Server
#DevoxxFR 160
No data left this room ! (except for notifications)
#DevoxxFR
CLOSING WORDS
161
#DevoxxFR
Q & A
CLOSING WORDS
162
#DevoxxFR
CLOSING WORDS
163
Remember
#DevoxxFR
CLOSING WORDS
164
We’re watching you !
#DevoxxFR
CLOSING WORDS
165
or
#DevoxxFR
CLOSING WORDS
166
#DevoxxFR
CLOSING WORDS
167
Thanks
#DevoxxFR
CLOSING WORDS
168
Serge Huber
Apache Unomi
http://unomi.incubator.apache.org
OASIS Context Server
https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cxs
Jahia
http://www.jahia.com BOOTH 37
