author: “Mateusz Jendza” title: “Knowledge Base & Links” date: “2024-08-12” description: “All my top links and resources in one place.” tags: [“KB”, “Links”] ShowToc: true weight: 1
Motto
Prediction is very difficult, especially about the future.
Niels Bohr
Links/resources that changed my life:
Verifiable Credentials
- TypeScript - https://github.com/openwallet-foundation/credo-ts
- .Net Wallet - https://github.com/openwallet-foundation-labs/wallet-framework-dotnet
- React native wallet - https://github.com/openwallet-foundation/bifold-wallet
Wallets on the market
- https://play.google.com/store/apps/details?id=id.paradym.wallet
- MS Authenticator App
Table with Products & Libraries
| Name | Details & Supported format | Link |
|---|---|---|
| Paradym | Dedicated Wallet (format:sd+vc-json)* | https://paradym.id/ |
| Entra Verified Id | Authenticatior App + Wallet SDK from MS | https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-verified-id |
| Demo: vcplayground | jwt-vc-json | https://vcplayground.org/ |
| Demo: https://funke.animo.id/ | EUDI | https://funke.animo.id/ |
| WalletSDK | works with vcplayground (format:jwt-vc-json)* | https://github.com/trustbloc/wallet-sdk |
| credo-ts | Full VC Backend (format:sd+vc-json) with REST extension https://credo.js.org/guides/extensions/rest and hosted with docker compose 💪 | https://github.com/openwallet-foundation/credo-ts https://credo.js.org/ |
*not confirmed via official pages and documentation
Links
- VC for Europeans
- eIDAS test site
- Decentralized Identifiers (DIDs) as an Identifier Metasystem
- Awesome Self-Sovereign Identity
- https://github.com/decentralized-identity/didcomm-messaging
- https://demo.didcomm.org/ 🔼
- https://github.com/e-id-admin/eidch-android-wallet
Documentation & Blog Posts
Enterprise
Cloud Architecture Materials
- https://github.com/Azure/Enterprise-Scale
- https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/ with nice visio drawing
- 🔨 (Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup
Landing Zones
- https://github.com/Azure/ALZ-Bicep/wiki/Accelerator
- GitHub - ACA-Landing-Zone-Accelerator
- Prepare your Azure Cloud Environment with the Cloud Adoption Framework
- Serverless Chats: Streaming Data at Scale Using Serverless with Anahit Pogosova Part 1
- Serverless Chats: Streaming Data at Scale Using Serverless with Anahit Pogosova Part 2
Software Architecture
- Architecture Styles Worksheet: https://www.developertoarchitect.com/downloads/architecture-styles-worksheet.pdf
- https://jacquiread.com/posts/software-design/
- Functional Programming on .net - The Best of Both Worlds - Isaac Abraham - NDC Oslo 2024: https://www.youtube.com/watch?v=V9GYPOsPj4M
- Let’s build the worst Event Sourcing system! - Oskar Dudycz - NDC London 2024: https://www.youtube.com/watch?v=20zvAJAhqS0
evolutionary-architecture
- by example Github and Video
- 📖The Software Architect Elevator
- 📖Designing Data-Intensive Applications
- 🔨 PL Async Internals in .NET
- Advanced API and Integration Problems & Patterns - Udi Dahan - NDC Oslo 2022
- 📖Database Internals
- 💥Learn Advanced Distributed Systems Design
Radar
- https://www.stigg.io/
- https://supademo.com
- https://backstage.io (https://github.com/shano/awesome-backstage)
- https://github.com/HaschekSolutions/opentrashmail
AI playground
- https://block.github.io/goose/
- 👑 https://bolt.new (React UI by AI)
- 👑 testing: https://aider.chat/
- https://app.co.dev/
- https://v0.dev/
- 🤖 testing: https://docs.anthropic.com/en/docs/agents-and-tools/claude-code/overview
- 🤖 testing: GitHub Copilot Chat Agent Mode via VS Code Insiders (link)
- IDE for AI development https://github.com/cline/cline
LLM & chat & solutions
- https://techcommunity.microsoft.com/blog/azure-ai-services-blog/graphrag-end-to-end-poc/4361080
- https://learn.microsoft.com/azure/cosmos-db/gen-ai/quickstart-rag-chatbot
IAM
- OCTA: OAuth 2.0 and OpenID Connect (in plain English)
- https://www.nango.dev/blog/why-is-oauth-still-hard
- https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
- https://auth0.com/docs/authorization
- awesome-iam
- OAuth – the good Parts - Dominick Baier - NDC Oslo 2021 https://www.youtube.com/watch?v=y2Psj8ACZyw
- Test FIDO2/Passkeys https://www.token2.swiss/tools/fido2-demo
- 🔒 Demystifying cookies and tokens
- 🔒 AWS Cognito Sample https://medium.com/@samudurand/protecting-lambda-urls-with-cognito-iam-lambda-edge-and-cdk-4ac79f9e779c
- 🔒 FGA solution https://docs.permit.io/modeling/mesa-verde/ & DEMO https://github.com/permitio/mesa-verde-banking-demo
Open Source
- https://github.com/discord/access
- https://github.com/jhaals/yopass
- https://github.com/JanssenProject/jans
Entra ID
- Journey to Azure AD PRT- Primary Refresh Token
- Newsletter: https://entra.news
- https://github.com/merill/awesome-entra
- big picture diagram https://github.com/msandbu/azuread
- Entra ID as a code: https://www.terraprovider.com/
- https://identity-man.eu/2020/11/23/an-introduction-to-azure-ad-identity-governance/
- Workload Identity Protection
- Governance
- Managed ID
- App Registrations, Enterprise Apps and Service Principals
- PIM
- 🔒 https://learn.microsoft.com/en-us/entra/architecture/external-identity-deployment-architectures
- 🔒 https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-configure-kerberos-sso
Governance
Workload Identity
- https://device-insight.com/en/developers-blog/use-azure-ad-workload-identity-for-pod-assigned-managed-identity-in-aks/
- https://johnlokerse.dev/2024/05/05/setup-azure-devops-workload-identity-federation-using-azure-bicep/
Security & Monitoring
- https://github.com/Cloud-Architekt/AzureAD-Attack-Defense
- https://github.com/reprise99/Sentinel-Queries
Development & Samples
- Asp.Net Web App - Confidential Client: https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2
- https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-v2
- JavaScript Public Client: https://github.com/Azure-Samples/ms-identity-docs-code-javascript
- For External ID sample: https://github.com/Azure-Samples/ms-identity-ciam-javascript-tutorial
MSAL
IAM & CIAM Solutions
CIAM
Azure
Tools
- Kleopatra - manage Yubikey certificates, etc https://apps.kde.org/kleopatra/
- faking data and getting notification someone is accessing (credit card, AWS credentials) https://canarytokens.org/generate
Fun
Testing
- https://oidcdebugger.com/debug
- https://chrome.google.com/webstore/detail/saml-devtools-extension/jndllhgbinhiiddokbeoeepbppdnhhio
MSAL | OpenID Connect | Azure ==> Authentication & Authorization
- Summary about MS samples & platforms https://learn.microsoft.com/en-us/entra/identity-platform/sample-v2-code
- MS Samples
- MSAL - Retry policies
- MSAL Logger
- OAuth - Native Flow Authorization Code Flow Diagram
- Openid Connect Diagram - get token via confidential client
- Postman Oauth Entra ID Collection
- Default Azure Credentials
- Authentication with multiple identity providers
CIAM
- Microsoft Woodgrove Groceries -> Azure AD B2C MS Demo
- Microsoft Woodgrove Groceries -> Entra External ID for Customers MS Demo
Azure & Microsoft 365
Azure Policies
- https://blog.tyang.org/2021/12/06/monitoring-azure-policy-compliance-states-2021-edition and connected repo: https://github.com/andrewmatveychuk/azure.policy
- and from the previous link: https://blog.tyang.org/2021/12/06/monitoring-azure-policy-compliance-states-2021-edition
Security
- https://medium.com/@omaxel/allow-access-to-azure-app-service-only-from-azure-front-door-bdfa16bc675d
- https://cloudtips.nl/securing-azure-web-apps-and-function-apps-with-azure-front-door-e4a5e4071290
Landing Zone
- https://www.youtube.com/watch?v=IyQM_wG_X_Q & https://github.com/Azure/terraform-azurerm-caf-enterprise-scale
- https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/
- https://github.com/Azure/ALZ-Bicep/wiki/Accelerator
- https://github.com/Azure/terraform-azurerm-lz-vending
DevOps
- https://medium.com/into-alm/configuration-as-code-moving-away-from-library-groups-in-azure-devops-e9ff683d150d
- https://azure.github.io/Azure-Verified-Modules/
- https://github.com/Azure/bicep-registry-modules
- https://github.com/arindam0310018/10-Oct-2023-DevOps__Workload-Identity-Federation-with-Service-Principal-Using-Terraform
Documentation & Internal Development tools
network/web
https://blog.icewolf.ch/archive/2023/05/28/http-security-headers/
🔨 🔒 Secure your website with the right security headers Mozilla and SecurityHeaders
speed test with details: https://speed.cloudflare.com/
IaC
- https://spacelift.io/ (Terraform&OpenTofu)
- https://registry.terraform.io/modules/Azure-Terraformer/atat/github/latest
Entra ID as a Code
👯👯 blogs and people 👯👯
- https://damienbod.com/
- https://identity-man.eu/
- https://www.troyhunt.com/
- https://scotthelme.co.uk/
- https://event-driven.io/ and the tag Architecture: https://event-driven.io/en/category/architecture/
- https://blog.codingmilitia.com/
- https://architectelevator.com/
- https://ericonidentity.com/
🔭 Feeds 🔭
Entra ID
🤔 Workstation & Tools & IDE’s 🤔
Identity
- SMS online service to test OTP: https://anonymsms.com/
- Temporary Email Service (you can define your email address): https://www.minuteinbox.com/
- Postman Collection
- A verification tool to replace CAPTCHAS: https://www.cloudflare.com/products/turnstile/
Debug JWT tokens (Open ID Connect flows)
Azure AD B2C
- VS Code + B2C extension + APP insights debugger
Software Development
- temp mail(trashmail) as a service https://github.com/HaschekSolutions/opentrashmail
- Mock Service (when you need to check the request payload ;) ) https://beeceptor.com/
- Security Headers check https://securityheaders.com/
- https://backstage.io/
Tunnel/proxy to the local environment
- www.cloudflare.com Tunnel
- ngrok.com - need to pay 10$ for features
- Visual Studio IDE built-in proxy
Smarthome (and not only)
- HomeAssistant: https://www.home-assistant.io/
- esphome https://esphome.io/ (ESP8266 | ESP32 | other => easy yaml config and push to HomeAssistant)
- portainer https://www.portainer.io/ (Conteiner Management for Docker)
- Home DNS server? Try PiHole https://pi-hole.net/
- OpenWrt as router OS https://openwrt.org/
- smart switches and other devices https://www.shelly.com/
- HAVC: Salus Controls & Panasonic AC (with https://github.com/sockless-coding/panasonic_cc integration)
Other (tools)
Other
- Wat
- Email vs Capitalism, or, Why We Can’t Have Nice Things - Dylan Beattie - NDC Oslo 2023
- Foxes
- Mountain Biking
- Żywot programisty - sorry only for polish programmers 👷