TODO ramasser les décher et les mettre à la poubelle
+
TODO ne pas laisser de vaisselle dans la chambre
+
TODO ne pas laisser de bouteille d'eau dans la chambre
+
TODO ne pas laisser de nourriture dans la chambre
+
+
+
+
1.1.2TODO Repas [0/8]
+
+
+
+
TODO Participer à mettre la table [0/6]
+
+
TODO Assiettes
+
TODO Couverts
+
TODO Verres
+
TODO Plat principal
+
TODO Eau
+
TODO Condiments (sel, poivre, vinaigrette, etc…)
+
+
+
TODO Nettoyer après avoir manger [0/2]
+
+
TODO ranger sa table [0/3]
+
+
TODO son assiette / bols / etc…
+
TODO ses couverts
+
TODO son verre
+
+
+
TODO débarrasser la table [0/6]
+
+
TODO l'eau à re-remplir, remettre au frais pour le lendemain
+
TODO débarrasser le plat principal
+
+
+
si il reste beaucoup remettre le plat au frigo (le laisser refroidir)
+
si il en reste peu, ou qu'on n'en remangera pas, vider le reste du plat
+principal dans un autre récipient plus petit et le mettre soi au frigo,
+soit au congélateur pour le manger plus tard. Et nettoyer, à la main, le
+grand récipient (plat à gratin, saladier, marmite, etc…)
+
+
+
+
TODO débarrasser le pain et le remettre à sa place
+
TODO débarrasser les condiments (sel, moutarde, etc…)
+
TODO essuyer la table
+
+
+
vérifier qu'il ne reste plus rien
+
essuyer sur les rebords de la table
+
nettoyer les miettes par terre ou essuyer si c'est vraiment sale
+
après avoir passer l'éponge, essuyer avec une serviette pour ne pas
+laisser des traces d'humidité
+
+
+
+
TODO Mettre au recyclage vs poubelle
+
+
+
+
+
TODO Savoir mettre correctement la vaisselle dans le lave vaisselle
+
+
+
les verres jamais dans le mauvais sens
+
les bols et les assiettes creusent ne doivent pas être obstruées
+
il vaut mieux nettoyer une gros élément à la main que lancer le lave
+vaisselle inutilement 2x
+
+
+
+
TODO Savoir si on doit lancer le lave vaisselle
+
TODO Savoir lancer le lave vaisselle si nécessaire
+
TODO Savoir si on doit débarrasser le lave vaisselle
+
TODO Débarrasser le lave vaisselle
+
+
+
+
1.1.3TODO Zones communes [0/5]
+
+
+
+
TODO Salon/cuisine [0/6]
+
+
TODO Si le sol est sale lancer le robot
+
TODO Savoir vider et nettoyer le robot
+
TODO Si la poubelle est pleine, jeter la poubelle, savoir la remplacer
+
TODO Si la poubelle coule et salit le sol, savoir nettoyer le sol
+
TODO Savoir nettoyer la poubelle si elle est sale
+
TODO Savoir passer l'aspirateur et la pièce
+
+
+
TODO Savoir s'il faut arroser les plantes et les arroser si nécessaire
+
TODO Salle de bain [0/7]
+
+
TODO Savoir ranger sa sale de bain
+
TODO Savoir plier et ranger sa serviette
+
TODO Nettoyer le sol après la douche
+
TODO Nettoyer le siphon de la douche si nécessaire
+
TODO Nettoyer le lavabo
+
TODO Savoir ranger les produit d'hygiène, jeter et prévoir
+
TODO Savoir utiliser les produits d'entretiens
+
+
+
TODO Toilettes [0/4]
+
+
TODO Jeter les rouleau usagés
+
TODO Nettoyer le sol sale des toilettes si besoin
+
TODO Vérifier et nettoyer les traces sous l'abattant
+
TODO Savoir acheter du papier toilette (ne pas attendre qu'il soit trop tard)
+
+
+
TODO Entrée [0/4]
+
+
TODO ranger ses chaussures dès l'entrée dans l'appartement
+
TODO pendre ses manteaux/gilets dans la penderie
+
TODO ranger ses bonnets / gants / accessoires dans la penderie
+
TODO ramasser et ranger ce qui traîne
+
+
+
+
+
+
+
1.2TODO Hygiène [0/4]
+
+
+
+
1.2.1TODO Se brosser les dents
+
+
+
1.2.2TODO Se doucher
+
+
+
1.2.3TODO Dîner si possible en famille
+
+
+
1.2.4TODO Se laver les mains avant de manger et de mettre la table
+
+
+
+
1.3TODO Travail scolaire / permis / obligations diverses [0/2]
+
+
diff --git a/inbox.org b/inbox.org
index af3d2dde..40386cc6 100644
--- a/inbox.org
+++ b/inbox.org
@@ -1,7 +1,7 @@
#+Title:TODO
#+Author: Yann Esposito
#+ARCHIVE: archives/TODO.archive.org::
-#+TODO: TODO(t) IN-PROGRESS(p) HOLD(h@/!) WAITING(w@/!) | DONE(d) CANCELED(c@/!) HANDLED(l@/!)
+#+TODO: TODO(t) IN-PROGRESS(p) DELEGATED(g@/!) HOLD(h@/!) WAITING(w@/!) | DONE(d) CANCELED(c@/!) HANDLED(l@/!)
#+COLUMNS: %TODO %3PRIORITY %40ITEM(Task) %CLOCKSUM %8TAGS(TAG)
#+STARTUP: overview
#+LANG: fr
@@ -10,204 +10,94 @@
SPC y o c => DISPLAY org columns
#+end_comment
* Inbox
-** TODO Compléter compte Solidarite Depot 7597,84€
-DEADLINE: <2023-08-10 Thu 15:00>
-[2023-08-09 Wed 14:50]
+** DONE [#B] Payer Farina
+DEADLINE: <2024-02-01 Thu 10:00>
+[2024-01-31 Wed 21:03]
+** TODO Compléter dossier MDPH best practices
+SCHEDULED: <2024-01-30 Tue 10:00>
+[2024-01-21 Sun 11:38]
+** DONE Carrosserie
+SCHEDULED: <2024-01-18 Thu 10:00>
+[2024-01-17 Wed 17:14]
+** DONE Decision crédit Toyota 17k
+SCHEDULED: <2024-01-14 Sun 14:00>
+[2024-01-12 Fri 09:54]
+** TODO Lire le wiki vos-finances [[https://www.reddit.com/r/vosfinances/wiki/index][wiki]]
+SCHEDULED: <2024-02-03 Sat 19:10>
+[2023-10-29 Sun 15:35]
+** DONE Réessayer [[https://www.mamedev.org/?p=530][MAME]]
+SCHEDULED: <2024-01-27 Sat 11:00>
+[2023-10-25 Wed 08:03]
+** TODO Check lettre Matthieu à Val
+[2023-10-03 Tue 19:16]
-
-** TODO Signer Assurance Habitation
-DEADLINE: <2023-08-09 Wed 18:00>
-[2023-08-09 Wed 14:43]
-** TODO Réserver restaurant
-DEADLINE: <2023-08-09 Wed 18:00>
-[2023-08-09 Wed 13:18]
-** TODO Envoyer demande de virement
-DEADLINE: <2023-08-09 Wed 14:00>
-[2023-08-09 Wed 13:18]
-** DONE Envoyer lettre de resiliation bail
-SCHEDULED: <2023-08-09 Wed>
-[2023-08-09 Wed 13:16]
-** TODO Prendre RDV carrossier
-SCHEDULED: <2023-08-21 Mon 10:00>
-[2023-07-26 Wed 11:37]
-
-https://carrosserie-maurice.fr/contact
-
-
-** DONE Envoyer mail Mme Verdier
-DEADLINE: <2023-07-24 Mon 13:00>
-[2023-07-24 Mon 12:19]
-
-Bonjour Mme Verdier,
-
-Après nous être renseigné, il apparaît que pour le dossier MDPH d'Anna, dans le dossier medical il faudra insister sur ses besoins et sur les situations qui sont définitives et ne changeront pas.
-
-En vous laissant évidemment le soins d'évaluer chaque demande.
-Les points les plus importants pour Anna nous semble êtres:
-
-- Son besoin d'avoir un *chien d'assistance*. Sans lui, elle est incapable de
- sortir de le maison, de prendre les transports en communs, et d'accomplir les
- actes courants de la vie en société.
- Le chien est une aide essentielle à la gestion de ses crises d'angoisses et à
- leur réduction en intensité.
- Et pour y avoir droit, il lui faut absolument une carte CMI, qui n'est
- accordée dans le cas d'Anna qu'avec un taux d'incapacité d'au moins 80% (c.f. https://www.monparcourshandicap.gouv.fr/aides/la-carte-mobilite-inclusion-mention-invalidite).
- Idealement avec la mention a « besoin d’accompagnement », pour celà il faudra
- qu'Anna bénéficie de la PCH.
-- Ses *appareils auditifs* qui rendent plus supportable l'environnement dans les
- lieux publics et privés (réunions en famille avec présence d'enfants ou de musique). Il me semble que cela
-sera un besoin qu'elle aura jusqu'à la fin de sa vie.
-- *Un suivi de psychoéducation*, un suivi par un psychologue spécialisé, des
- groupes d'activités sociales, l'aider a prendre des transports en commun.
-
- Pour justifier tous ces besoins il me semble qu'il faut insister sur:
-
-- Sa fatiguabilité qui l'empêche de suivre des études normales ou d'avoir un travail à temps plein. Et qu'il s'agit d'une situation qui ne pourra pas changer. C'est pourquoi nous allons demander la reconnaissance à vie de la RQTH.
-- Ses anxiétés (TAG)
-- La permanence de sa situation. Étant donné la situation actuelle des troubles anxieux et des phobies sociales d'Anna il nous semble que le chien lui sera nécessaire pour de nombreuses années et très probablement jusqu'à la fin de sa vie. C'est pourquoi nous demanderons une reconnaissance à vie de la CMI. Et si non accordée au moins pour une vingtaine d'années.
-** DONE Imprimer Dossier médical MDPH Anna
-SCHEDULED: <2023-07-19 Wed 11:00>
-[2023-07-18 Tue 20:26]
-** CANCELED Appeler Toyota (nouvelle voiture)
-SCHEDULED: <2023-07-19 Wed 10:30>
-:LOGBOOK:
-- State "CANCELED" from "TODO" [2023-07-26 Wed 11:36]
-:END:
-[2023-07-18 Tue 20:26]
-** DONE Aller chercher Krystelle
-SCHEDULED: <2023-07-11 Tue 17:25>
-[2023-07-11 Tue 10:50]
-** DONE Amener Anna chez l'ergothérapeute
-SCHEDULED: <2023-05-31 Wed 11:00>
-[2023-05-31 Wed 10:56]
-** DONE Appeler agence pour remplir la déclaration immo
-DEADLINE: <2023-05-30 Tue 11:00>
-:LOGBOOK:
-- State "DONE" from "WAITING" [2023-05-31 Wed 18:45]
-- State "WAITING" from "TODO" [2023-05-30 Tue 14:42] \\
- J'ai laissé un message, j'attend leur appel.
-:END:
-[2023-05-28 Sun 20:21]
-
-Marie Paumier Jamet
-CONSEILLÈRE IMMOBILIER
-AGENCE Flash Immobilier SE
-13 Cours du 4 septembre
-13500 Martigues
-Tél: 04 42 07 10 12
-Mob: 06 18 44 17 53
-
-Garage:
-- Montant du loyer mensuel théorique hors charges :
-- Le loyer est-il plafonné ?
-
-Appartement:
-- Montant du loyer mensuel théorique hors charges :
-- Le loyer est-il plafonné ?
-** CANCELED Appeler les contacts asperger [[https://www.autisme13.fr/articles/][link]]
-SCHEDULED: <2023-06-02 Fri 14:00>
-:LOGBOOK:
-- State "CANCELED" from "TODO" [2023-06-07 Wed 17:16] \\
- Krystelle n'a finalement pas été intéressé tout de suite.
-:END:
-[2023-05-28 Sun 10:51]
-
-https://www.autisme13.fr/articles/
-** DONE Appeler Autisme Info Service
-SCHEDULED: <2023-07-19 Wed 10:00>
-:LOGBOOK:
-- State "TODO" from "CANCELED" [2023-06-12 Mon 18:17]
-:END:
-[2023-05-28 Sun 10:50]
-** DONE Déclarer occupants des locaux impots
-DEADLINE: <2023-06-30 Fri 14:00> SCHEDULED: <2023-05-30 Tue 14:30>
-[2023-05-20 Sat 11:17]
-
-impots.gouv.fr>Votre espace particulier>Biens Immobiliers
-** CANCELED Rappeler mairie de Valbonne pour suivi dossier juré.
-DEADLINE: <2023-06-02 Fri 12:00>
-:LOGBOOK:
-- State "CANCELED" from "TODO" [2023-06-12 Mon 18:17]
-:END:
-[2023-05-02 Tue 10:40]
-** TODO [#B] Préparer une TODO list post-mortem pour la famille :family:
-SCHEDULED: <2023-08-15 Tue 10:00>
+Raison de la radiation:
+- manque de suivi
+** TODO [#B] [[file:death.org.gpg][Post Mortem]] pour la famille :family:
+SCHEDULED: <2024-03-05 Tue 11:00 +1m>
[2023-04-30 Sun 09:06]
1. Fermer mes serveurs
2. Trouver mes comptes
3. Récupérer mes access (mots de passe, keychain, etc…)
-** TODO Acheter vignettes critair
-SCHEDULED: <2023-08-08 Tue 18:00>
-[2023-06-18 Sun 17:53]
+** TODO Voitures (addresses, Crit'Air)
+SCHEDULED: <2024-01-29 Mon 11:00>
+*** TODO Acheter vignette Crit'air Aygo
+**** TODO Changer l'addresse du Aygo
+***** TODO Joindre Toyota (Aygo)
+*** TODO Acheter vignette Crit'air CHR
+**** TODO Changer l'addresse du CHR
+***** TODO Joindre Toyota (CHR)
+*** TODO Décider choix Voiture CHR
+**** TODO Continuer nouvelle LOA
+***** TODO Aller chez le [[https://www.carrosserie-rca.fr/contact.php][carrossier]] 0481684549
+***** TODO Changer les pneus
+**** TODO Rachat + Crédit
* Perso :perso:
** Habits :habit:
** Maybe :maybe:
+** TODO Programming Language Ideas
+[2023-08-02 Wed 17:03]
+AST agnostics/copies by syntax
+
+explcit constraints. doc type system, tests
* Famille :family:
** Daily :daily:
*** TODO Attention gentille
-SCHEDULED: <2023-08-10 Thu .+1d>
+SCHEDULED: <2024-01-30 Tue .+1d>
:PROPERTIES:
-:LAST_REPEAT: [2023-08-09 Wed 13:15]
+:LAST_REPEAT: [2024-01-29 Mon 09:20]
:END:
:LOGBOOK:
-- State "DONE" from "TODO" [2023-08-09 Wed 13:15]
-- State "DONE" from "TODO" [2023-07-28 Fri 17:58]
-- State "DONE" from "TODO" [2023-07-27 Thu 11:32]
-- State "DONE" from "TODO" [2023-07-20 Thu 14:21]
-- State "DONE" from "TODO" [2023-07-18 Tue 20:33]
-- State "DONE" from "TODO" [2023-07-17 Mon 09:05]
-- State "DONE" from "TODO" [2023-07-13 Thu 12:11]
-- State "DONE" from "TODO" [2023-07-11 Tue 10:52]
-- State "DONE" from "TODO" [2023-07-05 Wed 21:43]
-- State "DONE" from "TODO" [2023-06-29 Thu 10:18]
-- State "DONE" from "TODO" [2023-06-16 Fri 17:50]
-- State "DONE" from "TODO" [2023-06-07 Wed 17:17]
-- State "DONE" from "TODO" [2023-06-02 Fri 19:55]
-- State "DONE" from "TODO" [2023-05-31 Wed 18:45]
-- State "DONE" from "TODO" [2023-05-30 Tue 11:31]
-- State "DONE" from "TODO" [2023-05-28 Sun 10:50]
-- State "DONE" from "TODO" [2023-05-20 Sat 11:19]
-- State "DONE" from "TODO" [2023-05-17 Wed 15:58]
-- State "DONE" from "TODO" [2023-05-16 Tue 15:41]
-- State "DONE" from "TODO" [2023-05-12 Fri 13:56]
-- State "DONE" from "TODO" [2023-05-10 Wed 10:34]
-- State "DONE" from "TODO" [2023-05-09 Tue 10:51]
-- State "DONE" from "TODO" [2023-05-05 Fri 16:55]
-- State "DONE" from "TODO" [2023-05-04 Thu 11:42]
-- State "DONE" from "TODO" [2023-05-02 Tue 17:49]
-- State "DONE" from "TODO" [2023-04-28 Fri 10:11]
-- State "DONE" from "TODO" [2023-04-20 Thu 15:43]
-- State "DONE" from "TODO" [2023-04-04 Tue 22:57]
-- State "DONE" from "TODO" [2023-03-31 Fri 14:07]
-- State "DONE" from "TODO" [2023-03-27 Mon 10:57]
-- State "DONE" from "TODO" [2023-03-20 Mon 10:01]
-- State "DONE" from "TODO" [2023-03-10 Fri 10:08]
-- State "DONE" from "TODO" [2023-03-07 Tue 16:16]
-- State "DONE" from "TODO" [2023-02-22 Wed 18:36]
-- State "DONE" from "TODO" [2023-02-21 Tue 14:21]
-- State "DONE" from "TODO" [2023-02-17 Fri 08:57]
-- State "DONE" from "TODO" [2023-02-15 Wed 14:22]
-- State "DONE" from "TODO" [2023-02-13 Mon 10:02]
-- State "DONE" from "TODO" [2023-02-10 Fri 15:06]
-- State "DONE" from "TODO" [2023-02-08 Wed 14:16]
-- State "DONE" from "TODO" [2023-01-27 Fri 10:03]
-- State "DONE" from "TODO" [2023-01-24 Tue 14:47]
-- State "DONE" from "TODO" [2023-01-15 Sun 09:40]
-- State "DONE" from "TODO" [2022-12-21 Wed 14:20]
-- State "DONE" from "TODO" [2022-11-29 Tue 15:56]
-- State "DONE" from "TODO" [2022-11-26 Sat 10:16]
-- State "DONE" from "TODO" [2022-11-18 Fri 22:22]
-- State "DONE" from "TODO" [2022-11-17 Thu 18:10]
+- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
+- State "DONE" from "TODO" [2024-01-22 Mon 17:40]
+- State "DONE" from "TODO" [2024-01-20 Sat 10:51]
+- State "DONE" from "TODO" [2024-01-17 Wed 17:15]
+- State "DONE" from "TODO" [2024-01-08 Mon 15:41]
+- State "DONE" from "TODO" [2023-12-19 Tue 16:10]
+- State "DONE" from "TODO" [2023-12-04 Mon 15:04]
+- State "DONE" from "TODO" [2023-11-28 Tue 09:56]
+- State "DONE" from "TODO" [2023-11-15 Wed 20:27]
+- State "DONE" from "TODO" [2023-11-10 Fri 17:34]
+- State "DONE" from "TODO" [2023-11-06 Mon 17:39]
+- State "DONE" from "TODO" [2023-11-05 Sun 19:20]
+- State "DONE" from "TODO" [2023-10-29 Sun 15:37]
+- State "DONE" from "TODO" [2023-10-27 Fri 09:36]
+- State "DONE" from "TODO" [2023-10-25 Wed 09:02]
:END:
** Weekly :weekly:
*** TODO Appeler Papa
-SCHEDULED: <2023-05-04 Thu 14:00 .+1w>
+SCHEDULED: <2023-12-05 Tue 12:30 .+1w>
:PROPERTIES:
:STYLE: habit
-:LAST_REPEAT: [2023-04-27 Thu 16:45]
+:LAST_REPEAT: [2023-11-28 Tue 09:56]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2023-11-28 Tue 09:56]
+- State "DONE" from "TODO" [2023-11-05 Sun 19:19]
+- State "DONE" from "TODO" [2023-10-29 Sun 19:22]
+- State "DONE" from "TODO" [2023-10-09 Mon 13:37]
+- State "DONE" from "TODO" [2023-10-01 Sun 11:56]
- State "DONE" from "TODO" [2023-04-27 Thu 16:45]
- State "DONE" from "TODO" [2023-03-07 Tue 17:09]
- State "DONE" from "TODO" [2023-02-13 Mon 10:02]
@@ -216,12 +106,27 @@ SCHEDULED: <2023-05-04 Thu 14:00 .+1w>
- State "DONE" from "TODO" [2022-12-02 Fri 19:10]
:END:
*** TODO Appeler Maman
-SCHEDULED: <2023-07-25 Tue 12:00 .+1w>
+SCHEDULED: <2024-02-05 Mon 12:00 .+1w>
:PROPERTIES:
:STYLE: habit
-:LAST_REPEAT: [2023-07-18 Tue 20:33]
+:LAST_REPEAT: [2024-01-29 Mon 09:20]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
+- State "DONE" from "TODO" [2024-01-22 Mon 17:40]
+- State "DONE" from "TODO" [2024-01-08 Mon 15:43]
+- State "DONE" from "TODO" [2023-12-19 Tue 16:11]
+- State "DONE" from "TODO" [2023-12-04 Mon 15:05]
+- State "DONE" from "TODO" [2023-11-15 Wed 20:27]
+- State "DONE" from "TODO" [2023-11-05 Sun 19:19]
+- State "DONE" from "TODO" [2023-10-27 Fri 09:36]
+- State "DONE" from "TODO" [2023-10-16 Mon 10:54]
+- State "DONE" from "TODO" [2023-10-09 Mon 13:37]
+- State "DONE" from "TODO" [2023-10-01 Sun 11:55]
+- State "DONE" from "TODO" [2023-09-12 Tue 15:05]
+- State "DONE" from "TODO" [2023-09-05 Tue 09:48]
+- State "DONE" from "TODO" [2023-08-29 Tue 12:05]
+- State "DONE" from "TODO" [2023-08-16 Wed 09:39]
- State "DONE" from "TODO" [2023-07-18 Tue 20:33]
- State "DONE" from "TODO" [2023-06-21 Wed 15:40]
- State "DONE" from "TODO" [2023-05-30 Tue 11:33]
@@ -239,22 +144,24 @@ SCHEDULED: <2023-07-25 Tue 12:00 .+1w>
:END:
** Yearly :yearly:
*** TODO vaccination leichmaniose Oslo
-DEADLINE: <2024-01-20 Sat +1y>
+DEADLINE: <2025-01-20 Mon +1y>
:PROPERTIES:
-:LAST_REPEAT: [2023-01-27 Fri 09:43]
+:LAST_REPEAT: [2024-01-17 Wed 17:15]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-01-17 Wed 17:15]
- State "DONE" from "TODO" [2023-01-27 Fri 09:43]
- State "DONE" from "TODO" [2022-01-18 Tue 10:18]
- State "DONE" from "TODO" [2021-01-18 Mon 14:25]
:END:
[2020-05-23 Sat 10:27]
*** TODO Nettoyage barbecue
-SCHEDULED: <2023-09-19 Tue +1y>
+SCHEDULED: <2024-11-18 Mon 10:30 +1y>
:PROPERTIES:
-:LAST_REPEAT: [2023-01-23 Mon 17:32]
+:LAST_REPEAT: [2023-11-28 Tue 09:56]
:END:
:LOGBOOK:
+- State "CANCELED" from "TODO" [2023-11-28 Tue 09:56]
- State "HOLD" from "TODO" [2023-01-15 Sun 09:40]
:END:
[2020-05-23 Sat 10:32]
@@ -268,11 +175,12 @@ DEADLINE: <2024-04-08 Mon +1y -2w>
- State "DONE" from "TODO" [2022-04-07 Thu 11:56]
:END:
*** TODO [#A] Cadeau Mariage Krystelle (2000) :yearly:
-DEADLINE: <2023-08-12 Sat +1y -2w>
+DEADLINE: <2024-08-12 Mon +1y -2w>
:PROPERTIES:
-:LAST_REPEAT: [2022-08-13 Sat 19:43]
+:LAST_REPEAT: [2023-08-12 Sat 12:26]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2023-08-12 Sat 12:26]
- State "DONE" from "TODO" [2022-08-13 Sat 19:43]
- State "CANCELED" from "TODO" [2021-08-11 Wed 18:52]
- State "DONE" from "TODO" [2020-08-10 Mon 12:19]
@@ -287,11 +195,12 @@ DEADLINE: <2024-04-26 Fri +1y -2w>
- State "DONE" from "TODO" [2022-04-26 Tue 18:53]
:END:
*** TODO Appeler Thierry
-DEADLINE: <2024-01-04 Thu +1y>
+DEADLINE: <2025-01-04 Sat +1y>
:PROPERTIES:
-:LAST_REPEAT: [2023-01-06 Fri 11:14]
+:LAST_REPEAT: [2024-01-08 Mon 15:43]
:END:
:LOGBOOK:
+- State "DONE" from "TODO" [2024-01-08 Mon 15:43]
- State "DONE" from "TODO" [2023-01-06 Fri 11:14]
- State "CANCELED" from "TODO" [2022-01-18 Tue 09:42]
- State "DONE" from "TODO" [2021-02-28 Sun 11:56]
@@ -301,140 +210,66 @@ DEADLINE: <2024-01-04 Thu +1y>
[2020-12-26 Sat 13:03]
** Krystelle :krystelle:
** Anna :anna:
+*** TODO Trouver un établissement – DAEU
+SCHEDULED: <2024-02-24 Sat 12:00>
+[2023-08-02 Wed 12:39]
+https://www.daeu.fr/sinscrire-au-daeu/trouver-un-etablissement/
** Bastien :bastien:
-** Entitlements
-
-#+begin_src js
-[{"name": "tier",
- "value": "essentials",
- "quantity": {"value": 1000, "unit": "users"},
- "enforce_quantity": true},
- {"name": "extra_data_retention",
- "value": "",
- "quantity": {"value": 2, "unit": "days"},
- "enforce_quantity": true}]
-#+end_src
-
-#+begin_quote
-*entitlements*:
- A list of entitlements the tenant is allowed to use. Each item in the list is
- an object with the following fields:
-#+end_quote
-*** name
-
-#+begin_quote
-- name - The name of the entitlement (defined as part of the entitlement
- controlled vocabulary between PIAM and the product)
-#+end_quote
-*** value
-
-#+begin_quote
-- value - Some entitlements will have a string value that serves to qualify the
- entitlement, for example an entitlement with name=tier may have three
- different manifestations if there are three different tiers (e.g., {"name":
- "tier", "value": "essentials"}, {"name": "tier", "value": "premier"}, {"name":
- "tier", "value": "advantage"})
-#+end_quote
-*** quantity
-
-#+begin_quote
-- quantity - Some entitlements will have numeric quantity associated with the
- entitlement, this represents the amount of this entitlement the tenant is
- permitted to consume. Each quantity field will contain an object with the
- following values:
- - value - The number holding the actual quantity.
- - unit - A string representing what unit to use when interpreting the
- quantity.
-#+end_quote
-*** quantity_enforced
-
-#+begin_quote
-- quantity_enforced - A boolean field, if true it means that the product
- should enforce the allocated quantity of the entitlement for this tenant. It
- is up to the product to determine how to do this. Cases where this will be
- false are if the customer purchased via a buying program that supports a
- "pay as you go" pricing model.
-#+end_quote
+** Monthly :monthly:
+*** TODO Nettoyer la fontaine des animaux
+SCHEDULED: <2024-02-19 Mon 12:00 .+3w>
+:PROPERTIES:
+:LAST_REPEAT: [2024-01-29 Mon 09:20]
+:END:
+:LOGBOOK:
+- State "DONE" from "TODO" [2024-01-29 Mon 09:20]
+- State "DONE" from "TODO" [2024-01-08 Mon 15:42]
+- State "DONE" from "TODO" [2023-12-04 Mon 15:04]
+:END:
+[2023-10-05 Thu 21:09]
* Memory
-:PROPERTIES:
-:ID: 1644E007-AFBE-4F4B-9307-B007C60548E8
+** TODO client TG dans le config.edn :spaced:cisco:
+:LOGBOOK:
+- State "DONE" from "CANCELED" [2023-10-23 Mon 12:15]
+- State "DONE" from "CANCELED" [2023-10-23 Mon 12:15]
:END:
-** client TG dans le config.edn :fc:cisco:
-:PROPERTIES:
-:FC_CREATED: 2020-05-23T17:33:07Z
-:FC_TYPE: normal
-:ID: 8B092321-BA1F-47F9-A927-76D2E232CF51
-:END:
-:REVIEW_DATA:
-| position | ease | box | interval | due |
-|----------+------+-----+----------+----------------------|
-| front | 3.25 | 7 | 449.62 | 2022-04-20T04:53:05Z |
-:END:
-
Ne pas oublier le client de TG est dans le config.edn
-** Searh within org notes :fc:org:
+** TODO Search within org notes :spaced:org:
+SCHEDULED: <2024-02-05 Mon>
:PROPERTIES:
-:FC_CREATED: 2020-06-05T07:09:22Z
-:FC_TYPE: normal
-:ID: 49981B50-AFBD-4C93-A9C2-8D88550AB425
-:END:
-:REVIEW_DATA:
-| position | ease | box | interval | due |
-|----------+------+-----+----------+----------------------|
-| front | 2.65 | 7 | 289.32 | 2021-11-04T20:35:12Z |
+:SPACED_REPETITION: 4
:END:
=helm-org-rifle= (~SPC y o s~)
-** update ~[/]~ and ~[%]~ in org mode :fc:org:
+** TODO update ~[/]~ and ~[%]~ in org mode ~SPC m #~ :spaced:org:
+SCHEDULED: <2024-02-05 Mon>
:PROPERTIES:
-:FC_CREATED: 2020-06-13T12:35:49Z
-:FC_TYPE: normal
-:ID: 90110976-520D-4B0C-B1D9-3798323C370E
-:END:
-:REVIEW_DATA:
-| position | ease | box | interval | due |
-|----------+------+-----+----------+----------------------|
-| front | 2.35 | 7 | 265.02 | 2021-10-17T14:36:23Z |
+:SPACED_REPETITION: 4
:END:
-use ~SPC m #~ (~org-update-statistics-cookies~)
-** projectile toggle from implementation to test file :fc:
+use (~org-update-statistics-cookies~)
+** TODO projectile toggle from implementation to test file =SPC p y= :spaced:
+SCHEDULED: <2024-02-06 Tue>
:PROPERTIES:
-:FC_CREATED: 2020-07-02T13:16:56Z
-:FC_TYPE: normal
-:ID: 2110820C-4877-40B3-A351-2DEDE0F222C6
+:SPACED_REPETITION: 4
+:END:
+:LOGBOOK:
+- State "DELEGATED" from "HOLD" [2023-10-23 Mon 11:40]
:END:
:REVIEW_DATA:
| position | ease | box | interval | due |
|----------+------+-----+----------+----------------------|
| front | 2.65 | 7 | 287.31 | 2021-11-08T21:22:55Z |
:END:
-=SPC p y=
-** Create inactive timestmap ([DATE]) :fc:org:doom:
+** TODO Create inactive Timestamp: ~SPC m d T~ :spaced:org:doom:
+SCHEDULED: <2024-02-05 Mon>
:PROPERTIES:
-:FC_CREATED: 2020-09-01T10:16:26Z
-:FC_TYPE: normal
-:ID: a4ebd43b-b589-499e-85e1-7ebea0abf3af
-:END:
-:REVIEW_DATA:
-| position | ease | box | interval | due |
-|----------+------+-----+----------+----------------------|
-| front | 2.65 | 6 | 117.50 | 2021-03-16T20:55:04Z |
-:END:
-:LOGBOOK:
-CLOCK: [2020-09-01 Tue 12:13]--[2020-09-01 Tue 12:13] => 0:00
+:SPACED_REPETITION: 4
:END:
[2020-09-01 Tue 12:13]
-~SPC m d T~
-** Clone sub tree with time shift :fc:
+** TODO Clone sub tree with time shift :spaced:
+SCHEDULED: <2024-02-04 Sun>
:PROPERTIES:
-:FC_CREATED: 2020-12-02T13:54:51Z
-:FC_TYPE: normal
-:ID: 9207b53a-e38e-4996-abc6-140c31f2960a
-:END:
-:REVIEW_DATA:
-| position | ease | box | interval | due |
-|----------+------+-----+----------+----------------------|
-| front | 2.35 | 3 | 6.00 | 2021-01-31T14:02:51Z |
+:SPACED_REPETITION: 4
:END:
=org-clone-subtree-with-time-shift=
* Work :work:
@@ -444,633 +279,3 @@ CLOCK: [2020-09-01 Tue 12:13]--[2020-09-01 Tue 12:13] => 0:00
- =SPC m s c=
=- org-clone-subtree-with-time-shift=
#+end_comment
-** W28
-*** Monday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-10 Mon 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-10 Mon 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-10 Mon 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-10 Mon 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-10 Mon 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-10 Mon 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-10 Mon 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-10 Mon 10:00>
-*** Tuesday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-11 Tue 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-11 Tue 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-11 Tue 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-11 Tue 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-11 Tue 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-11 Tue 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-11 Tue 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-11 Tue 10:00>
-*** Wednesday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-12 Wed 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-12 Wed 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-12 Wed 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-12 Wed 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-12 Wed 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-12 Wed 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-12 Wed 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-12 Wed 10:00>
-*** Thursday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-13 Thu 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-13 Thu 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-13 Thu 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-13 Thu 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-13 Thu 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-13 Thu 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-13 Thu 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-13 Thu 10:00>
-** W29
-*** Monday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-17 Mon 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-17 Mon 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-17 Mon 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-17 Mon 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-17 Mon 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-17 Mon 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-17 Mon 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-17 Mon 10:00>
-*** Tuesday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-18 Tue 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-18 Tue 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-18 Tue 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-18 Tue 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-18 Tue 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-18 Tue 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-18 Tue 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-18 Tue 10:00>
-*** Wednesday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-19 Wed 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-19 Wed 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-19 Wed 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-19 Wed 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-19 Wed 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-19 Wed 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-19 Wed 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-19 Wed 10:00>
-*** Thursday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-20 Thu 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-20 Thu 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-20 Thu 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-20 Thu 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-20 Thu 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-20 Thu 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-20 Thu 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-20 Thu 10:00>
-*** Friday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-21 Fri 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-21 Fri 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-21 Fri 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-21 Fri 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-21 Fri 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-21 Fri 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-21 Fri 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-21 Fri 10:00>
-** W30
-*** Monday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-24 Mon 09:00>
-**** CANCELED [create-tasks] Agenda
-SCHEDULED: <2023-07-24 Mon 09:10>
-:LOGBOOK:
-- State "CANCELED" from "TODO" [2023-07-25 Tue 11:00]
-:END:
-**** CANCELED [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-24 Mon 09:20>
-:LOGBOOK:
-- State "CANCELED" from "TODO" [2023-07-25 Tue 11:00]
-:END:
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-24 Mon 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-24 Mon 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-24 Mon 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-24 Mon 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-24 Mon 10:00>
-*** Tuesday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-25 Tue 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-25 Tue 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-25 Tue 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-25 Tue 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-25 Tue 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-25 Tue 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-25 Tue 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-25 Tue 10:00>
-*** Wednesday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-26 Wed 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-26 Wed 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-26 Wed 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-26 Wed 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-26 Wed 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-26 Wed 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-26 Wed 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-26 Wed 10:00>
-*** Thursday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-27 Thu 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-27 Thu 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-27 Thu 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-27 Thu 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-27 Thu 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-27 Thu 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-27 Thu 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-27 Thu 10:00>
-*** Friday
-**** DONE [create-tasks] Webex
-SCHEDULED: <2023-07-28 Fri 09:00>
-**** DONE [create-tasks] Agenda
-SCHEDULED: <2023-07-28 Fri 09:10>
-**** DONE [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-07-28 Fri 09:20>
-**** DONE [create-tasks] Outlooks emails
-SCHEDULED: <2023-07-28 Fri 09:25>
-**** DONE [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-07-28 Fri 09:30>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-07-28 Fri 09:45>
-**** DONE [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-07-28 Fri 09:50>
-**** DONE [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-07-28 Fri 10:00>
-** W33
-*** Wednesday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-16 Wed 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-16 Wed 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-16 Wed 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-16 Wed 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-16 Wed 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-16 Wed 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-16 Wed 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-16 Wed 10:00>
-*** Thursday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-17 Thu 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-17 Thu 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-17 Thu 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-17 Thu 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-17 Thu 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-17 Thu 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-17 Thu 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-17 Thu 10:00>
-*** Friday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-18 Fri 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-18 Fri 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-18 Fri 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-18 Fri 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-18 Fri 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-18 Fri 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-18 Fri 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-18 Fri 10:00>
-** W34
-*** Monday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-21 Mon 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-21 Mon 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-21 Mon 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-21 Mon 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-21 Mon 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-21 Mon 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-21 Mon 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-21 Mon 10:00>
-*** Tuesday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-22 Tue 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-22 Tue 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-22 Tue 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-22 Tue 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-22 Tue 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-22 Tue 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-22 Tue 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-22 Tue 10:00>
-*** Wednesday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-23 Wed 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-23 Wed 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-23 Wed 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-23 Wed 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-23 Wed 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-23 Wed 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-23 Wed 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-23 Wed 10:00>
-*** Thursday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-24 Thu 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-24 Thu 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-24 Thu 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-24 Thu 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-24 Thu 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-24 Thu 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-24 Thu 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-24 Thu 10:00>
-*** Friday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-25 Fri 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-25 Fri 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-25 Fri 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-25 Fri 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-25 Fri 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-25 Fri 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-25 Fri 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-25 Fri 10:00>
-** W35
-*** Monday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-28 Mon 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-28 Mon 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-28 Mon 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-28 Mon 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-28 Mon 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-28 Mon 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-28 Mon 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-28 Mon 10:00>
-*** Tuesday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-29 Tue 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-29 Tue 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-29 Tue 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-29 Tue 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-29 Tue 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-29 Tue 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-29 Tue 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-29 Tue 10:00>
-*** Wednesday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-30 Wed 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-30 Wed 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-30 Wed 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-30 Wed 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-30 Wed 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-30 Wed 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-30 Wed 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-30 Wed 10:00>
-*** Thursday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-08-31 Thu 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-08-31 Thu 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-08-31 Thu 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-08-31 Thu 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-08-31 Thu 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-08-31 Thu 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-08-31 Thu 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-08-31 Thu 10:00>
-*** Friday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-09-01 Fri 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-09-01 Fri 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-09-01 Fri 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-09-01 Fri 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-09-01 Fri 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-09-01 Fri 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-09-01 Fri 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-09-01 Fri 10:00>
-** W36
-*** Monday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-09-04 Mon 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-09-04 Mon 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-09-04 Mon 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-09-04 Mon 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-09-04 Mon 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-09-04 Mon 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-09-04 Mon 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-09-04 Mon 10:00>
-*** Tuesday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-09-05 Tue 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-09-05 Tue 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-09-05 Tue 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-09-05 Tue 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-09-05 Tue 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-09-05 Tue 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-09-05 Tue 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-09-05 Tue 10:00>
-*** Wednesday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-09-06 Wed 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-09-06 Wed 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-09-06 Wed 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-09-06 Wed 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-09-06 Wed 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-09-06 Wed 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-09-06 Wed 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-09-06 Wed 10:00>
-*** Thursday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-09-07 Thu 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-09-07 Thu 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-09-07 Thu 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-09-07 Thu 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-09-07 Thu 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-09-07 Thu 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-09-07 Thu 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-09-07 Thu 10:00>
-*** Friday
-**** TODO [create-tasks] Webex
-SCHEDULED: <2023-09-08 Fri 09:00>
-**** TODO [create-tasks] Agenda
-SCHEDULED: <2023-09-08 Fri 09:10>
-**** TODO [create-tasks] Outlooks Flagged emails
-SCHEDULED: <2023-09-08 Fri 09:20>
-**** TODO [create-tasks] Outlooks emails
-SCHEDULED: <2023-09-08 Fri 09:25>
-**** TODO [create-tasks] Create [[https://github.com/notifications][Github notifications]] tasks
-SCHEDULED: <2023-09-08 Fri 09:30>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/obarbeau][Olivier's PRs]]
-SCHEDULED: <2023-09-08 Fri 09:45>
-**** TODO [create-tasks] [[https://github.com/advthreat/iroh/pulls/wandersoncferreira][Wanderson's PRs]]
-SCHEDULED: <2023-09-08 Fri 09:50>
-**** TODO [create-tasks] [[https://github.com/pulls?q=is%3Aopen+is%3Apr+archived%3Afalse+user%3Aadvthreat+author%3Ayogsototh][My PRs]]
-SCHEDULED: <2023-09-08 Fri 10:00>
-* DONE Repondre Joey Gibson
-SCHEDULED: <2023-07-13 Thu 14:00>
-[2023-07-13 Thu 07:32]
-* DONE GitHub - oliyh/superlifter: A DataLoader for Clojure/script
-SCHEDULED: <2023-07-27 Thu 10:00>
-[2023-07-27 Thu 05:28]
-https://github.com/oliyh/superlifter
-* DONE Appeler l’agence Arbre
-SCHEDULED: <2023-07-28 Fri 10:30>
-:LOGBOOK:
-CLOCK: [2023-07-28 Fri 13:22]--[2023-07-28 Fri 13:28] => 0:06
-:END:
-[2023-07-27 Thu 20:42]
-* TODO Antitrust google WEI
-SCHEDULED: <2023-08-15 Tue 12:00>
-[2023-08-01 Tue 07:47]
-https://competition-policy.ec.europa.eu/antitrust/contact_en
-* TODO greuze mallet jean baptispte
-[2023-08-01 Tue 16:52]
-* TODO Stroboscopic Artefacts
-SCHEDULED: <2023-08-10 Thu 13:00>
-[2023-08-02 Wed 12:59]
-https://stroboscopicartefacts.com/
-* TODO Trouver un établissement – DAEU
-SCHEDULED: <2023-08-10 Thu 12:00>
-[2023-08-02 Wed 12:39]
-https://www.daeu.fr/sinscrire-au-daeu/trouver-un-etablissement/
-* TODO The Battleground
-SCHEDULED: <2023-08-09 Wed 13:00>
-[2023-08-02 Wed 12:06]
-https://thebattleground.eu/book/
-* TODO The half-life of code & the ship of Theseus · Erik Bernhardsson
-SCHEDULED: <2023-08-09 Wed 12:00>
-[2023-08-02 Wed 11:30]
-https://erikbern.com/2016/12/05/the-half-life-of-code.html
-* DONE The Lodge (film) - Wikipedia
-SCHEDULED: <2023-08-05 Sat 11:00>
-[2023-08-02 Wed 12:41]
-https://en.wikipedia.org/wiki/The_Lodge_(film)
-* TODO Olivier Rey (philosophe) — Wikipédia
-SCHEDULED: <2023-08-11 Fri 11:00>
-[2023-08-02 Wed 13:09]
-https://fr.wikipedia.org/wiki/Olivier_Rey_(philosophe)
-* TODO Writing a Lisp, Part 0: Fundamentals | Max Bernstein
-SCHEDULED: <2023-08-10 Thu 11:00>
-[2023-08-02 Wed 12:31]
-https://bernsteinbear.com/blog/lisp/00_fundamentals/
-* TODO DeVilDead : Critique du film GA, GA - CHWALA BOHATEROM (1985) et du DVD Zone 0
-SCHEDULED: <2023-08-09 Wed 13:00>
-[2023-08-02 Wed 12:23]
-https://www.devildead.com/review/1618/ga-ga-chwala-bohaterom
-* TODO https://www.goodreads.com/book/show/16032842-the-krone-experiment
-SCHEDULED: <2023-08-11 Fri 11:00>
-[2023-08-02 Wed 12:46]
-* TODO AI Endgame
-:LOGBOOK:
-- Note taken on [2023-08-02 Wed 13:56] \\
- Comment le jeu final de l'IA ne sera pas l'IA qui prendra le dessus de l'humanité. Mais qui rendra l'humanité moins nécessaire aux personnes de pouvoir qui se débarrasseront de nous comme les chevaux qui ont été remplacés par les voitures.
-
- Un fantasme du contrôle poussé jusqu'à son paroxysme.
-
- Mettre en relation l'automatisation de l'humain et son remplacement. Avec Amazon, mechanical turk.
-:END:
-[2023-08-02 Wed 13:46]
-* TODO Why Does My Forgejo Instance Have Thousands of Accounts?
-SCHEDULED: <2023-08-08 Tue 10:00>
-[2023-08-02 Wed 14:07]
-https://a.exozy.me/posts/forgejo-instance-thousands-accounts/
-* TODO Programming Language Ideas
-[2023-08-02 Wed 17:03]
-AST agnostics/copies by syntax
-
-explcit constraints. doc type system, tests
diff --git a/journal.org.gpg b/journal.org.gpg
new file mode 100644
index 00000000..f6a1be55
Binary files /dev/null and b/journal.org.gpg differ
diff --git a/logs.org b/logs.org
index 15fb237f..ae1b13fd 100644
Binary files a/logs.org and b/logs.org differ
diff --git a/notes.org.gpg b/notes.org.gpg
index 1dafe3db..aae0eee5 100644
Binary files a/notes.org.gpg and b/notes.org.gpg differ
diff --git a/notes/alternative_nets.org b/notes/alternative_nets.org
index 2dab7379..017527a3 100644
--- a/notes/alternative_nets.org
+++ b/notes/alternative_nets.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 463c0152-b16a-4cfb-8590-acc0bf71d0c8
:END:
-Alternative Nets
+#+Title: Alternative Nets
#+Author: Yann Esposito
#+Date: [2023-07-29]
- tags :: [[id:e7f8ce2b-3c40-4f5d-bed7-fe6b97e7a460][small-web]]
diff --git a/notes/chien_d_assistance.org b/notes/chien_d_assistance.org
index f65d477f..f1ea690e 100644
--- a/notes/chien_d_assistance.org
+++ b/notes/chien_d_assistance.org
@@ -1,4 +1,7 @@
:PROPERTIES:
+:ID: c26339f6-e0bc-40e3-8fe3-94e4b41b61b0
+:END:
+ PROPERTIES:
:ID: 2a3d68cc-4a14-442c-b7f9-c602a2cd25bf
:END:
#+title: chien d'assistance
diff --git a/notes/chien_espoir_handicap_ag.org b/notes/chien_espoir_handicap_ag.org
index 90bcbbf0..3602c578 100644
--- a/notes/chien_espoir_handicap_ag.org
+++ b/notes/chien_espoir_handicap_ag.org
@@ -5,10 +5,47 @@
#+Author: Yann Esposito
#+Date: [2023-06-13]
-- tags ::
+- tags :: [[id:c26339f6-e0bc-40e3-8fe3-94e4b41b61b0][chien d'assistance]]
- source ::
+* Contacts
+
+| Nom | email | telephone | addresse |
+|-----------------------------+---------------------------------+------------+--------------------------------------------|
+| Matthieu Delpeuch | chien.espoir.handicap@gmail.com | 0651597922 | Antibes |
+| Mélodie Durand | melody.durandbernard@gmail.com | 0664335877 | 138 impasse Camatte 06410 Biot |
+| Claire Mainguené Costa-Foru | claire.mainguene@wanadoo.fr | 0661092711 | 11 route du Mont Agel, 06320, La Turbie |
+| Lionel Rebière | lrebi@yahoo.com | 0686263291 | 13320, Bouc-bel-Air |
+| Joëlle Rebière | | 0637629720 | |
+| Krystelle Esposito | krystelle.esposito@gmail.com | 0662203951 | 12, allée du Fer à Cheval, 13500 Martigues |
+| Yann Esposito | yann@esposito.host | 0650845271 | 12, allée du Fer à Cheval, 13500 Martigues |
+
+
+| username | password |
+|-----------+----------|
+| matthieu | ginette |
+| melodie | flondine |
+| claire | lacie |
+| lionel | anleika |
+| joelle | anleika |
+| yann | annapo |
+| krystelle | annapo |
+
+#+begin_comment
+htpasswd -b -c htpasswd_chien.tmp.1 matthieu ginette
+htpasswd -b -c htpasswd_chien.tmp.2 melodie flondine
+htpasswd -b -c htpasswd_chien.tmp.3 claire lacie
+htpasswd -b -c htpasswd_chien.tmp.4 lionel anleika
+htpasswd -b -c htpasswd_chien.tmp.5 joelle anleika
+htpasswd -b -c htpasswd_chien.tmp.6 yann annapo
+htpasswd -b -c htpasswd_chien.tmp.7 krystelle annapo
+cat htpasswd_chien.tmp.* > htpasswd_chien
+rm
+#+end_comment
+
+
* [2023-06-13 Tue]
+
- Matt
- Melo
- Yann & Krystelle
@@ -41,3 +78,200 @@ Prévoir entretient avec Melo.
- dogue femelle
- femelle berger australien
- jeune croisé labrador
+
+* [2023-10-03 Tue]
+
+** Lettre Val
+
+** Nouveau Contrat
+
+- Une personne sans chien et qui l'adopte
+- Une personne avec un chien existant
+
+Ajouter des détails dans le contrat.
+Comment faire les changements d'ICADE via l'association ?
+
+Psychologue, elle est motivée pour faire passer les entretiens.
+
+Livret Captt.
+
+** Nouvelle personne dans l'asso
+
+Ancienne médecin. Peut-être remplacer Melo.
+
+* [2023-11-23 Thu]
+
+- Présentation Médecin
+- Présentation de tous
+
+** Resumé
+
+- Gamin & Victoria
+- Idée: Premier RDV avec Psychologue, Milena.
+
+** TODO Site mettre à jour
+
+Ajouter des binômes:
+
+- Rose
+- ????
+- Gamin en cours de formation
+
+- Changer les couleurs du logo et du site (bleu)
+
+** TODO Contrat
+
+ - Relire et check logo
+
+* [2024-01-12 Fri]
+** Personnes presentent:
+- Matthieu
+- Clara
+- Claire
+- Joëlle
+- Krystelle
+- Yann
+
+** Notes
+- Demande coordonnées pour ajout au tableau des membres du bureau
+- Gamin toujours en formation cette année
+
+- Mal passé avec le 2nd chien.
+ Le conjoint de cette personne a rebroussé chemin en disant que le chien
+ faisait des dégats. Non prêt à avoir un chiot non éduqué.
+ Elle est totalement dépendante, elle a décidé de ne pas garder ce chien (Zuko).
+ Essayer de le replacer sur une famille avec le reseau de Lionel, sur Nice.
+ Mais ça c'est aussi mal passé.
+ Le chien est à la SPA de nouveau.
+
+ *Conclusions*: faire un entretient avec bilan avant d'accepter un nouveau beneficiaire.
+ Avec une psychologue (Milena).
+ Demander à rencontrer l'entourage.
+
+ #+begin_quote
+ - @Claire questionner la motivation des gens.
+ - @Clara: Les parents étaient très confiants. Les parents n'ont pas réussi à réguler
+ le chien.
+ - @Matt il faut mettre en avant les problèmes liés aux chiens de refuges.
+ - @Matt: remarque on m'appelle pour réeduquer un chien de chez handichien.
+ Le chien ne détecte pas les crises.
+ - @Matt: Nouvelles demandes. Soit on refuse tout ce qui vient de trop loin
+ >40km d'Antibes. Soit on fait comme Lionel et on fait un réseau.
+ Tout est en stand-by, aucune claire et précise. Une connaissance de Victoria
+ habite à la montage, Husky et Malamute, voudrait utiliser un des Husky.
+ Demande de la Drôme. Je connais un éducateur un peu rustre mais qui pourrait
+ être intéressé.
+ Se lancer avec un réseau d'éducateur.
+ - @Krystelle: avons-nous les épaules?
+ - @Matt: on peut rester à petite échelle.
+ - @Claire: centre plus vers Mandelieu / Frejus. Peut-être peut-on élargir le périmètre.
+ - @Matt: demandes à l'autre bout de la France, difficile à gérer.
+ - @Claire: Toi et Clara êtes d'excellents éducateurs, c'est difficile à déléguer.
+ - @Clara: Même si les méthodes peuvent convenir, on a pas la main dessus.
+ C'est compliqué de travailler à distance.
+ - @Matt Yann on devrait ajouter sur le site qu'on ne travaille qu'avec des
+ gens sur le secteur ou prêts à se déplacer.
+ - @Matt: Education avec Anne se passe très bien.
+ - @Clara: on peut avoir une antenne où se trouve Anne
+ - @Matt: Céline est top autour d'Aix. Elle a fait 15 ans de chien guide et a
+ repris une association. Elle est très forte en apprentissage et chien
+ d'assistance.
+
+ - @Matt: Soit on fait un petit réseau de 3 ou 4 éducateurs.
+ Je délègue déjà.
+ - @Krystelle: partenariat avec Céline ?
+ - @Matt: Déjà fait en 2020 pour Prince.
+ Pour les demandes autour d'Aix-en-Provence.
+ Donc on pourrait avoir Anne région Parisienne.
+ - @Clara: pour la coordination ? Des points réguliers ?
+ - @Matt: Ca se passe sans trop d'effort. Par exemple avec Anne une relation de
+ confiance, de même pour Céline.
+ - @Joelle: Aujourd'hui c'est toi qui certifie tous les chiens et c'est ce
+ qu'il faudrait garder.
+ - @Matt: Oui. Peut-être un contrat ?
+ - @Krystelle: Il faut prendre le temps d'écrire.
+ - @Matt: Je n'ai pas envie de pénaliser l'association sous prétexte que je
+ n'ai pas beaucoup de temps à accorder à ça.
+ Céline serait très motivé, Anne est débordée mais on peut lui en demander.
+ Clara au plus elle en fait au mieux c'est.
+ Ce me permet de ne pas refuser sans me charger.
+ - @Matt: Sur Paris, voir combien de suivi annuel par éducateur.
+ - @Krystelle: Au contrat, que faut-il y mettre.
+ - @Matt: Demander à Lionel un contrat pour les éducateurs.
+ - @Clara: J'ai déjà mon propre contrat.
+ - @Krystelle: Ce serait bien qu'on prenne ce contrat comme exemple.
+ - @Matt: éducateur sur la Drome. Il faut que je lui demande.
+ - @Krystelle: comment ça se passe pour accepter un nouveau bénéficiaire.
+ - @Matt: demander au bénéficiaire de venir nous rencontrer pour faire
+ l'évaluation et le bilan.
+ Une fois validé l'éducateur local prendra la main.
+ - @Yann: voir le lieu de vie.
+ - @Matt: demander à l'éducateur de s'occuper du premier RDV.
+ - @Krystelle: demander le bilan psy puis domicile.
+ - @Claire: inverser, d'abord domicile puis local.
+ - @Yann: difficulté pour certaines personne de venir à Antibes.
+ - @Clara: essayer la gestion au domicile avec la psy en visio si possible
+ pour avoir une idée globale de plusieurs professionnels.
+ - @Matt: Exemple de demande qui me donne envie de répondre favorablement.
+ Une asperger de 22 ans, demande par handichien
+ sans réponse.
+ Elle a toujours eu des thérapie avec des animaux, école d'éleveur, elle ne
+ peut pas travailler.
+ Elle vie sur le terrain de ses parent de 2500m2.
+ En terme de besoins: présence, accompagnement, pressoterapie, guidage,
+ comportement dangereux.
+ Exactement ce que faisaient Pô et Leika.
+ - @Clara: quel secteur ?
+ - @Matt: Dans la Drôme, voir si Laurent serait intéressé.
+ - @Krystelle: on m'a contacté pour avoir un chien.
+ Une maman de 3 enfants qui a une petite fille autiste de 7 ans sourde muette.
+ La maman est seule, ça me parait difficile.
+ - @Clara: sourde muette rend la communication difficile
+ - @Matt: dire aux gens on part sur un chien d'eveil, pas forcément de
+ certification, pas d'assistance.
+ Comme Hope.
+ Maintenant que j'ai vécu un échec avec Zuko, ça m'a fait prendre conscience
+ qu'il ne faut pas prendre trop de risques.
+ On a perdu du temps et de l'argent.
+ Le chien a fait SPA, 2 familles, retour SPA.
+ Je préfère bien sélectionner et assurer.
+ Au final, la SPA a accepté tout de suite de pouvoir ramener le chien en cas
+ de problème. Donc la SPA est un très bon partenaire.
+ - @Krystelle: La maman de Gaïa a envoyé un message pour faire un don à l'association.
+ Soient ils passent par helloasso, soit via le RIB de l'association.
+ - @Matt: le virement c'est le mieux.
+ - @Claire: Quel est le budget annuel des dons?
+ - @Matt: Sur helloasso. Virement mensuel de 15€.
+ - @Clara: Si on parle d'augmenter le nombre de beneficiaires. Peut-être
+ chercher des entreprises pour du partenariat. Monter un dossier.
+ - @Matt: Melodie c'était occupé de tout ça, elle l'a fait pour une autre
+ association et pour nous avec. C'est vraiment elle qui s'occupe de ces
+ dossiers et subventions.
+ - @Clara: il nous faut une base pour aller démarcher.
+ - @Matt: Une assocation d'infirmières nous a donné 2400€.
+ On a actuellement >4000€ sur le compte.
+ Par educateur, 1500€ ou 2000€ l'année.
+ - @Matt: Hormis helloasso, est-il possible de faire un don en direct ?
+ - @Yann: oui c'est possible. Avec un formulaire.
+ - @Claire: facile de faire un don via virement.
+ - @Matt: changer la couleur en bleu.
+ Ajouter le logo sur le site.
+ Mettre le logo avec un lien vers un don.
+ Les nouvelles cartes.
+ Mettre le texte dans le logo.
+ #+end_quote
+
+** TODO Taches
+- Matt:
+ - Envoyer la trame de la nouvelle carte
+- Clara:
+ - envoyer le contrat à yann@esposito.host
+- Claire:
+ - Trouver la date pour le prochain RDV
+- Krystelle:
+ - Envoyer la nouvelle carte pour tous les bénéficiaires.
+ - Relancer Matthieu pour inviter Milena
+- Yann
+ - Changer les couleurs du site web.
+ - Ajouter le périmetre d'accueil sur le site web.
+ - Ajouter un lien pour faire un don.
diff --git a/notes/cisco_custom_roles.html b/notes/cisco_custom_roles.html
new file mode 100644
index 00000000..bc26adb2
--- /dev/null
+++ b/notes/cisco_custom_roles.html
@@ -0,0 +1,437 @@
+
+
+
+
+
+
+
+ Custom Roles
+
+
+
+
+
+
+
Custom Roles
+
XDR IROH
+
Yann Esposito
+
[2023-10-03 Tue 15:30]
+
+
Current state
+
Listing Roles (already by
+org)
+
GET /iroh/profile/roles
+
Provide a data structure with describing all roles for an Org:
+
+
3 roles for XDR (admin, user, sat)
+
2 roles for SX (admin, user)
+
+
⚠ Role ≠ Permissions
+
The role associated to a user do not necessarily matches the user
+permission.
+
The role is only one of the component to use to determine a token or
+even a user permissions. The permissions are represented by
+scopes which are computed using:
+
+
the user role
+
the org properties (activated or not, XDR or not etc…)
+
entitlements (not in use but will probably be the case in the
+future)
+
+
⚠ Role ≠ Permissions (Tokens)
+
+
the user scopes
+
as well as the client scopes
+
as well as the scopes requested during the OAuth2 authorization
+flow
+
+
Current response for an
+XDR-enabled org
+
GET /iroh/profile/roles
+{:admin {:english {:only-role-name"administrator",
+:adjective"an",
+:only-role-name-capitalized"Administrator",
+:english-role-name"an administrator"},
+:role-name"Administrator",
+:role-id"admin",
+:role-description"An admin of users.",
+:visibility"public"},
+:sat {:english {:only-role-name"security analyst",
+:adjective"a",
+:only-role-name-capitalized"Security Analyst",
+:english-role-name"a security analyst"},
+:role-name"Security Analyst",
+:role-id"sat",
+:role-description
+"No account admin. SXO read only + run existing workflows.",
+:visibility"public"},
+:user {:english {:only-role-name"incident responder",
+:adjective"an",
+:only-role-name-capitalized"Incident Responder",
+:english-role-name"an incident responder"},
+:role-name"Incident Responder",
+:role-id"user",
+:role-description
+"This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows",
+:visibility"public"}}
+
Current response for an
+SX-only org
+
GET /iroh/profile/roles
+{:admin {:english {:only-role-name"admin",
+:adjective"an",
+:only-role-name-capitalized"Admin",
+:english-role-name"an admin"},
+:role-name"Admin",
+:role-id"admin",
+:role-description"An admin of users.",
+:visibility"public"},
+:user {:english {:only-role-name"user",
+:adjective"a",
+:only-role-name-capitalized"User",
+:english-role-name"a user"},
+:role-name"User",
+:role-id"user",
+:role-description"A standard user.",
+:visibility"public"}}
+
What the API already support
+
+
list all roles for every Org
+
change the role of a user
+
support roles during invitation and Org access request
+
expose a permissions endpoint to check permission access
+independently of the role
+
read/write access restriction
+
fine grained resource target in the scopes
+enrich → enrich/observables/observe:write
The GET /iroh/profile/roles will look
+like today + added the new custom roles that will look like:
+
{:admin ...
+:sat ...
+:user ...
+:role-d394db9e-613f-11ee-aff9-325096b39f47
+ {:role-name"My Company Custom Role"
+:role-description"This is a role that is read only except for workflows"
+:role-id:role-d394db9e-613f-11ee-aff9-325096b39f47
+:visibility"org"
+:associated-scopes #{"inspect:read""ao""insights:read""profile:read"}}
+
+:role-8891b9f4-6140-11ee-8e1a-325096b39f47
+ {:role-name"Manager"
+:role-description"Only for Sam who manage this team but should not directly act"
+:role-id:role-8891b9f4-6140-11ee-8e1a-325096b39f47
+:visibility"org"
+:associated-scopes #{"inspect:read""ao:read""insights:read""profile:read""users""profile"}}}
rw = read + write
+
+read = read:get # GET by id
++ read:search # GET/POST search entities
+write = write:create # POST create new entity
++ write:update # PUT/PATCH
++ write:delete # DELETE
++ write:execute # POST to trigger action
+
Most important points
+
+
Dynamic role ids. Must use the API
+
+
when you call /iroh/profile/whoami
+
when you look into the JWT
+
note: potentially a list of roles!
+
+
associated-scopes field only useful for the Role
+Management UI.
+
Use /iroh/profile/permissions
+
can also use scopes claim if present
+
+
Multiple Roles
+
Expect the role to be a sorted comma separated role ids like;
+admin,role-344,sat,user (which would be equivalent to
+admin here) in the tokens and not a list to prevent
+breaking changes. But it will probably be a list in the
+/whoami response.
+
+
diff --git a/notes/cisco_custom_roles.org b/notes/cisco_custom_roles.org
new file mode 100644
index 00000000..cc350fc0
--- /dev/null
+++ b/notes/cisco_custom_roles.org
@@ -0,0 +1,233 @@
+:PROPERTIES:
+:ID: 13070c29-3c00-43f2-a73d-dedc056fb503
+:END:
+#+title: Custom Roles
+#+subtitle: XDR IROH
+#+Author: Yann Esposito
+#+Date: [2023-10-03 Tue 15:30]
+#+Options: toc:nil tags:t
+#+tags: :cisco:xdr:
+#+HTML_HEAD:
+
+* Current state
+** Listing Roles (already by org)
+
+=GET /iroh/profile/roles=
+
+Provide a data structure with describing all roles for an Org:
+
+- 3 roles for XDR (admin, user, sat)
+- 2 roles for SX (admin, user)
+
+** ⚠ Role ≠ Permissions
+
+The role associated to a user do not necessarily matches the user permission.
+
+The role is only one of the component to use to determine a token or even a user permissions.
+The permissions are represented by /scopes/ which are computed using:
+
+- the user role
+- the org properties (activated or not, XDR or not etc…)
+- entitlements (not in use but will probably be the case in the future)
+
+** ⚠ Role ≠ Permissions (Tokens)
+
+- the user scopes
+- as well as the client scopes
+- as well as the scopes requested during the OAuth2 authorization flow
+
+** Current response for an XDR-enabled org
+
+#+REVEAL_HTML:
+#+BEGIN_SRC clojure
+GET /iroh/profile/roles
+{:admin {:english {:only-role-name "administrator",
+ :adjective "an",
+ :only-role-name-capitalized "Administrator",
+ :english-role-name "an administrator"},
+ :role-name "Administrator",
+ :role-id "admin",
+ :role-description "An admin of users.",
+ :visibility "public"},
+ :sat {:english {:only-role-name "security analyst",
+ :adjective "a",
+ :only-role-name-capitalized "Security Analyst",
+ :english-role-name "a security analyst"},
+ :role-name "Security Analyst",
+ :role-id "sat",
+ :role-description
+ "No account admin. SXO read only + run existing workflows.",
+ :visibility "public"},
+ :user {:english {:only-role-name "incident responder",
+ :adjective "an",
+ :only-role-name-capitalized "Incident Responder",
+ :english-role-name "an incident responder"},
+ :role-name "Incident Responder",
+ :role-id "user",
+ :role-description
+ "This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows",
+ :visibility "public"}}
+#+END_SRC
+#+REVEAL_HTML:
+
+** Current response for an SX-only org
+
+#+REVEAL_HTML:
+** What the API already support
+
+
+- list all roles for every Org
+- change the role of a user
+- support roles during invitation and Org access request
+- expose a permissions endpoint to check permission access independently of the role
+- read/write access restriction
+- fine grained /resource/ target in the scopes ~enrich~ → ~enrich/observables/observe:write~
+
+** What the API does not support
+
+- No support for create+update but not delete.
+- No support for multiple roles
+- No support for custom role creation (obviously)
+ - No scopes API for roles
+
+* Expected Changes
+** New API: (exhaustive scopes list)
+
+Exhaustive list of scopes as a forest structure
+
+#+begin_src clojure
+[{:scope "global-intel"
+ (optional :description) ,,,
+ :accessors ["read"]
+ :sub-scopes [{:scope "global-intel/incident"
+ :accessors ["read"]}
+ {:scope "global-intel/sighting"
+ :accessors ["read"]}
+ ,,,]}
+ {:scope "private-intel"
+ (optional :description) ,,,
+ :accessors ["rw","read","write"]
+ :sub-scopes [{,,,}]}]
+#+end_src
+
+** New API (maybe?)
+
+Expose only a subset of scopes aliases pre-negociated with UX/UI/Doc team:
+
+#+begin_src clojure
+[{:scope-alias "threat-hunt"
+ :scopes ["enrich/observables/observe:read","inspect","investigation"]
+ :description ,,,,}
+ {:scope-alias "incidents"
+ :scopes ["private-intel","global-intel:read"]
+ :description ,,,}
+ ,,, ]
+#+end_src
+
+** New API: CRUD+Search
+
+API to manage new custom roles
+
+#+begin_src clojure
+(s/defschema NewRole
+ {:role-name s/Str
+ :role-description s/Str
+ :provided-scopes Scopes})
+
+(s/defschema Role
+ (st/merge NewRole
+ {:id s/Str
+ :created-at Date
+ :updated-at Date}))
+#+end_src
+
+** Existing APIs
+
+The =GET /iroh/profile/roles= will look like today + added the new custom roles
+that will look like:
+
+#+REVEAL_HTML:
+#+BEGIN_SRC clojure
+{:admin ...
+ :sat ...
+ :user ...
+ :role-d394db9e-613f-11ee-aff9-325096b39f47
+ {:role-name "My Company Custom Role"
+ :role-description "This is a role that is read only except for workflows"
+ :role-id :role-d394db9e-613f-11ee-aff9-325096b39f47
+ :visibility "org"
+ :associated-scopes #{"inspect:read" "ao" "insights:read" "profile:read"}}
+
+ :role-8891b9f4-6140-11ee-8e1a-325096b39f47
+ {:role-name "Manager"
+ :role-description "Only for Sam who manage this team but should not directly act"
+ :role-id :role-8891b9f4-6140-11ee-8e1a-325096b39f47
+ :visibility "org"
+ :associated-scopes #{"inspect:read" "ao:read" "insights:read" "profile:read" "users" "profile"}}}
+#+END_SRC
+#+REVEAL_HTML:
+
+- ~visibility~; ~org~ for custom, ~public~ for global.
+- ~associated-scopes~; only for role management UI
+
+** Introduce sub-accessors (maybe?)
+
+Today: ~read~, ~write~
+
+#+begin_src
+inspect = inspect:rw
+ = inspect:read + inspect:write.
+#+end_src
+
+Tomorrow: introduce ~read:get~, ~read:search~, ~write:create~, ~write:update~,
+~write:delete~, ~write:execute~.
+
+*** Equivalence of new accessors
+
+#+begin_src python
+rw = read + write
+
+read = read:get # GET by id
+ + read:search # GET/POST search entities
+write = write:create # POST create new entity
+ + write:update # PUT/PATCH
+ + write:delete # DELETE
+ + write:execute # POST to trigger action
+#+end_src
+
+* Most important points
+
+- Dynamic role ~ids~. *Must use the API*
+ - when you call =/iroh/profile/whoami=
+ - when you look into the JWT
+ - *note*: potentially a list of roles!
+- ~associated-scopes~ field only useful for the Role Management UI.
+- Use =/iroh/profile/permissions=
+- can also use ~scopes~ claim if present
+
+** Multiple Roles
+
+Expect the role to be a sorted comma separated role ids like;
+~admin,role-344,sat,user~ (which would be equivalent to ~admin~ here) in the tokens
+and not a list to prevent breaking changes.
+But it will probably be a list in the ~/whoami~ response.
diff --git a/notes/cisco_custom_roles.pdf b/notes/cisco_custom_roles.pdf
new file mode 100644
index 00000000..ef7897bb
Binary files /dev/null and b/notes/cisco_custom_roles.pdf differ
diff --git a/notes/cisco_custom_roles.pptx b/notes/cisco_custom_roles.pptx
new file mode 100644
index 00000000..c30a7d04
Binary files /dev/null and b/notes/cisco_custom_roles.pptx differ
diff --git a/notes/cisco_custom_roles.tex b/notes/cisco_custom_roles.tex
new file mode 100644
index 00000000..5e183569
--- /dev/null
+++ b/notes/cisco_custom_roles.tex
@@ -0,0 +1,269 @@
+% Created 2023-10-04 Wed 14:01
+% Intended LaTeX compiler: pdflatex
+\documentclass[11pt]{article}
+\usepackage[utf8]{inputenc}
+\usepackage[T1]{fontenc}
+\usepackage{graphicx}
+\usepackage{longtable}
+\usepackage{wrapfig}
+\usepackage{rotating}
+\usepackage[normalem]{ulem}
+\usepackage{amsmath}
+\usepackage{amssymb}
+\usepackage{capt-of}
+\usepackage{hyperref}
+\author{Yann Esposito}
+\date{\textit{[2023-10-03 Tue 15:30]}}
+\title{Custom Roles\\\medskip
+\large XDR IROH}
+\hypersetup{
+ pdfauthor={Yann Esposito},
+ pdftitle={Custom Roles},
+ pdfkeywords={},
+ pdfsubject={},
+ pdfcreator={Emacs 29.1 (Org mode 9.7)},
+ pdflang={English}}
+\begin{document}
+
+\maketitle
+\section{Current state}
+\label{sec:org5577c77}
+\subsection{Listing Roles (already by org)}
+\label{sec:org3475552}
+
+\texttt{GET /iroh/profile/roles}
+
+Provide a data structure with describing all roles for an Org:
+
+\begin{itemize}
+\item 3 roles for XDR (admin, user, sat)
+\item 2 roles for SX (admin, user)
+\end{itemize}
+\subsection{⚠ Role ≠ Permissions}
+\label{sec:org45793d5}
+
+The role associated to a user do not necessarily matches the user permission.
+
+The role is only one of the component to use to determine a token or even a user permissions.
+The permissions are represented by \emph{scopes} which are computed using:
+
+\begin{itemize}
+\item the user role
+\item the org properties (activated or not, XDR or not etc…)
+\item entitlements (not in use but will probably be the case in the future)
+\end{itemize}
+\subsection{⚠ Role ≠ Permissions (Tokens)}
+\label{sec:org0374daf}
+
+\begin{itemize}
+\item the user scopes
+\item as well as the client scopes
+\item as well as the scopes requested during the OAuth2 authorization flow
+\end{itemize}
+\subsection{Current response for an XDR-enabled org}
+\label{sec:orga98ced4}
+
+\begin{verbatim}
+GET /iroh/profile/roles
+{:admin {:english {:only-role-name "administrator",
+ :adjective "an",
+ :only-role-name-capitalized "Administrator",
+ :english-role-name "an administrator"},
+ :role-name "Administrator",
+ :role-id "admin",
+ :role-description "An admin of users.",
+ :visibility "public"},
+ :sat {:english {:only-role-name "security analyst",
+ :adjective "a",
+ :only-role-name-capitalized "Security Analyst",
+ :english-role-name "a security analyst"},
+ :role-name "Security Analyst",
+ :role-id "sat",
+ :role-description
+ "No account admin. SXO read only + run existing workflows.",
+ :visibility "public"},
+ :user {:english {:only-role-name "incident responder",
+ :adjective "an",
+ :only-role-name-capitalized "Incident Responder",
+ :english-role-name "an incident responder"},
+ :role-name "Incident Responder",
+ :role-id "user",
+ :role-description
+ "This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows",
+ :visibility "public"}}
+\end{verbatim}
+\subsection{Current response for an SX-only org}
+\label{sec:org8122353}
+
+\begin{verbatim}
+GET /iroh/profile/roles
+{:admin {:english {:only-role-name "admin",
+ :adjective "an",
+ :only-role-name-capitalized "Admin",
+ :english-role-name "an admin"},
+ :role-name "Admin",
+ :role-id "admin",
+ :role-description "An admin of users.",
+ :visibility "public"},
+ :user {:english {:only-role-name "user",
+ :adjective "a",
+ :only-role-name-capitalized "User",
+ :english-role-name "a user"},
+ :role-name "User",
+ :role-id "user",
+ :role-description "A standard user.",
+ :visibility "public"}}
+\end{verbatim}
+\subsection{What the API already support}
+\label{sec:orgc601aac}
+
+
+\begin{itemize}
+\item list all roles for every Org
+\item change the role of a user
+\item support roles during invitation and Org access request
+\item expose a permissions endpoint to check permission access independently of the role
+\item read/write access restriction
+\item fine grained \emph{resource} target in the scopes \texttt{enrich} → \texttt{enrich/observables/observe:write}
+\end{itemize}
+\subsection{What the API does not support}
+\label{sec:orga19776c}
+
+\begin{itemize}
+\item No support for create+update but not delete.
+\item No support for multiple roles (not sure what it means yet)
+\item No support for custom role creation (obviously)
+\begin{itemize}
+\item No scopes API for roles
+\end{itemize}
+\end{itemize}
+\section{Expected Changes}
+\label{sec:org591e358}
+\subsection{New API: (exhaustive scopes list)}
+\label{sec:orgad4cfdd}
+
+Exhaustive list of scopes as a forest structure
+
+\begin{verbatim}
+[{:scope "global-intel"
+ (optional :description) ,,,
+ :accessors ["read"]
+ :sub-scopes [{:scope "global-intel/incident"
+ :accessors ["read"]}
+ {:scope "global-intel/sighting"
+ :accessors ["read"]}
+ ,,,]}
+ {:scope "private-intel"
+ (optional :description) ,,,
+ :accessors ["rw","read","write"]
+ :sub-scopes [{,,,}]}]
+\end{verbatim}
+\subsection{New API (maybe?)}
+\label{sec:org7dbeae2}
+
+Expose only a subset of scopes aliases pre-negociated with UX/UI/Doc team:
+
+\begin{verbatim}
+[{:scope-alias "threat-hunt"
+ :scopes ["enrich/observables/observe:read","inspect","investigation"]
+ :description ,,,,}
+ {:scope-alias "incidents"
+ :scopes ["private-intel","global-intel:read"]
+ :description ,,,}
+ ,,, ]
+\end{verbatim}
+\subsection{New API: CRUD+Search}
+\label{sec:orgc22dbdb}
+
+API to manage new custom roles
+
+\begin{verbatim}
+(s/defschema NewRole
+ {:role-name s/Str
+ :role-description s/Str
+ :provided-scopes Scopes})
+
+(s/defschema Role
+ (st/merge NewRole
+ {:id s/Str
+ :created-at Date
+ :updated-at Date}))
+\end{verbatim}
+\subsection{Existing APIs}
+\label{sec:org8b0636c}
+
+The \texttt{GET /iroh/profile/roles} will look like today + added the new custom roles
+that will look like:
+
+\begin{verbatim}
+{:admin ...
+ :sat ...
+ :user ...
+ :role-d394db9e-613f-11ee-aff9-325096b39f47
+ {:role-name "My Company Custom Role"
+ :role-description "This is a role that is read only except for workflows"
+ :role-id :role-d394db9e-613f-11ee-aff9-325096b39f47
+ :visibility "org"
+ :associated-scopes #{"inspect:read" "ao" "insights:read" "profile:read"}}
+
+ :role-8891b9f4-6140-11ee-8e1a-325096b39f47
+ {:role-name "Manager"
+ :role-description "Only for Sam who manage this team but should not directly act"
+ :role-id :role-8891b9f4-6140-11ee-8e1a-325096b39f47
+ :visibility "org"
+ :associated-scopes #{"inspect:read" "ao:read" "insights:read" "profile:read" "users" "profile"}}}
+\end{verbatim}
+\begin{itemize}
+\item \texttt{visibility}; \texttt{org} for custom, \texttt{public} for global.
+\item \texttt{associated-scopes}; only for role management UI
+\end{itemize}
+\subsection{Introduce sub-accessors (maybe?)}
+\label{sec:org6e45fe3}
+
+Today: \texttt{read}, \texttt{write}
+
+\begin{verbatim}
+inspect = inspect:rw
+ = inspect:read + inspect:write.
+\end{verbatim}
+
+Tomorrow: introduce \texttt{read:get}, \texttt{read:search}, \texttt{write:create}, \texttt{write:update},
+\texttt{write:delete}, \texttt{write:execute}.
+\subsubsection{Equivalence of new accessors}
+\label{sec:org312e35c}
+
+\begin{verbatim}
+rw = read + write
+
+read = read:get # GET by id
+ + read:search # GET/POST search entities
+write = write:create # POST create new entity
+ + write:update # PUT/PATCH
+ + write:delete # DELETE
+ + write:execute # POST to trigger action
+\end{verbatim}
+\section{Most important points}
+\label{sec:org072056b}
+
+\begin{itemize}
+\item Dynamic role \texttt{ids}. \textbf{Must use the API}
+\begin{itemize}
+\item when you call \texttt{/iroh/profile/whoami}
+\item when you look into the JWT
+\item \textbf{note}: potentially a list of roles!
+\end{itemize}
+\item \texttt{associated-scopes} field only useful for the Role Management UI.
+\item Use \texttt{/iroh/profile/permissions}
+\item can also use \texttt{scopes} claim if present
+\end{itemize}
+\subsection{Multiple Roles}
+\label{sec:org27898f0}
+
+\begin{itemize}
+\item if union of roles for the same user:
+Expect the role to be a sorted comma separated role ids like;
+\texttt{admin,role-344,sat,user} (which would be equivalent to \texttt{admin} here)
+\item if one role per session, then we will use different \texttt{user-id} and thus the role
+must appear in the UIs (Registration UI, Org switching, etc…)
+\end{itemize}
+\end{document}
\ No newline at end of file
diff --git a/notes/cisco_staging_environment_doc.org b/notes/cisco_staging_environment_doc.org
new file mode 100644
index 00000000..ca20b1c1
--- /dev/null
+++ b/notes/cisco_staging_environment_doc.org
@@ -0,0 +1,443 @@
+:PROPERTIES:
+:ID: c33df84f-9b64-47a8-b716-fcadc0ec4f8c
+:END:
+#+Title: Cisco Staging Environment Doc
+#+Author: Yann Esposito
+#+Date: [2023-10-17]
+
+- tags ::
+- source ::
+
+* Node static configuration (config.edn)
+** Static/Dynamic cyclic dependency
+
+Some static configuration need to be generated after some dynamic configuration
+has been made.
+Typically you should first create many modules via the API and only then
+retrieve the generated module-ids to be used in the configuration.
+
+** IROH Auth Configuration
+*** Example in PROD NAM
+
+#+begin_src clojure
+:iroh-auth
+{:activation-url
+ "https://visibility.amp.cisco.com/account-activation",
+ :allowed-login-origins
+ #{"http://dev.9dcdd4915aad0ae7d12b8618:1957"
+ "http://dev.9dcdd4915aad0ae7d12b8618:1958"
+ "http://dev.9dcdd4915aad0ae7d12b8618:3000"
+ "http://dev.9dcdd4915aad0ae7d12b8618:3001"
+ "http://dev.9dcdd4915aad0ae7d12b8618:3002"
+ "http://dev.9dcdd4915aad0ae7d12b8618:3003"
+ "http://dev.9dcdd4915aad0ae7d12b8618:3004"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4000"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4001"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4002"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4003"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4004"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4005"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4006"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4008"
+ "http://dev.9dcdd4915aad0ae7d12b8618:4010"
+ "https://consumer.orbital.amp.cisco.com"
+ "https://dev.9dcdd4915aad0ae7d12b8618:1957"
+ "https://dev.9dcdd4915aad0ae7d12b8618:1958"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4000"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4001"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4002"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4003"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4004"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4005"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4006"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4008"
+ "https://dev.9dcdd4915aad0ae7d12b8618:4010"
+ "https://iroh-adm.ap-northeast-1.prod.iroh.site"
+ "https://iroh-adm.eu-west-1.prod.iroh.site"
+ "https://iroh-adm.int.iroh.site"
+ "https://iroh-adm.test.iroh.site"
+ "https://iroh-adm.us-east-1.prod.iroh.site"
+ "https://orbital.amp.cisco.com"
+ "https://registration.us.security.cisco.com"
+ "https://securex-ui-dashboard.us.security.cisco.com"
+ "https://securex.us.security.cisco.com"
+ "https://tactical-portal.us.security.cisco.com"
+ "https://threatresponse.security.cisco.com"
+ "https://threatresponse.us.security.cisco.com"
+ "https://visibility.amp.cisco.com"
+ "https://xdr.us.security.cisco.com"},
+ :cache-store-ids
+ {:codes "auth-codes",
+ :requests "auth-requests",
+ :responses "auth-responses"},
+ :idps
+ {"idb-amp"
+ {:allow-all-role-to-login false,
+ :auth-kind :oidc,
+ :authorize-uri
+ "https://csaidb.us.security.cisco.com/oauth2/default/v1/authorize",
+ :client-id "0oapp4bnkk3coKe3T696",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/idb-amp/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :correlation-table
+ {:is-admin? [:amp_user_admin],
+ :org-id [:business_guid],
+ :org-name [:organization_name],
+ :sub [:user_id],
+ :user-email [:email],
+ :user-name [:name]},
+ :grant-type :code,
+ :id "idb-amp",
+ :idp-account-url "https://castle.amp.cisco.com/my/account",
+ :idp-logout-url "https://auth.amp.cisco.com/auth/session/logout",
+ :legacy true,
+ :msg "For existing Threat Response & AMP users.",
+ :name "Cisco Security Account",
+ :position 1,
+ :safe-for-emails-verification true,
+ :scim-id :nam,
+ :scopes ["profile" "email" "iroh_auth"],
+ :token-uri
+ "https://csaidb.us.security.cisco.com/oauth2/default/v1/token"},
+ "idb-tg"
+ {:admin-roles #{"admin" "org-admin"},
+ :allow-all-role-to-login true,
+ :auth-kind :oidc,
+ :authorize-uri "https://panacea.threatgrid.com/oauth2/authorize",
+ :client-id "9e1e759e-8d17-496e-8ae6-bc70b03fc023",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/idb-tg/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :correlation-table
+ {:org-id [:threatgrid :organization_id],
+ :org-name [:threatgrid :organization_name],
+ :role [:threatgrid :role],
+ :user-name [:threatgrid :name]},
+ :grant-type :code,
+ :id "idb-tg",
+ :idp-logout-url "https://panacea.threatgrid.com/logout",
+ :legacy true,
+ :msg "For Secure Malware Analytics users.",
+ :name "Cisco Secure Malware Analytics",
+ :org-namespace "threatgrid",
+ :position 2,
+ :scopes ["threatgrid:profile" "email"],
+ :token-uri "https://panacea.threatgrid.com/api/v3/oauth/token"},
+ "sxso"
+ {:allow-all-role-to-login true,
+ :auth-kind :oidc,
+ :authorize-uri
+ "https://sign-on.security.cisco.com/oauth2/default/v1/authorize",
+ :client-id "0oa4dovqtv0MMc797357",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/sxso/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :grant-type :code,
+ :id "sxso",
+ :idp-account-url "https://me.security.cisco.com",
+ :idp-logout-url "https://sign-on.security.cisco.com/login/signout",
+ :manage-orgs false,
+ :msg "For new and existing SecureX users.",
+ :name "Security Cloud Sign On",
+ :position 0,
+ :safe-for-emails-verification true,
+ :scopes ["profile" "email" "iroh_auth"],
+ :token-uri
+ "https://sign-on.security.cisco.com/oauth2/default/v1/token"},
+ "threatgrid"
+ {:allow-all-role-to-login true,
+ :auth-kind :oidc,
+ :authorize-uri "https://panacea.threatgrid.com/oauth2/authorize",
+ :client-id "4fe0068b-eb2a-4918-871f-dd9c9592990e",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/threatgrid/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :correlation-table {:org-id [:tg_org]},
+ :grant-type :code,
+ :hidden true,
+ :id "threatgrid",
+ :name "Secure Malware Analytics",
+ :org-namespace "threatgrid",
+ :token-uri "https://panacea.threatgrid.com/api/v3/oauth/token"}},
+ :invite
+ {:first-url-sx "https://securex.us.security.cisco.com",
+ :first-url-xdr "https://xdr.us.security.cisco.com",
+ :help-url
+ "https://www.cisco.com/c/en/us/td/docs/security/secure-sign-on/sso-quick-start-guide.html",
+ :idp-id "sxso",
+ :invite-lifetime-in-days 7,
+ :mail-source "no-reply@security.cisco.com",
+ :store-id "invites"},
+ :login-filters-store-id "auth-login-filters",
+ :login-uri-prefix
+ "https://visibility.amp.cisco.com/iroh/iroh-auth/login",
+ :org-access-request-confirmation-url
+ "https://registration.us.security.cisco.com/org-access-request-status.html",
+ :provisioning
+ {:onboardings
+ {:csc {:http {:url "https://admin.prod.nam.csc.cisco.com/onboard"}},
+ :di
+ {:http {:url "https://insights-api.us.security.cisco.com/api"}},
+ :sca
+ {:http
+ {:url
+ "https://tr-relay-production.obsrvbl.obsrvbl.com/onboard"}}}},
+ :redirect-uri
+ "https://visibility.amp.cisco.com/iroh/iroh-auth/login",
+ :registration-url
+ "https://registration.us.security.cisco.com/auth-ui.html",
+ :signup-url-sx
+ "https://sign-on.security.cisco.com/home/bookmark/0oa4erf174FSrO1jd357/2557",
+ :signup-url-xdr
+ "https://sign-on.security.cisco.com/home/bookmark/0oasvqwo7jgaATJcM357/2557",
+ :spa-orgs
+ {:matching-admins-limit 1000, :pagination-admins-limit 1000},
+ :url "https://visibility.amp.cisco.com"}
+#+end_src
+
+*** IdPs (Identity Providers)
+
+From far away
+
+#+begin_src clojure
+{,,,
+ :iroh-auth ;; IROH-Auth is a bundle of big services (not http services)
+ {,,,
+ :idps
+ {"idb-amp" ,,,
+ "idb-tg" ,,,
+ "sxso" ,,,
+ ;; never really knew why but threatgrid IdP is mandatory
+ ;; if you remove it, something breaks, but I never knew exactly what
+ ;; nor why
+ "threatgrid" {,,, :hidden true ,,,}}
+ ,,,}
+ ,,,}
+#+end_src
+
+Here is the current PROD NAM config for IdPs:
+
+#+begin_src clojure
+{,,,
+ :idps
+ {"idb-amp"
+ {:allow-all-role-to-login false,
+ :auth-kind :oidc,
+ :authorize-uri
+ "https://csaidb.us.security.cisco.com/oauth2/default/v1/authorize",
+ :client-id "0oapp4bnkk3coKe3T696",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/idb-amp/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :correlation-table
+ {:is-admin? [:amp_user_admin],
+ :org-id [:business_guid],
+ :org-name [:organization_name],
+ :sub [:user_id],
+ :user-email [:email],
+ :user-name [:name]},
+ :grant-type :code,
+ :id "idb-amp",
+ :idp-account-url "https://castle.amp.cisco.com/my/account",
+ :idp-logout-url "https://auth.amp.cisco.com/auth/session/logout",
+ :legacy true,
+ :msg "For existing Threat Response & AMP users.",
+ :name "Cisco Security Account",
+ :position 1,
+ :safe-for-emails-verification true,
+ :scim-id :nam,
+ :scopes ["profile" "email" "iroh_auth"],
+ :token-uri
+ "https://csaidb.us.security.cisco.com/oauth2/default/v1/token"},
+ "idb-tg"
+ {:admin-roles #{"admin" "org-admin"},
+ :allow-all-role-to-login true,
+ :auth-kind :oidc,
+ :authorize-uri "https://panacea.threatgrid.com/oauth2/authorize",
+ :client-id "9e1e759e-8d17-496e-8ae6-bc70b03fc023",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/idb-tg/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :correlation-table
+ {:org-id [:threatgrid :organization_id],
+ :org-name [:threatgrid :organization_name],
+ :role [:threatgrid :role],
+ :user-name [:threatgrid :name]},
+ :grant-type :code,
+ :id "idb-tg",
+ :idp-logout-url "https://panacea.threatgrid.com/logout",
+ :legacy true,
+ :msg "For Secure Malware Analytics users.",
+ :name "Cisco Secure Malware Analytics",
+ :org-namespace "threatgrid",
+ :position 2,
+ :scopes ["threatgrid:profile" "email"],
+ :token-uri "https://panacea.threatgrid.com/api/v3/oauth/token"},
+ "sxso"
+ {:allow-all-role-to-login true,
+ :auth-kind :oidc,
+ :authorize-uri
+ "https://sign-on.security.cisco.com/oauth2/default/v1/authorize",
+ :client-id "0oa4dovqtv0MMc797357",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/sxso/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :grant-type :code,
+ :id "sxso",
+ :idp-account-url "https://me.security.cisco.com",
+ :idp-logout-url "https://sign-on.security.cisco.com/login/signout",
+ :manage-orgs false,
+ :msg "For new and existing SecureX users.",
+ :name "Security Cloud Sign On",
+ :position 0,
+ :safe-for-emails-verification true,
+ :scopes ["profile" "email" "iroh_auth"],
+ :token-uri
+ "https://sign-on.security.cisco.com/oauth2/default/v1/token"},
+ "threatgrid"
+ {:allow-all-role-to-login true,
+ :auth-kind :oidc,
+ :authorize-uri "https://panacea.threatgrid.com/oauth2/authorize",
+ :client-id "4fe0068b-eb2a-4918-871f-dd9c9592990e",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/threatgrid/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :correlation-table {:org-id [:tg_org]},
+ :grant-type :code,
+ :hidden true,
+ :id "threatgrid",
+ :name "Secure Malware Analytics",
+ :org-namespace "threatgrid",
+ :token-uri "https://panacea.threatgrid.com/api/v3/oauth/token"}}
+ ,,,}
+#+end_src
+
+**** SCSO
+
+Contact Ryan, ask him to create the OAuth2 client and the Okta bookmarks
+
+***** The actual config in PROD NAM
+
+#+begin_src clojure
+{,,,
+ "sxso"
+ {:allow-all-role-to-login true,
+ :auth-kind :oidc,
+ :authorize-uri
+ "https://sign-on.security.cisco.com/oauth2/default/v1/authorize",
+ :client-id "0oa4dovqtv0MMc797357",
+ :client-secret
+ "[[ with secret "iroh/data/iroh_auth/idps/sxso/client_secret" ]][[ .Data.data.value ]][[ end ]]",
+ :grant-type :code,
+ :id "sxso",
+ :idp-account-url "https://me.security.cisco.com",
+ :idp-logout-url "https://sign-on.security.cisco.com/login/signout",
+ :manage-orgs false,
+ :msg "For new and existing SecureX users.",
+ :name "Security Cloud Sign On",
+ :position 0,
+ :safe-for-emails-verification true,
+ :scopes ["profile" "email" "iroh_auth"],
+ :token-uri
+ "https://sign-on.security.cisco.com/oauth2/default/v1/token"}
+ ,,,}
+#+end_src
+
+**** AMP
+
+Contact Ryan and perhaps Secure Endpoint team to create an OIDC client in Okta
+that connects to the SAML client from AMP
+
+**** TG
+
+Contact Austin Haas from SMA (Secure Malware Analytics) to create a new OIDC client.
+Apparently OIDC clients created for IROH are no more supported by Threatgrid.
+You must use *magic* to create/update these clients.
+Sync with Austin Haas for help.
+
+* Dynamic Configuration
+
+** Create Master users
+
+**** Ops-only
+
+In order to be able to access the admin API which is a must-have to configure
+the nodes you first need to configure a first master user.
+
+Easiest method, copy an existing master user from another env to the new env by
+copying the Org and User row in the DB.
+Change the ~email-address~ to match the one you would like to use.
+The important field for the user to be a master user is to have
+~additional-scopes~ set to ~["iroh-master","iroh-admin","cisco"]~.
+
+**** Using the API
+
+1. Launch a node
+2. Login via AMP (or TG) for auto Org creation
+3. Retrieve user-id (see response from API after login)
+4. change node conf to add user-id to admin-filters configuration
+5. restart the node and login again
+6. Use the admin API to PATCH the user with ={additional-scopes: ["iroh-master","iroh-admin","cisco"]}=
+7. change the node conf to remove admin-filters
+
+Add new masters:
+
+1. Invite new users to the first main Org then PATCH then using the admin API
+
+** Provisioning
+*** Official Provisioning OAuth2 Clients
+
+You must create PIAM team a new Org with ~additional-scopes~
+containing ~cisco/platform~.
+Then add the user from the contact of the PIAM team that should create its own
+OAuth2 client for provisioning.
+
+*** Internal Org Provisioning
+
+Create a new client with the scopes ~["cisco/platform" "cisco/tac"]~ and use the
+scripts in ~xdr-provisioning~ (Adapt them to use the new Stage env).
+
+** SSE Integration
+
+*** SSE Client ! Claim Aliases
+
+SSE OIDC client expect some specific claims so we should configure the client to
+copy and replace the content accordingly to their expectation
+
+** DI Integration
+
+*** OAuth2 Client
+- audience
+- trusted
+- allow-all-role-to-login
+
+
+*** Webhooks
+** Automation Integration
+
+See ~config.edn~, configuration of the iroh-ao API/bootstrap
+See Mark for help.
+
+
+*** OAuth2 Client
+- audience
+- trusted
+- allow-user-sopces
+- short tokesn
+- org-level-authorization
+
+*** Webhooks
+
+** 1-click module setup integrations
+
+Every team should have a dedicated Org.
+At least one dev of this team should create an OAuth2 client to be used.
+
+Once the dev could test for its own org, the client should be promoted to
+availability everyone.
+And after the client should be marked as trusted.
+
+The team should also create the module-type that should be then promoted as
+visbility global.
+
+* Maintenance
+Every dynamic change must be made on all environments, often needing master-user privileges.
+Typically:
+- module-type change.
+- OAuth2 client change (URL)
+- create specific tenant for PMs/Tests
+
+Expect a few hours a week.
diff --git a/notes/cisco_staging_environment_kick_off.org b/notes/cisco_staging_environment_kick_off.org
new file mode 100644
index 00000000..0ece0921
--- /dev/null
+++ b/notes/cisco_staging_environment_kick_off.org
@@ -0,0 +1,59 @@
+:PROPERTIES:
+:ID: aa8ba7b5-d4e5-48c0-9e7a-2a5adb504d38
+:END:
+#+title: Cisco: Staging Environment Kick Off
+#+Author: Yann Esposito
+#+Date: [2023-10-03]
+
+* Staging
+
+As I understand. Exactly the same as TEST, but with the same ops machine than prod.
+Main issue is that TEST/PROD have different configuration.
+With this strategy of STAGING, this does not solve this issue.
+Because by construction STAGING will also be different from PROD.
+
+Differences with PROD:
+
+- content of the DB
+ - URL of all integrations
+ - OAuth2 Clients
+ - Specific Technical Orgs
+ - Customers Data (Orgs, Users, objects)
+- configuration of the API
+ - URL of all integrations
+ - OAuth2 Clients
+
+ What does it take to re-configure a new environment?
+It took many *years* of work from many different teams, where most point of
+contact have disappeared now.
+
+So an undefined amount of work not only from Ops, but mostly from IROH + every
+other team that integrated with IROH (SecureX / XDR).
+If possible it will take a non trivial amount of time from every team involved.
+
+* Instead a proposal: Canary release
+
+Create a Proxy that will redirect some predefined users to the new deployed nodes.
+
+So QA users will use v2 while customers are still using v1.
+
+Once QA is successful, take 10% of users and move them to v2.
+Once charge is verified and ok, move 100% of users and move them to v2.
+Deployment finished, test made in real PROD by QA.
+
+Not only this is a lot better for QA, but this looks possible while initializing
+a new Staging does not appear doable at all if we want to achieve the goals of
+improving releases quality.
+
+* Requirements
+
+@Anthony_Brandelli
+
+- cross-integration environment (test - prod / int - test)
+
+Not looking for big scaled prod env for staging.
+
+* Concerns
+
+What is IROH the backend that makes XDR/SecureX possible.
+This is a platform.
diff --git a/notes/cisco_staging_environment_presentation.org b/notes/cisco_staging_environment_presentation.org
new file mode 100644
index 00000000..9e76a7ae
--- /dev/null
+++ b/notes/cisco_staging_environment_presentation.org
@@ -0,0 +1,33 @@
+:PROPERTIES:
+:ID: 83380ee8-f90a-41e0-955f-473b81a043d0
+:END:
+#+title: Cisco Staging Environment Presentation
+#+Author: Yann Esposito
+#+Date: [2023-10-18]
+
+- tags :: [[id:ce893df9-32a4-44e0-9eb5-b9817141ee6a][cisco]]
+- related :: [[id:c33df84f-9b64-47a8-b716-fcadc0ec4f8c][Cisco Staging Environment Doc]]
+* Short History
+
+1. Environment deployment was always a 3rd class citizen.
+2. Node administration was always a 2nd class citizen, we had to build that ourselves
+ in the middle of feature work.
+3. 1st class citizen: "Integration" (make a Platform)
+ 1. Login
+ + Use external IdP for user management (first without internal user DB)
+ - supported SAML (deprecated now)
+ - support OpenID Connect (as client)
+ 2. Share tokens
+ + OAuth2 Client Credential Grant. (One client per user)
+ + OAuth2 Authorization Code Grant. (One client per integration and
+ multiple users, need a dedicated URL)
+ + OAuth2 device grant. (One client per integration and multiple users, no
+ dedicated URL)
+ 3. Share Identity
+ + OpenID Connect Provider
+ 4. Use external APIs
+ + Modules:
+ + module-record (backend used)
+ + module-type (one by integration, one for VirusTotal, Crowdstrike, etc…)
+ + module-instance (one by org)
+* Demo ~config.edn~
diff --git a/notes/cookie_clicker_save.org b/notes/cookie_clicker_save.org
index 2d9e85cc..a44f3fcf 100644
--- a/notes/cookie_clicker_save.org
+++ b/notes/cookie_clicker_save.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 3d75e1da-3fc4-414d-90f8-c3266eed3ddc
:END:
-Cookie Clicker save
+#+Title: Cookie Clicker save
#+Author: Yann Esposito
#+Date: [2023-07-27]
@@ -9,4 +9,4 @@ Cookie Clicker save
- source ::
* Save
-Mi4wNTJ8fDE2OTA0OTk2MDI0OTM7MTY5MDQ5OTYwMjQ5MzsxNjkwNTAwODMxODQxO0ZhbnRhc3RpYyBTbG90aDt3dndhcDswLDEsMCwwLDAsMCwwfDExMTExMTAxMTAwMTAxMTAwMTAxMDExMDAwMXwxNzc2My4wNTU0OTk5OTkwMTY7MzgzMzAyLjA1NTUwMDAyOTk7MjI0NzsyOzEwMTE1OzA7MDswOzA7MDswOzA7MDswOzA7MjswOzA7MDswOzA7MDs7MDswOzA7MDswOzA7MDstMTstMTstMTstMTstMTswOzA7MDswOzc1OzA7MDstMTstMTsxNjkwNDk5NjAyNDkzOzA7MDs7NDE7MDswOzg3NDs1MDswOzA7fDQwLDQwLDE1MTA3LDAsLDAsNDA7MzAsMzAsNzAzMDEsMCwsMCwzMDsyMCwyMCwxMzg3ODYsMCwsMCwyMDs2LDYsMTQ4MTA3LDAsLDAsNjswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7fDExMTExMTEwMDAwMDAwMTExMTExMTExMDAwMDAwMDAwMTAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMTAwMDEwMTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDB8MTExMDAwMDAwMDAwMDAwMDExMTAwMDAwMDAwMDAwMTAwMDExMDAwMDEwMDEwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMHx8
+Mi4wNTJ8fDE2OTA0OTk2MDI0OTM7MTY5MDQ5OTYwMjQ5MzsxNjk1OTMxOTM2Njg4O0ZhbnRhc3RpYyBTbG90aDt3dndhcDswLDEsMCwwLDAsMCwwfDExMTExMTAxMTAwMTAxMTAwMTAxMDExMDAwMXwxMzgzMDM5LjEyMzk2NjUxNDg7MTM4NjM5NDYuMTIzOTY2NTg0OzU0Mzc7MzszNjM3NTQuOTMxODAwMDAyNDsyOzA7MDswOzA7MDswOzA7MDswOzM7MDswOzA7MDswOzA7OzA7MDswOzA7MDswOzA7LTE7LTE7LTE7LTE7LTE7MDswOzA7MDs3NTswOzA7LTE7LTE7MTY5MDQ5OTYwMjQ5MzswOzA7OzQxOzA7MDsxNzMxMS40OzUwOzA7MDt8NjAsNjAsNzIzMDUwLDAsLDAsNjA7NDAsNDAsMTMwNDk1MywwLCwwLDQwOzMwLDMwLDMzMzIwNTIsMCwsMCwzMDsyMCwyMCwzODk5OTE0LDAsLDAsMjA7MTAsMTAsMzIxODUwMywwLCwwLDEwOzIsMiwxMDIwODMwLDAsLDAsMjswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwO3wxMTExMTExMTEwMDAwMDExMTExMTExMTExMTExMTAwMDExMTEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAxMTEwMTAxMDEwMDAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAxMTExMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAxMTEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMTAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwfDExMTEwMDAwMDAwMDAwMDAxMTExMTAwMDAwMDAwMDExMDAxMTEwMDAxMDAxMDAxMDAxMDAwMDAwMDAwMDAwMDAwMDAxMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDB8fA%3D%3D%21END%21
diff --git a/notes/create_long_running_dashboard.html b/notes/create_long_running_dashboard.html
new file mode 100644
index 00000000..4ed4c2db
--- /dev/null
+++ b/notes/create_long_running_dashboard.html
@@ -0,0 +1,399 @@
+
+
+
+
+
+
+
+Create Long Running Dashboard
+
+
+
+
+
+
+Note also the access token lifetime is 3600 seconds (instead of the default 300s).
+After 1 hour, the access token will fail, from now on you could request another
+access token with:
+
+Yipie! A new access token that only has read-only authorizations (exceptipon for
+registry).
+
+
+
+
+
+
Date: 2023-12-15 Fri 00:00
+
Author: Yann Esposito
+
Created: 2023-12-15 Fri 15:38
+
+
+
\ No newline at end of file
diff --git a/notes/create_long_running_dashboard.org b/notes/create_long_running_dashboard.org
new file mode 100644
index 00000000..216f1489
--- /dev/null
+++ b/notes/create_long_running_dashboard.org
@@ -0,0 +1,186 @@
+:PROPERTIES:
+:ID: edf18b30-3f82-4d1b-8d1e-3cc64f2b762b
+:END:
+#+Title: Create Long Running Dashboard
+#+Author: Yann Esposito
+#+Date: [2023-12-15]
+
+* Summary
+
+1. Once the user is logged, use his session token to make the first call to ~/oauth2/custom/tokens~.
+2. You should get an access and refresh token. That refresh token expiration
+ date will be far away (a lot later than in 24h)
+3. Use this new access token to display the dashboard.
+4. When the access token expires, request a new one by using the refresh token
+ and calling ~/oauth/token~.
+
+* Working Example on INT
+
+#+NAME: envorigin
+#+begin_src elisp
+"https://visibility.int.iroh.site"
+#+end_src
+
+#+RESULTS: envorigin
+: https://visibility.int.iroh.site
+
+#+NAME: clientid
+#+begin_src elisp
+"cisco-internal-71c1b24be4210aac731cef41664f15e3"
+#+end_src
+
+#+RESULTS: clientid
+: cisco-internal-71c1b24be4210aac731cef41664f15e3
+
+#+NAME: userjwt
+#+begin_src elisp
+"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImlyb2gtdWkiLCJsb2dpbiJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwic3ViIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9yZWZyZXNoLXRva2VuLWp0aSI6InJlZnJlc2gtMjVlYjI1YTYtYzZjYS00ODdkLWI4M2YtMjA2ZWRjNjRjZTgwIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiaXJvaC1hZG1pbiIsImV2ZW50OnJlYWQiLCJpbnNpZ2h0cyIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImludGVncmF0aW9uIiwicHJpdmF0ZS1pbnRlbCIsImFkbWluIiwicHJvZmlsZSIsImluc3BlY3QiLCJhc3NldCIsImZlZWRiYWNrIiwiaXJvaC1tYXN0ZXIiLCJzc2UiLCJyZWdpc3RyeSIsInVzZXJzIiwiaW52ZXN0aWdhdGlvbiIsImNpc2NvIiwiaW52aXRlIiwicGxheWJvb2siLCJjYXNlYm9vayIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwib3JiaXRhbCIsImVucmljaCIsIm9hdXRoIiwiY29sbGVjdCIsInJlc3BvbnNlIiwidWktc2V0dGluZ3MiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJvcGVuaWQiLCJub3RpZmljYXRpb24iLCJnbG9iYWwtaW50ZWw6cmVhZCIsIndlYmhvb2siLCJ2YXVsdC9jb25maWcvcG9zdHVyZTpyZWFkIiwiYW8iXSwiZXhwIjoxNzAyNzM1MjM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9uYW1lIjoiVGhyZWF0IFJlc3BvbnNlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoibG9naW4iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29yZy9uYW1lIjoiWWFubiBBRE1JTiBPUkciLCJqdGkiOiJ0b2tlbi0xMGVjYjk4NC1jMjk5LTRkNzItYjVlMC01ODA0Mjg4Njc4YmUiLCJuYmYiOjE3MDI2NDg3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9uYW1lIjoiWWFubiAtIE1hc3RlciIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvY2xpZW50L2lkIjoiaXJvaC11aSIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdmVyc2lvbiI6InYyLjEwLWM2ZDljZmM4NTU3OTg2NTA1YjkxIiwiaWF0IjoxNzAyNjQ4ODM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJzZXNzaW9uLXRva2VuIn0.aUM6fPSkcEh7wlD5se328l6GGeaqLFuNZTR5XjP5dA79RXSwXxDuPHQbr5VveLUQRd7cl-5yAMlcEumjv5AuozafcBzLRdc2OBPtXBFzSxOinZKmbk4mNZ2FVHLdSRqEBzGfWpcw5ZoG2DbYy0Ygqh9s5kMvF789zrNz0DYituUMM7Wf37AQAJ1oFWfDHBGAND22FkhsHd7QrnJDQhtPkCTTWiMjHSfAXnrUuJ6kNZCPdAwa4HlTTmmlTBqI4TA6GGbwUDmBGeSEed9N01MLrOgbtJK3M8mdchxGb9lA2ZnkI8QfdXPEa_ppJ5CUUnYw1sOqFq-PeLoDEDDtkDPHg6115SPdfckbLYsOsxnBRcm2FwxP2hHunPXDEkJrT0osjU6t8MMi3FoDV-9ISdDdD6Ldhe9NM7WPNFofVp9XwYMyuqcejHX6V5AW8eb5GK6Xk_nwzLBTUxThvFi1FJSlDj5bdj7jnjMWv7wHtvUU1bMwSMOPkA0xSlM0pmD0CdfrSk3Os-RYHpcYLqrdXVvjau40beSCCoFlgjdebidux8RC6Ln4l6cauNepnyKxyLWqr-UfdAhiFe3U-F0gGPVwhUvqTfbpeujCd3go0037akaSOtUIXid08HPSCRHhEXANeR8GO1zT86XCz3h74uLyfqRSWEkR_tbvMAik942bQWY"
+#+end_src
+
+#+RESULTS: userjwt
+: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImlyb2gtdWkiLCJsb2dpbiJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwic3ViIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9yZWZyZXNoLXRva2VuLWp0aSI6InJlZnJlc2gtMjVlYjI1YTYtYzZjYS00ODdkLWI4M2YtMjA2ZWRjNjRjZTgwIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiaXJvaC1hZG1pbiIsImV2ZW50OnJlYWQiLCJpbnNpZ2h0cyIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImludGVncmF0aW9uIiwicHJpdmF0ZS1pbnRlbCIsImFkbWluIiwicHJvZmlsZSIsImluc3BlY3QiLCJhc3NldCIsImZlZWRiYWNrIiwiaXJvaC1tYXN0ZXIiLCJzc2UiLCJyZWdpc3RyeSIsInVzZXJzIiwiaW52ZXN0aWdhdGlvbiIsImNpc2NvIiwiaW52aXRlIiwicGxheWJvb2siLCJjYXNlYm9vayIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwib3JiaXRhbCIsImVucmljaCIsIm9hdXRoIiwiY29sbGVjdCIsInJlc3BvbnNlIiwidWktc2V0dGluZ3MiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJvcGVuaWQiLCJub3RpZmljYXRpb24iLCJnbG9iYWwtaW50ZWw6cmVhZCIsIndlYmhvb2siLCJ2YXVsdC9jb25maWcvcG9zdHVyZTpyZWFkIiwiYW8iXSwiZXhwIjoxNzAyNzM1MjM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9uYW1lIjoiVGhyZWF0IFJlc3BvbnNlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoibG9naW4iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29yZy9uYW1lIjoiWWFubiBBRE1JTiBPUkciLCJqdGkiOiJ0b2tlbi0xMGVjYjk4NC1jMjk5LTRkNzItYjVlMC01ODA0Mjg4Njc4YmUiLCJuYmYiOjE3MDI2NDg3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9uYW1lIjoiWWFubiAtIE1hc3RlciIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvY2xpZW50L2lkIjoiaXJvaC11aSIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdmVyc2lvbiI6InYyLjEwLWM2ZDljZmM4NTU3OTg2NTA1YjkxIiwiaWF0IjoxNzAyNjQ4ODM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJzZXNzaW9uLXRva2VuIn0.aUM6fPSkcEh7wlD5se328l6GGeaqLFuNZTR5XjP5dA79RXSwXxDuPHQbr5VveLUQRd7cl-5yAMlcEumjv5AuozafcBzLRdc2OBPtXBFzSxOinZKmbk4mNZ2FVHLdSRqEBzGfWpcw5ZoG2DbYy0Ygqh9s5kMvF789zrNz0DYituUMM7Wf37AQAJ1oFWfDHBGAND22FkhsHd7QrnJDQhtPkCTTWiMjHSfAXnrUuJ6kNZCPdAwa4HlTTmmlTBqI4TA6GGbwUDmBGeSEed9N01MLrOgbtJK3M8mdchxGb9lA2ZnkI8QfdXPEa_ppJ5CUUnYw1sOqFq-PeLoDEDDtkDPHg6115SPdfckbLYsOsxnBRcm2FwxP2hHunPXDEkJrT0osjU6t8MMi3FoDV-9ISdDdD6Ldhe9NM7WPNFofVp9XwYMyuqcejHX6V5AW8eb5GK6Xk_nwzLBTUxThvFi1FJSlDj5bdj7jnjMWv7wHtvUU1bMwSMOPkA0xSlM0pmD0CdfrSk3Os-RYHpcYLqrdXVvjau40beSCCoFlgjdebidux8RC6Ln4l6cauNepnyKxyLWqr-UfdAhiFe3U-F0gGPVwhUvqTfbpeujCd3go0037akaSOtUIXid08HPSCRHhEXANeR8GO1zT86XCz3h74uLyfqRSWEkR_tbvMAik942bQWY
+
+#+HEADER: :var userjwt=userjwt envorigin=envorigin clientid=clientid
+#+NAME: tokens
+#+begin_src http :pretty :exports both :results value code :eval no-export
+POST ${envorigin}/iroh/oauth2/custom/tokens
+Accept: application/json
+Content-Type: application/json
+User-Agent: ob-http
+Authorization: Bearer ${userjwt}
+
+{"client_id":"${clientid}",
+ "client_secret": "dashboard"}
+#+end_src
+
+#+RESULTS: tokens
+#+begin_src http
+{
+ "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIl0sImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9yb2xlIjoiYWRtaW4iLCJzdWIiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJpc3MiOiJJUk9IIEF1dGgiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL3JlZnJlc2gtdG9rZW4tanRpIjoicmVmcmVzaC1kYTAwZjQ4ZC1iZWRiLTQ1MWEtYjg2Yi05YjM1N2JmMzc0OWEiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3Njb3BlcyI6WyJldmVudDpyZWFkIiwicHJpdmF0ZS1pbnRlbDpyZWFkIiwiZmVlZGJhY2s6cmVhZCIsIm9yYml0YWw6cmVhZCIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImNvbGxlY3Q6cmVhZCIsInVzZXJzOnJlYWQiLCJlbnJpY2g6cmVhZCIsImluc2lnaHRzOnJlYWQiLCJpbnZlc3RpZ2F0aW9uOnJlYWQiLCJpbnRlZ3JhdGlvbjpyZWFkIiwicmVnaXN0cnkiLCJhbzpyZWFkIiwidWktc2V0dGluZ3M6cmVhZCIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwic3NlOnJlYWQiLCJhZG1pbjpyZWFkIiwiaW5zcGVjdDpyZWFkIiwiY2FzZWJvb2s6cmVhZCIsInRlbGVtZXRyeTp3cml0ZSIsImdsb2JhbC1pbnRlbDpyZWFkIiwicHJvZmlsZTpyZWFkIiwid2ViaG9vazpyZWFkIiwidmF1bHQvY29uZmlnL3Bvc3R1cmU6cmVhZCIsIm5vdGlmaWNhdGlvbjpyZWFkIiwiYXNzZXQ6cmVhZCIsInJlc3BvbnNlOnJlYWQiLCJwbGF5Ym9vazpyZWFkIl0sImV4cCI6MTcwMjY1MzM3NCwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvbmFtZSI6IjEgTW9udGggRGFzaGJvYXJkIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoiYXV0aC1jb2RlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvb3duZXIvaWQiOiJjaXNjby1pbnRlcm5hbC11aS1kYXNoYm9hcmRzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvbmFtZSI6Illhbm4gQURNSU4gT1JHIiwianRpIjoidG9rZW4tMzI3Njk3ZjUtMWRkYi00MjhiLTg3ODQtMjAzNGQ0ODJlNGYwIiwibmJmIjoxNzAyNjQ5NzE0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy92ZXJzaW9uIjoidjIuMTAtYzZkOWNmYzg1NTc5ODY1MDViOTEiLCJpYXQiOjE3MDI2NDk3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgva2luZCI6ImFjY2Vzcy10b2tlbiJ9.qw0hHP73wExZLvzlzv60Y7eAOCsO4TGASvCkEtmXogQ1LgReyh8YSqPQVZX5wP0OBfhjQ4-smEu54EcMC9Lf_wC9-vRrtRjq-NwoEL6wNsoruvWEtPoeHYWjrpGdV14Z_AOrlLwPANiN8boOFq452rBNgWj2RdfyDfR2uhT_fvJmrOyVJ8QL4ZLOMZZx2N3-Bh2ZLWJSCIa8Rxmvld5uI_ZDwAQ2XNC5Bs5BCZLAaROPZ-xq8Hslc4ZMgINYruSSQ6l7DVIklCZmyyRoLfKROej-tBYRrbRosfckd7o72LQLV1h7Jf-jDNVtujb5vjfxB9yWClt-gmgCPO7mb3xSbh_bzrsY-CWMg5C_XfLjmiE2Jm9asuZWX6nZkBmLSIXz5tIT0NyyZeW4PByjOxO9OPcYYHI2PjxYy36kxQqnViYSbaK6zAZGPkqOLcmJmK5G00MSZL23jw52au_rpH1vkKJHYcb61CH3Uzat6yplxpYQm6pW-8eKMnXUa21LHCkoOzdPx_SQ9_Z4bMsyAy7h7A1cjCBiiUU1X34te544zUH88s5Nr-j_vR8A1CqI3iTGVaqMg1mMui9H2gIycfLFNzCMgjE6RI9f7EvWxAvIbDZiHj7I4_NKhsjP96YIoXISQmxOXaPCgbL5EbItgcADf-dGQOYk2MeadfNq8mlj-Gs",
+ "scope": "admin:read ao:read asset:read casebook:read collect:read enrich:read event:read feedback:read global-intel:read insights:read inspect:read integration:read investigation:read notification:read orbital:read playbook:read private-intel:read profile:read registry response:read sse:read telemetry:write ui-settings:read users:read vault/config/metadata:read vault/config/posture:read vault/configs:read webhook:read",
+ "token_type": "bearer",
+ "expires_in": 3600,
+ "refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo"
+}
+#+end_src
+
+decoded refresh token
+
+#+begin_src
+Token header
+------------
+{
+ "typ": "JWT",
+ "alg": "RS256",
+ "kid": "2lrcbtLUyB7hTUCBFMZoYOUy6SY8HybU70WVI6g7Zbk"
+}
+
+Token claims
+------------
+{
+ "aud": [
+ "cisco-internal-71c1b24be4210aac731cef41664f15e3"
+ ],
+ "email": "yaesposi@cisco.com",
+ "exp": 1705328173,
+ "https://schemas.cisco.com/iroh/identity/claims/oauth/client/id": "cisco-internal-71c1b24be4210aac731cef41664f15e3",
+ "https://schemas.cisco.com/iroh/identity/claims/oauth/grant": "auth-code",
+ "https://schemas.cisco.com/iroh/identity/claims/oauth/kind": "refresh-token",
+ "https://schemas.cisco.com/iroh/identity/claims/oauth/user/id": "00010924-e1bc-4b03-b600-89c6cf52757c",
+ "https://schemas.cisco.com/iroh/identity/claims/org/id": "047a89bf-5d2e-4392-b770-ad4821a82acf",
+ "https://schemas.cisco.com/iroh/identity/claims/scopes": [
+ "event:read",
+ "private-intel:read",
+ "feedback:read",
+ "orbital:read",
+ "vault/configs:read",
+ "collect:read",
+ "users:read",
+ "enrich:read",
+ "insights:read",
+ "investigation:read",
+ "integration:read",
+ "registry",
+ "ao:read",
+ "ui-settings:read",
+ "vault/config/metadata:read",
+ "sse:read",
+ "admin:read",
+ "inspect:read",
+ "casebook:read",
+ "telemetry:write",
+ "global-intel:read",
+ "profile:read",
+ "webhook:read",
+ "vault/config/posture:read",
+ "notification:read",
+ "asset:read",
+ "response:read",
+ "playbook:read"
+ ],
+ "https://schemas.cisco.com/iroh/identity/claims/user/email": "yaesposi@cisco.com",
+ "https://schemas.cisco.com/iroh/identity/claims/user/id": "00010924-e1bc-4b03-b600-89c6cf52757c",
+ "https://schemas.cisco.com/iroh/identity/claims/user/name": "Yann - Master",
+ "https://schemas.cisco.com/iroh/identity/claims/user/role": "admin",
+ "iat": 1702649773,
+ "iss": "IROH Auth",
+ "jti": "refresh-da00f48d-bedb-451a-b86b-9b357bf3749a",
+ "nbf": 1702649713
+}
+#+end_src
+
+Where we can see that ~exp - iat~ claims is
+
+#+begin_src elisp
+(- 1705328173 1702649773)
+#+end_src
+
+#+RESULTS:
+: 2678400
+
+Which is
+
+#+begin_src elisp
+(/ 2678400 (* 60 60 24))
+#+end_src
+
+#+RESULTS:
+: 31
+
+31 days.
+
+Note also the access token lifetime is 3600 seconds (instead of the default 300s).
+After 1 hour, the access token will fail, from now on you could request another
+access token with:
+
+#+NAME: refreshtoken
+#+begin_src elisp
+"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo"
+#+end_src
+
+#+RESULTS: refreshtoken
+: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo
+
+#+HEADER: :var refreshtoken=refreshtoken envorigin=envorigin clientid=clientid
+#+NAME: newtokens
+#+begin_src http :pretty :exports both :results value code :eval no-export
+POST ${envorigin}/iroh/oauth2/token
+Accept: application/json
+Content-Type: application/x-www-form-urlencoded
+User-Agent: ob-http
+
+client_id=${clientid}&client_secret=dashboard&grant_type=refresh_token&refresh_token=${refreshtoken}
+#+end_src
+
+#+RESULTS: newtokens
+#+begin_src http
+{
+ "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIl0sImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9yb2xlIjoiYWRtaW4iLCJzdWIiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJpc3MiOiJJUk9IIEF1dGgiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL3JlZnJlc2gtdG9rZW4tanRpIjoicmVmcmVzaC1kYTAwZjQ4ZC1iZWRiLTQ1MWEtYjg2Yi05YjM1N2JmMzc0OWEiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3Njb3BlcyI6WyJldmVudDpyZWFkIiwicHJpdmF0ZS1pbnRlbDpyZWFkIiwiZmVlZGJhY2s6cmVhZCIsIm9yYml0YWw6cmVhZCIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImNvbGxlY3Q6cmVhZCIsInVzZXJzOnJlYWQiLCJlbnJpY2g6cmVhZCIsImluc2lnaHRzOnJlYWQiLCJpbnZlc3RpZ2F0aW9uOnJlYWQiLCJpbnRlZ3JhdGlvbjpyZWFkIiwicmVnaXN0cnkiLCJhbzpyZWFkIiwidWktc2V0dGluZ3M6cmVhZCIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwic3NlOnJlYWQiLCJhZG1pbjpyZWFkIiwiaW5zcGVjdDpyZWFkIiwiY2FzZWJvb2s6cmVhZCIsInRlbGVtZXRyeTp3cml0ZSIsImdsb2JhbC1pbnRlbDpyZWFkIiwicHJvZmlsZTpyZWFkIiwid2ViaG9vazpyZWFkIiwidmF1bHQvY29uZmlnL3Bvc3R1cmU6cmVhZCIsIm5vdGlmaWNhdGlvbjpyZWFkIiwiYXNzZXQ6cmVhZCIsInJlc3BvbnNlOnJlYWQiLCJwbGF5Ym9vazpyZWFkIl0sImV4cCI6MTcwMjY1NDQ2NiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvbmFtZSI6IjEgTW9udGggRGFzaGJvYXJkIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoiYXV0aC1jb2RlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvb3duZXIvaWQiOiJjaXNjby1pbnRlcm5hbC11aS1kYXNoYm9hcmRzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvbmFtZSI6Illhbm4gQURNSU4gT1JHIiwianRpIjoidG9rZW4tYzYwZjYzZmMtZWRiYi00YThjLTlkMDQtODE2ZjBjN2I4NzdmIiwibmJmIjoxNzAyNjUwODA2LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy92ZXJzaW9uIjoidjIuMTAtYzZkOWNmYzg1NTc5ODY1MDViOTEiLCJpYXQiOjE3MDI2NTA4NjYsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgva2luZCI6ImFjY2Vzcy10b2tlbiJ9.cem4Kt5uwVFv11YhlpOCesPxlo-AfeOcIl8agwe7RP8bBrWI0O7L2coETjZb8a8axXwbWTpsBe2fgut7TjE8byAfRJwhW9jiAD31svw8RMRdRy07d54dVSiCoCfiaFBf79gKSgx0QjMsE1SCd1VJ7vaicp9k-q6a63BDMvp-7hsC1sIXmrsHhHX1wDkOQCrX7EWnOU8LDNhmcjIAgQqCk3TCZK_B-tM_1VNYEpZ6kYQHO1qhwTB6rHE1gh_Vxz0EUTt2H_7f1lj8Rp2ov5LFFi1VIBj7AIOwuTZeifUhJzNmZeeJNzWO3Ejd-Mh4saOGGuJxQqAQ5koxiD6IWZ25K810ojDt0AO-uSadZdbFpfjyox5v0ii-BWs303QQcHpjIzPQXnSq0jDLP6HnOauofHEs2LFimb2omkkUvhppRjpdewbFV6IV7F2lpw4XsiYBfwHLSWLa34PJqgVZ09Oiy7opVQo-tu9jho17RdJkNQYbyv5xCfwV8NKKSjXSFLv3TItmGENvnD_iWBxwFK9kRvCE1n0JoStnRqdpTWf-pkbU70TV71C7DsTlkmaJtporaBhAvF4rgJEWYrxPhEVTRt-ZpQ_hNFDkTWJxPOkSmmEWBjUiXwDWlu2kw0OXXSnndzsa3xIVYvOCNMDClj5gMFASS7DbvHvBAqe8au_bE4I",
+ "scope": "admin:read ao:read asset:read casebook:read collect:read enrich:read event:read feedback:read global-intel:read insights:read inspect:read integration:read investigation:read notification:read orbital:read playbook:read private-intel:read profile:read registry response:read sse:read telemetry:write ui-settings:read users:read vault/config/metadata:read vault/config/posture:read vault/configs:read webhook:read",
+ "token_type": "bearer",
+ "expires_in": 3600
+}
+#+end_src
+
+Yipie! A new access token that only has read-only authorizations (exceptipon for
+registry).
diff --git a/notes/deploy_new_environment_staging.org b/notes/deploy_new_environment_staging.org
new file mode 100644
index 00000000..3e5deab8
--- /dev/null
+++ b/notes/deploy_new_environment_staging.org
@@ -0,0 +1,241 @@
+:PROPERTIES:
+:ID: 7b35763c-84af-41fa-bad5-b407b33ff020
+:END:
+#+Title: Deploy New Environment
+#+Author: Yann Esposito
+#+Date: [2023-11-28]
+
+- tags ::
+- source ::
+
+* Start the node with one admin [still needed]
+
+Dependencies:
+ - [ops] all DB runnings: (riemann, ES, Postgres, Redis, etc…)
+
+- [ops] configure the node to use DBFixtures, then remove db-fixture service from
+ bootstrap.cfg then restart the node. If configured correctly the DB will now
+ contain an admin user. The org must have the following additional scopes:
+ ~cisco, iroh-admin, iroh-master, global-intel~.
+
+- IROH / IROH-Async is running
+
+* Engineering Admin Access [still needed]
+
+- [ops] Provide VPN Access to the new Environment
+- [ops] Must create the first accounts for every engineer involved in the
+ initial configuration of the new environment
+
+* Support Provisioning (via PIAM) [not needed anymore]
+
+- [ops] update Vault with the OAuth2 client creds from PIAM
+- [engineering] configure PIAM Universal Provisioning in IROH (URLs, etc…)
+
+assumptions:
+- we will have OAuth2 client creds from PIAM configured.
+- PIAM configured their server to point to the new URL for the Universal
+ Provisioning API
+- We will use the PIAM Universal Provisioning
+
+* Support essential XDR modules (DI, CSC, SE, SXO, SCA, SSX)
+** Deploy a Private Intel (CTIA) node [still needed]
+
+- [ops] This is needed for most integrations (DI SE).
+- [engineering] updated the URL in tenzin-config with the new private-intel URL
+
+** SXO (cc @Mark)
+
+*** Onboarding (todo) [still needed]
+- dependency: SXO: will provide an onboarding API URL
+
+- [engineering] Onboarding configuration in ~config.edn~.
+ Ask Automation to provide the onboarding URL.
+
+*** Module Type (cc @Matthieu) [Replicated]
+
+- [engineering] Creating the SXO Module Type, with the correct URLs, configuration
+
+*** OAuth2 Client [Replicated]
+
+- [engineering] Create an IROH OAuth2 client for SXO.
+ Copy the values from other deployed environment except replace the redirect URI.
+ In particular, take care of the audiences, it should be configured with
+ ~allow-partial-user-scopes?~ to true.
+
+ This client must be trusted. Add the client-id to the list of trusted clients by
+ using the admin API ~/admin/oauth/~
+
+** DI
+
+*** OAuth2 Client [Replicated]
+
+Create an IROH OAuth2 client for DI.
+Copy the values from other deployed environment except replace the redirect URI.
+In particular, take care of the audiences, it should be configured with
+~allow-partial-user-scopes?~ to true as well as ~org-level-authorization?~.
+
+This client must be trusted. Add the client-id to the list of trusted clients by
+using the admin API ~/admin/oauth/~
+
+*** Module Type creation (cc @Matthieu) [Replicated]
+
+*** Onboarding [still needed or DI should route using geo from the JWT]
+
+ Onboarding configuration in ~config.edn~.
+ Ask DI to provide the onboarding URL.
+
+** SCA
+
+*** OAuth2 Client [replicated]
+
+Create an IROH OAuth2 client for DI.
+Copy the values from other deployed environment except replace the redirect URI.
+In particular, take care of the audiences, it should be configured with
+~allow-partial-user-scopes?~ to true.
+
+This client must be trusted. Add the client-id to the list of trusted clients by
+using the admin API ~/admin/oauth/~
+
+*** module conf (cc @Matthieu) [Replicated]
+*** Onboarding [SCA route using JWT or still needed]
+
+ Onboarding configuration in ~config.edn~.
+ Ask SCA to provide the onboarding URL.
+
+** SSX
+
+*** OAuth2 client (claim aliases) [Replicated]
+
+1. Ask SSX to deploy a Stage Environment and provide the corresponding URLs:
+ In the rest of this doc we suppose it will be:
+ - https://admin.sta.sse.itd.cisco.com
+ - https://devops.sta.sse.itd.cisco.com
+ but SSX could provide some different URLs to use.
+2. Create a dedicated Org for SSX
+3. Via the API directly, create a new API Client using the following payload.
+ Notice some value could change depending on the SSX configuration of the prefixes.
+ You need to ask SSX what are the expected IdP Mapping they would like.
+ I took on me that if a user login via AMP (CSA) SSX expect the tenant claim
+ to be ~AMP-STA~.
+
+Then you should create a client via the API with the following
+
+#+begin_src js
+{
+ "scopes": ["integration", "private-intel", "admin", "profile", "inspect", "iroh-master",
+ "iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel",
+ "collect", "response", "ui-settings", "openid", "ao"],
+ "description": "NEW Environment for Security Services Exchange Admin Console",
+ "redirects": [
+ "https://admin.sta.sse.itd.cisco.com/*/*",
+ "https://admin.sta.sse.itd.cisco.com/*/*/*",
+ "https://admin.sta.sse.itd.cisco.com/*",
+ "https://admin.sta.sse.itd.cisco.com/*/*/*/*",
+ "https://devops.sta.sse.itd.cisco.com/*/*",
+ "https://devops.sta.sse.itd.cisco.com/*/*/*",
+ "https://devops.sta.sse.itd.cisco.com/*",
+ "https://devops.sta.sse.itd.cisco.com/*/*/*/*",
+ "https://devops.sta.sse.itd.cisco.com"
+ ],
+ "availability": "everyone",
+ "access-token-lifetime-in-sec": 86400,
+ "id-token-lifetime-in-sec": 86400,
+ "name": "sse-ui-new-client",
+ "grants": ["auth-code"],
+ "client-type": "confidential",
+
+ "id-token-aliases": [
+ {
+ "alias": "spId",
+ "case-value": {
+ "sxso": "SXSO",
+ "idb-tg": "TG-STA",
+ "idb-amp": "AMP-STA"
+ },
+ "default-value": "AMP-STA",
+ "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id"
+ },
+ {
+ "alias": "spId",
+ "case-value": {
+ "sxso": "SXSO",
+ "idb-tg": "TG-STA",
+ "idb-amp": "AMP-STA"
+ },
+ "claim-to-alias": "idp-mapping-idp"
+ },
+ {
+ "alias": "spId",
+ "case-value": {
+ "sxso": "SXSO",
+ "idb-tg": "TG-STA",
+ "idb-amp": "AMP-STA"
+ },
+ "claim-to-alias": "old-idp-mapping-idp"
+ },
+ {
+ "alias": "companyId",
+ "replace-value": [
+ [
+ "^threatgrid[:]",
+ ""
+ ]
+ ],
+ "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id"
+ },
+ {
+ "alias": "companyId",
+ "replace-value": [
+ [
+ "^threatgrid[:]",
+ ""
+ ]
+ ],
+ "claim-to-alias": "idp-mapping-organization-id"
+ },
+ {
+ "alias": "companyId",
+ "replace-value": [
+ [
+ "^threatgrid[:]",
+ ""
+ ]
+ ],
+ "claim-to-alias": "old-idp-mapping-organization-id"
+ },
+ {
+ "alias": "companyName",
+ "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name"
+ },
+ {
+ "alias": "user_name",
+ "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name"
+ },
+ {
+ "alias": "user_email",
+ "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email"
+ },
+ {
+ "alias": "role",
+ "case-value": {
+ "admin": "admin",
+ "master": "admin",
+ "iroh-admin": "admin"
+ },
+ "default-value": "user",
+ "claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role"
+ }
+ ]
+}
+#+end_src
+
+Once the client is created.
+Go to the admin API, and bless the client to approve it.
+Also still via the Admin API, add the client to the trusted clients.
+
+Ask QA to verify cross launch is working as expected for the 3 IdPs.
+
+* UI
+
+- Check the registration UI would still work
+- Check some URLs with normal frontend
diff --git a/notes/dossier_mdph_anna_2023.html b/notes/dossier_mdph_anna_2023.html
new file mode 100644
index 00000000..713f7af7
--- /dev/null
+++ b/notes/dossier_mdph_anna_2023.html
@@ -0,0 +1,257 @@
+
+
+
+
+
+
+
+dossier MDPH Anna 2023
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/notes/dossier_mdph_anna_2023.org b/notes/dossier_mdph_anna_2023.org
index 1f0c7329..3623cca5 100644
--- a/notes/dossier_mdph_anna_2023.org
+++ b/notes/dossier_mdph_anna_2023.org
@@ -4,7 +4,7 @@
#+title: dossier MDPH Anna 2023
#+Author: Yann Esposito
#+Date: [2023-06-19]
-#+lang: fr
+#+Lang: fr
- tags ::
- source ::
@@ -13,7 +13,6 @@
- Formulaires: https://www.mdph13.fr/Pages/Formulaires.aspx
- https://mdphenligne.cnsa.fr/mdph/13
- dossier: [[file:~/Library/Mobile Documents/com~apple~CloudDocs/Documents/1-Administration/MDPH/MDPH-2023][dossier 2023]]
-
** Addresse
Maison Départementale des Personnes Handicapées des Bouches du Rhône
@@ -24,3 +23,98 @@ accueil.information.mdph@mdph13.fr
Accueil Physique : du lundi au jeudi de 9h00 à 16h00
Accueil Téléphonique : du lundi au vendredi de 9h00 à 12h30 et de 13h30 à 17h00 (appel gratuit depuis un poste fixe)
+* Documents Ecrit Dossier
+** Projet de Vie
+
+Anna est une jeune fille autiste sans déficience intellectuelle diagnostiquée à
+l’âge de 17 ans.
+Elle souffre de troubles anxieux généralisés qui furent difficiles à gérer
+pendant le collège et qui lui ont finalement fait quitter la scolarité publique
+lors de son entrée au lycée.
+Bien qu’intellectuellement très capable, il lui est pour l’instant impossible de
+passer des examens à cause de son anxiété de performance.
+Aujourd’hui les efforts de toute la famille et des professionnels sont
+concentrés pour l’aider à se socialiser et à gagner en autonomie.
+
+Pour soutenir Anna dans ses efforts de sociabilisation et d’autonomie elle a
+besoin d’avoir son chien d’assistance.
+Pour cela il lui faut avoir la carte CMI invalidité et donc une reconnaissance
+de handicap d’au moins 80%.
+Hors du domicile son chien d’assistance est son unique moyen de calmer ses
+crises en faisant de la pressothérapie.
+En effet lors d’une crise, personne ne peut la toucher.
+Pas même ses proches qui sont dans l’impossibilité de la mettre en sécurité.
+La chienne écarte les personnes qui pourraient bousculer ou toucher Anna.
+La chienne fait du guidage et elle peut l’amener vers ses parents.
+Depuis que l’animal est là, elle arrive, à petite dose, à rentrer dans un
+magasin pour faire quelques courses et à se rendre à ses rendez-vous médicaux en
+présence d’un de ses deux parents.
+
+Avoir la carte CMI Stationnement à aussi été à de nombreuses reprises une aide
+très précieuse qui lui permet d’être mise en sécurité rapidement en cas de
+crise.
+Sachant que lors de ses crises nous ne pouvons pas la toucher et qu’il lui
+arrive de s’écrouler sur le sol, la distance gagnée s’avère profondément utile.
+Nous avons déménagés du département 06 vers le 13 en février 2023 dans le but
+d’avoir un soutient familial.
+Depuis nous recherchons activement un psychologue spécialisé dans les troubles
+autistiques ainsi que des groupes d’habiletés sociales.
+
+Nous avons retrouvé un ensemble de professionnels pour l’aider dont:
+
+- un psychiatre (actuellement en passation entre le psychiatre de Mougins (06)
+ et celui d’Aix-en-Provence)
+- une coach professionnelle pour un accès à l’emploi
+- une ergothérapeute pour un support général de gestion de ses hypersensibilités
+- un ORL pour atténuer ses hypersensibilités auditives
+- un éducateur canin pour renforcer l’éducation de la chienne d’assistance tout
+ en la socialisant
+
+L’autisme et les troubles anxieux d’Anna ne disparaîtront jamais.
+C’est pourquoi nous demandons la reconnaissance des droits MDPH à vie.
+Ces aides lui permettront d’accomplir ses projets:
+
+- *Gagner en Autonomie personnelle* : arriver sans aide ni stimulation parentale à
+ prendre soin d’elle (hygiène, alimentation, santé, organisation,
+ déplacements).
+- *Se socialiser* : avec le soutient de professionnels pour avoir des contacts et
+ des relations avec l’extérieur. Avoir une activité de loisir (ex: canicross).
+- *Accès à la vie active* : avec l’aide de sa coach professionnelle Anna travaille
+ sur un accès à la vie active en fonction de ses besoins (formation, emploi).
+** Documents
+
+Madame, Monsieur,
+
+Veuillez trouver ci-joint le dossier de demande à la MDPH de notre fille Anna Esposito--Basso.
+Celui-ci comprend les documents suivants :
+
+- [ ] Dossier MDPH rempli (20 pages)
+- [ ] Certificat médical de moins de 6 mois pour demandes MDPH (8 pages)
+- [ ] Bilan Auditif (3 pages)
+- [ ] Certificat médical auditif - Dr Oddon (1 page)
+- [ ] Photocopie de la Carte d'identité d'Anna Esposito--Basso (1 page)
+- [ ] Justificatif de domicile; Photocopie de facture d'électricité EDF (1 page) ainsi
+ qu'une attestation sur l'honneur d'hébergement. (1 page)
+- [ ] Justificatif aide animalière ; certificat chien d'assistance (1 page)
+- [ ] Contrat de travail de l'aidant familial (9 pages) + Fiche de salaire de
+ l'aidant familial prouvant un temps partiel (80%)
+- [ ] Devis Ergothérapeute - Mme Pradura (1 page)
+- [ ] Factures et devis Coach de vie - Mme Arboucalot (3 pages)
+- [ ] Feuille remboursement Mutuelle Audio prothèses (reste à charge 740€, 380€
+ par prothèse)
+- [ ] Projet de vie (2 pages)
+- [ ] Bilan Neuropsychologique
+- [ ] Comptes rendu bilan Ergothérapeute
+- [ ] Bilan du CRA des Alpes Maritimes
+- [ ] Facture Psychiatre - Dr Guidi (1 page)
+
+En vous en souhaitant bonne réception.
+
+Krystelle & Yann Esposito
+** TODO [#B] Faire Signer la demande MDPH à Anna (Page 4/20)
+DEADLINE: <2023-11-14 Tue 10:00>
+** Projet Professionnel
+
+Les différentes prises en charges auprès des professionnels ont pour but de
+permettre à Anna de se socialiser mais surtout de trouver une orientation
+professionnelle qui lui permettrait de s'autonomiser financièrement.
diff --git a/notes/dynamic_service_architecture_for_big_software.org b/notes/dynamic_service_architecture_for_big_software.org
new file mode 100644
index 00000000..74eecbc6
--- /dev/null
+++ b/notes/dynamic_service_architecture_for_big_software.org
@@ -0,0 +1,96 @@
+:PROPERTIES:
+:ID: cdf1dfad-99f0-42d6-9eda-7a04dd275c20
+:END:
+#+Title: Dynamic Service Architecture for big Software
+#+Author: Yann Esposito
+#+Date: [2024-01-03]
+
+- tags ::
+- source ::
+
+* Introduction
+
+???
+
+Plan attempt
+
+* Plan
+
+** Introduction
+Talk about composability in real-word application.
+How we can think of it in a static way vs a dynamic way.
+Why part of dynamicity is mandatory.
+How could this be achieved?
+Maybe talk about meta-programming with yesod for example.
+
+** Evolution of Code Architecture
+
+Why do we need to provide code architecture patterns?
+
+Try and errors, and learning from them.
+By doing so we discovered a few important architecture design patterns.
+
+1. spaghetti code. Mix everything, everything is coupled. If you change one line
+ of code this will impact other places. Only survival strategy, copy/paste,
+ become a master of massive search and replace.
+2. Externalize state. You want to make it a lot easier to scale.
+ So you keep your business logic data in an external DB hopefully choosing one
+ that could scale. So you could easily spawn a new node and the charge will be distributed.
+ This is basic Ops hygiene that gave birth to 12 factor application methodology.
+3. MVC. Once you took care of externalizing the state, you then discover that
+ you don't want to mix the business logic with its presentation. So you add a
+ view layer. One very nice property of MVC is that it can be organized and
+ even better composed in components.
+ Each component will provide the three aspects, Model View and Controller. And
+ you can create a framework that will compose them.
+4. Last step but not the least, Controllers is where you take care of your
+ business logic. And some will share common usage, you naturally ends up with
+ building the same common components or libraries.
+ So now, you will start to have a lot of components that will not have views
+ and only Controller and optionally a Model saved in DB.
+ Worse, every of these component have a lifecycle. They start and initialize
+ their internal state, then they live, and finally they could be removed and
+ be deleted. So you will end up with a complex mess of internal state that is
+ not business logic state, but only technical local state.
+ To solve this problem you have different architectures proposed but in the
+ functional world this could be components.
+ So you split your logic into different services. Each of them will take care
+ of their own technical internal state.
+
+How does this work?
+
+** Components / Services
+
+Service Lifecycle. Every service pass through different phases.
+
+1. init
+2. start
+3. live
+4. stop
+
+There is a distinction between init and start which could be useful for some
+technical reason.
+Every component also declare its dependency over other components.
+Every dependency can be either mandatory or optional.
+
+On top of this every component also exposes a public API.
+
+But that's not all.
+Every component should be organized into:
+
+- schemas / data-structure
+- service declaration
+- service implementation
+- optional associated web service declaration / implementation
+- different default configs per option. LOCAL, DEV, CI, TEST, PROD
+- tests:
+ - implementation (short)
+ - service (big)
+ - web service
+ - default test configs TEST_SELF_CONTAINED, TEST_INTEGRATION
+
+But that's not all. For modern application you need:
+
+1. Structured traces/logs
+2. Very good state layer
+3. Centralized business logic
diff --git a/notes/elegance.org b/notes/elegance.org
new file mode 100644
index 00000000..b8d36d00
--- /dev/null
+++ b/notes/elegance.org
@@ -0,0 +1,49 @@
+:PROPERTIES:
+:ID: f3e7b5bf-81a1-4592-89fa-f2094a8136d5
+:END:
+
+#+Title: Élégance
+#+Author: Yann Esposito
+#+Date: [2023-11-09]
+#+LANG: fr
+
+* Élégance
+
+Peut-être est-ce là, l'élégance qui fait la différence entre le bien et le mal.
+Le bonheur et le malheur.
+La raison de vivre cachée, celle qui surpasse une fois que l'on a tout le reste.
+
+Dans sa nouvelle surreal numbers, Donald Knuth commence le roman en métant deux
+personnages qui ont tous leurs besoins comblés.
+Les besoins basiques et humain.
+
+Une fois qu'on vous donne tout ce qui vous reste à désirer, et bien, on peut
+trouver plusieurs chemins.
+L'un d'entre eux est l'ennuie, la débauche et le laisser aller.
+Un autre chemin qui semble plus vertueux est celui de la recherche de l'élégance.
+
+Dans surreal numbers il s'agit de la recherche d'une élégance mathématique.
+
+Mais n'est-il pas de l'élégance dans bien d'autres domaines.
+Les languages de programmation.
+Des algorithmes.
+De l'art.
+Des méthodes d'UX.
+
+Et ce qui fait la différence, ce qui marque.
+Ce sont ces preuves de créativités qui tombent pile au bon endroit de
+l'élégance.
+
+Je pense qu'on peut voir pourquoi, on peut dire que Clojure est plus élégant
+qu'Haskell. Que les languages de programmation fonctionnelles sont plus élégants
+que les languages orientés objets, eux-même plus élégant que les langages
+impératifs, eux même plus élégants que les languages machines.
+
+
+L'élégance de mac OS X face à Linux ou pire Windows.
+L'élégance d'une attitude Française face à un comportement Américain; je me
+souviens de la remarque de Cartier qui disait que les Américains manquent
+cruellement d'élégance. Pour vendre ils écrasent par les moyens, font moins
+cher, en grand nombre. Au lieu de gagner par la finesse et la supériorité de la
+qualité.
+Par la force et la coercion, et non pas par la persuasion.
diff --git a/notes/events_circular_service_dependency_handlers_service.org b/notes/events_circular_service_dependency_handlers_service.org
new file mode 100644
index 00000000..bfe811de
--- /dev/null
+++ b/notes/events_circular_service_dependency_handlers_service.org
@@ -0,0 +1,189 @@
+:PROPERTIES:
+:ID: d494276b-97a5-4415-be58-20e908a84f19
+:END:
+#+Title: Events, Circular Service Dependency, Handlers Service
+#+Author: Yann Esposito
+#+Date: [2023-12-05]
+
+- tags ::
+- source ::
+* The Problem
+
+Imagine you have a program that is constituted of sub-services.
+A service can be seen like a Singleton Object in the OOP and is a lot more
+natural in the Functional Programming paradigm. I feel it also has a lot better
+generic composability properties. Instead of dealing with thousand of similar
+states, you have few services, and every one of them keep their own internal state.
+And a full application becomes a set of services, you can decide at init which
+services you want to run, which you do not want, and for each service, you can
+have multiple different implementations so you could switch some service
+implementation during testing or depending on the context you are running your
+whole application.
+
+
+Now you want to split and organize your service not necessarily by technical
+detail but more by functional feature.
+Now imagine that you have a sane organisation, every service declare the list of
+dependent service. The one you would like to use.
+
+If your service dependency graph is non-cyclic this has a lot of beneficial
+effects.
+In particular for initialization order, as well as stopping order.
+Now imagine the following example:
+
+AssetService -> PriceService -> BasketService
+
+So BasketService depends on PriceService
+And PriceService depends on AssetService.
+
+
+The AssetService internal state is about the description of assets, some might
+contain a price table or things a bit complex to read right away.
+
+The PriceService uses the AssetService to retrieve the price of an asset using a
+potentially complex price table description from the Asset service.
+
+The BasketService, want to show the actual price of the assets in the Basket by
+using the Price service.
+
+Now, the issue. We want the state of Basket service to be updated when the asset
+service state change. Say the price table change for some asset.
+
+As PriceService depends on AssetService, AssetService cannot trigger any method
+exposed by PriceService otherwise it would create a circular dependency.
+So how could we achieve the expected result?
+
+* Solutions
+** Refactorization
+
+If you have Service2 that depend on Service1, but want somehow to call a method
+of Service2 from Service1, that is not possible.
+One solution is to reorganize your services.
+
+Split Service 2, with Service2a and Service2b. Move Service2b as a dependency of
+both Service2a and Service1. Now Service1 know about Service2b.
+
+That could be a solution, but it might be at the price of Buisness Logic organization.
+Maybe it makes sense technical to have Service2 splitted, but this is not
+natural in the Functional organization of your application. And thus it will
+make it harder to understand the organization of your system if you do so.
+
+** Hooks
+
+You can expose a few hook methods in parent services.
+If you have S3 that depends on S2 that depends on S1.
+You can create a hooks method in S1. So during init, once S1 finished to be
+initialized, S2 init will be run. During the init, S2 will call:
+~S1.addOnAssetChangeHook(S2.updatePrice)~.
+
+And the same between S3 and S2.
+
+And in S1, inside the method ~S1.assetUpdated~ you need to have something like:
+
+#+begin_src
+method assetUpdated (newAsset):
+ ,,, ;; do stuff
+ foreach hook in S1.assetChangeHooks;
+ hook(newAsset)
+#+end_src
+
+And you have to repeat this in every service that need this kind of mechanism.
+Which could quickly become tedious.
+
+** Events
+
+Another option is to centralize an EventService.
+This is a bit similar to the hook but instead of having every service writing
+their own hook mechanism, you centralize this in a single service.
+
+So if we take our previous example we will have
+
+
+#+begin_src
+method assetUpdated (newAsset):
+ ,,, ;; do stuff
+ pushEvent("assets/changed", {asset: newAsset})
+#+end_src
+
+
+And the event service will keep track of consumer of different events and
+redistribute the events to the consumers.
+But with 3 services there could be an issue.
+
+Say we have S1 -> S2 -> S3.
+
+S3 uses S2, but only S1 trigger events.
+Imagine the following scenario:
+
+S1 -> push asset changed event
+EventService -> run concurrently S2.assetUpdated and S3.assetUpdated
+
+But S3, uses S2 to compute the basket value. The problem, S2 might not have the
+time to update its internal state to reflect the changes made by S1.
+BUG...
+
+So here the solution is to make S2 send events after S1 updated has been handled, and S3 only react to S2 events.
+That will work, but.. it doesn't look very nice. Now in your code we have an issue.
+Instead of having something like:
+
+#+begin_src
+S1.assetUpdated (newAsset):
+ ,,, doStuff
+ S2.updateAsset(newAsset)
+ S3.updateAsset(newAsset)
+#+end_src
+
+or
+
+#+begin_src
+S1.assetUpdated (newAsset):
+ ,,, doStuff
+ S2.updateAsset(newAsset)
+...
+S2.assetUpdated (newAsset)
+ ,,, doStuff
+ S3.updateAsset(newAsset)
+#+end_src
+
+Your business logic is hidden behind the event consumer graph.
+As this is done dynamically (to prevent statical circular dependency), it is a
+lot more difficult to think about the behaviour of your application.
+Mainly from S1 assetUpdated you can not discover from reading the code that this
+will have an impact on S2 nor S3.
+You could only discover that from the other way around from S3 or S2.
+
+** HandlersService
+
+Another option is to use a messaging system.
+This look a lot like the event system, but this time we keep a handler service
+that contain a list of published handler that could be called independently of
+the normal service dependency graph.
+Here is the main idea:
+
+#+begin_src
+S1.assetUpdated(newAsset):
+ ,,, doStuff
+ handlerService.S2.updateAsset(newAsset)
+ handlerService.S3.updateAsset(newAsset)
+#+end_src
+
+now, it is visible from the code that S1 update will have an effect on S2 and S3.
+And you could follow the system.
+Unlike with events, you should run these synchronously (non concurrently).
+And this should greatly ease your understanding of the system.
+
+The other option is also to:
+
+#+begin_src
+S1.assetUpdated(newAsset):
+ ,,, doStuff
+ handlerService.S2.updateAsset(newAsset)
+
+S2.assetUpdated(newAsset):
+ ,,, doStuff
+ handlerService.S3.updateAsset(newAsset)
+#+end_src
+
+But both are easier to understand than to discover that, the method create an
+event, and then looking in the whole code what are the services that are
+consumer of this specific event.
diff --git a/notes/fy24q3_iroh_team.org b/notes/fy24q3_iroh_team.org
new file mode 100644
index 00000000..9ef224b0
--- /dev/null
+++ b/notes/fy24q3_iroh_team.org
@@ -0,0 +1,196 @@
+:PROPERTIES:
+:ID: 3daa143e-5a5c-47bc-8cb7-2756f0f00c33
+:END:
+#+Title: FY24Q3-iroh-team
+#+Author: Yann Esposito
+#+Date: [2024-01-10]
+
+- tags ::
+- source ::
+
+* Intro
+
+Document trying to keep track of current state.
+
+Big Topic <=> People
+
+* XDR Program Q3FY24 Engineering Plans
+
+- PM Prios https://airtable.com/appZKQe0zXhVMepC8/shr5iesEcBD2MN7EI/tblUdgSlzjcABBtzj
+
+|-----------------------------+------------------+-----------------------------------------|
+| Topic | People | Size |
+|-----------------------------+------------------+-----------------------------------------|
+| PM Prios | | |
+|-----------------------------+------------------+-----------------------------------------|
+| SCA Integration | Matt | XS conf change |
+| PIAM Universal Brownfield | Wanderson | L |
+| JAMF Integration | Matt | XS ask for merge? |
+| MITRE | GE + Olivier | XL |
+| Design (on prem iroh proxy) | Matt | S |
+| new modules (x7) | Shafiq | L (Ransomware) |
+| Notifications | Kirill | settings (webex) (XL) |
+| new auth (x7) | Shafiq | L (Checkpoint) |
+| Integration Admins | Matt | (SOAR, Palo Alto, CheckPoint) |
+| Meraki (1-click) | Yann/Jyoti | XS (maintenance, help, client creation) |
+| Default Modules for SMA | Matt | S (conf) |
+| IOPS | Matt | help @Garima |
+| AO webhook dependency | Matt/Yann? | help @Lisa |
+| IROH Multi Tenancy APIs | Yann | M (design) |
+| [[https://github.com/advthreat/iroh/issues/8579][#8579]] | Shafiq | S |
+|-----------------------------+------------------+-----------------------------------------|
+| SUSTAINING | | |
+|-----------------------------+------------------+-----------------------------------------|
+| Push logs to datadog | ? | |
+| ES Performance | Mario + Ambrose | |
+| ES Perf ops | Jerome + Patrick | |
+| PG Perf ops | Jerome + Patrick | |
+| Alerting + Monitoring ops | Jerome + Patrick | |
+| Kafka | Jerome | auth kafka |
+| Module type doc patch | ? | |
+| Impersonation | Yann | |
+|-----------------------------+------------------+-----------------------------------------|
+
+- Multi tenancy: https://ciscosecurity.aha.io/epics/XDR-E-85
+
+* Notes
+
+- Open DBs for IOPS
+
+** Q2 Rollovers?
+*** [...] Incident Summary related work
+- spikes in incident summary generation failures
+- summarize incident at bundle import
+- fix missing attack pattern in incident summary
+- add status_disposition to search filter on incident summaries and incidents
+*** [...] Rescoring (Incident / Incident Summary )
+** Maribelle Questions Capacity Planning Q3
+
+Commits:
+
+Incident Enhancement
+DevNet Compliance:
+
+TODO: follow-up https://ciscosecurity.aha.io/features/XDR-89 ; ping Guy
+
+** Sustaining items
+
+Hi Jyoti here is a list of sustainable items: **edited with design items**
+
+- Design: IROH proxy working with on-prem devices
+- https://github.com/advthreat/iroh/issues/8700 Push our log to datadog
+- ES Performance issues
+ - https://github.com/advthreat/iroh/issues/8501 NGFW spikes
+
+- Ops
+ - ES perf
+ - Postgres perf (indexes)
+ - https://github.com/advthreat/iroh-ops/issues/23 Alerting Improvement & documentation
+ - https://github.com/advthreat/iroh-ops/issues/104 Authenticated Kafka
+
+- https://github.com/advthreat/iroh/issues/8280 ModuleType Admin API: Add a dedicated route to patch documentation
+- https://github.com/advthreat/iroh/issues/7324 Impersonation (TAC)
+
+** Unexpected tasks
+
+*** Mario
+
+- https://github.com/advthreat/iroh/issues/8795
+
+*** Performance Issue
+
+- SE Pused too many incidents
+
+** Align Priorities Q3 meetings Notes
+
+@Namrata: look all priorities, on the table.
+Update to everybody around Oort.
+Being planned for Q3, chalenges from PM.
+
+*** Top Priorities
+
+1. Breach Suite outcomes
+ - AI related initiative, SOC assistant
+ - MITRE Visualisation
+ - Ooort Implementation
+2. Support other suites
+3. XDR
+
+*** List the priorities from Airtable
+
+@Lisa what is rolling over from Q2
+
+- Geo pushed out of Q3
+- SCA Integration - configuration
+ - @Jyoti: pb with existing one?
+ - @Paul: I think only changing the configuration
+ - @Jyoti: integrations from SCA
+- PIAM Universal Flow - Brownfield
+ - @Jyoti require us to support also PIAM token (later with Travis)
+- JAMF:
+ - @Garima: config changes from IROH team
+ - @Matt: already has the change, need to check if this could be merged
+- Oort Integration
+ - @Namrata: the ask is and timeframe. User context from Insight in Incident
+ and in investigation and response action by using API from Oort.
+ User context be part of incident scoring.
+ - @Jyoti: things we need to do. Like with devices we need to do something
+ similar for the users. Only then we can consider those users-assets for scoring.
+ Mia was involved in that along with GE I think.
+ We need to know how that will change the algorithm.
+ On the UI side, I don't know if there are designs for showing the user value.
+ - @Rob: I don't think something involve IROH team.
+ - @Matt: not sure we need to work on a specific module authorization.
+ - @Jyoti: not going throught the IROH Proxy.
+ - @Paul: I confirm
+ - @Namrata: no work for IROH
+
+*** Next Day: List the priorities from Airtable
+@Namrata: asked to bump up MITRE and SOC assistant
+
+- ...
+- SOAR: @Namrata not occur probably
+- Infra XDR: we can skip
+- Incident: we can skip
+- 12. INT Guided response, auto-target, on prem device (some work from Matt)
+- 13. no iroh impact
+- 14. no iroh impact
+- 15. Vulnerability Management: @Paul blocked, only discovery, platform
+ involvemetn unknown
+- 16. no iroh impact @rob
+- 17. no iroh impact @rob
+- 18. no @Prerna
+- 19. @rob turning of umbrella, so maybe iroh work, but minor, no iroh impact
+ (quality check)
+- 20. MITRE @Prerna; @Yann GE & Olivier
+ @Namrata: add value, it can be beta quality, show this for RSA, but maybe
+ not delivered. Ship something in Q3.
+- 21. Impersonation (XDR Efficacy) @Prerna, also impersonating from TAC
+ @Namrata: better understanding
+- 22. @Prerna; big effort. @Namrata: Why? Email + Webex notifications. @Namrata;
+ perhaps split the tasks.
+- 23. @rob: no iroh requirement for delivery
+- 24. @rob: xdr analytics, no iroh impact
+- 25. no iroh impact
+- 26. no iroh impact @Garima
+- 27. Threat Intel enhanacement no iroh impact
+- 28. Admin work for Matt
+- 29. @rob design only, minor iroh impact. potentially some capacity, but not commit.
+- 30.
+- 31. Multi-tenancy @Prerna design only for Yann
+- 36. IM/AUT incident : no iroh impact
+- 37: SCA no iroh impact
+- 38: RBAC @Prerna not Q4
+- 39: RBAC @Prerna not Q4
+- 40. no iroh impact @rob
+- 41: @rob no iroh impact
+- 42+: no impact
+
+*** Discussion
+
+@Lisa: discussion about adding a new
+@garima: IOPS ask for iroh team.
+@Lisa: question, when we will know when your team
+
+@GE: rollover?
+@Namrata: we shouldn't fill our bucket at 100%. Fill it at 80%.
diff --git a/notes/gaia_2023_10_14_charge_rose.org b/notes/gaia_2023_10_14_charge_rose.org
new file mode 100644
index 00000000..ff7e8527
--- /dev/null
+++ b/notes/gaia_2023_10_14_charge_rose.org
@@ -0,0 +1,19 @@
+:PROPERTIES:
+:ID: 7a256b49-ca75-4c7a-96fe-85c151f2b6ae
+:END:
+#+title: Gaia 2023-10-14 charge rose
+#+Author: Yann Esposito
+#+Date: [2023-10-14]
+
+- tags ::
+- source ::
+* Attestation Charge du chien
+
+Nous attestion que le chien d'assistance, Rose, est à la charge
+intégrale de sa bénéficiaire Musiani Gaïa depuis septembre 2022.
+
+Faite pour servir et valoir ce que de droit,
+
+le 14 octobre 2023 à Antibes,
+
+Chien Espoir & Handicap
diff --git a/notes/html_css_web_techs.org b/notes/html_css_web_techs.org
index 06b2927c..02431d05 100644
--- a/notes/html_css_web_techs.org
+++ b/notes/html_css_web_techs.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 7431e4a3-4359-4dcb-89e6-c1c700cd4355
:END:
-HTML/CSS Web techs
+#+Title: HTML/CSS Web techs
#+Author: Yann Esposito
#+Date: [2022-10-05]
diff --git a/notes/impots_2022.org b/notes/impots_2022.org
index fed17b71..a2afe055 100644
--- a/notes/impots_2022.org
+++ b/notes/impots_2022.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 303dcecc-06be-4332-bd76-6bbcf0929d98
:END:
-Impots 2022
+#+Title: Impots 2022
#+Author: Yann Esposito
#+Date: [2023-05-20]
- tags :: [[id:7051b4a2-b42b-4d6f-abf6-2396b68dc5ed][impots]]
diff --git a/notes/iroh_new_env_init.org b/notes/iroh_new_env_init.org
new file mode 100644
index 00000000..3034890f
--- /dev/null
+++ b/notes/iroh_new_env_init.org
@@ -0,0 +1,28 @@
+:PROPERTIES:
+:ID: 4d0d86f1-1aba-4166-a61f-8b6199c02e57
+:END:
+#+title: IROH new Env Init
+#+Author: Yann Esposito
+#+Date: [2023-10-06]
+
+* IROH New Env
+
+** Node Configuration
+
+** Asking every team to integrate with the new environment
+
+*** Every 1-click module setup
+**** Ask the team to create a new OAuth2 client in IROH
+**** Change availability to everyone
+**** Approve & Trust the client
+*** Every Ribbon integration
+**** Ask the team to create a new OAuth2 client in IROH
+**** Change availability to everyone
+**** Approve & Trust the client
+*** DI
+**** Create a new specific DI client, trust it, take care of the audience
+*** Automation
+**** Create a new specific Automation client, trust it, take care of the audience
+*** SSE
+**** Open ID Connect (with scope aliases)
+**** Incident pushed via IROH-SSE proxy
diff --git a/notes/iroh_offsite_2023_notes.org b/notes/iroh_offsite_2023_notes.org
new file mode 100644
index 00000000..7a9a14e0
--- /dev/null
+++ b/notes/iroh_offsite_2023_notes.org
@@ -0,0 +1,256 @@
+:PROPERTIES:
+:ID: 437300b8-0f8e-4923-b6d2-d8c7a2db4b6d
+:END:
+#+Title: IROH Offsite 2023 Notes
+#+Author: Yann Esposito
+#+Date: [2023-10-09]
+
+- tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]] [[id:38a25196-863a-41c8-8c17-772fc9fe9b04][Yann's Personal Retrospective 2023 Offsite]] [[id:f70bf00d-8bc8-445e-a65d-2b960b46f419][Personal Retrospective Offsite Template]]
+- source ::
+
+* Personal Retro head/tailwinds
+** Guillaume
+
+*** Headwinds
+
+- Clojure stack and expertise
+- Remote, Distributed team
+- Good collaboration with other teams
+
+Tailwinds
+
+- More self started initiatives, POCs and proposals
+- Team spirit & collaboration between team members
+- Modularize the project
+- Upgrade Libraries
+- Green field projects
+- Refresh our ops stack
+
+** Matthieu
+
+*** Headwinds
+
+- use github (not jira)
+- Good collaboration with other teams
+
+*** Tailwinds
+
+- no (or almost none) coding time for managers
+- Team Spirit & collaboration between team members (ex Olivier)
+- Refresh our technical stack
+
+** Kirill
+
+- Public library to shutdown properly
+- introducing data stream capabilities with kafka, kafka connect
+ HTTP interface we should provide stream interface to quickly react, subscribe
+ to changes, data-lake in CTIA, CTIM schema.
+
+Usual workday:
+
+- 80% thinking
+- 20% coding
+
+not implement complicated code, to type less.
+
+*** Headwinds
+
+- let's try to change everything
+ - refactoring or "do not hesitate to change"
+ - CTIM changes for example, allow to export to STIX
+ Mainly change internal data structure.
+
+*** Tailwinds
+
+- need more data stream scenario
+
+** Shafiq
+
+- Problem solving first, Clojure behind
+
+*** Headwinds
+
+- Clojure is a good tool
+- Team
+- Autonomy in the team
+- Async collaboration
+- Investing time in accordance to tasks
+- PR reviews, technical discussions (welcoming, healthy and think time)
+
+*** Tailwinds
+
+- We should Focus on RFC dn technical discussions across sub-teams. Promote
+ eligible PRs to RFC. (Idea have a UI page.)
+- "Why" sometimes hard to track
+- Sieve through GH notifications
+- Someone to write and maintain tests :) (discussion with team, improve test framework)
+
+** Guillaume Ereteo
+
+*** Headwinds
+
+- API first features
+- Highly tested code base
+- Favor async communication
+- Coffee time with Mario
+
+*** Tailwinds
+
+- Coffee time with others
+- Knowledge sharing and transfer
+- Hire and mentor junior developers
+- ES7 EOL; migrate to another DB
+
+** Mario
+
+- versioning from Boeing
+- pair programming
+- demoing
+- zen mind and .. mind book (beginner minds, expert minds)
+- punishment for mistakes
+- distractions (via direct message in webex)
+
+*** Headwinds
+
+- No daily standup
+- Challenging each other respectfully in code reviews to make things a little bit better
+
+*** Tailwinds
+
+- Topple silos - move people around between subteams to spread knowledge
+- Prisoner swap (cycle 1-dev between services & engine team quarterly)
+- Does anyone ever pair? Any interest?
+- Have coffee w teammates & folks from other teams
+- Feed logs to AI and see what it can notice
+
+** Ambrose
+
+*** Headwinds
+
+- scope creep taken seriously
+- design culture
+- test culture
+- review culture
+
+*** Tailwinds
+
+- ES7 EOL dependencies
+- Improve Weekly meetings (cross communication) improve cross team comm, (maybe
+ team building, give me the elevated pitch)
+
+** Yann
+*** Headwind
+
+- Not having daily standup
+- Good code reviews
+- Trust in each other
+
+*** Tailwinds
+
+- Not having more focus days.
+- Improve internal visibility to bubble up difficulties.
+- More casual discussions in the main chat
+- More in depth retro vs current weekly status
+- Say IROH instead of XDR.
+
+** Wanderson
+
+*** Headwinds
+
+- No daily standup
+- Ability to work at unusual hours
+- No micro management
+
+*** Tailwinds
+
+- Too Many notifications
+- Kibana debugging
+ - unfamiliarity
+ - more docs to kibana
+ - example of useful queries
+
+** Olivier
+
+*** Headwins
+
+- ROWE (Result Only Work Environment)
+- Long-term tasks, allowing the solution to mature
+- keep meetings efficient & distraction to a minimum
+- open access to all code, repositories and tools
+
+*** Tailwinds
+
+- Using Webex as documentation & specification tool
+- retro in the SCRUM sense, post-mortem if a technical or deployment issue has occurred
+- cross-(iroh-)team collaboration on additional tools/documentation/processes
+
+** Jerôme
+
+*** Headwinds
+
+- no daily standup
+- autonomy
+- good atmosphere in the team
+
+*** Tailwinds
+
+- tenzin
+- monitoring and alerting
+- improve configurations factorization in tenzin-config
+- use only binaries for iroh
+
+** Patrick
+
+*** Headwinds
+
+- No daily standup
+
+*** Tailwinds
+
+- ops stack
+
+* Paris Olympics 2024 + POC demo
+
+- Logo of the products in the tiles missing from SX to XDR.
+- infinite lifetime session for the Olympics (change refresh token lifetime from user-id)
+
+* Jyoti Presentation
+AI assistant on the UI
+* Guillaume Presentation Graph API
+Pathom3: https://pathom3.wsscode.com
+* Jyoti's day
+** Data retention
+
+https://whiteboard.webex.com/whiteboards/ah4JMrM3tFVTxUZV51kArb
+
+1. Manual deletion
+ - completed in INT and TEST
+ - done for "ALL" orgs (SX & XDR)
+ - objects deleted: incidents, investigations, events, assets, sightings,
+ assets-mapping, asset-properties, relationships (involved in incident or sightings)
+2. Daily Cron
+
+ - same as manual but assets and sightings
+
+** Notification System (Event Bus)
+
+https://whiteboard.webex.com/whiteboards/a5cEiUkct6CNtHZCdRJmAld
+
+** Integrations
+
+https://whiteboard.webex.com/whiteboards/a79AlknraKGx47aFzchkiJc
+
+** SX EOL
+
+
+FMC uses SX for device flow.
+Only to connect to SSX.
+CDO provide a context service.
+
+Enable SX, come to IROH-Auth & returns the key, then iroh-sse to call to ssx.
+
+** IROH-Proxy improv
+
+- Crowdstrike
+
+** IROH-Async improv (no time to discuss)
diff --git a/notes/iroh_team_meeting_notes.org b/notes/iroh_team_meeting_notes.org
new file mode 100644
index 00000000..8e928cb3
--- /dev/null
+++ b/notes/iroh_team_meeting_notes.org
@@ -0,0 +1,297 @@
+:PROPERTIES:
+:ID: 72772426-cd53-4f61-b584-7807d274c0ad
+:END:
+#+title: IROH Team Meeting Notes
+#+Author: Yann Esposito
+#+Date: [2024-01-11]
+
+- tags ::
+- source ::
+* [2024-01-11 Thu] Thursday only 30 min
+** Intro
+This will be a short meeting because I have so many new ones.
+
+So first happy new year everyone I hope you enjoyed your time off.
+About Guillaume, is is very stressed not to be with us.
+
+So a few things to decide.
+
+1. Is this time ok for the Tuesday? I mean the next hour. I cannot make it later unfortunately.
+2. As I would like to reduce my amount of stressful communication, I would like
+ to keep an up to date version of:
+
+- topic, status, people
+
+What is a topic?
+
+1. PO driven topic: like the Official tasks we see during our Q3 commit
+ this contains, design, development, meetings, configuration, QA fixes,
+ being present during the related releases, admin tasks, helping QA, answering
+ questions in the different chat room or in DM.
+2. Unexpected topics:
+ - discovering a major issue that need our attention ASAP.
+ - a new unexpected task asked by someone, perhaps a urgency
+ - if asked by a PM or someone in another team, do not start working
+ unless you are confident this would not impact any delivery prediction.
+ If you are not comfortable with the ask, please send it to me.
+ - if asked by Jyoti, work on it, but let me and the PO knows, in particular
+ if this affect other tasks.
+
+** Weekly Meeting Organization
+
+Ideally, in order not to loose as much time as possible, please put a quick
+recap of your previous week in the chat, ideally 1h before the meeting.
+Something quick with the following format:
+
+- DONE (finished last week)
+- DOING
+- BLOCKED help needed
+- TOPIC about a topic you would like to talk during the meeting
+
+Ideally, we should only talk about the "need help/blocked/ask for discussion" points.
+
+That way I expect to be able to focus on the top-to-bottom news at the start of
+the meeting then we will try to talk about the most important topic.
+
+If nobody propose a topic, I will probably propose one myself and we might
+discuss about it.
+
+We will probably try many different formats until we find something that is fine
+for most of us.
+
+* [2024-01-16 Tue] 30min
+
+** Statuses
+
+*** Ambrose
+
+- DONE
+ - merged bad compojure-api usage (:return => :responses)
+- DOING
+ - Subscription to asset scores via DI is failing with 401 response https://github.com/advthreat/iroh/pull/8699
+ - thanks to Mario for giving me the heads up
+ - experimenting with reitit for CTIA
+ - big task is to make equivalent to compojure.api.api/api in reitit with equivalent middleware
+ - some of the middleware uses implementation details of compojure-api like clj-momo.ring.middleware.metrics/wrap-metrics
+- TOPIC
+ - shopping around for my next task to do after incident rescoring, suggestions welcome
+ - hearing rumors of “data lakes” that might replace ES/CTIA, ideally hop onto that bandwagon if it exists
+
+*** Wanderson
+- DONE
+ - merged check for QA urls in universal provisioning process to not send Okta JWT to QA invalid origin
+- DOING
+ - short-term solution for brown field provisioning
+ - fighting emacs: perhaps my last upgrade was 1yr ago or so… I did a doom upgrade and things went badly. fixing it
+- TOPIC
+ - tips on how to make your kid go back to school after 30 days at home. every day is a shitshow at the door.
+
+*** GE
+
+- DONE PCTIA dashboard in EU and APJC
+- DOING
+ - created and modified in CTIM https://github.com/threatgrid/ctim/pull/439
+ - do not hide created and modified in CTIA
+- ON HOLD:
+ - summarize incident at bundle import
+- TOPIC:
+ - CTIA / ES performance issues seem mostly related to undersized IOPS that could not support the read rate during spike of bundle import.
+
+*** Olivier
+
+- DONE (to be merged!)
+ - cleanup of iroh TK config files in iroh repo
+ - refactoring of tenzin-config config files (bootstrap.cfg and config.edn) to reduce duplication
+ - added new config files per application (node types) for all envs in tenzin-config
+ - DOING
+ - working on defining the standard 'iroh' node type (to generate bootstrap file)
+
+*** Matt
+
+- DOING
+ - Capacity planning for Q3
+ - Meetings to prepare new features (Notifications, Mitre coverage pattern)
+
+*** Kirill
+
+- DONE
+ - fix kafka-connector --> ES data stream misconfiguration on TEST
+ - refactoring for both KafkaConnectService and DataStreamsService to be more generic with more declarative configuration
+ - DOING
+ - ElasticSearchSource Connector to extract data from elastic and downstream it to Kafka topic. Most likely will turn ONHOLD
+ - Experiment with Graph databases
+ - data pipeline server for data ingestion into permanent graph DB
+ - explore capabilities of graph databases to perform fast and much more intelligent queries
+ - authorisation embedded into database model (fetch only the documents user is authorised to see)
+ - derived facts with semantic reasoning feels like AI without actual AI :)) check this video
+ - TOPIC
+ - ElasticSearch is causing more troubles in compare with feature set of it we are using.
+
+*** Shafiq
+- DOING
+ - Fallback store for iroh-events
+ - iroh-proxy health check for slack
+
+*** Mario
+
+- DONE
+ - Split risk scoring as a task out of incident enrichment task (for release this week)
+ - Added max execution time limit to incident summary task (for release this week)
+ - Updated connection manager config in response to incident summary failures
+- DOING
+ - Reviewing execution failures during risk scoring, enrichment, and incident summary in PROD
+ - Sync incident_time during incident-summary updates
+
+*** Yann
+- DONE
+ - (waiting for review) Track Impersonators
+ - DI clients update (added private-intel scope)
+- DOING
+ - Check Quarter Topics
+ - Q3 Team Capacity
+ - [Brownfield] Attach existing SX/XDR to an existing SCC account (PIAM)
+
+*** Patrick
+- DOING
+ - Monitoring
+
+** Meeting Topic points
+
+- 3 ES-related topics
+- 1 personal life kids
+
+** Kirill ES
+
+Asking around this question, which features are we using from ES?
+Ability index unregular field?
+
+Exploring GraphDB, promising, ability to join. Connect documents.
+We will win a lot of http requests, and probably lot of improvements for our
+current usage.
+
+Also, we have a lot of data in denormalized way. Not linked data properly.
+Summaries, it will be great not to save summaries, but to do query instead.
+Drop-in replacement, using store service.
+
+** Mario
+
+Performance benefits from ES.
+- @Kirill: tried RAM Graph DB, should probably work. It will shape of IROH.
+- @Jerome: take care of the backup, etc… if it work correctly in PROD
+ ops will not maintain it.
+- @Patrick: we could use SASS MongoDB platform. Not cheaper but easier, many
+ more IOPS.
+- @Kirill: would probably need fewer IOPS if we could use another DB.
+
+Retention 4years.
+
+- @Jerome: cold storage ? warm storage.
+- @Jerome: name production ready GraphDB?
+- @Kiril: Neo4J, Neptune, ...
+- @Jerome: >100 indexes in NAM
+
+** Topics
+
+- get rid of data (use tenant and SX EOL)
+
+* [2024-01-30 Tue] 30min
+** Statuses
+
+*** Kirill
+
+ DOING
+ • Design for Notification preferences and delivery together with glueing together Notification object with NotificationRequest as a foundation for multi target delivery (one notification to email, IM and InApp)
+
+*** Matt
+DONE
+ • Upgraded JAMF Classic API authentication (basic auth -> token auth)
+
+*** Olivier
+DOING
+ • MITRE ATT&CK Coverage Mapping: design of: Import of Talos MITRE coverage files
+
+*** Wanderson
+
+DONE
+ • Brownfield provisioning tac API
+ • Support for FMC JWT in IROH
+
+
+DOING
+ • FMC Proxy for OAuth2 and SSE requests
+
+*** GE
+
+DONE
+ • managing SE attack on iroh async
+ • stats for PM: https://github.com/advthreat/iroh/issues/8853
+
+
+DOING:
+ • MITRE mapping design
+
+*** Mario
+
+DONE
+ • Session log maintenance PR to address long-running sessions consuming Redis memory in iroh-async
+
+
+DOING
+ • Queue inspection/management tools for iroh-admin
+
+*** Yann Esposito
+
+ DONE jwt middleware to support JWT without nbf claim
+ • DONE Easy impersonate for TAC
+ • DONE Fix PIAM endpoints
+ • DONE Attach Tenant for Superball (P1)
+ • DOING following incident promotion issue; false positive from Talos + SE events
+ • DOING Q3 workload preparation
+ • DOING Help:
+ • Meraki Integration (lots of OAuth2 related questions)
+ • Automation to use two clients.
+ • ES cleanup
+ • Discuss Impersonation use cases for Efficiency team (Petr)
+ • Discuss Impersonation risks with Chris Duane
+ • Discuss Impersonation for TAC Portal
+ • Ihor about expectation of legacy provisioning
+ • Follow Universal Provisioning testing
+
+*** Shafiq
+
+DONE
+ • Fallback store for iroh-events
+ • iroh-proxy health check for slack
+ • DOING
+ • iroh-proxy authentication for Checkpoint API
+
+*** Patrick
+
+DOING: ddog pg monitoring manuals test ok, now I working on integration in tenzin's salt and tf
+
+*** Ambrose
+
+DONE:
+ • redesigned incident asset rescoring pipeline to be simpler https://github.com/advthreat/iroh/issues/8824
+
+
+DOING:
+ • implementing it https://github.com/advthreat/iroh/pull/8843
+ • continuously gathering requirements tweaking the design
+
+*** Jerôme
+
+DOING:
+ • MSK migrationon auth cluster (testing iroh conf)
+ • improving alerts
+
+
+DONE:
+ • add some alerts on DD
+
+** Topics
+
+*** Plan to prevent future incident filling the queue?
+
+- can we support more than one event concurrently?
+- where should we invest our time?
diff --git a/notes/maintenance_questions.org b/notes/maintenance_questions.org
index 6a9da229..66202a1a 100644
--- a/notes/maintenance_questions.org
+++ b/notes/maintenance_questions.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: b55abfad-ea21-4e81-8017-e99b8af33f9c
:END:
-Maintenance Questions
+#+Title: Maintenance Questions
#+Author: Yann Esposito
#+Date: [2022-11-15]
diff --git a/notes/mdph_2023.org b/notes/mdph_2023.org
index 1cc9a88d..1ff0d1c4 100644
--- a/notes/mdph_2023.org
+++ b/notes/mdph_2023.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 571da5f1-e069-4a19-8181-756f24ca9740
:END:
-MDPH 2023
+#+Title: MDPH 2023
#+Author: Yann Esposito
#+Date: [2023-05-22]
- tags ::
diff --git a/notes/mdph_recours.org b/notes/mdph_recours.org
index b3f34fee..b5842c4e 100644
Binary files a/notes/mdph_recours.org and b/notes/mdph_recours.org differ
diff --git a/notes/personal_retrospective_template.org b/notes/personal_retrospective_template.org
new file mode 100644
index 00000000..51af03d3
--- /dev/null
+++ b/notes/personal_retrospective_template.org
@@ -0,0 +1,104 @@
+:PROPERTIES:
+:ID: f70bf00d-8bc8-445e-a65d-2b960b46f419
+:END:
+#+title: Personal Retrospective Offsite Template
+#+Author: Yann Esposito
+#+Date: [2023-09-25]
+
+- tags ::
+- source ::
+
+* Personal Retrospective Template
+
+#+begin_comment
+This presentation should not last more than 20 min.
+Please be mindful about it.
+#+end_comment
+
+** Short presentation
+
+#+begin_comment
+We all know each other at least during weekly sync.
+Should be very quick.
+
+Put the most important facts about yourself here.
+And maybe some recent anecdotes not everyone in the team might be aware of.
+#+end_comment
+
+- years of Experience: 22 years (11 in Clojure)
+- years at Cisco: 7 years (7 in this team)
+- location: France (GMT+1)
+
+Moved from Nice to Martigues (~2h away) this summer with my family.
+I have a 21yo son that want to be a professional MMA fighter.
+I have a 19yo daughter that leave with my us and does not go to school.
+
+** Quick Recap about your main accomplishments these recent years
+
+#+begin_comment
+A chance to give a perspective about your work to everyone.
+What are the most important facts to know about it. Common misconceptions, etc…
+I think it makes sense to split them between XDR effort, generic Product, Administration tasks, Devs-only
+tasks (like tooling, refacto, etc…). See example.
+#+end_comment
+
++ XDR:
+ - RBAC (technical design)
+ - role introspection endpoint to help UI
++ Product
+ - TAC: expose change user role route
++ Administration
+ - Move some OAuth2 clients out of config to DB
++ Devs
+ - composable ~shell.nix~ to replace docker compose
+ - Matrix role representation
+ - Eithers in Clojure
+
+** Working in this Team
+
+#+begin_src
+What did you expect when you were hired?
+How is it today?
+What does your day-to-day looks like?
+#+end_src
+
+- What I expected (7 years ago): Work on real time data streaming
+- What I am doing: Work on Authentication and Authorization
+- What my day to day looks like?
+ - 50 to 70%: lot of communication via; webex, email, meetings, issues
+ - planning (design, checking timeline)
+ - help people on webex, fix issues, look in kibana, create orgs, create
+ clients, link to documentation, etc….
+ - 20% to 50%: lot of time thinking about design improvements;
+ - 10% to 20%: lot of time focused on product improvement (not code).
+ - 0% to 20%: code, code review, etc…
+
+** What we should NOT change (tailwind)
+
+#+begin_comment
+What makes your day easier.
+#+end_comment
+
+- No daily standup
+- Focus days
+
+** What we should improve (headwind)
+
+#+begin_comment
+What slow you down to do your work?
+What issues are you facing?
+What feels like a burden to you?
+#+end_comment
+
+- Too many spurious notifications
+- Lack of focus slots during the week
+
+** Workstation (demo time optional)
+
+#+begin_comment
+If we have time, highlight your presentation by showing us your workstation.
+
+Show us how you work, your development environment.
+Please, add one or a few screenshots (it's okay to blur things), so if you don't have time
+to show the group, we still could have an idea.
+#+end_comment
diff --git a/notes/programming_langage_ideas.org b/notes/programming_langage_ideas.org
index 9c7a13cf..35bddfce 100644
--- a/notes/programming_langage_ideas.org
+++ b/notes/programming_langage_ideas.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 31da574a-3a97-41e7-9513-764b55830ff1
:END:
-Programming Langage Ideas
+#+Title: Programming Langage Ideas
#+Author: Yann Esposito
#+Date: [2023-08-05]
@@ -32,7 +32,9 @@ Here is my proposed solution:
1. Have an internal AST representation.
2. From this representation ability to generate Text in different syntaxes,
- mainly LISP or C/Java/Javascript/shitty one. Perhaps even Haskell/OCaml-like.
+ mainly LISP or C/C++/C#/Python/Java/Javascript one.
+ Perhaps even Haskell/F#/OCaml-like.
+ Maybe for masochists a Bash/Perl one :) etc…
3. Have a builder that take the last modified date and sync every
representations. If you change the LISP file, it will update the internal
AST and the C-like.
@@ -47,7 +49,13 @@ Here is my proposed solution:
2. If you want to be 1337 dev, you can code a direct AST editor and this will
still make the change visible as Text for other editors.
=git diff= might kind of suck, but I think with minimal tooling this makes this acceptable.
-
+3. Having a way to be agnostic about the syntax to prevent people saying: I
+ couldn't use that language due to its syntax. Which is really too bad.
+ It takes some time to get use to a new syntax, but once you've done the
+ effort to learn new programming languages a few times, it becomes a habit to
+ switch between different kind of syntaxes and you start to appreciate a
+ language for its semantic and put syntax concern in their right place, behind
+ the semantic of a language.
* Compile-Time Meta-constraints
@@ -101,3 +109,38 @@ But it would be very nice to have a well-designed service-dependency system.
More precisely, we want to be able to write programs with:
- Run ~main~ with this LogService, and DBService and, intialized with this ConfigService
+
+* Have great "defaults"
+
+I feel that if you take the time to look at Programming language evolution and
+history, what really makes the big differences between two programming language
+(at least for me) is their choice of "default".
+
+Building the greatest programming language is about providing the ability to
+choose, but more importantly, providing the ability to give the best default
+behaviour so using the "non-default" more difficult to use and thus be somehow
+punished by complexity.
+
+A good example is about old PHP SQL libs vs modern Haskell SQL libs.
+Mainly the main thing that changed is that before it was insecure by default,
+and the security concern was put as a burden to the developer to take care of.
+Of course, due to time-pressure and/or lazyness and/or incompetence, it was
+pretty natural to see a big number of security bug flourish everywhere.
+While if you use a modern lib, now, it is secure by default.
+
+So:
+
+- immutable data structures by default (this has become a norm for great new languages,
+ Haskell, Clojure, Rust, etc…)
+- statically checked by default (statically checked is more generic than typed
+ by default) I think, it is important
+- documentable by default (Clojure already provides internal docstring and this
+ is important, I think we should forbid text-only comments and replace them by
+ contextual-aware comments)
+- debuggable, traceable by default (this one is probably a bit more difficult to
+ be precise about. But you want your language to help his developer in not only
+ detecting an error or a problem in its code, but give hints about how to help
+ solve them. Elm did an incredible job at this).
+ Mainly, ~log~ should be treated seriously and as 1st class in the language and
+ also, not text-only but using structured logs that could be put in a DB for
+ search in the future.
diff --git a/notes/radiation_chien_espoir_handicap.org b/notes/radiation_chien_espoir_handicap.org
new file mode 100644
index 00000000..10ae7858
--- /dev/null
+++ b/notes/radiation_chien_espoir_handicap.org
@@ -0,0 +1,28 @@
+:PROPERTIES:
+:ID: 882b81e7-14e1-40e7-b818-67320f760c59
+:END:
+#+title: Radiation Chien Espoir Handicap
+#+Author: Yann Esposito
+#+Date: [2023-10-14]
+
+- tags :: [[id:2a3d68cc-4a14-442c-b7f9-c602a2cd25bf][chien d'assistance]]
+- source ::
+* Radiation Chien Espoir & Handicap
+
+Par la présente nous sommes au regret de confirmer votre radiation de Chien
+Espoir & Handicap.
+
+Comme nous vous l'avons expliqué par téléphone nous considérons que votre
+implication était insuffisante.
+
+En conséquence, nous vous demandons de bien vouloir nous retourner l'intégralité
+des documents, la carte ainsi que les scratchs au nom de l'association avant le 15 novembre à l'addresse
+suivante:
+
+Veuillez noter qu'à partir de la réception de ce courrier, il vous est
+formellement interdit d'utiliser les documents de l'association afin de
+bénéficier des droits qui leurs sont associés.
+
+Nous vous souhaitons une bonne continuation,
+
+Chien Espoir & Handicap
diff --git a/notes/remote_work_socializing_actions.org b/notes/remote_work_socializing_actions.org
index 12609e14..ff99e9c2 100644
--- a/notes/remote_work_socializing_actions.org
+++ b/notes/remote_work_socializing_actions.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 059b78ad-361d-4732-8f4b-76e9b5e5be17
:END:
-Remote Work Socializing Actions
+#+Title: Remote Work Socializing Actions
#+Author: Yann Esposito
#+Date: [2022-09-08]
#+LANG: en
diff --git a/notes/rigid_vs_flexible.org b/notes/rigid_vs_flexible.org
new file mode 100644
index 00000000..b7906088
--- /dev/null
+++ b/notes/rigid_vs_flexible.org
@@ -0,0 +1,91 @@
+:PROPERTIES:
+:ID: a397da72-7731-4a69-9460-38f4a76fbfc1
+:END:
+#+Title: Rigid vs Flexible
+#+Author: Yann Esposito
+#+Date: [2023-12-24]
+
+- tags ::
+- source ::
+
+* Introduction
+
+A common debate in software programming is about choosing a Static vs Dynamic
+programming language.
+After many years of debate, I think I would prefer to move the discussion toward
+Rigid vs Flexible programming.
+
+Before starting the discussion here are a few important points to remember:
+
+First of all, remember that the word "Dynamic" in dynamic programming language,
+was tailored to make it impossible to attack.
+It is impossible to find a negative meaning to the word dynamic [^1].
+From its inventor Richard E.
+Bellman:
+
+> It also has a very interesting property as an adjective, and that is it’s
+> impossible to use the word, dynamic, in a pejorative sense.
+> Try thinking of some combination that will possibly give it a pejorative meaning.
+> It’s impossible.
+> Thus, I thought dynamic programming was a good name.
+> It was something not even a Congressman could object to.
+> So I used it as an umbrella for my activities.
+
+Second point, I would like to say that while clearly in Rigid vs Flexible you
+feel the wording is more positive around the term Flexible.
+I am personally convinced that like in nature and the body of animals, the
+flexibility vs rigidity could be optimized differently depending on your task
+and environment.
+I have two dogs.
+One of the is a beagle, for a dog, he is not very flexible.
+But this give this dog a great advantage, acceleration.
+He can go from 0 to maximal speed almost instantly, he could switch direction
+almost in a single jump.
+He is like a spring.
+
+My other dog, is a log bigger, she is a mix of an Anatoly Sheperd and Pyrenean
+Mountain Dog.
+And she is extremely flexible.
+So flexible in fact, that when we had to put a Dog surgery collard, we had to
+change it to a lot longer one because she could curve entirely herself so well.
+She is a *lot* faster than my Beagle.
+
+Despite her bigger size and her speed, my dogs play together it is not always
+her that wins.
+Simply because the beagle developed a strategy to take advantage of his
+properties.
+Mainly, the main disadvantage of flexibility, is the lack of acceleration.
+So the Beagle wait for the bigger dog to be very close to him and he switch its
+direction at the last second.
+The Sheperd need to take a longer time to change direction.
+This way he can take back another direction.
+In the end as she is a lot bigger dog which was tailored to be a defender she
+always is the winner.
+
+In software engineering, I think we can that analogy is still relevant.
+
+You have programming languages, frameworks, libraries that can be more or less
+flexible or rigid. Sometime rigidity has advantages. It makes you start faster,
+prevent you from making mistakes.
+While more flexible libraries put too much burden on the programmer that need to
+learn himself by making mistakes how he should behave.
+
+So let's jump on a few more concrete examples.
+
+[^1]: https://pubsonline.informs.org/doi/pdf/10.1287/opre.50.1.48.17791
+
+* Examples
+
+** Partial functions
+
+One biggest hurdle in programming are partial functions.
+Mainly a function whose given the wrong argument will throw an exception.
+
+There are so many strategies to handle these, but here are a few:
+
+1. throw an exception at runtime like ~div(2,0)~
+2. returns ~null~
+3. check the type and fail the compilation, it works for types, but not for
+ values though. So if you also want to prevent some value to be passed you
+ need to created a few pretty advanced mechanism to ensure your type does not
+ contain any forbidden value typically to protect a division by 0 for example.
diff --git a/notes/small_web.org b/notes/small_web.org
index c29a1efc..0d06542e 100644
--- a/notes/small_web.org
+++ b/notes/small_web.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: e7f8ce2b-3c40-4f5d-bed7-fe6b97e7a460
:END:
-small-web
+#+Title: small-web
#+Author: Yann Esposito
#+Date: [2023-07-29]
- tags ::
diff --git a/notes/template_information_chien_d_assistance.org b/notes/template_information_chien_d_assistance.org
index 7e26c4b3..a179a2d8 100644
--- a/notes/template_information_chien_d_assistance.org
+++ b/notes/template_information_chien_d_assistance.org
@@ -6,7 +6,7 @@
#+date: [2022-08-12]
#+lang: fr
-- tags :: [[id:2a3d68cc-4a14-442c-b7f9-c602a2cd25bf][#+TITLE: chien d'assistance]]
+- tags :: [[id:c26339f6-e0bc-40e3-8fe3-94e4b41b61b0][chien d'assistance]]
* Template
diff --git a/notes/toward_iroh_2_0.org b/notes/toward_iroh_2_0.org
new file mode 100644
index 00000000..74aa51d0
--- /dev/null
+++ b/notes/toward_iroh_2_0.org
@@ -0,0 +1,45 @@
+:PROPERTIES:
+:ID: 0b91d24c-a454-44e8-a64a-59420da910d8
+:END:
+#+title: Toward IROH 2.0
+#+Author: Yann Esposito
+#+Date: [2023-09-20]
+
+- tags ::
+- source ::
+
+
+* Local changes
+
+** Use reitit
+** OpenTelemetry
+
+- https://github.com/steffan-westcott/clj-otel
+- https://www.elastic.co/guide/en/apm/guide/current/open-telemetry.html
+* Global changes
+
+- Monolith repository vs micro services
+- How to slowly migrate?
+
+
+Code organization:
+
+1. Keep Monolith?
+ + Good:
+ - easy to make global change
+ - easier to secure and maintain libs.
+ - huge battle tested toolset (it simply works)
+ + Bad:
+ - harder to change lib
+ - harder to experiment
+
+Ideas:
+
+ Isolate part of the code which has been very stable for a few years.
+ Keep it as IROH-Core.
+
+ Support a way to add services using this core.
+
+ Connection?
+ - RAM (require iroh-core....)
+ - force usage of exactly the same libs
diff --git a/notes/wanderson.org b/notes/wanderson.org
index 32fbf560..bd5e59f8 100644
--- a/notes/wanderson.org
+++ b/notes/wanderson.org
@@ -17,3 +17,59 @@ https://github.com/advthreat/iroh/pull/6184/commits/4fa2c53692a3219cccf88adbaabc
* Demands
** Diagram with the OAuth2 flow
+* 2022-23 Rewards
+** Activity per week
+
+#+begin_src
+2023/30 3 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2023/29 0
+2023/28 0
+2023/27 3 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2023/26 0
+2023/25 0
+2023/24 1 ▀▀▀▀▀▀▀
+2023/23 0
+2023/22 0
+2023/21 1 ▀▀▀▀▀▀▀
+2023/20 7 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2023/19 3 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2023/18 0
+2023/17 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2023/16 1 ▀▀▀▀▀▀▀
+2023/15 0
+2023/14 0
+2023/13 0
+2023/12 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2023/11 0
+2023/10 1 ▀▀▀▀▀▀▀
+2023/09 0
+2023/08 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2023/07 1 ▀▀▀▀▀▀▀
+2023/05 1 ▀▀▀▀▀▀▀
+2023/04 1 ▀▀▀▀▀▀▀
+2023/03 1 ▀▀▀▀▀▀▀
+2023/02 1 ▀▀▀▀▀▀▀
+2023/01 0
+2022/52 0
+2022/51 0
+2022/50 1 ▀▀▀▀▀▀▀
+2022/49 1 ▀▀▀▀▀▀▀
+2022/48 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2022/47 0
+2022/46 0
+2022/45 0
+2022/44 0
+2022/43 0
+2022/42 0
+2022/41 1 ▀▀▀▀▀▀▀
+2022/40 0
+2022/39 0
+2022/38 0
+2022/37 0
+2022/36 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
+2022/35 1 ▀▀▀▀▀▀▀
+2022/34 1 ▀▀▀▀▀▀▀
+2022/33 0
+2022/32 0
+2022/31 1 ▀▀▀▀▀▀▀
+#+end_src
diff --git a/notes/what_i_forsee_about_the_future_of_developers.org b/notes/what_i_forsee_about_the_future_of_developers.org
index 36c0f898..916dc9db 100644
--- a/notes/what_i_forsee_about_the_future_of_developers.org
+++ b/notes/what_i_forsee_about_the_future_of_developers.org
@@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 16bbfe28-ea40-437f-861d-1eacb408d34f
:END:
-What I foresee about the future of developers
+#+Title: What I foresee about the future of developers
#+Author: Yann Esposito
#+Date: [2022-11-13]
diff --git a/notes/yann_s_personal_retrospective_2023_offsite.html b/notes/yann_s_personal_retrospective_2023_offsite.html
new file mode 100644
index 00000000..d2501950
--- /dev/null
+++ b/notes/yann_s_personal_retrospective_2023_offsite.html
@@ -0,0 +1,244 @@
+
+
+
+
+Yann’s Personal Retrospective 2023 Offsite
+
+
+
+
+
+
+
+
Math & Abstractions: ML, Probability Automata, indecidability proofs
+
bash + Perl + templates CMS with horror stories like HTML Perl template in DB
+
VG: nodejs, hyperloglog, then clojure, and real time data analysis on a single
+dimentional object. SCRUM-hate, etc…
+
+
+
+
+
+
1.2. Quick Recap about your main accomplishments these recent years
+
+
+
+
+
1.2.1. XDR
+
+
RBAC (technical design)
+
+
role introspection endpoint to help UI
+
+
+
Provisioning (with PIAM)
+
+
provided script handled to TAC team
+
+
+
HTML templates for IROH-Auth
+
Feature-Flag script management
+
Rebrand SXSO to SCSO
+
Entitlement Summary (technical design)
+
+
+
+
+
+
1.2.2. Product
+
+
Provisioning (with SE, Orbital)
+
Dynamic Session Token lifetime (Asked by Security/UI Chris Duane) started but cancelled by XDR
+
Delete duplicate accounts (was allowed first)
+
Fix Allow all role to login logic (UI bug)
+
TAC: expose change user role route
+
Replace some JWT by short random strings in IROH-Auth
+
UI Session Logout in IROH-Auth
+
Support displaying virtual users
+
+
+
+
+
+
1.2.3. Administration
+
+
Fix Cross-Region UI bug
+
Links to kibana to see “master-only” events
+
Move some OAuth2 clients out of config to DB
+
+
+
+
+
+
1.2.4. Devs
+
+
Matrix role representation
+
Eithers in Clojure
+
Improve logs; for SSE proxy, for impersonate
+
Expose open impersonate for UI devs on INT and TEST
+
composable shell.nix to replace docker compose
+
default-config.edn
+
config.edn as tree structure
+
scope aliases
+
+
+
+
+
+
+
1.3. Old Important things
+
+
Structured Logs (riemann not used at its full power)
+
TK Store (abstraction learned from CTIA’s limitation)
+
Admin UI (first)
+
Admin UI (second)
+
Admin scripts (now)
+
+
+
+
+
+
1.4. Working in this Team
+
+
What I expected (7 years ago): Work on real time data streaming
+
What I am doing: Work on Authentication and Authorization
+
What my day to day looks like?
+
+
50 to 70%: lot of communication via; webex, email, meetings, issues
+
+
planning (design, checking timeline)
+
help people on webex, fix issues, look in kibana, create orgs, create
+clients, link to documentation, etc….
+
+
+
20% to 50%: lot of time thinking about design improvements;
+
10% to 20%: lot of time focused on product improvement (not code).
+
0% to 20%: code, code review, etc…
+
+
+
+
+
+
+
+
1.5. What we should NOT change (tailwind)
+
+
Not having daily standup
+
+
+
+
+
+
1.6. What we should improve (headwind)
+
+
Not having more focus days.
+
Advertise that IROH (not XDR, not SecureX, not CTR)
+
+
IROH is a platform
+
+
+
+
+
+
+
+
1.7. Workstation (demo time optional)
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/notes/yann_s_personal_retrospective_2023_offsite.org b/notes/yann_s_personal_retrospective_2023_offsite.org
new file mode 100644
index 00000000..947e2934
--- /dev/null
+++ b/notes/yann_s_personal_retrospective_2023_offsite.org
@@ -0,0 +1,97 @@
+:PROPERTIES:
+:ID: 38a25196-863a-41c8-8c17-772fc9fe9b04
+:END:
+#+Title: Yann's Personal Retrospective 2023 Offsite
+#+Author: Yann Esposito
+#+Date: [2023-09-25]
+
+* Yann's Personal Retrospective 2023 Offsite
+
+** Short presentation
+
+- years of Experience: 22 years (11 in Clojure)
+- years at Cisco: 7 years (7 in this team)
+- location: France (GMT+1)
+
+*** Anecdotes
+
+- Math & Abstractions: ML, Probability Automata, indecidability proofs
+- bash + Perl + templates CMS with horror stories like HTML Perl template in DB
+- VG: nodejs, hyperloglog, then clojure, and real time data analysis on a single
+ dimentional object. SCRUM-hate, etc…
+
+** Quick Recap about your main accomplishments these recent years
+
+*** XDR
+
+- RBAC (technical design)
+ - role introspection endpoint to help UI
+- Provisioning (with PIAM)
+ - provided script handled to TAC team
+- HTML templates for IROH-Auth
+- Feature-Flag script management
+- Rebrand SXSO to SCSO
+- Entitlement Summary (technical design)
+
+*** Product
+
+- Provisioning (with SE, Orbital)
+- Dynamic Session Token lifetime (Asked by Security/UI Chris Duane) started but cancelled by XDR
+- Delete duplicate accounts (was allowed first)
+- Fix Allow all role to login logic (UI bug)
+- TAC: expose change user role route
+- Replace some JWT by short random strings in IROH-Auth
+- UI Session Logout in IROH-Auth
+- Support displaying virtual users
+
+*** Administration
+
+- Fix Cross-Region UI bug
+- Links to kibana to see "master-only" events
+- Move some OAuth2 clients out of config to DB
+
+*** Devs
+
+- Matrix role representation
+- Eithers in Clojure
+- Improve logs; for SSE proxy, for impersonate
+- Expose open impersonate for UI devs on INT and TEST
+- composable ~shell.nix~ to replace docker compose
+- default-config.edn
+- config.edn as tree structure
+- scope aliases
+
+
+** Old Important things
+
+- Structured Logs (riemann not used at its full power)
+- TK Store (abstraction learned from CTIA's limitation)
+- Admin UI (first)
+- Admin UI (second)
+- Admin scripts (now)
+
+** Working in this Team
+
+- What I expected (7 years ago): Work on real time data streaming
+- What I am doing: Work on Authentication and Authorization
+- What my day to day looks like?
+ - 50 to 70%: lot of communication via; webex, email, meetings, issues
+ - planning (design, checking timeline)
+ - help people on webex, fix issues, look in kibana, create orgs, create
+ clients, link to documentation, etc….
+ - 20% to 50%: lot of time thinking about design improvements;
+ - 10% to 20%: lot of time focused on product improvement (not code).
+ - 0% to 20%: code, code review, etc…
+
+** What we should NOT change (tailwind)
+
+- Not having daily standup
+
+** What we should improve (headwind)
+
+- Not having more focus days.
+- Advertise that IROH (not XDR, not SecureX, not CTR)
+ + IROH is a platform
+
+** Workstation (demo time optional)
+
diff --git a/reports/FY22-Olivier-report.html b/reports/FY22-Olivier-report.html
new file mode 100644
index 00000000..8b249830
--- /dev/null
+++ b/reports/FY22-Olivier-report.html
@@ -0,0 +1,276 @@
+
+
+
+
+
+
+
+ Olivier FY22 Report
+
+
+
+
+
+
+
W29 add an option to force di and csc onboarding even
+for org upgrade
+
W27 improve README.md
+
W27 update help errror message
+
W27 update the doc
+
W27 Updated the script to match all possible use
+case
+
W27 Add SXO to the modules to add for SCA owners.
+
W27 Improved doc and safety
+
W27 Check if user is admin and improve creation
+check
+
W27 Improved upgrade PATH
+
W27 Provide two scripts
+
W27 Merge pull request #1 from
+advthreat/sca-support
+
W27 add a few logs and better error support
+
W27 Add XDR feature-flag
+
W27 Optional support for SCA
+
W17 Improve help regarding setting env vars
+
W17 Improve the command line parsing
+
W17 rename script to .sh
+
W17 Add onboarding of DI and CSC
+
W16 Initial provisioning Script
+
+
+
diff --git a/reports/FY23-Yann-report.org b/reports/FY23-Yann-report.org
new file mode 100644
index 00000000..0baa674b
--- /dev/null
+++ b/reports/FY23-Yann-report.org
@@ -0,0 +1,192 @@
+#+title: Yann FY23 Report
+#+subtitle: back to one month older
+#+date: 2023-09-26
+#+options: H:6 ^:nil
+
+*** Yann [164]
+
+**** clj-jwt [3 (3 / 0)]
+
+- ~W27~ Version 0.5.2-SNAPSHOT
+- ~W27~ Version 0.5.1
+- ~W27~ Merge pull request #4 from latacora/master
+**** ctia [1 (1 / 0)]
+
+- ~W10~ bump snakeyaml to address CVE-2022-38751 [[https://github.com/advthreat/ctia/pull/1346][#1346]]
+**** iroh [88 (85 / 3)]
+
+- ~W30~ Fix a URL detection from HTML [[https://github.com/advthreat/iroh/pull/8165][#8165]]
+- ~W30~ Revert "Incident Summary Migration" [[https://github.com/advthreat/iroh/pull/8163][#8163]]
+- ~W30~ [Monetization]: Fix business logic of data retention [[https://github.com/advthreat/iroh/pull/8142][#8142]]
+- ~W30~ Allow braces with iroh-core/strint [[https://github.com/advthreat/iroh/pull/8051][#8051]]
+- ~W29~ Remove SecureX branding and attempt to match SCSO branding for invitation and OAuth2 authorization [[https://github.com/advthreat/iroh/pull/8111][#8111]]
+- ~W29~ [Registration UI]: Reword to remove SX reference [[https://github.com/advthreat/iroh/pull/8110][#8110]]
+- ~W29~ Entitlement summary technical values [[https://github.com/advthreat/iroh/pull/8094][#8094]]
+- ~W29~ [PIAM] Make enterprise id mandatory for piam [[https://github.com/advthreat/iroh/pull/8069][#8069]]
+- ~W28~ PIAM: Enhance provisioning tracking [[https://github.com/advthreat/iroh/pull/8061][#8061]]
+- ~W27~ Make country-name optional from the whoami. [[https://github.com/advthreat/iroh/pull/8050][#8050]]
+- ~W27~ Do not send email for XDR org during AO bootstrap [[https://github.com/advthreat/iroh/pull/8045][#8045]]
+- ~W27~ [PIAM] Show the whole response on onboarding errors [[https://github.com/advthreat/iroh/pull/8039][#8039]]
+- ~W27~ Makes feature-flag change access more precise [[https://github.com/advthreat/iroh/pull/8026][#8026]]
+- ~W27~ Revert "woke tool added (#7926)" [[https://github.com/advthreat/iroh/pull/8029][#8029]]
+- ~W25~ Sorted Idps [[https://github.com/advthreat/iroh/pull/7997][#7997]]
+- ~W25~ Add default value in the Swagger UI description. [[https://github.com/advthreat/iroh/pull/7995][#7995]]
+- ~W24~ Hide even more hidden APIs [[https://github.com/advthreat/iroh/pull/7979][#7979]]
+- ~W24~ [PIAM]: Support passing body parameter to onboarding via Provisioning API [[https://github.com/advthreat/iroh/pull/7986][#7986]]
+- ~W24~ Upgrade SX to XDR org via provisioning [[https://github.com/advthreat/iroh/pull/7981][#7981]]
+- ~W24~ feature-flag scopes are considered as special [[https://github.com/advthreat/iroh/pull/7985][#7985]]
+- ~W24~ fix local dev environment to be able to start locally without docker [[https://github.com/advthreat/iroh/pull/7944][#7944]]
+- ~W23~ Use org to display the roles as expected [[https://github.com/advthreat/iroh/pull/7952][#7952]]
+- ~W22~ Fix SCSO rebrand name. [[https://github.com/advthreat/iroh/pull/7937][#7937]]
+- ~W22~ Rebrand from SecureX Sign-On to Secure Cloud Sign-on [[https://github.com/advthreat/iroh/pull/7935][#7935]]
+- ~W22~ A few additional helpers [[https://github.com/advthreat/iroh/pull/7914][#7914]]
+- ~W20~ [IROH Auth] Entitlement Service [[https://github.com/advthreat/iroh/pull/7870][#7870]]
+- ~W19~ Change the scope for ff change [[https://github.com/advthreat/iroh/pull/7857][#7857]]
+- ~W18~ replace clj-momo deep-merge [[https://github.com/advthreat/iroh/pull/7815][#7815]]
+- ~W17~ Add a missing option to disable default configs [[https://github.com/advthreat/iroh/pull/7805][#7805]]
+- ~W17~ Add a script to init tokens without login in [[https://github.com/advthreat/iroh/pull/7794][#7794]]
+- ~W17~ Fix schema for Response [[https://github.com/advthreat/iroh/pull/7804][#7804]]
+- ~W17~ Add support to onboard a single app [[https://github.com/advthreat/iroh/pull/7796][#7796]]
+- ~W17~ Add a role instrospection route to help the UI and other clients [[https://github.com/advthreat/iroh/pull/7785][#7785]]
+- ~W17~ Fix scopes declaration for execute-workflow route [[https://github.com/advthreat/iroh/pull/7799][#7799]]
+- ~W16~ Fix a Swagger bug due to schema name conflict [[https://github.com/advthreat/iroh/pull/7790][#7790]]
+- ~W14~ Web api search improvements [[https://github.com/advthreat/iroh/pull/7728][#7728]]
+- ~W14~ add profile and notification to ao-jwt [[https://github.com/advthreat/iroh/pull/7726][#7726]]
+- ~W14~ Tk store combinator search queries (AND, OR, NOT) [[https://github.com/advthreat/iroh/pull/7691][#7691]]
+- ~W13~ Fix a case where the body is =nil= [[https://github.com/advthreat/iroh/pull/7685][#7685]]
+- ~W13~ Add xdr-instance-id field to the orgs [[https://github.com/advthreat/iroh/pull/7707][#7707]]
+- ~W13~ PIAM: Provisioning onboard endpoint [[https://github.com/advthreat/iroh/pull/7659][#7659]]
+- ~W12~ Add ff scope script [[https://github.com/advthreat/iroh/pull/7680][#7680]]
+- ~W12~ added a script to add feature-flag scopes from command line [[https://github.com/advthreat/iroh/pull/7676][#7676]]
+- ~W12~ prefer to use client from DB than client from config [[https://github.com/advthreat/iroh/pull/7672][#7672]]
+- ~W12~ Align scopes to SXO behaviour [[https://github.com/advthreat/iroh/pull/7673][#7673]]
+- ~W11~ fix lein start [[https://github.com/advthreat/iroh/pull/7663][#7663]]
+- ~W11~ PIAM provisioning no idp-mapping for create user [[https://github.com/advthreat/iroh/pull/7655][#7655]]
+- ~W11~ Default bootstrap & config [[https://github.com/advthreat/iroh/pull/6868][#6868]]
+- ~W10~ Add Entitlements to Orgs [[https://github.com/advthreat/iroh/pull/7631][#7631]]
+- ~W10~ Remove yaml to supported format for profile API [[https://github.com/advthreat/iroh/pull/7632][#7632]]
+- ~W10~ Fix a flaky test in either_test.clj [[https://github.com/advthreat/iroh/pull/7610][#7610]]
+- ~W09~ Role Matrix representation in the code. [[https://github.com/advthreat/iroh/pull/7583][#7583]]
+- ~W08~ fix some wording only for admin users view [[https://github.com/advthreat/iroh/pull/7579][#7579]]
+- ~W07~ Improve User login logs situation [[https://github.com/advthreat/iroh/pull/7555][#7555]]
+- ~W07~ Added a composable redis.nix [[https://github.com/advthreat/iroh/pull/7535][#7535]]
+- ~W04~ Fix template rendering during invite confirmation [[https://github.com/advthreat/iroh/pull/7480][#7480]]
+- ~W04~ Display virtual users in the batch get users [[https://github.com/advthreat/iroh/pull/7473][#7473]]
+- ~W02~ Add the UI session logout into IROH-Auth [[https://github.com/advthreat/iroh/pull/7431][#7431]]
+- ~W51~ Use short random id for code and csrf [[https://github.com/advthreat/iroh/pull/7417][#7417]]
+- ~W50~ Revoked grant should reject event trusted clients [[https://github.com/advthreat/iroh/pull/7394][#7394]]
+- ~W47~ RBAC Technical Design [[https://github.com/advthreat/iroh/pull/7314][#7314]]
+- ~W47~ Open Impersonate INT/TEST to help UI dev [[https://github.com/advthreat/iroh/pull/7316][#7316]]
+- ~W42~ Add kibana links to Admin UI [[https://github.com/advthreat/iroh/pull/7224][#7224]]
+- ~W42~ Fix a login button bug in the cross-region admin UI [[https://github.com/advthreat/iroh/pull/7214][#7214]]
+- ~W42~ Update ini4j to 0.5.4 [[https://github.com/advthreat/iroh/pull/7199][#7199]]
+- ~W41~ Fix logic for Allow All Role to login [[https://github.com/advthreat/iroh/pull/7185][#7185]]
+- ~W41~ Deploy the Cross Region Admin UI [[https://github.com/advthreat/iroh/pull/7177][#7177]]
+- ~W41~ bump to jackson-databind 2.14.0-rc1 [[https://github.com/advthreat/iroh/pull/7160][#7160]]
+- ~W40~ Update jackson-databind [[https://github.com/advthreat/iroh/pull/7159][#7159]]
+- ~W39~ Provide a TAC route to change the user's role [[https://github.com/advthreat/iroh/pull/7133][#7133]]
+- ~W39~ Fix PIAM Provisioning [[https://github.com/advthreat/iroh/pull/7129][#7129]]
+- ~W39~ [Platform] PIAM targeted Provisioning CRUD [[https://github.com/advthreat/iroh/pull/7073][#7073]]
+- ~W39~ Fix 500 error response on invalid JWT [[https://github.com/advthreat/iroh/pull/7112][#7112]]
+- ~W38~ [IROH-Auth]: Support wildcard for allowed-login-origin on INT [[https://github.com/advthreat/iroh/pull/7085][#7085]]
+- ~W38~ Fix and Improve some HTML pages [[https://github.com/advthreat/iroh/pull/7079][#7079]]
+- ~W37~ Fix master [[https://github.com/advthreat/iroh/pull/7069][#7069]]
+- ~W37~ Improve Auth Mgmt logs [[https://github.com/advthreat/iroh/pull/7067][#7067]]
+- ~W37~ Add structured logs to SSE proxy [[https://github.com/advthreat/iroh/pull/7065][#7065]]
+- ~W37~ Improve error message on DB schema error [[https://github.com/advthreat/iroh/pull/7061][#7061]]
+- ~W36~ Add a testing case for custom OAuth2 routes [[https://github.com/advthreat/iroh/pull/7033][#7033]]
+- ~W36~ Cleanup tests 2022 08 [[https://github.com/advthreat/iroh/pull/7014][#7014]]
+- ~W36~ Improve the script to delete duplicate accounts [[https://github.com/advthreat/iroh/pull/7028][#7028]]
+- ~W35~ Attempt to use ~iroh-crud~ for ~UserService~ [[https://github.com/advthreat/iroh/pull/7008][#7008]]
+- ~W34~ Improve Org/User Services Either 2nd [[https://github.com/advthreat/iroh/pull/7002][#7002]]
+- ~W31~ Session token lifetime with code param [[https://github.com/advthreat/iroh/pull/6818][#6818]]
+
+_between 12 and 13 months ago_
+
+- ~W30~ remove random-uuid overide warning [[https://github.com/advthreat/iroh/pull/6940][#6940]]
+- ~W27~ disable vulnscan [[https://github.com/advthreat/iroh/pull/6864][#6864]]
+- ~W27~ Script to remove duplicate users [[https://github.com/advthreat/iroh/pull/6826][#6826]]
+**** oauth2-client-demo [4 (4 / 0)]
+
+- ~W41~ Add local env
+- ~W41~ Parametrize the device code test
+- ~W41~ support public device grant clients
+- ~W41~ improved doc
+**** ring-jwt-middleware [3 (3 / 0)]
+
+- ~W24~ Version 1.1.4-SNAPSHOT
+- ~W24~ Version 1.1.3
+- ~W24~ Support external error via is-revoked-fn
+**** scopula [13 (13 / 0)]
+
+- ~W49~ Version 0.3.1-SNAPSHOT
+- ~W49~ Version 0.3.0
+- ~W49~ updated version and deps
+- ~W49~ Merge pull request #5 from threatgrid/scope-aliases
+- ~W49~ Minor fixes, update README
+- ~W49~ Use scopes set length instead of count
+- ~W47~ Update README.org
+- ~W47~ minor corrections
+- ~W47~ Improve scope-aliases
+- ~W44~ Improve methodology to not fail on special cases
+- ~W44~ Basic compression heuristic for aliases
+- ~W44~ Make scopes-expand additive only
+- ~W44~ Add ~scope-expand~ function
+**** tenzin [2 (2 / 0)]
+
+- ~W13~ use iroh.main for all nodes types [[https://github.com/advthreat/tenzin/pull/2862][#2862]]
+- ~W13~ Update iroh.job.jinja [[https://github.com/advthreat/tenzin/pull/2861][#2861]]
+**** tenzin-config [24 (24 / 0)]
+
+- ~W25~ Configure SCA in all missing envs [[https://github.com/advthreat/tenzin-config/pull/927][#927]]
+- ~W24~ Enable XDR roles in PROD [[https://github.com/advthreat/tenzin-config/pull/919][#919]]
+- ~W23~ factorize PROD [[https://github.com/advthreat/tenzin-config/pull/917][#917]]
+- ~W23~ Add role-web-service config everywhere [[https://github.com/advthreat/tenzin-config/pull/911][#911]]
+- ~W23~ Canonicalize the configs (#913) [[https://github.com/advthreat/tenzin-config/pull/915][#915]]
+- ~W23~ Canonicalize the configs [[https://github.com/advthreat/tenzin-config/pull/913][#913]]
+- ~W23~ Add missing role-web-service everywhere [[https://github.com/advthreat/tenzin-config/pull/910][#910]]
+- ~W23~ Gen configs git pre-commit hook [[https://github.com/advthreat/tenzin-config/pull/908][#908]]
+- ~W23~ Factorisation iroh/iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/904][#904]]
+- ~W23~ Tree config structures to prevent config duplication. [[https://github.com/advthreat/tenzin-config/pull/901][#901]]
+- ~W22~ Fix SCSO name [[https://github.com/advthreat/tenzin-config/pull/898][#898]]
+- ~W22~ rebrand from SecureX Sign-On to Secure Cloud Sign-on [[https://github.com/advthreat/tenzin-config/pull/896][#896]]
+- ~W16~ fix missing iroh-async web-services [[https://github.com/advthreat/tenzin-config/pull/884][#884]]
+- ~W16~ align iroh and iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/883][#883]]
+- ~W15~ Add CSC onboarding URLs [[https://github.com/advthreat/tenzin-config/pull/875][#875]]
+- ~W13~ fix provisioning service [[https://github.com/advthreat/tenzin-config/pull/863][#863]]
+- ~W13~ PIAM config change (+ boostrap cleanup) [[https://github.com/advthreat/tenzin-config/pull/677][#677]]
+- ~W09~ add perf.orbital.threatgrid.com to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/854][#854]]
+- ~W51~ sorted router server [[https://github.com/advthreat/tenzin-config/pull/810][#810]]
+- ~W51~ sorted bootstrap on INT [[https://github.com/advthreat/tenzin-config/pull/809][#809]]
+- ~W47~ provide open impersonate on INT/TEST [[https://github.com/advthreat/tenzin-config/pull/782][#782]]
+- ~W46~ update TG clients for new ribbon [[https://github.com/advthreat/tenzin-config/pull/774][#774]]
+- ~W41~ Cross Region UI conf [[https://github.com/advthreat/tenzin-config/pull/745][#745]]
+- ~W38~ Added ENV and Region in the confs [[https://github.com/advthreat/tenzin-config/pull/729][#729]]
+**** xdr-provisioning [26 (26 / 0)]
+
+- ~W30~ Add a script to cleanup test accounts
+- ~W30~ rename script and improve error
+- ~W30~ minor improvement
+- ~W30~ fix ISO code to use 2 chars only
+- ~W30~ use the env from the table
+- ~W30~ fix tsv-to-commands.sh
+- ~W30~ add tsv-to-commands.sh
+- ~W29~ add an option to force di and csc onboarding even for org upgrade
+- ~W27~ improve README.md
+- ~W27~ update help errror message
+- ~W27~ update the doc
+- ~W27~ Updated the script to match all possible use case
+- ~W27~ Add SXO to the modules to add for SCA owners.
+- ~W27~ Improved doc and safety
+- ~W27~ Check if user is admin and improve creation check
+- ~W27~ Improved upgrade PATH
+- ~W27~ Provide two scripts
+- ~W27~ Merge pull request #1 from advthreat/sca-support
+- ~W27~ add a few logs and better error support
+- ~W27~ Add XDR feature-flag
+- ~W27~ Optional support for SCA
+- ~W17~ Improve help regarding setting env vars
+- ~W17~ Improve the command line parsing
+- ~W17~ rename script to .sh
+- ~W17~ Add onboarding of DI and CSC
+- ~W16~ Initial provisioning Script
diff --git a/reports/FY23-Yann-report.pdf b/reports/FY23-Yann-report.pdf
new file mode 100644
index 00000000..92f5f997
Binary files /dev/null and b/reports/FY23-Yann-report.pdf differ
diff --git a/reports/FY23Q1-report.html b/reports/FY23Q1-report.html
new file mode 100644
index 00000000..e579edc3
--- /dev/null
+++ b/reports/FY23Q1-report.html
@@ -0,0 +1,1338 @@
+
+
+
+
+
+
+
+ FY23Q1 Report
+
+
+
+
+
+
+
FY23Q1 Report
+
logs goes 4 months back
+
2023-11-15
+
+
+
IROH
+
lead
+
Guillaume Buisson [23]
+
ctia [1]
+
between 3 and 4 months old
+
+
Revert "woke tool added (#1375)"
+
+
iroh [6]
+
+
A new script to update a record :created in ES #8574