Leading Identity and Access Management on various Sumo Logic SaaS Components

• - Switching Implementation Language from Java to Python (3.X).

• - Expanding Domain Knowledge to Computer Vision and Machine Learning

● Intelligent NVR (Network Video Recorder) Implementation, running on a Ubuntu based Intel-based Small Foot-Print PC. This NVR solution is builtin Python + FFMPEG + OpenCV. Within this Intelligent NVR, we implemented moving object detection and tracking features. Such that Images can be captured from the video in more intelligent ways to be sent to Neural Network Models. This component includes advanced features such as a multi-layer background model.

● Led the effort for Better Python Code Quality: (a) by advocating using Python 3.X Type Hint facility plus Pydantic library, (b) incorporating Pylint and Pyre-Check Type Checking Tool as a part of automatic build processes.

● Kicked off an effort of moving off a monolithic server to a collection of AWS Lambda Functions. For example, (a) Data Transformation (e.g. Annotation Result CVAT XML to Internal JSON format), (b) Data Integration (e.g. propagating events to a customer’s Splunk Endpoint)

● Based on OpenCV “matchTemplate()” function to develop an “anchor point” concept to detect shifting or shaking of a camera. This “anchor point” concept got further extended to support multiple variants of the same “anchor point” area to handle drastic changes of light sources and light intensity.

● Managing and Coordinating Image Annotation with a 3rd Party Off-Shore Annotation Team -- Cloud Factory. Coordination activities include: (a) Design Annotation Instruction and Data Labels+Attributes design; (b) running algorithms to select raw images for Cloud Factory to annotate; (c) building data automation infrastructure needed for post annotation steps

● Working with an Offshore Development Team to build a Data QC Workbench for Internal Data QC folks to review Inference Results of Deep Learning Neural Network and Annotation Results of a 3rd Party Outsourced Team.

Developing Data and Identity Mgt Platform for Supply Chain Management SaaS

● User Authentication:

● Migrated User Login mechanism from OpenID-1.0 to JWT+OAuth based mechanism

● SAML Integration

● Leveraging OKTA, built on top of home-grown OAuth server

● Fine grain control of which Internal Employees can access which Customer under which Environment (dev, pre-prod, prod) through managed LDAP group membership

● Facilitate Customer Success team to on-board customers for SAML Integration

● Provide User Deactivation / Session Termination REST API to Customers

● Evaluate SCIM implementation strategy and how to leverage AWS Cognito and OKTA

● Data Access Control + Multi-Tenancy Model:

● Design Security Model that enables Elementum Customers to control what data are shared with Supply Chain partners.

● Implemented this model over databases, such as, MongoDB and ElasticSearch database.

● Techniques are Database Query Interceptors, that verifies, rewrites or rejects query requests to a Database, based on Authorization profile of a user

● Master Data Management

● Led a team of 3 to deliver the full-stack implementation (UI+Backend) of Master Data Management Tool used in on-boarding Customer Master Data

● One key feature of MDM is Data Duplication Prevention. E.g., when users uploads Factory sites data, duplication of existing sites information should be avoided. It is achieved through “Site Similarity Search” implemented on ElasticSearch, where the geolocation of a site plus fuzzy match of the site’s name is used in search criteria.

Other Projects: Graph DB, GraphQL API, Python: Leveraging Python3 Type Hint and enhancing Python Security through Thread Local for security context

Coder / Designer / Software Architect for Oracle OAuth product

** Building security infrastructure based on OAuth Protocol to "rule them all"

** Unified product for Access Control for Cloud, Mobile and Social

** On Mobile side:

• --- Mobile Single Sign-On

• --- Integrating with Risk-Based Access Management infrastructure

• --- Integrating with MDM (Mobile Device Management) infrastructure

** On Cloud side:

• --- Two-legged version of OAuth protocol

• --- Identity Federation using JWT and SAML Tokens

** On Social side: OpenID Connect

Development: Proprietary SOA / RPC Infrastructure

Research: JSON Schema and RESTful interface