Collaborate Disseminate
In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that […]
The post From federation to fabric: IAM’s evolution appeared first on Security Intelligence.
In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that […]
The post From federation to fabric: IAM’s evolution appeared first on Security Intelligence.
I’m currently implementing a system which consists of a collection of apps. Similar to the way Microsoft 365 consists of Word, Excel, etc.
Ideally I’d like to log in once, then navigate between apps. However, each app requires different … Continue reading OAuth2 component scopes
I’ve been struggling to find very simple, low level explanations of federated authentication protocols. Previously I’ve seen SAML and oauth, but they both seem to be very high level and far more complex than just authenticating a simple se… Continue reading Simplest federated authentication protocol: is this the right way to do it?
As per the title. What risks and controls should I consider? Are there any questions i need to ask the external party AD before setting up the ‘Trust’ between the 2 ADs?
I see "multiple set of credentials" and "single set of credentials" in the SSO documentation. However, I can’t understand what the difference is between them.
Are they related to MFA?
Let us say you have an app where the users will be required to deposit cryptocurrency. Is it safe to let users sign in with third-party authentication? For example "sign in with Google" or "sign in with Facebook"?
If it… Continue reading Using SSO for a cryptocurrency app
My organization is trying to comply with new user data protection laws that were recently put in place where we operate. In order for us to transmit any PII (name, DOB, ID…) to a third party we must have a data protection contract signed… Continue reading When using a Federated ID does the Service Provider hold onto User Data
Researchers show the promise of Federated Learning to protect patient privacy and improve healthcare outcomes across the world. Continue reading Federated Learning: A Therapeutic for what Ails Digital Health
I have an application Foo that exposes a web-based portal as well as a REST API service via HTTPS.
When a human user connects to the app Foo to use its web-based portal, the human user is first redirected to an OAuth2-based login page. Onc… Continue reading App-to-app or service-to-service authentication using federated login