Collaborate Disseminate
Keycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, authorization, and more. Keycloak is based on standard protocols and supports OpenID Connect, OAuth 2.0, a… Continue reading Keycloak: Open-source identity and access management
In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environments, particularly in SaaS, and how these misunderstandings can lead to security risks. What common mi… Continue reading Who handles what? Common misconceptions about SaaS security responsibilities
I am exploring Self-Sovereign Identity (SSI) as a decentralized approach to identity management, similar to how Bitcoin addresses financial systems through blockchain (as verifiable data registry (VDR)). However, I am trying to understand … Continue reading Specific Security Risks in Decentralized Identity and Self-Sovereign Identity (SSI)
As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive informat… Continue reading The role of self-sovereign identity in enterprises
The Mandiant founder and Google Cloud adviser tells CyberScoop that he sees a lot of similarities between SpecterOps and the early days of his cybersecurity powerhouse company.
The post Exclusive: Kevin Mandia joins SpecterOps as chair of the board appeared first on CyberScoop.
Continue reading Exclusive: Kevin Mandia joins SpecterOps as chair of the board
In this Help Net Security interview, Omer Cohen, Chief Security Officer at Descope, discusses the impact of identity federation on organizational security and user experience. He explains how this approach streamlines credential management and enhances… Continue reading Reducing credential complexity with identity federation
IoT devices have become integral to how many organizations operate. From Smart TVs in conference rooms to connected sensors and wireless security cameras, these connected devices are now a fixture in the modern workplace. They also, however, present a … Continue reading 3 tips for securing IoT devices in a connected world
Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that compromising it has become almost a standard step in cyber intrusions. “Activ… Continue reading Active Directory compromise: Cybersecurity agencies provde guidance
I have trouble understanding the exact definition of an "entity". My gut somehow knows what an entity is. However, I referred to two definitions. The ISO/IEC 24760-1:2019 Standard states:
3.1.1 entity item relevant for the purpo… Continue reading Definition of "entity" in the context of Identity management
The hype surrounding unmanaged and exposed non-human identities (NHIs), or machine-to-machine credentials – such as service accounts, system accounts, certificates and API keys – has recently skyrocketed. A steady stream of NHI-related brea… Continue reading Risk related to non-human identities: Believe the hype, reject the FUD