InfoQ Homepage Identity Management Content on InfoQ
-
Open-Source Access Control with OpenFGA
Auth0 released version 1.0 of OpenFGA, an open-source authorization server for fine grained access control use cases. This release indicates the stability of OpenFGA’s APIs and its readiness for production deployments.
-
Google is Rolling out Passkeys to Make Passwords a Relic of the Past
Google has begun rolling out support for passkeys across Google Accounts on all major platforms. Passkeys will be available as an additional authentication option alongside pre-existing mechanisms, including passwords, 2-step verification, and so on.
-
GitLab Ultimate Adds Code Viewing Ability for Guest Roles
GitLab has added customizable roles to its Ultimate subscription, enabling customers to define their roles, based on the current Guest role. The minimal viable change allows Ultimate users to add one additional permission to the Guest role, which grants users the ability to view code, known as Guest+1.
-
HashiCorp Vault Improves Multi-Namespace Workflows, Adds Managed Service for Azure
HashiCorp has released version 1.13 of Vault, their secrets and identity management platform. This release includes multi-namespace access workflows, improvements to the Google Cloud secrets engine, usability improvements to MFA, and certificate revocation for cross-cluster management. HashiCorp has also released Vault as a managed service for Microsoft Azure environments.
-
AWS Creates New Policy-Based Access Control Language Cedar
AWS has created a new language for defining access permissions using policies called Cedar. Cedar is currently used within Amazon Verified Permissions and AWS Verified Access. Created by the AWS Automated Reasoning Group, Cedar is designed to be agnostic of AWS and simple to understand the effects of policies.
-
HashiCorp Boundary Adds Multi-Hop Sessions and Credential Templating
HashiCorp has released version 0.12 of Boundary, their open-source identity-based access management service for infrastructure. This release introduces support for multi-hop sessions removing the need to expose Boundary workers running on private networks. Additional improvements include support for credential injection via Vault, assigning network addresses on targets, and credential templating.
-
Permit Elements Enables Low-Code User-Managed Access Control
Permit.io has released Permit Elements, a low-code end-user authentication interface builder. Permit Elements allows developers to embed interfaces enabling their end-users to decide which roles have permission to perform actions. At the time of release, there are elements available for user management and audit logs.
-
Terraform Cloud Adds Dynamic Provider Credentials and OPA Support
Hashicorp has released several new features into Terraform Cloud, their managed service offering for Terraform. The new features include dynamic provider credentials, native OPA support, and the addition of projects as an organization tool.
-
Spring Authorization Server 1.0 Provides Oauth 2.1 and OpenID Connect 1.0 Implementations
More than two-and-a-half years after being introduced to the Java community, VMWare has released Spring Authorization Server 1.0. Built on top of Spring Security, the Spring Authorization Server project supports the creation of OpenID Connect 1.0 Identity Providers and OAuth 2.1 Authorization Servers. The project supersedes the Spring Security OAuth project which is no longer maintained.
-
Google Cloud Adds IAM Deny Policies
Google Cloud has moved IAM Deny policies into full general availability. IAM Deny policies work alongside the IAM Allow policies to provide more options for controlling which principals have access to which resources. IAM Deny policies are available with Google Cloud IAM for most permissions.
-
HashiCorp's Boundary Now Generally Available on HCP
Following a successful beta trial, HashiCorp has announced the general availability of Boundary on their cloud platform HCP. This adds a key new aspect to HashiCorp's managed solution for zero-trust security.
-
Scaling Access Management at Airbnb
Airbnb's product engineering team recently discussed their implementation of a self-serving, centralized access control platform. Built on the principle of least privilege, the team designed a five-stage architecture, providing benefits from security, usability, and developer experience aspects.
-
AWS Amplify for Swift Reaches 2.0, Brings Async/Await and macOS Support
Previously known as AWS Amplify iOS, AWS Amplify for Swift now offers a rewritten API to support Swift async/await and make concurrency code more idiomatic. Additionally, the new release introduces beta support on macOS for a number of AWS features, including Auth, Storage, Geo, and others.
-
HashiCorp Vault Enhances Plugin Framework, Adds New Secrets Engines
HashiCorp has released a number of new features and improved core workflows for Vault, their secrets and identity management platform. The improvements include a new PKCS#11 provider, support for Redis and Amazon ElasticCache as secrets engines, improvements to the Transform secrets engine, and a better user experience for working with plugins.
-
Multi-Factor Authentication Fatigue Key Factor in Uber Breach
Earlier this week, Uber disclosed that the recent breach it suffered was made possible through a multi-factor authentication (MFA) fatigue attack where the attacker disguised themselves as Uber IT.