InfoQ Homepage Identity Management Content on InfoQ
-
Production Identity Framework SPIRE Graduates from CNCF
The Cloud Native Computing Foundation has announced the graduation of SPIFFE and SPIRE. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE API that is production ready. Recent improvements to the project include adding experimental Windows support.
-
AWS IAM Identity Center Introduces APIs to Manage Users and Groups at Scale
AWS recently introduced IAM Identity Center APIs to create users and groups at scale. Administrators can use these new APIs to manage identities programmatically and gain visibility into users in the Identity Center directory.
-
Spring Authorization Server 1.0 Planned for November 2022
Spring Authorization Server 1.0 is planned for a GA release in November 2022, after starting the project two years ago. The Spring Authorization Server project replaces the, already End of Life, Spring Security OAuth project. The project is led by the Spring Security team and delivers support for OAuth 2.1 Authorization Server for Spring applications.
-
Uber Introduces a Universal Signup and Login Stack
Uber recently introduced Unified Signup and Login (USL), an effort to consolidate signup and login experiences across all Uber apps and services. USL lowers the engineering complexity and maintenance overhead and allows faster rollout of security policies and fixes. Over the last two years, Uber rolled out USL and currently, more than 78% of Uber's traffic has adopted USL.
-
HashiCorp Vault Improves Eventual Consistency with Server-Side Consistent Tokens
HashiCorp has released Vault 1.10, introducing a number of new features to their secrets and identity management platform. Server-side consistent tokens provide greater control over the eventual consistency model when using performance standby nodes. Authentication can now be performed using the new open source login multi-factor authentication integration.
-
Improve Access Control of Google Cloud SQL with IAM Conditions and Tags
Recently, Google announced the general availability (GA) of IAM Conditions and Tags for Cloud SQL, a fully-managed relational database service for MySQL, PostgreSQL, and SQL Server.
-
HashiCorp Boundary 0.7 and Boundary Desktop 1.4 Released with Dynamic Host Catalogs
HashiCorp has released version 0.7 of their Boundary open-source project that automates secure identity-based user access to hosts and services across environments. Boundary Desktop 1.4 has also been released for Mac, Linux, and Windows. Key new features include dynamic host catalogs, plugin support (currently for internal use only), and managed groups and resource filtering in the admin console.
-
Airbnb Streamlines the Development Process with a Unified Architecture for Collaborative Hosting
Airbnb recently detailed how it designed and built a unified architecture for collaborative hosting. This architecture streamlines the development process of new products, as engineers only need to know about one central framework that will cover all hosting use cases. This framework encapsulates the specific types of collaborative hosting, freeing the engineers from the need to worry about them.
-
Aqua Security's Latest Report Highlights Increase in Cloud Attacks
Aqua Security published a report outlining their analysis of a year's worth of security remediation data. This report found that nearly no organization addressed all identified issues with enterprise organizations taking on average 88 days to resolve the issues they do address. Their analysis found a large increase in attacks against container-based and cloud-native infrastructure.
-
Airbnb Builds Himeji - a Scalable Centralized Authorization System
Airbnb recently described how it built Himeji, a scalable centralized authorization system. Himeji stores permissions data and performs permission checks as a central source of truth. It uses a sharded and replicated in-memory cache to improve performance and lower latencies and has served checks in production for about a year.
-
CNCF Publishes Latest Technology Radar Focused on Secrets Management
CNCF published the fourth edition of the end-user Technology Radar. This time the theme was secrets management: the set of tools and technologies to manage digital authentication. The purpose of this edition is to share what tools are used by end-users, the tools they recommend, and any patterns that emerged.
-
HashiCorp Boundary: Remote Access Management Service Adds OIDC Support
HashiCorp has announced the release of version 0.2 of Boundary, their open-source identity-based access management service designed for dynamic infrastructure. This release includes support for OIDC authentication methods. The Boundary Desktop application is now at version 1.0 for macOS.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.
-
HashiCorp Vault Adds Tokenization and Auto-Join Features
HashiCorp has released Vault 1.6, adding new features to their secrets and identity management platform. Cloud auto-join facilitates automatically attaching new Vault nodes to the cluster. The transform secrets engine now supports tokenization to better secure data stored outside of Vault. Additional features include integration with key management services and support for seal migration.
-
Disabling Google 2FA Doesn't Need 2FA
A developer's machine, compromised by attackers, was able to use Safari auto-fill to log into passwords.google.com, disable 2FA and extract passwords without notification. InfoQ spoke to Amos (@fasterthanlime) on Twitter about his experience and advice for others who might find themselves in the same situation. Read on to find out what happened, and what you should do to protect your assets.