Software security is a complex problem, and is becoming even more complex using Microservices where each service has to deal with security, David Borsos explained at the recent Microservices Conference in London, during his presentation evaluating four end-user authentication options within a microservice based systems.
The release of GitLab 8.9 brings a file locking, a refreshed UI, and hardware-based two-factor authentication. Teaming up with Yubico, developers can now use a hardware YubiKey to automatically authenticate a GitLab session without having to type in a 6-digit TOTP code. In addition, file locking will keep binary assets from getting destroyed during a merge.
At the Velocity Conference in Amsterdam, Alex Shoof explained how to manage secrets in a scalable and distributed environment. Shoof proposed a system based on five fundamental principles for secret management.
Facebook and Twitter have released SDKs for Apple tvOS to provide support for onboarding, user verification, and analytics.
Google has announced at I/O 2015 the Google Identity Platform, a collection of tools and APIs for managing identities and dealing with authentication and authorization across Android, iOS and web applications.
Firebase has this week announced major updates to its user authentication, including automatic session persistence, and rich authentication tokens for use in Security Rules.
The recently released Visual Studio 2013 includes new project templates with several improvements which enables developers to build projects and applications faster.
Most applications these days require user management, authentication, and authorization from the beginning and even a minor mistake can be disastrous. To help developers focus more on what the application actually does, Stormpath is offering turnkey user management and authentication services. Using these services, applications can authenticate users via a single API call.
Microsoft recently announced preview of Multi-Factor Authentication in Windows Azure. This can be enabled for Windows Azure Management portal, Microsoft Online Services such as Office 365, as well as custom applications.
Part 2 of Infoq’s exclusive virtual interview with Anypresence cofounder Richard Mendis. The CMO weighs in on Facebook’s acquisition of competitor Parse and provides intel on the pricing structure of Anypresence.
Google+ Sign-In extends the Google+ social network into third-party websites, desktop applications and mobile apps. This service, announced on February 26th, provides features for authentication, authorization and activity sharing. There is also support for user engagement, hangouts and automatic Android app downloads.
A central theme with Windows 8 is the Microsoft Account. This is another attempt to offer a single sign-on system for both Microsoft and third-party services. Microsoft Account is available for Windows 8 apps, normal websites, Windows Phone, Android, and iOS.
Java Enterprise Edition Version 6 release includes new security features in the areas of web container security as well as authentication and authorization aspects of Java application development. These features include programmatic and declarative security enforcement in the web tier. This post gives an overview of these new security features.
“Everyone feels the need to write a custom authentication protocol” says George Reese, which he claims is one of the things he learnt working on a programming API for cloud providers and Saas Vendors. In a post George proposes a set of standards for any REST authentication need.
CONTENT IN THIS BOX
PROVIDED BY OUR SPONSOR
Increase security on compromised platforms with Intel® SGX.
An Intel technology for application developers who are seeking to protect select code and data from disclosure or modification.
A Developer’s Perspective.
Developers have long been constrained by the security capabilities that major platform providers have exposed for application development. How Bromium and wolfSSL employ Intel® SGX to create more secure, next-generation solutions.
Learn more about the Intel SGX SDK, a collection of APIs, libraries, documentation, sample source code, and tools that allows software developers to create and debug Intel SGX enabled applications in C/C++.
Protect Application Code, Data, & Secrets from Attack.
Developers can partition their application into CPU hardened “enclaves” or protected areas of execution that increase security even on compromised platforms.
Intel Software Guard Extensions (SGX) for Dummies.
At its root, Intel® SGX is a set of new CPU instructions that can be used by applications to set aside private regions of code and data.