InfoQ Homepage Authorization Content on InfoQ
-
Spring News Roundup: Milestone Releases of Boot, Security, Auth Server, GraphQL, Kafka, Pulsar
There was a flurry of activity in the Spring ecosystem during the week of July 21st, 2025, highlighting milestone releases of Spring Boot, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Session, Spring Integration, Spring REST Docs, Spring Batch, Spring AMQP, Spring for Apache Kafka, Spring for Apache Pulsar and Spring Web Services.
-
Jakarta EE 11 Delivers One New Specification, 16 Updated Specifications and Modernized TCK
Although a full GA release of Jakarta EE 11 was originally planned for July 2024, only the Core Profile and the Web Profile were delivered in December 2024 and April 2025, respectively. And now, the Jakarta EE 11 Platform has been delivered featuring one new specification and a new TCK. Ed Burns, release coordinator for Jakarta EE 11, spoke to InfoQ about the release of Jakarta EE 11.
-
Spring News Roundup: Spring Vault Milestone, Point Releases and End of OSS Support
There was a flurry of activity in the Spring ecosystem during the week of June 16th, 2025, highlighting: the first milestone release of Spring Vault 4.0; and point releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Modulith, Spring AMQP and Spring for Apache Kafka. Release trains for numerous Spring projects will also reach the end of OSS support on June 30, 2025.
-
AWS Launches Open-Source Agent for AWS Secrets Manager
Amazon Web Services (AWS) has launched a new open-source agent for AWS Secrets Manager. According to the company, this agent simplifies the process of retrieving secrets from AWS Secrets Manager, enabling secure and streamlined application access.
-
API Access with Amazon Verified Permissions and Amazon Cognito
AWS recently announced that Amazon API Gateway requests can now be authorized with Amazon Verified Permissions. With this feature, HTTP requests containing tokens issued by Amazon Cognito can be used to perform authorization decisions against API resources.
-
Revolutionizing Digital Identity: How Verifiable Credentials Offer a New Era of Privacy and Control
Auth0 recently published an in-depth explanation of Verifiable Credentials (VCs). The article emphasizes the potential of VCs to transform how identities are managed online. It highlights the limitations of current identity systems and how VCs can address these gaps, particularly in allowing identity claims to be disclosed without issuers knowing, thereby enhancing privacy and control for users.
-
Introduction of Auth0 Templates for .NET
Auth0 Templates for .NET offers pre-built project templates with integrated Auth0 support for authentication and authorization. The development process is simplified, enabling the creation of Auth0-integrated .NET projects through familiar approaches from built-in templates. The project is open-source.
-
AWS Open-Sources Policy-Based Access Control Language Cedar
AWS has open-sourced Cedar, their language for defining access permissions using policies. Cedar is integrated within both Amazon Verified Permissions and AWS Verified Access. Cedar can also be integrated directly into an application via the provided SDK and language specification.
-
Open-Source Access Control with OpenFGA
Auth0 released version 1.0 of OpenFGA, an open-source authorization server for fine grained access control use cases. This release indicates the stability of OpenFGA’s APIs and its readiness for production deployments.
-
HashiCorp Vault Improves Multi-Namespace Workflows, Adds Managed Service for Azure
HashiCorp has released version 1.13 of Vault, their secrets and identity management platform. This release includes multi-namespace access workflows, improvements to the Google Cloud secrets engine, usability improvements to MFA, and certificate revocation for cross-cluster management. HashiCorp has also released Vault as a managed service for Microsoft Azure environments.
-
AWS Creates New Policy-Based Access Control Language Cedar
AWS has created a new language for defining access permissions using policies called Cedar. Cedar is currently used within Amazon Verified Permissions and AWS Verified Access. Created by the AWS Automated Reasoning Group, Cedar is designed to be agnostic of AWS and simple to understand the effects of policies.
-
HashiCorp Boundary Adds Multi-Hop Sessions and Credential Templating
HashiCorp has released version 0.12 of Boundary, their open-source identity-based access management service for infrastructure. This release introduces support for multi-hop sessions removing the need to expose Boundary workers running on private networks. Additional improvements include support for credential injection via Vault, assigning network addresses on targets, and credential templating.
-
Permit Elements Enables Low-Code User-Managed Access Control
Permit.io has released Permit Elements, a low-code end-user authentication interface builder. Permit Elements allows developers to embed interfaces enabling their end-users to decide which roles have permission to perform actions. At the time of release, there are elements available for user management and audit logs.
-
Google Cloud Adds IAM Deny Policies
Google Cloud has moved IAM Deny policies into full general availability. IAM Deny policies work alongside the IAM Allow policies to provide more options for controlling which principals have access to which resources. IAM Deny policies are available with Google Cloud IAM for most permissions.
-
HashiCorp Vault Enhances Plugin Framework, Adds New Secrets Engines
HashiCorp has released a number of new features and improved core workflows for Vault, their secrets and identity management platform. The improvements include a new PKCS#11 provider, support for Redis and Amazon ElasticCache as secrets engines, improvements to the Transform secrets engine, and a better user experience for working with plugins.