InfoQ Homepage Identity Management Content on InfoQ
-
Aqua Security's Latest Report Highlights Increase in Cloud Attacks
Aqua Security published a report outlining their analysis of a year's worth of security remediation data. This report found that nearly no organization addressed all identified issues with enterprise organizations taking on average 88 days to resolve the issues they do address. Their analysis found a large increase in attacks against container-based and cloud-native infrastructure.
-
Airbnb Builds Himeji - a Scalable Centralized Authorization System
Airbnb recently described how it built Himeji, a scalable centralized authorization system. Himeji stores permissions data and performs permission checks as a central source of truth. It uses a sharded and replicated in-memory cache to improve performance and lower latencies and has served checks in production for about a year.
-
CNCF Publishes Latest Technology Radar Focused on Secrets Management
CNCF published the fourth edition of the end-user Technology Radar. This time the theme was secrets management: the set of tools and technologies to manage digital authentication. The purpose of this edition is to share what tools are used by end-users, the tools they recommend, and any patterns that emerged.
-
HashiCorp Boundary: Remote Access Management Service Adds OIDC Support
HashiCorp has announced the release of version 0.2 of Boundary, their open-source identity-based access management service designed for dynamic infrastructure. This release includes support for OIDC authentication methods. The Boundary Desktop application is now at version 1.0 for macOS.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.
-
HashiCorp Vault Adds Tokenization and Auto-Join Features
HashiCorp has released Vault 1.6, adding new features to their secrets and identity management platform. Cloud auto-join facilitates automatically attaching new Vault nodes to the cluster. The transform secrets engine now supports tokenization to better secure data stored outside of Vault. Additional features include integration with key management services and support for seal migration.
-
Disabling Google 2FA Doesn't Need 2FA
A developer's machine, compromised by attackers, was able to use Safari auto-fill to log into passwords.google.com, disable 2FA and extract passwords without notification. InfoQ spoke to Amos (@fasterthanlime) on Twitter about his experience and advice for others who might find themselves in the same situation. Read on to find out what happened, and what you should do to protect your assets.
-
Production Identity Framework SPIRE Graduates to CNCF Incubator
The Cloud Native Computing Foundation has accepted SPIFFE and SPIRE as incubation level projects. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE APIs that is production ready.
-
0-Day Vulnerability in Sign In with Apple Rewarded with $100,000
Earlier this year, security researcher Bhavuk Jain disclosed a 0-day vulnerability in Sign In with Apple that could easily allow an attacker to get full control of a victim's account by only knowing their email address. Apple patched the vulnerability and stated they could find no evidence of exploitation.
-
Amazon Releases CLI v2, Includes SSO and Interactive Usability Features
In a recent blog post, Amazon announced the general availability (GA) of AWS CLI (Command Line Interface) v2. Within this version of the CLI, features such as AWS Single Sign-On (SSO), interactive wizards, server-side auto completion and auto prompts are included. In addition, having Python installed is no longer a pre-requisite and the CLI is supported on Windows, Linux and macOS.
-
Recap of AWS re:Invent 2019
Last week in Las Vegas, AWS held their annual re:Invent conference and unveiled a slew of new products, while updating many existing ones. Here's a review of announcements impacting compute, data and storage, app integration, networking, machine learning, identity management, enterprise services, and development.
-
SAP and Microsoft Extend Partnership, Introducing New HANA VMs, Identity and Blockchain Integration
In a recent blog post, Microsoft announced its expanded partnership with SAP, following up on the announcements made at the SAP SAPPHIRE NOW event. This announcement includes new investments in larger Mv2 Series SAP Virtual Machines that include up to 12 TB of memory for SAP HANA, improved SAP HANA infrastructure monitoring using Azure Monitor and co-innovation in the area of data governance.
-
Google Releases a Managed Service for Microsoft Active Directory (AD) in Beta
In a recent blog post, Google announced the beta release of the Managed Service for Microsoft Active Directory (AD). With this service, Google acts as a managed service provider for any customer requiring Microsoft AD, and will the cloud provider will take care of the patching and maintenance of Microsoft's identity and access management service.
-
W3C and FIDO Alliance Finalized WebAuthn, Web Standard for Secure, Passwordless Logins
The World Wide Web Consortium (W3C) and the Fast IDentity Online (FIDO) Alliance recently announced that the Web Authentication (WebAuthn) specification is now an official web standard. WebAuthn allows users to log in via biometrics, mobile devices and/or FIDO security keys, with higher security over passwords alone.
-
Sign In with Apple Touts Single Sign-On without Sharing Your Data
At the recent WWDC 2019, Apple announced its own Single Sign-On (SS) service, dubbed Sign in with Apple. Deemed "Apple's most significant new innovation" by Time, Sign in with Apple promises not to share any personal user data, including email addresses.