InfoQ Homepage Identity Management Content on InfoQ
-
HashiCorp Vault Adds Tokenization and Auto-Join Features
HashiCorp has released Vault 1.6, adding new features to their secrets and identity management platform. Cloud auto-join facilitates automatically attaching new Vault nodes to the cluster. The transform secrets engine now supports tokenization to better secure data stored outside of Vault. Additional features include integration with key management services and support for seal migration.
-
Disabling Google 2FA Doesn't Need 2FA
A developer's machine, compromised by attackers, was able to use Safari auto-fill to log into passwords.google.com, disable 2FA and extract passwords without notification. InfoQ spoke to Amos (@fasterthanlime) on Twitter about his experience and advice for others who might find themselves in the same situation. Read on to find out what happened, and what you should do to protect your assets.
-
Production Identity Framework SPIRE Graduates to CNCF Incubator
The Cloud Native Computing Foundation has accepted SPIFFE and SPIRE as incubation level projects. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE APIs that is production ready.
-
0-Day Vulnerability in Sign In with Apple Rewarded with $100,000
Earlier this year, security researcher Bhavuk Jain disclosed a 0-day vulnerability in Sign In with Apple that could easily allow an attacker to get full control of a victim's account by only knowing their email address. Apple patched the vulnerability and stated they could find no evidence of exploitation.
-
Amazon Releases CLI v2, Includes SSO and Interactive Usability Features
In a recent blog post, Amazon announced the general availability (GA) of AWS CLI (Command Line Interface) v2. Within this version of the CLI, features such as AWS Single Sign-On (SSO), interactive wizards, server-side auto completion and auto prompts are included. In addition, having Python installed is no longer a pre-requisite and the CLI is supported on Windows, Linux and macOS.
-
Recap of AWS re:Invent 2019
Last week in Las Vegas, AWS held their annual re:Invent conference and unveiled a slew of new products, while updating many existing ones. Here's a review of announcements impacting compute, data and storage, app integration, networking, machine learning, identity management, enterprise services, and development.
-
SAP and Microsoft Extend Partnership, Introducing New HANA VMs, Identity and Blockchain Integration
In a recent blog post, Microsoft announced its expanded partnership with SAP, following up on the announcements made at the SAP SAPPHIRE NOW event. This announcement includes new investments in larger Mv2 Series SAP Virtual Machines that include up to 12 TB of memory for SAP HANA, improved SAP HANA infrastructure monitoring using Azure Monitor and co-innovation in the area of data governance.
-
Google Releases a Managed Service for Microsoft Active Directory (AD) in Beta
In a recent blog post, Google announced the beta release of the Managed Service for Microsoft Active Directory (AD). With this service, Google acts as a managed service provider for any customer requiring Microsoft AD, and will the cloud provider will take care of the patching and maintenance of Microsoft's identity and access management service.
-
W3C and FIDO Alliance Finalized WebAuthn, Web Standard for Secure, Passwordless Logins
The World Wide Web Consortium (W3C) and the Fast IDentity Online (FIDO) Alliance recently announced that the Web Authentication (WebAuthn) specification is now an official web standard. WebAuthn allows users to log in via biometrics, mobile devices and/or FIDO security keys, with higher security over passwords alone.
-
Sign In with Apple Touts Single Sign-On without Sharing Your Data
At the recent WWDC 2019, Apple announced its own Single Sign-On (SS) service, dubbed Sign in with Apple. Deemed "Apple's most significant new innovation" by Time, Sign in with Apple promises not to share any personal user data, including email addresses.
-
Introducing Interoperable Blockchain Identity Solutions with Hyperledger Aries
In a recent blog post, the Hyperledger project announced their 13th project called Hyperledger Aries, which provides an interoperable identity management toolkit that enables creating, transmitting and storing verifiable digital certificates. Using this toolkit, organizations can support, secure, interoperable peer-to-peer messaging across different distributed ledger technologies (DLT).
-
Open Policy Agent Accepted as CNCF Incubation Level Project
The Cloud Native Computing Foundation (CNCF) accepted the Open Policy Agent (OPA) as an incubation-level hosted project on April 2nd. OPA is an open source, general-purpose policy engine. OPA targets cloud-based enterprise technology companies with a solution that offloads service level policy management to a unified, context-aware policy management solution.
-
HashiCorp Vault 1.1 Adds Secret Caching and Transit Auto Unseal
HashiCorp has released version 1.1 of Vault, their secrets and identity management tool. With this release there is now support for secret caching by Vault Agents, authentication to Vault via OpenID Connect, and using a Vault cluster to auto unseal another Vault cluster via transit encryption.
-
AWS Identity and Access Management Gains Tags and Attribute-Based Access Control
Amazon Web Services (AWS) recently enabled tags for IAM users and roles to ease the management of IAM resources. Notably, this release also includes the ability to embrace attribute-based access control (ABAC) and match AWS resources with IAM principals dynamically to "simplify permissions management at scale".
-
Google Releases New Security Features for Compute Engine: Resource-Level IAM and IAM Conditions
Google announced two new Cloud Identity and Access Management (IAM) features to help customers manage their security and access control in the Google Compute Engine better. These features are the resource-level IAM to set policies on individual resources, and IAM conditions to grant access based on predefined conditions.