InfoQ Homepage Identity Management Content on InfoQ
-
Cloudflare and Stripe Let AI Agents Create Accounts, Buy Domains, and Deploy to Production
Cloudflare and Stripe launched a protocol that lets AI agents autonomously create cloud accounts, register domains, start subscriptions, and deploy to production. Stripe handles identity and payment with a $100/month default cap. No other major cloud provider offers comparable agent-driven account provisioning.
-
Airbnb Implements Context-Aware Identity Model to Support Privacy-First Social Features
Airbnb has redesigned its identity system to support privacy-first social features in Experiences. The platform introduces context-specific profiles that separate global user identity from externally visible profiles, preventing cross-context linkage. The migration leveraged automated auditing, manual validation, and AI-assisted refactoring to enforce correct identity usage across services.
-
HashiCorp Vault 2.0 Marks Shift to IBM Lifecycle with New Identity Federation
HashiCorp has released Vault 2.0, moving to the IBM versioning and support model following its acquisition. The update introduces Workload Identity Federation for secret syncing without static credentials, SCIM 2.0 provisioning, and performance gains in the storage engine. It also prioritises identity-based security and certificate automation while removing legacy architectural components.
-
Bring Your Own Key (BYOK): AWS IAM Identity Center Adopts CMKs to Meet Enterprise Compliance Needs
AWS IAM Identity Center now supports customer-managed KMS keys (CMKs) for encrypting identity data at rest. This enhancement offers organizations complete control over their encryption keys, ensuring granular access management, robust auditing via AWS CloudTrail, and improved compliance for regulated industries. It’s a key evolution for data sovereignty in the cloud.
-
Microsoft Entra Suite Now Generally Available: Identity and Security Based Upon Zero-Trust Models
Microsoft has announced the general availability of its Entra Suite. According to the company, the suite provides a solution that integrates identity and security, facilitating a more unified approach to security operations.
-
Styra's Policy as Code Report: Identity and Access Management Drives Adoption
The State of Policy as Code report from Styra, based on a survey of 285 U.S. developers and technical decision-makers, highlighted that 97% of respondents believe policy as code is crucial for efficient software building in cloud environments. The report's key findings highlight policy as the code's role in enhancing development efficiency, security, and simplicity.
-
AWS Adds Automated Detection of Unused IAM Roles, Users, and Permissions
AWS recently added support for detecting unused access granted to IAM roles and users within their AWS IAM Access Analyzer tool. The new analyzer can identify unused roles, unused IAM user access keys and passwords, and unused permissions within a defined usage window. This analysis can be done across accounts within the organization and be controlled from a delegated administrator account.
-
Revolutionizing Digital Identity: How Verifiable Credentials Offer a New Era of Privacy and Control
Auth0 recently published an in-depth explanation of Verifiable Credentials (VCs). The article emphasizes the potential of VCs to transform how identities are managed online. It highlights the limitations of current identity systems and how VCs can address these gaps, particularly in allowing identity claims to be disclosed without issuers knowing, thereby enhancing privacy and control for users.
-
HashiCorp Vault Secrets Operator for Kubernetes Moves into General Availability
HashiCorp has moved the HashiCorp Vault Secrets Operator for Kubernetes into general availability. This Kubernetes Operator combines Vault's secret management tooling with the Kubernetes Secrets cache. The operator also handles secret rotation and has controllers for the various secret-specific custom resources.
-
Enhancing Security with Google Cloud's Service Account Key Expiry Feature
Google Cloud has recently introduced service account key expiry to address security challenges associated with long-lived service account keys. With this capability, the company states that "customers can now configure an Organization Policy at the organization, folder, and project level to limit the usable duration of new service account keys”.
-
GitLab Ultimate Adds Code Viewing Ability for Guest Roles
GitLab has added customizable roles to its Ultimate subscription, enabling customers to define their roles, based on the current Guest role. The minimal viable change allows Ultimate users to add one additional permission to the Guest role, which grants users the ability to view code, known as Guest+1.
-
HashiCorp Vault Improves Multi-Namespace Workflows, Adds Managed Service for Azure
HashiCorp has released version 1.13 of Vault, their secrets and identity management platform. This release includes multi-namespace access workflows, improvements to the Google Cloud secrets engine, usability improvements to MFA, and certificate revocation for cross-cluster management. HashiCorp has also released Vault as a managed service for Microsoft Azure environments.
-
AWS Creates New Policy-Based Access Control Language Cedar
AWS has created a new language for defining access permissions using policies called Cedar. Cedar is currently used within Amazon Verified Permissions and AWS Verified Access. Created by the AWS Automated Reasoning Group, Cedar is designed to be agnostic of AWS and simple to understand the effects of policies.
-
HashiCorp Boundary Adds Multi-Hop Sessions and Credential Templating
HashiCorp has released version 0.12 of Boundary, their open-source identity-based access management service for infrastructure. This release introduces support for multi-hop sessions removing the need to expose Boundary workers running on private networks. Additional improvements include support for credential injection via Vault, assigning network addresses on targets, and credential templating.
-
Google Cloud Adds IAM Deny Policies
Google Cloud has moved IAM Deny policies into full general availability. IAM Deny policies work alongside the IAM Allow policies to provide more options for controlling which principals have access to which resources. IAM Deny policies are available with Google Cloud IAM for most permissions.