InfoQ Homepage Identity Management Content on InfoQ
-
Uber Introduces a Universal Signup and Login Stack
Uber recently introduced Unified Signup and Login (USL), an effort to consolidate signup and login experiences across all Uber apps and services. USL lowers the engineering complexity and maintenance overhead and allows faster rollout of security policies and fixes. Over the last two years, Uber rolled out USL and currently, more than 78% of Uber's traffic has adopted USL.
-
HashiCorp Vault Improves Eventual Consistency with Server-Side Consistent Tokens
HashiCorp has released Vault 1.10, introducing a number of new features to their secrets and identity management platform. Server-side consistent tokens provide greater control over the eventual consistency model when using performance standby nodes. Authentication can now be performed using the new open source login multi-factor authentication integration.
-
Improve Access Control of Google Cloud SQL with IAM Conditions and Tags
Recently, Google announced the general availability (GA) of IAM Conditions and Tags for Cloud SQL, a fully-managed relational database service for MySQL, PostgreSQL, and SQL Server.
-
HashiCorp Boundary 0.7 and Boundary Desktop 1.4 Released with Dynamic Host Catalogs
HashiCorp has released version 0.7 of their Boundary open-source project that automates secure identity-based user access to hosts and services across environments. Boundary Desktop 1.4 has also been released for Mac, Linux, and Windows. Key new features include dynamic host catalogs, plugin support (currently for internal use only), and managed groups and resource filtering in the admin console.
-
Airbnb Streamlines the Development Process with a Unified Architecture for Collaborative Hosting
Airbnb recently detailed how it designed and built a unified architecture for collaborative hosting. This architecture streamlines the development process of new products, as engineers only need to know about one central framework that will cover all hosting use cases. This framework encapsulates the specific types of collaborative hosting, freeing the engineers from the need to worry about them.
-
Aqua Security's Latest Report Highlights Increase in Cloud Attacks
Aqua Security published a report outlining their analysis of a year's worth of security remediation data. This report found that nearly no organization addressed all identified issues with enterprise organizations taking on average 88 days to resolve the issues they do address. Their analysis found a large increase in attacks against container-based and cloud-native infrastructure.
-
Airbnb Builds Himeji - a Scalable Centralized Authorization System
Airbnb recently described how it built Himeji, a scalable centralized authorization system. Himeji stores permissions data and performs permission checks as a central source of truth. It uses a sharded and replicated in-memory cache to improve performance and lower latencies and has served checks in production for about a year.
-
CNCF Publishes Latest Technology Radar Focused on Secrets Management
CNCF published the fourth edition of the end-user Technology Radar. This time the theme was secrets management: the set of tools and technologies to manage digital authentication. The purpose of this edition is to share what tools are used by end-users, the tools they recommend, and any patterns that emerged.
-
HashiCorp Boundary: Remote Access Management Service Adds OIDC Support
HashiCorp has announced the release of version 0.2 of Boundary, their open-source identity-based access management service designed for dynamic infrastructure. This release includes support for OIDC authentication methods. The Boundary Desktop application is now at version 1.0 for macOS.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.
-
HashiCorp Vault Adds Tokenization and Auto-Join Features
HashiCorp has released Vault 1.6, adding new features to their secrets and identity management platform. Cloud auto-join facilitates automatically attaching new Vault nodes to the cluster. The transform secrets engine now supports tokenization to better secure data stored outside of Vault. Additional features include integration with key management services and support for seal migration.
-
Disabling Google 2FA Doesn't Need 2FA
A developer's machine, compromised by attackers, was able to use Safari auto-fill to log into passwords.google.com, disable 2FA and extract passwords without notification. InfoQ spoke to Amos (@fasterthanlime) on Twitter about his experience and advice for others who might find themselves in the same situation. Read on to find out what happened, and what you should do to protect your assets.
-
Production Identity Framework SPIRE Graduates to CNCF Incubator
The Cloud Native Computing Foundation has accepted SPIFFE and SPIRE as incubation level projects. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE APIs that is production ready.
-
0-Day Vulnerability in Sign In with Apple Rewarded with $100,000
Earlier this year, security researcher Bhavuk Jain disclosed a 0-day vulnerability in Sign In with Apple that could easily allow an attacker to get full control of a victim's account by only knowing their email address. Apple patched the vulnerability and stated they could find no evidence of exploitation.
-
Amazon Releases CLI v2, Includes SSO and Interactive Usability Features
In a recent blog post, Amazon announced the general availability (GA) of AWS CLI (Command Line Interface) v2. Within this version of the CLI, features such as AWS Single Sign-On (SSO), interactive wizards, server-side auto completion and auto prompts are included. In addition, having Python installed is no longer a pre-requisite and the CLI is supported on Windows, Linux and macOS.
SPONSORED BY
Live Webinar presented by Auth0 |
Q&A moderated by InfoQ
Why Identity Should Form the Foundation of Your Product Strategy
Learn how to choose the most appropriate approach when implementing identity, deployment considerations for new and existing applications and services, how to build on a strong identity foundation, and more.