InfoQ Homepage Identity Management Content on InfoQ
-
HashiCorp Boundary Adds Multi-Hop Sessions and Credential Templating
HashiCorp has released version 0.12 of Boundary, their open-source identity-based access management service for infrastructure. This release introduces support for multi-hop sessions removing the need to expose Boundary workers running on private networks. Additional improvements include support for credential injection via Vault, assigning network addresses on targets, and credential templating.
-
Google Cloud Adds IAM Deny Policies
Google Cloud has moved IAM Deny policies into full general availability. IAM Deny policies work alongside the IAM Allow policies to provide more options for controlling which principals have access to which resources. IAM Deny policies are available with Google Cloud IAM for most permissions.
-
Scaling Access Management at Airbnb
Airbnb's product engineering team recently discussed their implementation of a self-serving, centralized access control platform. Built on the principle of least privilege, the team designed a five-stage architecture, providing benefits from security, usability, and developer experience aspects.
-
HashiCorp Vault Enhances Plugin Framework, Adds New Secrets Engines
HashiCorp has released a number of new features and improved core workflows for Vault, their secrets and identity management platform. The improvements include a new PKCS#11 provider, support for Redis and Amazon ElasticCache as secrets engines, improvements to the Transform secrets engine, and a better user experience for working with plugins.
-
Production Identity Framework SPIRE Graduates from CNCF
The Cloud Native Computing Foundation has announced the graduation of SPIFFE and SPIRE. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE API that is production ready. Recent improvements to the project include adding experimental Windows support.
-
AWS IAM Identity Center Introduces APIs to Manage Users and Groups at Scale
AWS recently introduced IAM Identity Center APIs to create users and groups at scale. Administrators can use these new APIs to manage identities programmatically and gain visibility into users in the Identity Center directory.
-
HashiCorp Vault Improves Eventual Consistency with Server-Side Consistent Tokens
HashiCorp has released Vault 1.10, introducing a number of new features to their secrets and identity management platform. Server-side consistent tokens provide greater control over the eventual consistency model when using performance standby nodes. Authentication can now be performed using the new open source login multi-factor authentication integration.
-
Improve Access Control of Google Cloud SQL with IAM Conditions and Tags
Recently, Google announced the general availability (GA) of IAM Conditions and Tags for Cloud SQL, a fully-managed relational database service for MySQL, PostgreSQL, and SQL Server.
-
HashiCorp Boundary 0.7 and Boundary Desktop 1.4 Released with Dynamic Host Catalogs
HashiCorp has released version 0.7 of their Boundary open-source project that automates secure identity-based user access to hosts and services across environments. Boundary Desktop 1.4 has also been released for Mac, Linux, and Windows. Key new features include dynamic host catalogs, plugin support (currently for internal use only), and managed groups and resource filtering in the admin console.
-
Aqua Security's Latest Report Highlights Increase in Cloud Attacks
Aqua Security published a report outlining their analysis of a year's worth of security remediation data. This report found that nearly no organization addressed all identified issues with enterprise organizations taking on average 88 days to resolve the issues they do address. Their analysis found a large increase in attacks against container-based and cloud-native infrastructure.
-
CNCF Publishes Latest Technology Radar Focused on Secrets Management
CNCF published the fourth edition of the end-user Technology Radar. This time the theme was secrets management: the set of tools and technologies to manage digital authentication. The purpose of this edition is to share what tools are used by end-users, the tools they recommend, and any patterns that emerged.
-
HashiCorp Boundary: Remote Access Management Service Adds OIDC Support
HashiCorp has announced the release of version 0.2 of Boundary, their open-source identity-based access management service designed for dynamic infrastructure. This release includes support for OIDC authentication methods. The Boundary Desktop application is now at version 1.0 for macOS.
-
HashiCorp Vault Adds Tokenization and Auto-Join Features
HashiCorp has released Vault 1.6, adding new features to their secrets and identity management platform. Cloud auto-join facilitates automatically attaching new Vault nodes to the cluster. The transform secrets engine now supports tokenization to better secure data stored outside of Vault. Additional features include integration with key management services and support for seal migration.
-
Production Identity Framework SPIRE Graduates to CNCF Incubator
The Cloud Native Computing Foundation has accepted SPIFFE and SPIRE as incubation level projects. SPIFFE defines a standard to authenticate software services through the use of platform-agnostic, cryptographic identities. SPIRE is an implementation of the SPIFFE APIs that is production ready.
-
Recap of AWS re:Invent 2019
Last week in Las Vegas, AWS held their annual re:Invent conference and unveiled a slew of new products, while updating many existing ones. Here's a review of announcements impacting compute, data and storage, app integration, networking, machine learning, identity management, enterprise services, and development.