InfoQ Homepage Authorization Content on InfoQ
-
HashiCorp Vault Improves Eventual Consistency with Server-Side Consistent Tokens
HashiCorp has released Vault 1.10, introducing a number of new features to their secrets and identity management platform. Server-side consistent tokens provide greater control over the eventual consistency model when using performance standby nodes. Authentication can now be performed using the new open source login multi-factor authentication integration.
-
Airbnb Streamlines the Development Process with a Unified Architecture for Collaborative Hosting
Airbnb recently detailed how it designed and built a unified architecture for collaborative hosting. This architecture streamlines the development process of new products, as engineers only need to know about one central framework that will cover all hosting use cases. This framework encapsulates the specific types of collaborative hosting, freeing the engineers from the need to worry about them.
-
Airbnb Builds Himeji - a Scalable Centralized Authorization System
Airbnb recently described how it built Himeji, a scalable centralized authorization system. Himeji stores permissions data and performs permission checks as a central source of truth. It uses a sharded and replicated in-memory cache to improve performance and lower latencies and has served checks in production for about a year.
-
HashiCorp Boundary: Remote Access Management Service Adds OIDC Support
HashiCorp has announced the release of version 0.2 of Boundary, their open-source identity-based access management service designed for dynamic infrastructure. This release includes support for OIDC authentication methods. The Boundary Desktop application is now at version 1.0 for macOS.
-
GitHub Changes Token Format to Improve Identifiability, Secret Scanning, and Entropy
GitHub has recently moved to a new format for all of its tokens, including personal access, OAuth access, user-to-server and server-to-server, and refresh tokens. As GitHub engineer Heather Harvey explains, the new format aims to make tokens more easily identifiable, including when scanning repos for secrets, and to increase their entropy.
-
0-Day Vulnerability in Sign In with Apple Rewarded with $100,000
Earlier this year, security researcher Bhavuk Jain disclosed a 0-day vulnerability in Sign In with Apple that could easily allow an attacker to get full control of a victim's account by only knowing their email address. Apple patched the vulnerability and stated they could find no evidence of exploitation.
-
Open Policy Agent Accepted as CNCF Incubation Level Project
The Cloud Native Computing Foundation (CNCF) accepted the Open Policy Agent (OPA) as an incubation-level hosted project on April 2nd. OPA is an open source, general-purpose policy engine. OPA targets cloud-based enterprise technology companies with a solution that offloads service level policy management to a unified, context-aware policy management solution.
-
Susanne Kaiser on Microservices Journey from a Startup Perspective
Susanne Kaiser, CTO at Just Software, spoke at the recent QCon New York 2017 Conference about the transformation process her team went through to transition from a monolithic application architecture to microservices model.
-
Apache Ranger Graduates to Top-Level Project
Apache Ranger, a security management framework for Apache Hadoop ecosystem, graduated to top level. Ranger is used as a centralized component to define and administer security policies that are enforced across supported Hadoop components such as Apache HBase, Hadoop (HDFS and YARN), Apache Hive, Apache Kafka, Apache Solr, among others.
-
Capital One Launches Developer Platform
Capital One launched the DevExchange Beta developer site and initial API offering last month.
-
Google Introduces Smart Lock for Passwords
Google has announced at I/O 2015 the Google Identity Platform, a collection of tools and APIs for managing identities and dealing with authentication and authorization across Android, iOS and web applications.
-
Major Update to Firebase Brings Rich Authentication Tokens
Firebase has this week announced major updates to its user authentication, including automatic session persistence, and rich authentication tokens for use in Security Rules.
-
Apigee Now Supports Node.js and Open Sources Volos
Apigee Edge now supports Node.js and has open sourced Volos, a project containing a set of API management modules.
-
Simplified Multiple Provider Authorization with OAuth.io
OAuth.io is an API and a service interfacing with more than 80 OAuth providers. This article contains an interview with Mehdi Medjaoui, Co-founder of OAuth.io, providing details on security, licensing and future developments.
-
Twitter API v1.1 with JSON and OAuth1.0a Support
The recently released Twitter API V1.1 ships with support for JSON and provides an ability to authenticate apps via OAuth1.0a.