Latest Entries

RSS Feed
  • OAuth 2.0 as the Solution for Three IoT Security Challenges


    Note: This article was originally published as a guest blog for Alien Vault. Ideas on managing IoT in your house While participating on the Open Interconnect Consortium Security Task Group, I offered to describe a use case for Internet of Things (IOT) security that would illustrate how OAuth2 could provide the secret sauce to make … Read more >>

    Email
  • Part III: Gluu proposes free API Security Certification for Open Source community


    Note: This is Part III of a three part series. Part I and II are published here and here, respectively. Its so easy to acquiesce to a technology world decided for us by technology giants. However, when it comes to security, if we acquiesce to standards that are too low, it could put the breaks … Read more >>

    Email
  • Part II: Beware of a Microsoft-Google Internet Security Oligarchy


    Note: This is Part II of a three part series. Part I and III are published here and here, respectively. Microsoft and Google agreeing on Internet Security is a good thing. Consensus on standards from leading technology companies is essential to adoption. However, at the same time, such collaboration requires the community to remain vigilant … Read more >>

    Email
  • Part I: No TAX on Internet Security Self-Certification


    Note: This is Part I of a three part series. Part II and III are published here and here, respectively. The OpenID Foundation (OIDF) recently announced a certification program. “Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal are the first industry leaders to participate in the OpenID Connect Certification program and certify that … Read more >>

    Email
  • 2 Approaches to Open Source Single Sign-On (SSO) and Access Management


    Due to tightening regulations, increased usage of third-party applications, and the sheer volume of breaches caused by weak credentials, single sign-on (SSO) is increasingly becoming a ubiquitous enterprise security requirement. Many organizations also need to centralize policies to control access to valuable API’s or Web resources. SaaS services seem like a good option at first, but if you … Read more >>

    Email
  • Gluu Server Training in San Francisco, CA


    After RSA Security Conference on Wednesday, April 22, join Gluu CEO Mike Schwartz at WeWork SOMA for a hands on training session exploring how to use the Gluu Server to secure web and mobile applications. This workshop will cover how to deploy the Gluu Server on a fresh VM, how to configure single sign-on (SSO) … Read more >>

    Email
  • UMA 1.0 Approved by Unanimous Vote!


    This week voting member organizations at the Kantara Initiative unanimously approved the User Managed Access (UMA) 1.0 specification, a new standard profile of OAuth2 for delegated web authorization. More than half of the member organizations were accounted for on the vote to reach quorum and provide the support needed for approval. The unanimous approval of … Read more >>

    Email