Latest Entries

RSS Feed
  • Announcing the formation of the OTTO WG


    Note: This announcement originally appeared on the Kantara Initiative website. We are pleased to announce the formation of the OTTO WG! OTTO stands for Open Trust Taxonomy for OAuth2. We hope that you will participate in this innovative new work group! Learn more about the OTTO WG Join the OTTO WG The working group will … Read more >>

    Email
  • The case for OAuth2 Multi-Party Federation


    If you look to the history of the financial industry, you’ll see a good example of how creating the tools and rules for inter-domain collaboration can create huge value. Just consider mortgage backed securities. Agreement on a standard contract for mortgages enabled an entire industry to emerge–one that got so huge it almost took down … Read more >>

    Email
  • OAuth 2.0 as the Solution for Three IoT Security Challenges


    Note: This article was originally published as a guest blog for Alien Vault. Ideas on managing IoT in your house While participating on the Open Interconnect Consortium Security Task Group, I offered to describe a use case for Internet of Things (IOT) security that would illustrate how OAuth2 could provide the secret sauce to make … Read more >>

    Email
  • Part III: Gluu proposes free API Security Certification for Open Source community


    Note: This is Part III of a three part series. Part I and II are published here and here, respectively. Its so easy to acquiesce to a technology world decided for us by technology giants. However, when it comes to security, if we acquiesce to standards that are too low, it could put the breaks … Read more >>

    Email
  • Part II: Beware of a Microsoft-Google Internet Security Oligarchy


    Note: This is Part II of a three part series. Part I and III are published here and here, respectively. Microsoft and Google agreeing on Internet Security is a good thing. Consensus on standards from leading technology companies is essential to adoption. However, at the same time, such collaboration requires the community to remain vigilant … Read more >>

    Email
  • Part I: No TAX on Internet Security Self-Certification


    Note: This is Part I of a three part series. Part II and III are published here and here, respectively. The OpenID Foundation (OIDF) recently announced a certification program. “Google, Microsoft, ForgeRock, Ping Identity, Nomura Research Institute, and PayPal are the first industry leaders to participate in the OpenID Connect Certification program and certify that … Read more >>

    Email
  • 2 Approaches to Open Source Single Sign-On (SSO) and Access Management


    Due to tightening regulations, increased usage of third-party applications, and the sheer volume of breaches caused by weak credentials, single sign-on (SSO) is increasingly becoming a ubiquitous enterprise security requirement. Many organizations also need to centralize policies to control access to valuable API’s or Web resources. SaaS services seem like a good option at first, but if you … Read more >>

    Email