Latest Entries

RSS Feed
  • Gluu’s RSA Conference 2016 Events


    Email
  • Free Open Source Software: More eyes = More secure!


    I like a contrarian article as much as the next person. I’ve even written a few myself… But I recognize that if I write something that is false or misleading, I have an obligation to correct it. The blogosphere is a moving target: there is room for bloggers to improve their work based on research, … Read more >>

    Email
  • Progress without Altruism


    In Progress Without Profits, an article that appeared in The Economist on September 19th, 2015, the author asserts that companies that write open source software do so partly out of altruism. Selfless concern for the well-being of others is a practice that makes sense for individuals, but would be suicidal for a start-up. Many businesses … Read more >>

    Email
  • Stop Writing Custom Authentication APIs! How to Easily Implement OAuth2 with OpenID Connect and UMA


    Note: This is an OSCON 2016 session proposal by Gluu CEO, Mike Schwartz. Summary OAuth2 can be a pain in the neck! However, short-lived OAuth2 bearer tokens can improve API performance and security. And if you have lots of API’s, centralizing client registration and token issuance makes sense. Don’t re-invent the wheel! Use FOSS tools … Read more >>

    Email
  • How to centrally issue OAuth tokens for API access management


    So you want to use OAuth2 bearer tokens to protect your API’s to avoid putting credentials in each request. Great idea! But if you have lots of API’s, you may want to build a central service that takes care of registering clients, and issuing tokens. A good way to do this is to use the … Read more >>

    Email
  • OIDF touts OpenID Connect certification program (again)


    The OpenID Foundation just put out a press release touting momentum for its Certification Program. Since we submitted the Gluu Server in July, five more organizations have submitted their providers. Of the five new submissions, one is a simple deployment of MitreID Connect (so its basically a duplicate), and another is a submission by the … Read more >>

    Email
  • Build a multi-cloud authentication service with DDOS protection in a few hours


    The massive amounts of computer and telecommunications infrastructure that were destroyed on September 11th, 2001 changed our perspective on the importance of building robust systems that could enable continuous operations, uninterrupted by a disaster in one physical location. And while the dangers from a natural disaster or act of terrorism are still with us today, … Read more >>

    Email