Keycloak is a very good open source SSO server, with lots of features, and a strong community. Red Hat is the corporate backer of the...

Michael Schwartz May 4, 2018

In a WebView, any malicious code in the page has the same rights as the application. This means you need to make sure to only...

Michael Schwartz August 9, 2016

So you want to use OAuth2 bearer tokens to protect your API’s to avoid putting credentials in each request. Great idea! But if you have...

Michael Schwartz November 9, 2015

Advocates for ABAC (attribute based access control) have a new pun up their sleeve, “Role with Attributes”… haha… as in express the person’s role using...

Michael Schwartz December 17, 2013