Tag Archives: openid connect
-
WebViews are bad — Use AppAuth
This entry was posted in Gluu and tagged AppAuth, authentication, Google, Mobile, mobile SSO, OAuth, oauth2, Okta, openid connect, Ping, PKCE, security, sso on .
In a WebView any malicious code in the page has the same rights as your application, so you should make sure you only load trusted content. But there is another risk–a malicious app may also have access to browser content (like cookies) and may snoop passwords or intercept OAuth codes. So if you download some … Read more >>
-
OAuth2 for IoT?
This entry was posted in Gluu and tagged 2fa, authentication, IOT, oauth2, openid connect, uma on .
Today, consumers have no way to centrally manage access to all their Web stuff and IOT devices are threatening to create a whole new silo of security problems. This is one of the reasons I’ve been participating in the Open InterConnect Consortium Security Task Group. People can’t individually manage every IOT device in their house. … Read more >>
-
OpenID Connect… Call me crazy!
This entry was posted in Gluu and tagged authentication, oauth2, openid connect, Single Sign-On, sso, uma on .
10 Reasons Why OpenID Connect will be ubiquitous for domain authentication “The difficult… I’ll do right now. The impossible may take a little while…” Bob Russell lyrics for Jazz standard “Crazy She Calls Me” OpenID Connect has reached the quorum of votes needed for approval! Check out the launch press release. This under-appreciated event will … Read more >>
-
Juju OAuth2 Application Security Design Proposal
This entry was posted in Gluu and tagged 2fa, Authn, Authz, oauth2, OpenAM, openid connect, saml, siteminder, sso, ubuntu on .
We don’t need SSO, we need trust elevation There is no point in designing a solution that provides just SSO. Today, people are using an array of devices (think IOT). Applications need to understand how (and how long ago) a person has been authenticated, and based on the context of the situation, whether they need … Read more >>
-
Gluu Web Authentication / SSO Protocol Adoption Predictions
This entry was posted in Gluu and tagged authentication, Authn, CAS, federation, Identity, IDM, OAM, OAuth, oauth2, OpenAM, openid, openid connect, saml, security, shibboleth, siteminder, sso, TAM, WAM on .
Its hard to make accurate predictions about adoption for SSO protocols. Its impossible to make a detailed model when the known inputs are so vast. With that inherent disclaimer about the difficulty of forecasting, the following graph represents Gluu’s view about the likely adoption and un-adoption of three very important web authentication standards: SAML, CAS, … Read more >>
-
NSTIC: “Are we there yet?” … Gluu: “Are you kidding?”
This entry was posted in Gluu and tagged cloud identity, data federation, oauth 2.0, openid connect, privacy on .
This was originally a comment on a blog post by Jeremy Grant, Senior Executive Advisor at NSTIC, titled: Interim Identity Ecosystem: “Are we there yet?” Follow this link to read that blog. The guiding principles of NSTIC are great. However, great ideas need equally great execution. As CEO of Gluu, I talk with organizations every … Read more >>
-
How to Move Away From CA SiteMinder to Open Source Authn / Authz
This entry was posted in CLOUD IDENTITY SECURITY, Gluu and tagged access management, Authenticaiton, authorization, Forrester, Gartner, IAM, IDP, Magic Quadrant, OAuth, oauth2, openid, openid connect, saml, siteminder, SP, sso, uma, web access management on .
In our last blog, we discussed the decline of CA Siteminder. So you have seen the light: open standards and open source IAM. But what if your organization already has websites that use SiteMinder|OAM|TAM|ClearTrust? To liberate your organization, here is Gluu’s secret recipe. Skate to where the puck is going: The Winner is… OAuth2 B2C identity … Read more >>
