rafaeldff + authorization   17

Zero Trust Access Management Platform | ScaleFT
A BeyondCorp-inspired platform that shifts access controls from the network perimeter to the application layer, to perform dynamic, real-time authorization
product  company  security  infosec  authorization  authentication  AccessManagement  BeyondCorp  platform 
may 2018 by rafaeldff
It’s Me, and Here’s My Proof: Why Identity and Authentication Must Remain Distinct
Good thinking. Identity and authorization should always be separate. An application of this principle is that biometrics are about identity and so must be accompanied by a second factor (like a PIN) in a secure system.
SteveRiley  security  software  systems  architecture  authorization  identity  authentication  article  essay  column  Microsoft  TechNet 
january 2009 by rafaeldff
rest-discuss : Message: Re: Pretty URLs, sessions, and no cookies
How to do verify auth credentials without having to keep session state on the server. This method requires using cookies, but it doesn't compromise statelessness (they are RESTful cookies, if you will).
AristotlePagaltzis  mail  mailinglist  REST  authentication  authorization  cookies  webdev  http  credentials  security 
july 2008 by rafaeldff
snellspace.com » Blog Archive » Identity and Authentication
James Snell proposing a new IETF working group to revamp HTTP security, probably standardizing much from OpenID and OAuth.
blog  post  standard  HTTP  web  IETF  security  authentication  authorization  identity  OpenID  OAuth  announcement  proposal  JamesSnell 
november 2007 by rafaeldff
Links » Caja: Capability Javascript
"I’ve been running a team at Google for a while now, implementing capabilities in Javascript...." This is potentially a game-changer. CBS is one more on the list things I have to study. Damn, this computer science thing is freaking huge.
blog  post  Google  security  CBS  capabilities  Capability  javascript  compiler  language  preprocessor  BenLaurie  browser  sandbox  runtime  VM  authorization  Caja  webdev 
november 2007 by rafaeldff
HyperText Transport Protocol Bis (httpbis) Charter
Early work towards a committee to review HTTP. They seem mostly concerned with clarifying some hazy points in the spec and, maybe, take a look at improving authentication and authorization. They will not issue a new version of the protocol.
IETF  HTTP  charter  protocol  network  networking  internet  specification  RFC  RFC-2616  authentication  authorization  2007  http-1.1  AlexeyMelnikov  MarkNottingham  ChrisNewman  LisaDusseault  wg  WorkingGroup  clarification  update  review 
october 2007 by rafaeldff
Dare Obasanjo aka Carnage4Life - OAuth 1.0 is Here - Delegated Authority Comes to Mashups
Dare is excited by the final draft of the OAuth spec. I don't know much about the subject, but I'm hopeful that lightweight dentity federation protocols will gain traction.
blog  post  DareObasanjo  security  identity  authorization  authentication  OAuth  mashup  specification  WebServices  REST  web  interoperability  federation 
october 2007 by rafaeldff
OpenID: The Latest News About Today's Hottest Identity Topic - Sun Identity Insights Newsletter
"OpenID is one of the hottest topics in identity today. (...) This article will answer three fundamental questions about OpenID: What is it, why does Sun care about it, and why should you?"
article  EveMaler  introduction  OpenID  security  identity  Sun  web2.0  authentication  authorization 
august 2007 by rafaeldff
Filling the Atompub AAA void with an OpenDS backed Atom server - Trey Drake
"The Atom syndication server backed by the OpenDS LDAP server cleanly address the issues [Authentication, Authorization and Accounting] and here's how:"
TreyDrake  blog  post  sun  Atom  Atompub  APP  LDAP  OpenDS  directory  AAA  security  authentication  authorization  accounting  auditing 
june 2007 by rafaeldff
What's Happening in Identity at Sun
Blog post about Sun open-source efforts in the identity area.
blog  post  Sun  product  opensource  security  authentication  authorization  directory  server  SSO  DS  LDAP  SAML  Tango  OpenDS  OpenSSO  java 
september 2006 by rafaeldff

related tags

AAA  AccessManagement  accounting  Acegi  AlexeyMelnikov  announcement  APP  architecture  AristotlePagaltzis  article  Atom  Atompub  auditing  auricle  Australia  authentication  authorization  BenAlex  BenLaurie  berkman  BeyondCorp  blog  browser  ButlerLampson  Caja  capabilities  Capability  CBS  Cetis  charter  ChrisNewman  clarification  column  company  compiler  cookies  credentials  DareObasanjo  definition  definitions  directory  DS  eclipse  edtech  edu  education  essay  EveMaler  federated  federation  framework  Google  harvard  http  http-1.1  identity  IETF  indentity  infosec  internet  internet2  interoperability  introduction  J2EE  jaas  JamesSnell  java  javascript  JISC  language  LDAP  LisaDusseault  mail  mailinglist  management  MarkNottingham  mashup  Microsoft  middleware  network  networking  oasis  OAuth  OpenDS  OpenID  opensaml  opensource  OpenSSO  owl  p2p  paper  password  platform  post  preprocessor  product  project  proposal  protocol  RCP  rdf  REST  review  RFC  RFC-2616  richclient  richclientplataform  runtime  saml  sandbox  ScottWilson  security  semanticweb  server  shibboleth  sign-on  SingleSign-on  site  social  socialnetwork  socialsoftware  software  specification  Spring  sso  standard  SteveRiley  sun  swt  system  systems  Tango  tcp/ip  TechNet  terms  tidia  toread  TreyDrake  UK  update  VM  vocabulary  web  web2.0  webdev  WebServices  wg  WorkingGroup  xml 

Copy this bookmark: