Clik here to view.
Role with Attributes but Permission with UMA Scopes
Advocates for ABAC (attribute based access control) have a new pun up their sleeve, “Role with Attributes”… haha… as in express the person’s role using an attribute. This pun continues an age old...
View ArticleClik here to view.
How to centrally issue OAuth tokens for API access management
So you want to use OAuth2 bearer tokens to protect your API’s to avoid putting credentials in each request. Great idea! But if you have lots of API’s, you may want to build a central service that...
View ArticleClik here to view.
WebViews are bad — Use AppAuth for Mobile Single Sign-On (SSO)
Google engineers promoting which OpenID Connect providers support AppAuth In a WebView, any malicious code in the page has the same rights as the application. This means you need to make sure to only...
View ArticleClik here to view.
Gluu versus Keycloak
From time to time we are asked how Gluu compares to other open source projects. Keycloak is coming up more and more these days, so it’s expedient to just publish our thoughts. 2FA flexibility...
View Article
