Role with Attributes but Permission with UMA Scopes
Advocates for ABAC (attribute based access control) have a new pun up their sleeve, “Role with Attributes”… haha… as in express the person’s role using an attribute. This pun continues an age old...
View ArticleHow to centrally issue OAuth tokens for API access management
So you want to use OAuth2 bearer tokens to protect your API’s to avoid putting credentials in each request. Great idea! But if you have lots of API’s, you may want to build a central service that...
View ArticleWebViews are bad — Use AppAuth for Mobile Single Sign-On (SSO)
Google engineers promoting which OpenID Connect providers support AppAuth In a WebView, any malicious code in the page has the same rights as the application. This means you need to make sure to only...
View ArticleGluu versus Keycloak
From time to time we are asked how Gluu compares to other open source projects. Keycloak is coming up more and more these days, so it’s expedient to just publish our thoughts. 2FA flexibility...
View Article
More Pages to Explore .....