Tags » Authentication

I don't need to know your name to know who you are

An interview with ThreatMetrix CEO Reed Taussig, wherein he discusses how his company gathers and sanitizes personal data to preserve consumer privacy, the security/privacy balance, the value of federated risk information sharing, how to reduce identity fraud, and more.

(Via The Paypers)

Microservice authentication and authorisation

Below is a sequence diagram describing a common pattern for handling authentication and authorisation in a microservice solution, where you have a number of small web services interconnected and don’t want them all having to implement  authentication and authorisation individually, just to be simple services focused on their job. 114 more words

Architecture

Cisco Anyconnect VPN client certificate and AAA based authentication

Description:

Due to many security reasons, the authentication for remote VPN clients using username and password is not enough and due to certain IT security policies, the authentication need to be tied to the machine connecting from, and one of the methods is to use the user certificate installed on the machine to authenticate in addition to the authentication using username and password, which called two factor authentication. 219 more words

Anyconnect

Cross Domain Identity Patterns: Chained Federation & Service Broker

Chained Federation allows access to multiple Service Providers to be granted to multiple trusted Identity Providers. The identity provider request access to the service provider via the Service Broker which authorises the request and forwards to the appropriate service provider based on the TargetURL. 109 more words

SDLC

The Shifting Sands of Art Authentication: As Calder Foundation finds itself in court again who will have the last word regarding authentication?

By Irina Tarsis, Esq., Center for Art Law

On 3 March 2014, a well-intentioned Bill to amend the New York Arts and Cultural Affairs Law was introduced in the New York State Assembly. 1,961 more words

Litigation

Details on 2 Factor Authentication in Cloud

In the colorful light of PRISM like Governmental Spyware Activities and their private kind of “partners”, Google and Microsoft services should not be used by any means which involves corporate data – that includes even the Public website.Most actually assume, Two-Factor Authentication / Multi-Factor Authentication is limited to Google Style text message or voice call based authentication.
http://thecustomizewindows.com/2014/04/two-factor-authentication-openstack-cloud/

Uniquity = One ID

I would like to live in a world of one ID.

We’ve all heard about the Heartbleed Bug, how it’s been exacerbated by all the “passwords” leaking about, and now there are recommendations on… 682 more words

Musings