Ian Mckay · @ian
304 followers · 15 posts · Server ian.mn

Check out my latest post on the Cedar policy engine 🌲📝

Learn where common policy authoring mistakes can happen, and the solutions to those issues to help ensure you keep your authorization system secure 💪

onecloudplease.com/blog/cedar-

#aws #cedar #authz

Last updated 1 year ago

Tobias Maier · @tmaier
8 followers · 8 posts · Server muenchen.social
J. Trent Adams · @jtrentadams
124 followers · 123 posts · Server infosec.exchange

Working on a project with non-InfoSec folks I was reminded that not everyone's gotten the message. All the contributors were accessing the collaboration platform with the admin's credentials ('cause it was easier than creating separate accounts).

#sigh #infosec #authn #authz #fail #meme

Last updated 2 years ago

Florian Maury · @x_cli
398 followers · 1610 posts · Server infosec.exchange

Qqn sait où on peut trouver plus d'info sur le protocole en "double anonymat" que le gouv veut déployer en mars pour restreindre l'accès à certains sites, dont les sites porno ?
J'ai vu un schéma et moralement, ça ressemble a du "sous-privacy pass", mais je voudrais bien étudier la spec ou le code.

#cryptography #france #pornography #privacypass #securite #security #authz #authn

Last updated 2 years ago

Dela 🏳️‍🌈 · @dela
38 followers · 175 posts · Server hachyderm.io

: done
: done
: Time to investigate and

#authn #authz #logging #jaeger #opentelemetry #webdev

Last updated 2 years ago

damienbod · @damienbod
238 followers · 42 posts · Server mastodon.social
Matthew Reinbold · @matthew
232 followers · 12 posts · Server opinuendo.com

Whoa. Today I learned that the OAuth.net website was not owned by a foundation, but by a single member. The banner for advertising is what gave it away.

#oauth #authz #authorization #ads

Last updated 2 years ago

AppSec stof :verified: · @stof
15 followers · 21 posts · Server ioc.exchange

There's a 'grain' of truth in every joke

fine-grained permissions and is no joke

Or is it?
aws.amazon.com/verified-permis

Any practitioner can tell you that is entirely about 'actions', guess what the one thing about AWS they didn't include in this service derived from IAM policy document format and ?..

#aws #authorization #authz #iam #api

Last updated 2 years ago

last senpai · @big
64 followers · 72 posts · Server cons.ivy.io

Excuse the hashtag spam, but I'm trying to find my tribe.

I'm interested in production deployments of ReBAC (relationship based access control) in "enterprise" environments.

Specifically, anyone who has worked on something similar to Google Zanzibar to authorize access into, not just "resources", but dynamic workflow/process driven APIs. Bonus if it is was in a SaaS setting, where each tenant has unique workflows.

#authz #spicedb #ory #keto #abac #rbac #auth0 #openfga

Last updated 2 years ago

FratelloBigio · @FratelloBigio
34 followers · 9 posts · Server hachyderm.io

My boss: "Learn about Zanzibar"

1. What I expected
2. What I got

(feel free to share any educational resource in the comments, let's try to make sense of this all together)

#zanzibar #authorization #authz

Last updated 2 years ago

cdata · @cdata
226 followers · 156 posts · Server mastodon.social

My niece was very interested in my Ferris stickers, and after a little bit of inspired planning she turned them into the main characters for a new board game in development.

#UCAN #rustlang #gamedev #authz #selfsovereignidentity

Last updated 2 years ago

ath0 · @scottlink
145 followers · 154 posts · Server infosec.exchange

@VidmoOreda @nf3xn The scraper would just be grabbing and parsing the html off the page. API interaction isn't scraping and can require authN/authZ or be wide open. If the API doesn't require authN/authZ, then I don't see how any AUP is enforceable. (I still have a way to go on API security. I'm familiar with the use of OAuth tokens for authZ. I think OIDC can be used instead, which I think uses an OAuth token with a "wrapper" to add authN. Reckon JWT is in play for authN/authZ, as well.)

#api #authn #authz

Last updated 2 years ago

Arthur Lutz (Zenika) · @arthurzenika
295 followers · 291 posts · Server pouet.chapril.org