Check out my latest post on the Cedar policy engine 🌲📝

Learn where common policy authoring mistakes can happen, and the solutions to those issues to help ensure you keep your authorization system secure 💪

#aws #cedar #authz

https://onecloudplease.com/blog/cedar-avoiding-the-cracks

Check out my new blog post about #Pundit and different #RSpec test approaches.

https://tobiasmaier.info/posts/2023/06/19/pundit-rspec-approaches.html

#Ruby #RubyOnRails #AuthZ #Authorization

Working on a project with non-InfoSec folks I was reminded that not everyone's gotten the message. All the contributors were accessing the collaboration platform with the admin's credentials ('cause it was easier than creating separate accounts). #sigh

#infosec #authn #authz #fail #meme

Qqn sait où on peut trouver plus d'info sur le protocole en "double anonymat" que le gouv veut déployer en mars pour restreindre l'accès à certains sites, dont les sites porno ?
J'ai vu un schéma et moralement, ça ressemble a du "sous-privacy pass", mais je voudrais bien étudier la spec ou le code.

#cryptography #france #pornography #privacypass #sécurité #security #authz #authn

#AuthN: done
#AuthZ: done
#Logging: Time to investigate #jaeger and #OpenTelemetry

#webdev

Updated to .NET 7

ASP.NET Core Azure Storage Secure Files

https://github.com/damienbod/AspNetCoreAzureAdAzureStorage

#aspnetcore #dotnet #blob #azuread #oauth #rbac #groups #authz

Whoa. Today I learned that the OAuth.net website was not owned by a foundation, but by a single member. The banner for advertising is what gave it away. #OAuth #AuthZ #Authorization #ads

There's a 'grain' of truth in every joke

#AWS fine-grained permissions and #authorization is no joke

Or is it?
https://aws.amazon.com/verified-permissions/

Any practitioner can tell you that #authz is entirely about 'actions', guess what the one thing about AWS #IAM they didn't include in this service derived from IAM policy document format and #API?..

Excuse the hashtag spam, but I'm trying to find my tribe.

I'm interested in production deployments of ReBAC (relationship based access control) in "enterprise" environments.

Specifically, anyone who has worked on something similar to Google Zanzibar to authorize access into, not just "resources", but dynamic workflow/process driven APIs. Bonus if it is was in a SaaS setting, where each tenant has unique workflows.

#authz #spicedb #ory #keto #abac #rbac #auth0 #openfga

My boss: "Learn about Zanzibar"

1. What I expected
2. What I got

(feel free to share any educational resource in the comments, let's try to make sense of this all together)

#zanzibar #authorization #authz

My niece was very interested in my Ferris #UCAN stickers, and after a little bit of inspired planning she turned them into the main characters for a new board game in development.

#RustLang #GameDev #Authz #SelfSovereignIdentity

@VidmoOreda @nf3xn The scraper would just be grabbing and parsing the html off the page. API interaction isn't scraping and can require authN/authZ or be wide open. If the API doesn't require authN/authZ, then I don't see how any AUP is enforceable. (I still have a way to go on API security. I'm familiar with the use of OAuth tokens for authZ. I think OIDC can be used instead, which I think uses an OAuth token with a "wrapper" to add authN. Reckon JWT is in play for authN/authZ, as well.) #api #authn #authz

#DevFestNantes #authz #authn

Avec un passage par

🍪 https://en.wikipedia.org/wiki/HTTP_cookie
🍪 https://en.wikipedia.org/wiki/Macaroons_(computer_science)
🍪 jwt https://jwt.io/