Podcasts about OpenID

A Tale of Two Phishing Sties Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host the sites and reporting data to the miscreant. https://isc.sans.edu/diary/A%20Tale%20of%20Two%20Phishing%20Sites/31810 A Phihsing Tale of DOH and DNS MX Abuse Infoblox discovered a new variant of the Meerkat phishing kit that uses DoH in Javascript to discover MX records, and generate better customized phishing pages. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/ Using OpenID Connect for SSH Cloudflare opensourced it's OPKSSH too. It integrates SSO systems supporting OpenID connect with SSH. https://github.com/openpubkey/opkssh/

Massive Botnet Targets M365 with Password Spraying A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware. https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf Mixing up Public and Private Keys in OpenID The complex OpenID specificiation and the flexibility it supports enables careless administrators to publich private keys instead or in addition to public keys https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html Healthcare Malware Hunt Part 1: Medial images are often encoded in the DICOM format, an image format unique to medical imaging. Patients looking for viewers for DICOM images are tricked into downloading malware. https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/

OpenIddict è migliorata davvero molto, ed ora può essere facilmente integrata nelle proprie applicazioni per realizzare dei proprio server OAuth 2.0/OpenID Connect. Dopo il cambio di licenza di IdentityServer (passato a pagamento), gli sviluppatori hanno preso la palla al balzo e hanno evoluto al meglio questa libreria.https://github.com/openiddict/openiddict-corehttps://docs.orchardcore.net/en/latest/reference/modules/OpenId/https://youtu.be/RSjwrBATcukhttps://youtu.be/5PoWTlhxThA#dotnet #OpenIddict #OpenIDConnect #dotnetinpillole #podcast

Today's episode covers an odd 12 year old Netgear vulnerability that only received a proper CVE number last year. Learn about how to properly identify OpenID connect users and avoid domain name resue. Good old rsync turns out to be in need of patching and Fortinet: Not sure if it needs patching. Probably it does. Go ahead and patch it. The Curious Case of a 12-Year-Old Netgear Router Vulnerability Outdated Netgear routers remain a security risk, with attackers actively exploiting a 2013 vulnerability to deploy crypto miners. Learn how to protect your network by updating or replacing legacy hardware. URL: https://isc.sans.edu/diary/The%20Curious%20Case%20of%20a%2012-Year-Old%20Netgear%20Router%20Vulnerability/31592 Millions at Risk Due to Google s OAuth Flaw A flaw in Google s OAuth implementation enables attackers to exploit defunct domain accounts, exposing sensitive data. Tips on implementing MFA and domain monitoring to reduce risks. URL: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw Rsync 3.4.0 Security Release The latest rsync update fixes critical vulnerabilities, including buffer overflows and symbolic link issues. Upgrade immediately to protect your file synchronization processes. URL: https://download.samba.org/pub/rsync/NEWS#3.4.0 Fortinet PSIRT Advisories: Stay Secure Fortinet's latest advisories address vulnerabilities in FortiOS, FortiProxy, and more. Review and apply patches promptly to secure your perimeter defenses. URL: https://www.fortiguard.com/psirt

Okta Japan株式会社とOpenID Foundationは10月17日、SaaSアプリケーションの新たなアイデンティティセキュリティ標準「IPSIE」の策定に向けたワーキンググループの結成を発表した。

How can we establish trusted digital ecosystems while driving innovation? In this episode of The SSI Orbit Podcast, host Mathieu Glaude picks the brain of Dima Postnikov, Vice Chairman at the OpenID Foundation, on a standards-based solution: OpenID Federation – a framework for enabling trust across networks. As open banking and open finance initiatives spread, a crucial need arises: secure mechanisms for managing trust between participants. Dima walks us through the genesis of OpenID Federation and its role in overcoming hurdles around trust discovery and governance. The evolution of trust management approaches across sectors like open banking Understanding OpenID Federation's intersection with verifiable credentials Leveraging standards to reduce barriers and foster interoperability Tailoring OpenID Federation for use cases like eIDAS 2.0 digital identity Unpack the keys to unlocking trusted, interoperable ecosystems that safeguard data while catalyzing innovation. Tune in to this insightful conversation now! Chapters: 00:00 - Background on trust management in the OpenID world 03:49 - Learnings in trust management from the world of Open Banking 11:58 - How trust chains complement/conflict with peer to peer interactions 17:25 - OpenID Federation's architecture design 34:25 - The evolution of standards in Open Banking 39:50 - eIDAS 2.0 profiles of OpenID Federation? 47:47 - Why Canadian Open Banking should have Trust Registries at launch

In this episode of Identity at the Center, hosts Jim McDonald and Jeff Steadman delve into the intricate world of authorization within the IAM space with Omri Gazit, co-founder and CEO of Asserto, and co-chair of the AuthZEN working group at the OpenID Foundation. They tackle the evolution of authorization, from the days of basic role-based access control to the current landscape of fine-grained authorization, including policy and relationship-based access control models. Omri shares his insights on the importance of standards in authorization, the role of developers in adopting these standards, and the journey towards a single authorization control plane for multiple applications. He also discusses the challenges organizations face with over-provisioned access and the potential of AI in enhancing authorization decisions. Listeners will also get a personal glimpse into Omri's life outside of IAM, learning about his passion for kung fu and how the discipline and journey of martial arts have influenced his professional ethos. Tune in for a comprehensive discussion on the future of authorization and the steps IAM practitioners can take to evolve their organization's approach to this critical aspect of identity security. Connect with Omri: https://www.linkedin.com/in/ogazitt/ Learn more about Aserto: https://www.aserto.com/ AuthZEN: https://openid.net/wg/authzen/ Google Zanzibar: https://research.google/pubs/zanzibar-googles-consistent-global-authorization-system/ Identiverse 2024: As an IDAC listener, you can register with 25% off by using code IDV24-IDAC25 at https://events.identiverse.com/identiverse2024/register?code=IDV24-IDAC25 Meet up with our RSM team! Schedule at https://rsmus.com/events/2024-events/join-rsm-at-identiverse-2024.html Attending the European Identity and Cloud Conference in Berlin? Use Discount Code: EIC24idac25 for 25% off. Register at https://www.kuppingercole.com/events/eic2024 Attending Identity Week in Europe, America, or Asia? Use our discount code IDAC30 for 30% off your registration fee! Learn more at: Europe: https://www.terrapinn.com/exhibition/identity-week/ America: https://www.terrapinn.com/exhibition/identity-week-america Asia: https://www.terrapinn.com/exhibition/identity-week-asia/ Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at http://idacpodcast.com and follow @IDACPodcast on Twitter.

Mattias och Erik tar sig en titt på federationens resa som startar i 2000-talets början. Då, med Microsoft och "den våta drömmen" om Passports och deras önskan om hur de ville att alla skulle logga in. Men de andra teknikjättarna ville annat och skapade en ny standard. Avsnittet handlar om Oauth2, SAML och OpenID och federation i allmänhet. Men vad finns för risker att lita på andra? Hur skiljer sig en federation med t.ex. att göra en trust i Active Directory? Och hur blir användarupplevelsen? Och kan mitt val av federationslösning förhindra smarta sätt att logga ut, t.ex. utan lösenord? IT-säkerhetspodden samarbetar med Dataföreningen kompetens där du som lyssnare erbjuds rabatt på IT-säkerhetsutbildningar. Så om det inte räcker med podden som kunskapskälla, klicka på länken (länk).   Använd ”ITSÄKERHETSPODDEN” som rabattkod.

In this episode, Mathieu Glaude hosts Hakan Yildiz from Accenture and Vladimir Simjanoski from Blokverse to explore the world of digital credential protocols like Aries, OpenID4VC, ISO, and KERI. The discussion provides a comprehensive analysis of these protocols, focusing on their interoperability, privacy, and the future of digital identity. The episode highlights critical issues like combating deepfakes and the Trust Over IP Foundation's Credential Exchange Protocol task force. Join us for this insightful conversation. 0:22 - 18:48 - Comparing Digital Credential Exchange Protocols: Aries, OpenID, ISO and KERI 18:49 - 26:22 - Profiles, Interoperability, Test Suites 26:23 - 36:15 - Interoperability from the Perspectives of Issuers, Holders and Verifiers 36:17 - 44:10 - Protocol Requirements for Humans, Organisations, and Machines 44:11 - 53:08 - Surveillance and Correlation, Privacy Considerations 53:09 - 58:38 - Deciding Data Sharing: Balancing Autonomy, Regulations, and Governance for Holders 58:39 - 1:02:41 - Combating Deepfakes: Enhancing Content Authenticity with Digital Credentials and Signatures. 1:02:43 1:07:27 - Vision Behind the Trust over IP's Credential Exchange Protocol Task Force

We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve? We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication (OAuth, OpenID). Learning how these standards come about can also inform how your own org documents designs and decisions. Segment resources https://datatracker.ietf.org/doc/html/rfc3552 https://identiverse.com/video/the-butterfly-effect-of-standards-development/ https://sphericalcowconsulting.com https://datatracker.ietf.org/doc/html/rfc6919 In the news, benchmarking prompt injection scanners, using generative AI to jailbreak generative AI, Meta's benchmark for LLM risks, tapping a protocol to hack Magic the Gathering, and more!   Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-266

We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve? We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication (OAuth, OpenID). Learning how these standards come about can also inform how your own org documents designs and decisions. Segment resources https://datatracker.ietf.org/doc/html/rfc3552 https://identiverse.com/video/the-butterfly-effect-of-standards-development/ https://sphericalcowconsulting.com https://datatracker.ietf.org/doc/html/rfc6919 Show Notes: https://securityweekly.com/asw-266

We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve? We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication (OAuth, OpenID). Learning how these standards come about can also inform how your own org documents designs and decisions. Segment resources https://datatracker.ietf.org/doc/html/rfc3552 https://identiverse.com/video/the-butterfly-effect-of-standards-development/ https://sphericalcowconsulting.com https://datatracker.ietf.org/doc/html/rfc6919 In the news, benchmarking prompt injection scanners, using generative AI to jailbreak generative AI, Meta's benchmark for LLM risks, tapping a protocol to hack Magic the Gathering, and more!   Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-266

Managing security for a large remote workforce can be difficult, which is why Azure IAM is now offering OpenID implementations for multinational companies. To read all about how OpenID can be used to power your security perimeter, visit https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website https://azureiam.com Phone +1-575-312-9326 Email robin@azureiam.com

We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve? We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication (OAuth, OpenID). Learning how these standards come about can also inform how your own org documents designs and decisions. Segment resources https://datatracker.ietf.org/doc/html/rfc3552 https://identiverse.com/video/the-butterfly-effect-of-standards-development/ https://sphericalcowconsulting.com https://datatracker.ietf.org/doc/html/rfc6919 Show Notes: https://securityweekly.com/asw-266

Jonatan Männchen leads technology @ Sustema and is a member @ ErlEF security working group Look at oidcc (https://github.com/erlef/oidcc) on GitHub. Catch him at CodeBEAM in SF (https://sessionize.com/s/maennchen/unlock-the-power-of-openid-connect-on-the-beam/77511) Find him on LinkedIn (https://www.linkedin.com/in/maennchen/) We want to connect with you! Twitter: @BeamRadio1 Send us your questions via Twitter @BeamRadio1 #ProcessMailbox Keep up to date with our hosts on Twitter @akoutmos @lawik @meryldakin @RedRapids @smdebenedetto @StevenNunez and on Mastodon @akoutmos@fosstodon.org @lawik@fosstodon.org @redrapids@genserver.social @steven@genserver.social Sponsored by Groxio (https://grox.io) and Underjord (https://underjord.io)

Azure IAM can build a powerful digital perimeter for your company using industry-leading tools to ensure you are protected against all types of cyber attack. To read about their highly versatile services, visit https://azureiam.com/ Azure IAM, LLC City: Sterling Address: P. O. Box 650685 Website https://azureiam.com Phone +1-575-312-9326 Email robin@azureiam.com

#230: In today's digital age, it's no secret that relying solely on passwords for security is no longer an effective solution. We all understand the risks associated with using just passwords, but the question remains: what other alternatives do we have at our disposal? What if you could eliminate passwords all together and still make all your communications completely secure? In this episode, we speak with Mike Malone, Founder and CEO at Smallstep, about his background with OpenID and OAuth and how increasing security today doesn't mean also increasing budgets.   Mike's contact information: Twitter: https://twitter.com/mjmalone LinkedIn: https://www.linkedin.com/in/mmalone/   YouTube channel: https://youtube.com/devopsparadox   Books and Courses: Catalog, Patterns, And Blueprints https://www.devopstoolkitseries.com/posts/catalog/   Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/   Slack: https://www.devopsparadox.com/slack/   Connect with us at: https://www.devopsparadox.com/contact/

Welcome episode 221 of The Cloud Pod podcast - where the forecast is always cloudy! This week your hosts, Justin, Jonathan, Ryan, and Matthew look at some of the announcements from AWS Summit, as well as try to predict the future - probably incorrectly - about what's in store at Next 2023. Plus, we talk more about the storm attack, SFTP connectors (and no, that isn't how you get to the Moscone Center for Next) Llama 2, Google Cloud Deploy and more!  Titles we almost went with this week: Now You Too Can Get Ignored by Google Support via Mobile App The Tech Sector Apparently Believes Multi-Cloud is Great… We Hate You All.  The cloud pod now wants all your HIPAA Data The Meta Llama is Spreading Everywhere The Cloud Pod Recursively Deploys Deploy A big thanks to this week's sponsor: Foghorn Consulting, provides top-notch cloud and DevOps engineers to the world's most innovative companies. Initiatives stalled because you have trouble hiring?  Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

What if you could confidently face the CISSP exam knowing you've got a strong grasp of crucial topics like SAML and Identity and Access Management? Join me, Sean Gerber, your guide through the maze of CISSP exam preparation, as I tackle a series of exam-related questions that will significantly bolster your study routine. Together, we'll unpack concepts like the primary purpose of SAML, OAuth2's main function, and the characteristics of multi-factor and biometric authentication. Prepare to have your understanding deepened as we delve into the subtle differences between user authentication and user authorization. We'll dissect the concept of single sign-on, and separate the wheat from the chaff in terms of what constitutes biometric authentication. Whether you're an auditory learner or prefer to watch, don't worry - I've got you covered. You can also head to CISSP Cyber Training, where all these questions are available in video and audio format. So, gear up and let's step up your CISSP exam preparation!Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.

Sam Curren is the Senior Systems Architect and Deputy Chief Technology Officer for Indicio. Sam has been involved in the Identity Community for over 12 years, working and researching on personal data, distributed systems, supply chain digital birth certificates, and Decentralized Identifiers (DIDs). Sam is a pioneer in decentralized identifier communication protocol (DIDComm) and open source technologies for verifiable credentials, such as Hyperledger Aries and Hyperledger Indy. Darrell O'Donnell (Continuum Loop) is a technology company founder, executive, investor, and advisor. He helps large and small companies to operationally deploy emerging technologies. He is focused on solving problems of mission-critical systems and interoperability, especially where there are many players and no clear central authority. He advises numerous startups, senior government leaders, and investors. About Podcast Episode Read more about the episode by heading to ⁠⁠⁠⁠⁠⁠https://northernblock.io/podcasts/didcomm-and-openid-for-verifiable-credentials The full list of topics discussed between Sam, Darrell and I in this podcast conversation include: Session-Based vs Non-Session-Based Activities - discussed the differences between session-based activities (like logging into a website or video conferencing) and non-session-based activities (like sending an email or downloading a file). Verifiable Credentials in Different Activities - discussed the adoption of verifiable credentials across session-based and non-session-based activities, and the potential restrictions and opportunities in both models. Alternatives to Session-Based and Non-Session-Based Activities - explored potential alternatives to the common ways of looking at session-based and non-session-based activities. Understanding DIDComm - delved deeper into what DIDComm is, its properties, and how it would fit within our everyday lives and on the web. Momentum Behind Client-Server Architecture-Based Protocols - discussed the momentum behind client-server architecture-based protocols for exchanging verifiable credentials, specifically OpenID for verifiable credentials. Benefits of OpenID for Verifiable Credentials - discussed the benefits of using OpenID for verifiable credentials, including injecting integrity into wallets and signed payloads. Importance of Other Aspects Beyond Verifiable Credentials - explored why a digital identity program should care about aspects beyond verifiable credentials. Impact of Government Recommendations on Digital Identity - discussed how government recommendations can have a significant impact on the direction of digital identity initiatives. Coexistence of Different Protocols - explored the idea that different protocols, like DIDComm and OpenID, could coexist and complement each other. Shifting Focus from Wallets and VCs to User Journeys - discussed the need to shift focus from wallets and verifiable credentials to user journeys and how having more integrity in the journey can help reduce fraud or cost. Business Perspective on Choosing Protocols - discussed the need to look at choosing protocols from a business perspective, considering what would be most beneficial for the specific use case. Where to find Sam? LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/samcurren/ Twitter: ⁠https://twitter.com/TelegramSam Where to find Darrell? LinkedIn: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/darrellodonnell/ Twitter: https://twitter.com/darrello Follow Mathieu Glaude Twitter: ⁠⁠⁠⁠⁠⁠https://twitter.com/mathieu_glaude  ⁠⁠⁠⁠⁠⁠ LinkedIn:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.linkedin.com/in/mathieuglaude/⁠⁠⁠⁠⁠⁠ Website:⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://northernblock.io/

This week the tables are turned on Ruby for All, as our friend of the show, Drew Bragg, interviews Julie J. This was originally on Code and the Coding Coders Who Code it Podcast. If you haven't checked it out, please go smash the subscribe button. Today, Drew asks Julie J his 3 questions: What are you working on? What's blocking you? What's something cool you want to share? What are Julie's answers? Guess you'll have to listen to find out. Hint, they talk about her cool side project, Ruby for All, Rails upgrades, and some of the confusion that still exists around assets in Rails. Hit download now to find out more! [00:01:21] Julie tells us she's working on a work-related project and a side project. At work, she's been struggling to keep track of her tasks and notes so she decided to build an app called, Today app, which is a Rails/ERB views app that consolidates all her tasks, questions, standup notes, meeting details on one page, and a note section for previous discussions.[00:07:19] She started working on this project for a couple of months and has found Chat GPT helpful for quick syntax references and learning new concepts. She also uses it to quiz herself and simplify complex explanations.[00:13:00] What does Julie work with right now at work? She primarily works with Rails but has a desire to focus more on front-end development to enhance her skills in both areas, and she's been doing some React Typescript and React Native.[00:14:07] Julie tells us Codecademy is set up with a mix of front-end, full stack, and back-end. [00:14:41] Drew explains in his current work, they primarily use ERB templates and some Stimulus for their JavaScript sprinkles. His new project is transitioning to using Turbo and Hotwire for interactivity and reactivity. [00:15:56] Drew's been heavily involved in upgrading their Rails version at his job, starting from v4.1 and currently on v6.1.  He's gained experience and learned through trial and error during these upgrades. [00:18:44] Julie expresses her interest in participating in Rails upgrades at her job, as her team is currently on Rails v6.0 and Ruby v2.7. Drew gained experience and learned through trial and error during these upgrades. [00:22:21] We hear Drew's approach of limiting his to-do list to three tasks, and Julie mentions how she further limits hers to just one task in her Today app. They discuss the value of limiting tasks and the mental health benefits it may provide. [00:24:29] What kind of blockers does Julie run into? She shares how she used ChatGPT to overcome JavaScript related issues in her Today app and get unstuck. She mentions struggling with integrating JavaScript and explains how she received guidance from ChatGPT. [00:28:00] Drew discusses the confusion and complexity surrounding asset management in Rails, particularly with JavaScript. Also, it can be overwhelming for junior or early career developers trying to learn Rails since there are three different ways to manage assets.[00:32:25] RubyConf in San Diego is coming up and Julie and Drew will be attending. [00:34:20] What is something cool Julie's discovered? She tells us she spent two months learning about OAuth and OpenID connect. She also mentions using ngrok to solve the issue of testing Apple SSO locally by redirecting the local host to a ngrok URL. [00:36:41] Drew explains that ngrok is commonly used to tunnel local development environments and allows testing over HTTPS.  [00:37:34] Julie and Drew briefly discuss the deprecated gem, Paperclip, which was used for file uploads before Active Storage became the preferred open in Rails.Panelists:Julie J.Drew BraggSponsors:HoneybadgerAvo Admin for RailsLinks:Andrew Mason TwitterAndrew Mason WebsiteJulie J. TwitterJulie J. WebsiteDrew Bragg TwitterCode and the Coding Coders who Code it Podcast with Drew BraggCode and the Coding Coders who Code it- Episode 17: Joe Masilotti ngrokActive StorageRuby ConferencesRubyConf 2023 (San Diego) 

Dr.-Ing. Torsten Lodderstedt is founder of Tuconic, a consulting firm specialising in digital identity and API-based software architectures, with more than 15 years experience in developing and running large scale consumer identity services. In his previous positions, he helped organisations in public, banking, railway communication, and telecommunication domains to implement highly-scalable and secure services. Torsten regularly contributes to identity standards, currently focusing on decentralized identity and global identity networks. He is co-author of OpenID for Verifiable Credentials and OAuth 2.1, and co-chairs the GAIN PoC community group. About Podcast Episode Read more about the episode by heading to https://northernblock.io/open-id-4-vc-openid-for-verifiable-credentials/ Some of the key topics covered during this episode with Torsten are: OpenID4VC's background, and its relationship to oAuth2 and OpenID Connect. How verifiable credential issuances and verifications are done using OpenID4CI and OIDC4VP (+ why Presentation Exchange was chosen as the verification protocol). Decisions behind supporting different credentials formats, identifiers, cryptography suites and trust management mechanisms. How OpenID4VC fits within the ToIP Hourglass Model (from the ToIP Technical Architecture Specification). How OpenID4VC can be used in conjunction with other protocols such as DIDComm to bootstrap workflows. Does OpenID4VC combined with trust frameworks help to solve the NASCAR problem we face today on the internet? SIOP: the protocol to exchange cryptographically verifiable identifiers and authenticate using the key material controlled by the End-User. Using OpenID4CI for ISO 18013-5 (mDL) to move away from wallet-specific credential issuance and towards an interoperable way of exchanging verifiable credentials between different decentralized identity systems. Where to find Torsten? LinkedIn: https://www.linkedin.com/in/dr-torsten-lodderstedt/ Twitter: https://twitter.com/tlodderstedt Follow Mathieu Glaude Twitter: https://twitter.com/mathieu_glaude LinkedIn: https://www.linkedin.com/in/mathieuglaude/ Website: https://northernblock.io/

Scott is a passionate entrepreneur with 20+ years of experience building companies in the web1, web2, and now web3 space. While he cut his teeth on the tech side helping build things like the Open Source Lab, OpenID and OAuth, he made the switch to the business side back in 2007. Since then, he's raised over $50M in funding, orchestrated large deals, and built absolutely fantastic companies with wonderful cultures. Scott is currently the CEO and Co-Founder of Jump, where he and his team are on a mission to disrupt the physical asset ownership space. Scott also has built, scaled and sold companies, raised $50M in venture, and orchestrated large M&A deals while building great companies with amazing teams. Scott Kveton (@kveton) · Twitter https://youtu.be/VmSHq7f4u7U Follow me on Facebook: Santino Peralta Instagram: sonny232323 Snapchat: peralta2323 Twitter: @santinoperalta1 TikTok: @cryptokid23 https://www.facebook.com/cryptokidpodcast/ affiliate link: https://kitcaster.com/cryptokid/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/cryptokid/message Support this podcast: https://anchor.fm/cryptokid/support

Distributed ID is a web three concept of being able to use zero trust and identify users without having a central authority. In this conversation, we talk about critical concepts like Open ID trust government actions, and how this could be influential and important in a web three and IoT context. We really drill into how the system works, and I know you will enjoy the conversation Transcript: https://otter.ai/u/X_5lffVEG0LUTgsyoDOx5sJDwYM Images: https://www.pexels.com/photo/person-putting-a-passport-on-bag-842961/

Watch the live stream: Watch on YouTube About the show Sponsored by Microsoft for Startups Founders Hub. Brian #1: Can Amazon's CodeWhisperer write better Python than you? Brian Tarbox “Despite the clickbait-y title, whether CW's code is better or worse than mine is at the margins and not really important. What is significant is that it has the potential to save me a ton of time and mental space to focus on improving, refactoring and testing. It's making me a better programmer by taking on some of the undifferentiated heavy lifting.” Some decent code generation, starting with Amazon API examples. The generated dataclass method was neat, but really, the comment “prompt” probably took as much time to write as the code would have. The generated test case is workable, but I would not consider that a good test. Perhaps don't lump together construction, attribute access, and tests for all methods in one test function. That said, I've seen way worse test methods in my career. So, decent starting point. Related and worth listening to: Changelog #506: Stable Diffusion breaks the internet w/ Simon Willison Mostly an episode about AI generated art. There is a bit of a tie in to AI code generation, the ethics around it, and making sure you walk up the value chain. I'm planning on playing with GitHub CoPilot. I've been reluctant in the past, but Simon's interview is compelling to combine experienced engineering skill with AI code generation to possibly improve productivity. Simon does warn against possible abuse by Junior devs and the “just believe the code” problem that we also see with “copy from StackOverflow” situations. Michael #2: Apache Superset Apache Superset is a modern data exploration and visualization platform An intuitive interface for visualizing datasets and crafting interactive dashboards A wide array of beautiful visualizations to showcase your data Code-free visualization builder to extract and present datasets A world-class SQL IDE for preparing data for visualization, including a rich metadata browser A lightweight semantic layer which empowers data analysts to quickly define custom dimensions and metrics Out-of-the-box support for most SQL-speaking databases Seamless, in-memory asynchronous caching and queries An extensible security model that allows configuration of very intricate rules on who can access which product features and datasets. Integration with major authentication backends (database, OpenID, LDAP, OAuth, REMOTE_USER, etc) The ability to add custom visualization plugins An API for programmatic customization Brian #3: Recipes from Python SQLite docs Redowan Delowar Expanding on sqlite3 Python docs with more examples, including Executing individual and batch statements Applying user-defined callbacks: scalar and aggregate scalar example shows using a sha256 function to hash passwords as their inserted into the database Enabling tracebacks when callbacks raise an error Transforming types between SQLite and Python Implementing authorization control … much more … This is great for not only learning SQLite, but also, since these kinds of topics exist in other databases, learning about databases. AND a great example of learning a subsystem by creating little code snippets to check your understanding of something. One mod I would do in practice is to write these examples as pytest functions, because I can then run them individually while keeping a bunch in the same file.

Next in Marketing spoke with Ed Davis President, Product & Operations at OpenAP about how the media venture - jointly owned by NBCUniversal, Paramount, Warner Discovery and others - has rolled out a series of news products, including a centralized data hub, an identity framework and a measurement tool - all aimed at helping marketers better target consumers, while reducing waste in their media spending (so people stop seeing the same ads again and again). Guest: Ed DavisHost: Mike Shields

In this episode, I will be covering topics from Domain 3 of CompTIA Security+ Sy 601. Topics covered in the episode are, Identity and Access Management Authentication, Authorization, and Accounting Role-Based Access Controls Multi-Factor Authentication Radius, LDAP, SAML, and OpenID

What does it take to not just build, but scale, a trust framework for interoperable digital identity? On this week's State of Identity podcast host, Cameron D'Ambrosi is joined by Daniel Goldscheider, Founder & CEO of yes.com, Don Thibeau, Executive Director at OpenID Foundation, Carl Hössner, CTO at BankID, and Anil Mahalaha, Head of Solutions at Akoya, to discuss the launch of the Global Assured Identity Network (GAIN). They discuss GAIN's core mission of leveraging bank KYC to validate online identities, with interoperability provided by the fundamental OpenID standard.

Apache Kafka® 3.1 is here with exciting new features and improvements! On behalf of the Kafka community, Danica Fine (Senior Developer Advocate, Confluent) shares release highlights that you won't want to miss, including foreign-key joins in Kafka Streams and improvements that will provide consistency for Kafka latency metrics. KAFKA-13439 deprecates the eager protocol, which has been the default since Kafka 2.4—it's advised to upgrade your applications to the cooperative protocol as the eager protocol will no longer be supported in future releases. Previously, foreign-key joins in Kafka Streams only worked if both primary and foreign-key tables were joined. This release adds support for foreign-key joins on tables with custom partitioners, which will be passed in as part of a new `TableJoined` object, comparable to the existing `Joined` and `StreamJoined` objects. With the goal of making Kafka more intuitive, KIP-773 enhances naming consistency for three new client metrics with millis and nanos. For example, `io-waittime-total` is reintroduced as `io-wait-time-ns-total`. The previously introduced metrics without ns will be deprecated but available for backward compatibility. KIP-768 continues the work started in KIP-255 to implement the necessary interfaces for a production-grade way to connect to an OpenID identity provider for authentication and token retrieval. This update provides an out-of-the-box implementation of an `AuthenticateCallbackHandler` that can be used to communicate with OAuth/OIDC. Additionally, this Kafka release introduces two new metrics for active brokers specifically, `ActiveBrokerCount` and `FenceBrokerCount`. These two metrics expose the number of active brokers in the cluster known by the controller and the number of fenced brokers known by the controller. Tune in to learn more about the Apache Kafka 3.1 release! EPISODE LINKSApache Kafka 3.1 release notes Read the blog to learn moreDownload Apache Kafka 3.1Watch the video version of this podcast

In this Breaking Changes tl;dr mini-episode, Postman Chief Evangelist Kin Lane welcomes yes® CTO Torsten Lodderstedt to get key insights about the identity layer, including OAuth, OpenID, and FAPI.   

Show links Felt (mug) coasters we use (Minimaldesktop) GA: Audit Logs for Azure Monitor Log Queries GA: Availability of custom OpenID providers in App Service and Azure Functions GA: Disable local admin accounts for new AKS clusters when using AAD Preview: Azure AD and Kerberos (Microsoft Docs) FSLogix overview (Microsoft Docs) Preview: Azure Load Testing (Microsoft Docs) GA: VPN Gateway NAT (Microsoft Docs) GA: Virtual Machine Selector (Microsoft) Preview + opt-in: SFTP support for Azure Blob Storage (Microsoft Docs) SPONSORThis episode is sponsored by ScriptRunner.ScriptRunner is a great solution to centrally manage PowerShell Scripts and standardize and automate IT tasks via a Graphical User Interface for helpdesk or end-users. Check it out on scriptrunner.com

Let's talk about digital identity with Oscar Santolalla, Nat Sakimura and Petteri Stenius. In this week's special episode, Oscar explores the history of OpenID Connect and how it became so prevalent, with special guests Nat Sakimura, Chairman at the OpenID Foundation, and Petteri Stenius, Principal Scientist at Ubisecure. Listen to the episode wherever you get your podcasts, or read the transcript below. "New technology seldomly completely replaces the older technologies. They will form additional layers, and slowly start replacing it." Podcast transcript Oscar Santolalla: Let's Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla. It was February 2014, already hundreds of millions of people worldwide had a smartphone in their pockets, with dozens of apps installed, apps like: Snapchat, Spotify, Vine, Skype, and games like Angry Birds and Minecraft. Mobile apps had been booming for a few years, and users were eager to install every app that resonated with them out of a seemingly unlimited stream of new apps. Indeed, the Apple's App Store had recently reached the 1 million mobile apps milestone. Not only mobile, but also in web services, for every new app I wanted to use, I needed to create a new user account, which was OK when I could count them with my own fingers. But what if I had 20, 30, 40 apps on my phone. This was becoming a headache for people, but especially it was clear to become a security concern. Identity professionals had seen this challenge even in their own lives. And there were combined efforts from big tech, mobile operators, identity software vendors, to architect a solution. An early effort was the OpenID standard, which gained promising interaction at the start of the 2010s. With my OpenID user account, I could log into Yahoo, Google MySpace, and dozens of thousands of web services. However, the lack of a uniform user experience didn't help people and not a massive audience got hooked with the standard. So, what happened after the setback? A new solution had been cooked by identity professionals, and finally solved this long living problem. OpenID Connect not only solved that problem for the big tech and social networks, but created a modern way of user authentication, especially for mobile. Today, if you are listening to this podcast, you have definitely used OpenID Connect before, with or without knowing it. To hear a story from the brilliant minds that designed this standard, let's hear from Nat Sakimura, one of the creators of the OpenID Connect 1.0 Standard, and today, Chairman of the OpenID Foundation. How was the world just before OpenID connect appeared? --- Nat Sakimura Nat Sakimura: So you know, the creation of OpenID Connect actually started in 2009. And contemplation on that was actually done from 2007. Even before OpenID 2.0 was published, right? There were things like XRI, XDI, SAML. And SAML was becoming pretty strong in the market, but at the same time, because of the XMLD Signature problems, people are starting to complain about that. And the OpenID Connect just started off with three people: Me, John Bradley, and Breno De Medeiros at the corner of the Internet Identity Workshop. And we were just sketching out a protocol, which is really dead simple to implement in the simple cases but at the same time, something that could be extended to a very high security, integrity protected federation protocol. And the years between 2010 and 2013 was spent on drafting it and implementing it. Actually, a lot of people started implementing OpenID Connect back in 2011 or something like that. And we had multiple rounds of interop tests as well as you know, they were actually deployed in the wild and was tested. So OpenID Connect was actually quite well-implemented by service providers like Google before it was published in 2014. Oscar: Yes, so that was my understanding that before the standard was published,

The modern de facto solution to identity management is OpenID Connect. OIDC and OAuth2 come with their own problems though. The intention of this session is to look at some of the problems these frameworks bring, to look at some alternatives to OpenID for identity in your applications and what kinds of cases they might be applicable in.    Presenter: Mikael Viitaniemi  

The modern de facto solution to identity management is OpenID Connect. OIDC and OAuth2 come with their own problems though. The intention of this session is to look at some of the problems these frameworks bring, to look at some alternatives to OpenID for identity in your applications and what kinds of cases they might be applicable in.    Presenter: Mikael Viitaniemi  

Facebook's downtime shows how risky it is to use social media services to log into other services. An interesting proof of concept can steal money from Visa cards on iPhones. And we discuss the new iPad mini 6, and the Apple Watch Series 7 that goes on sale Friday. Show Notes: Apple Watch Series 7 Squircle Understanding How Facebook Disappeared from the Internet OpenID Company That Routes Billions of Text Messages Quietly Says It Was Hacked App Store Report a Problem link is back to help fight scams, with two significant improvements Lost Apple AirTag Can Lead Finder to Malicious Website Researchers find Apple Pay, Visa contactless hack Use Express Transit with Apple Pay Review: iPad mini 2021 – in spite of the increased price, it's still a great device Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.

Lessons Learned from moving futuLog to Okta   In 2020, we built futuLog, an internal tool to help us manage the office usage during the pandemic. With futuLog, employees can book a slot at the office to make sure they'll have space with the pandemic restrictions.  We decided early on that eventually we want to open source futuLog. But making something open source takes more than just changing the repository to public. What use would futuLog be to others if it required Futurice infrastructure to actually run?   For instance, to build futuLog quickly we used playswarm, an internal environment that takes care of authentication and hosting. While the hosting part is easy, having single sign on for all Futurice employees is not.   So as a step towards open sourcing it, Jan spent the last month implementing and debugging the OpenID connect protocol that allows futuLog to talk to Okta and similar identity services directly. This talk is a collection of lessons learned in the journey that took Jan from knowing nothing about OpenID, to deploying it to production.   Presenter: Jan van Brügge  

Lessons Learned from moving futuLog to Okta   In 2020, we built futuLog, an internal tool to help us manage the office usage during the pandemic. With futuLog, employees can book a slot at the office to make sure they'll have space with the pandemic restrictions.  We decided early on that eventually we want to open source futuLog. But making something open source takes more than just changing the repository to public. What use would futuLog be to others if it required Futurice infrastructure to actually run?   For instance, to build futuLog quickly we used playswarm, an internal environment that takes care of authentication and hosting. While the hosting part is easy, having single sign on for all Futurice employees is not.   So as a step towards open sourcing it, Jan spent the last month implementing and debugging the OpenID connect protocol that allows futuLog to talk to Okta and similar identity services directly. This talk is a collection of lessons learned in the journey that took Jan from knowing nothing about OpenID, to deploying it to production.   Presenter: Jan van Brügge  

Internet Archive, no acabamos de hablar del nuevo "pattern matching", complejidad creciente de la sintaxis de Python https://podcast.jcea.es/python/20 Participantes: Eduardo Castro, email: info@ecdesign.es. Conectando desde A Guarda. Jesús Cea, email: jcea@jcea.es, twitter: @jcea, https://blog.jcea.es/, https://www.jcea.es/. Conectando desde Madrid. Víctor Ramírez, twitter: @virako, programador python y amante de vim, conectando desde Huelva. Javier, conectando desde Madrid. Audio editado por Pablo Gómez, twitter: @julebek. La música de la entrada y la salida es "Lightning Bugs", de Jason Shaw. Publicada en https://audionautix.com/ con licencia - Creative Commons Attribution 4.0 International License. [01:33] Cómo documentar en Python. Google docs: https://docs.google.com. Wikis en GitHub: https://docs.github.com/en/communities/documenting-your-project-with-wikis/about-wikis. Ventajas de tener la documentación en el control de versiones del proyecto. Ventajas de ir escribiendo la documentación mientras escribes el propio código: Realimentación. Sphinx: https://www.sphinx-doc.org/en/master/. sphinx.ext.autodoc: https://www.sphinx-doc.org/en/master/usage/extensions/autodoc.html. plantuml: https://github.com/sphinx-contrib/plantuml. Markdown: https://www.markdownguide.org/. [03:48] La vieja guardia es escéptica con las novedades de la semana. No hay balas de plata. La documentación guía el desarrollo. Paralelismo con los tests. [08:38] Open source y la vergüenza: tests y documentación. [09:28] CPython Internals Book https://realpython.com/products/cpython-internals-book/. [11:13] HPy https://hpyproject.org/. Nuevo API https://es.wikipedia.org/wiki/Api para programar extensiones C para Python, independizándote de la versión del intérprete y compatible con cosas como PyPy: https://www.pypy.org/. [13:18] Internet Archive como biblioteca de libros modernos: https://archive.org/details/inlibrary. Funciona como una biblioteca tradicional. Préstamo de libros. Están escaneando a toda velocidad: 2.5 millones de libros en el momento de escribir estas notas (mayo de 2021). Internet Archive: https://archive.org/. Wayback Machine: https://web.archive.org/. Preservación de videojuegos, páginas en flash, discos de música... [17:03] Web de Python en Internet Archive. 1997: https://web.archive.org/web/19970606181701/http://www.python.org/. 1998: https://web.archive.org/web/19981212032130/http://www.python.org/. Un ejemplo de "batteries included": https://commons.wikimedia.org/wiki/File:Python_batteries_included.jpg. [17:53] Jesús Cea echa de menos la internet distribuida. [18:23] Pattern Matching en Python 3.10. PEP 622 -- Structural Pattern Matching https://www.python.org/dev/peps/pep-0622/. ¿"match" y "case" serán palabras reservadas? PEP 617 -- New PEG parser for CPython https://www.python.org/dev/peps/pep-0617/. Se repasa la funcionalidad un poco por encima. [27:48] Logs fáciles de configurar y decorados con colorines: Daiquiri: https://daiquiri.readthedocs.io/en/latest/. Colorama: https://pypi.org/project/colorama/. Compatible con Windows. [29:28] Truco: Python -i: Ejecuta un script y pasa a modo interactivo. Comentado hace unas semanas. También se puede hacer desde el propio código con code.InteractiveConsole(locals=globals()).interact(). Jesús Cea se queja de que usando la invocación desde código no funciona la edición de líneas. Javier da la pista correcta: para que funcione, basta con hacer import readline antes de lanzar el modo interactivo. [30:48] Manhole: https://pypi.org/project/manhole/. [31:53] Breakpoints condicionales https://docs.python.org/3/library/pdb.html#pdbcommand-condition. breakpoint() como función nativa: PEP 553 -- Built-in breakpoint() https://www.python.org/dev/peps/pep-0553/. import pdb; pdb.set_trace(). [33:28] Scraping a mano: scrapy shell: https://docs.scrapy.org/en/latest/topics/shell.html. Jesús Cea no echa de menos Scrapy https://docs.scrapy.org/en/latest/. [36:03] Indexador y buscador de documentos: Whoosh https://whoosh.readthedocs.io/en/latest/intro.html. Jesús necesitaba ignorar tildes, lo que impacta en la extracción del lexema. El backend está documentado, para que te lo puedas currar tú si lo necesitas. [38:23] ¿Cómo hacer copia de seguridad de un fichero de 600 gigabytes con pocos cambios internos? [40:58] Eduardo Castro ha ganado un hackathon en Pontevedra. Software para Django: https://www.djangoproject.com/. [46:38] Experiencias agridulces con los hackathones https://en.wikipedia.org/wiki/Hackathon. Netflix Prize https://en.wikipedia.org/wiki/Netflix_Prize. [50:38] Una URL puede no estar no disponible ya cuando escuchas el podcast: Podcast: Programar es una mierda: https://www.programaresunamierda.com/. [52:28] Jamii https://jamii.es/. API https://es.wikipedia.org/wiki/Api [55:38] GraphQL https://es.wikipedia.org/wiki/GraphQL. REST: https://es.wikipedia.org/wiki/Transferencia_de_Estado_Representacional. Permisos de usuario. No hay cacheo. Vulcain: https://github.com/dunglas/vulcain. [01:02:53] HTTP/2 https://en.wikipedia.org/wiki/HTTP/2. HTTP/2 Server Push: https://en.wikipedia.org/wiki/HTTP/2_Server_Push. No se tiene que responder por orden. Multiplexación. [01:08:53] La explosión de la complejidad innecesaria ocultada por bibliotecas: OAuth2 https://en.wikipedia.org/wiki/OAuth#OAuth_2.0. OpenID: https://en.wikipedia.org/wiki/OpenID. [01:10:33] Complejidad creciente de la sintaxis de Python. Volvemos a Structural Pattern Matching https://www.python.org/dev/peps/pep-0622/. Complejidad de la sintaxis. Un lenguaje pequeño y capaz reemplaza a lenguajes dinosaurio. Python reemplazó a otros lenguajes dinosaurio. Ahora Python es un dinosaurio. ¿Cuándo saldrá un lenguaje que reemplace a Python? [01:12:13] Metaclases https://realpython.com/python-metaclasses/. Closures: https://es.wikipedia.org/wiki/Clausura_(inform%C3%A1tica). [01:15:08] Empiezan a aparecer sublenguajes, tribus, subculturas de Python. Ciertos cambios de sintaxis pueden unificar subculturas: "la forma oficial de hacerlo". El operador ternario de Python v = VALOR1 if CONDICIÓN else VALOR2: PEP 308 -- Conditional Expressions https://www.python.org/dev/peps/pep-0308/. List comprehension: [f(i) for i in ITER if CONDICIÓN(i)]: PEP 202 -- List Comprehensions https://www.python.org/dev/peps/pep-0202/. [01:20:18] En los viejos tiempos, podías hacer barbaridades como True = 0. Esto funciona en Pythonn 2.7. Es algo que se cambió en Python 3.0: https://docs.python.org/3.0/whatsnew/3.0.html#changed-syntax. [01:21:53] Jesús Cea echa de menos que se eliminen cosas. Está obsesionado con el tamaño del lenguaje. ¿Qué eliminaríamos? [01:25:23] El lenguaje C incluye solo lo mínimo imprescindible. [01:26:48] Curiosidades: What the f*ck Python! https://github.com/satwikkansal/wtfpython: >>> all([]) True >>> all([[]]) False >>> all([[[]]]) True [01:28:03] Algunos avances en la investigación del bug descrito por Virako en las últimas semanas: Ejemplo de código: https://pastebin.com/vGM1sh8r. Issue24676: Error in pickle using cProfile https://bugs.python.org/issue24676. Issue9914: trace/profile conflict with the use of sys.modules[__name__] https://bugs.python.org/issue9914. Issue9325: Add an option to pdb/trace/profile to run library module as a script https://bugs.python.org/issue9325. Requiere mejorar el módulo runpy https://docs.python.org/3/library/runpy.html. A nadie le ha dolido lo suficiente el bug como para solucionarlo. No es que sea realmente difícil. Tal vez sí. [01:35:53] Nuitka https://nuitka.net/. Ejecutables Python independientes de lo que tengas instalado en el sistema. Por ejemplo, para poder usar una versión de Python "moderna". También funciona en MS Windows. [01:39:43] Tertulia previa: Fuentes de caracteres con ligaduras. Combinación de caracteres unicode. Las banderas de los países, por ejemplo, son un código "bandera" seguido del código del país: https://en.wikipedia.org/wiki/Regional_indicator_symbol. La bandera de Taiwan se ve distinta en China que en el resto del mundo: https://emojipedia.org/flag-taiwan/. "Collation" https://en.wikipedia.org/wiki/Unicode_collation_algorithm, para ordenar y comparar correctamente caracteres unicode: PyICU: https://pypi.org/project/PyICU/. [01:50:23] Cuando el Steering Council https://www.python.org/dev/peps/pep-0013/ vota un tema polémico, la decisión es final. Ya no se busca el consenso a toda costa. [01:52:53] Despedida. [01:53:55] Final.

Esistono strumenti e funzionalità che utilizziamo tutti i giorni, a volte anche senza rendercene conto, dei quali però sappiamo molto poco. Oauth e OpenID Connect sono due di questi protocolli: ci permettono di condividere informazioni e identità tra i vari siti, facendoci risparmiare tempo e fatica. In questo episodio proviamo a capire come funzionano.I link dell'episodio di oggi: OAuth 2.0 - https://oauth.net/2/ An Illustrated Guide to OAuth and OpenID Connect - https://tumblr.giaguaroblu.it/post/188612484387/an-illustrated-guide-to-oauth-and-openid-connect ------------------------------------------Sito ufficiale di Pensieri in codice - https://pensieriincodice.it Per sostenere il progetto:Compra su Amazon* - https://amzn.to/2MGITWk Lista dei desideri - https://pensieriincodice.it/360s8Kx Attrezzatura:Shure Microfono Podcast USB MV7* - https://amzn.to/3862ZRf * Link affiliato: il costo di un qualsiasi acquisto non sarà maggiore per te, ma Amazon mi girerà una piccola parte del ricavato. I miei progetti social:Pensieri in codice - https://pensieriincodice.it Canale Twitch - https://valeriogalano.it/twitch Daredevel blog - https://valeriogalano.it/daredevel Newsletter - https://valeriogalano.it/newsletter Per essere aggiornati sulle novità:Canale Telegram - https://pensieriincodice.it/canaletelegram Profilo Instagram - https://valeriogalano.it/instagram Profilo Twitter - https://valeriogalano.it/twitter Per partecipare alla discussione:Gruppo Telegram - http://bit.ly/joinPicTelegram Servizi professionali:Lezioni private su Docety - https://valeriogalano.it/docety Consulenza professionale - https://valeriogalano.it Crediti:Voce intro - Costanza Martina VitaleMusica - Kubbi - Up In My JamMusica - Light-foot - Moldy Lotion

Esistono strumenti e funzionalità che utilizziamo tutti i giorni, a volte anche senza rendercene conto, dei quali però sappiamo molto poco. Oauth e OpenID Connect sono due di questi protocolli: ci permettono di condividere informazioni e identità tra i vari siti, facendoci risparmiare tempo e fatica. In questo episodio proviamo a capire come funzionano. I link dell’episodio di oggi: OAuth 2.0 - https://oauth.net/2/ An Illustrated Guide to OAuth and OpenID Connect - https://tumblr.giaguaroblu.it/post/188612484387/an-illustrated-guide-to-oauth-and-openid-connect —————————————— Sito ufficiale di Pensieri in codice - https://pensieriincodice.it Attrezzatura: Shure Microfono Podcast USB MV7* - https://amzn.to/3862ZRf Link affiliato: il costo di un qualsiasi acquisto non sarà maggiore per te, ma Amazon mi girerà una piccola parte del ricavato. I miei progetti social: Pensieri in codice - https://pensieriincodice.it Canale Twitch - https://valeriogalano.it/twitch Daredevel blog - https://valeriogalano.it/daredevel Newsletter - https://valeriogalano.it/newsletter Per essere aggiornati sulle novità: Canale Telegram - https://pensieriincodice.it/canaletelegram Profilo Instagram - https://valeriogalano.it/instagram Profilo Twitter - https://valeriogalano.it/twitter Per partecipare alla discussione: Gruppo Telegram - http://bit.ly/joinPicTelegram Servizi professionali: Lezioni private su Docety - https://valeriogalano.it/docety Consulenza professionale - https://valeriogalano.it Sostieni il progetto Sostieni tramite Satispay Sostieni tramite Revolut Sostieni tramite PayPal Sostieni utilizzando i link affiliati di Pensieri in codice: Amazon, Todoist, ProtonMail, ProtonVPN, Satispay Partner GrUSP (Codice sconto per tutti gli eventi: community_PIC) Schrödinger Hat Crediti Montaggio - Daniele Galano - https://www.instagram.com/daniele_galano/ Voce intro - Costanza Martina Vitale Musica - Kubbi - Up In My Jam Musica - Light-foot - Moldy Lotion Cover e trascrizione - Francesco Zubani

Da wir unseren Nutzer:innen einen einfachen und zugleich sicheren Zugang zu unseren Anwendungen ermöglichen wollen, kommen wir am Thema Identity Management nicht vorbei. Hierbei sollten wir wir auf etablierte Standards wie OAuth 2.0 und Open ID Connect setzen. In dieser Folge schauen wir uns das Thema zunächst grundsätzlich an und diskutieren dann die verschiedenen von den Standards vorgegeben Flows. Auch wer beim Identity Management keine vollständige Eigenentwicklung plant, sondern auf Dienstleister setzt, sollte einen Überblick über die verschiedenen Wege der Authentifizierung und Autorisierung haben. Ihr erreicht uns auf Twitter unter twitter.com/robinmanuelt und twitter.com/maltelantin Links: Okta: https://www.okta.com/ ORY: https://www.ory.sh/ Video OAuth 2.0 and OpenID Connect (in plain English) von Nate Barbettini : https://youtu.be/996OiexHze0 OAuth2 with PKCE for Mobile Apps and Single Page Apps: https://www.ory.sh/oauth2-for-mobile-app-spa-browser/ AppAuth SDK: https://appauth.io/ JWT.io: https://jwt.io/

Pesce d'aprile! Gli ammutinati non cercano, anzi sono in phase out... ma in quest'ultimo episodio si dispensano considerazioni, consigli ed esperienze riguardanti il tema colloqui, dal punto di vista dell'intervistato ma anche da quello dell'intervistatore. Oggi giorno nel mondo della programmazione, conoscere i giusti modi di approcciare questa attività è sempre più importante per portare a casa una buona performance e riconoscere i possibili campanelli d'allarme.## Ricordati di iscriverti al gruppo telegram:https://t.me/gitbar## Supportaci suhttps://www.buymeacoffee.com/gitbarMario Menis ci ha offerto ben 20

☠Azure AD fell down last week, causing outages with Microsoft's Cloud properties Outlook 365, Office 365, the Azure Portal, and Teams were all affected.​The root cause was a bug during key rotation, and I'll let the Azure Post Mortem team take it from here:Azure AD utilizes keys to support the use of OpenID and other Identity standard protocols for cryptographic signing operations. As part of standard security hygiene, an automated system, on a time-based schedule, removes keys that are no longer in use. Over the last few weeks, a particular key was marked as “retain” for longer than normal to support a complex cross-cloud migration. This exposed a bug where the automation incorrectly ignored that “retain” state, leading it to remove that particular key.Metadata about the signing keys is published by Azure AD to a global location in line with Internet Identity standard protocols. Once the public metadata was changed at 19:00 UTC on 15 March 2021, applications using these protocols with Azure AD began to pick up the new metadata and stopped trusting tokens/assertions signed with the key that was removed. At that point, end users were no longer able to access those applications.Service telemetry identified the problem, and the engineering team was automatically engaged. At 19:35 UTC on 15 March 2021, we reverted deployment of the last backend infrastructure change that was in progress. Once the key removal operation was identified as the root cause, the key metadata was rolled back to its prior state at 21:05 UTC.This is the second time in six months that Azure AD has gone down. This happened 6 months ago. These are growing pains for Microsoft's cloud endeavors, and the ops teams involved need #hugops. Microsoft being the "safe bet" for enterprises means in part being stable, and two enterprise outages in 6 months is a lot.

Special guest Sébastien Blanc (@sebi2706) joins to discuss OpenID with Quarkus.

Open ID Foundation Executive Chairman Don Thibeau returns to State of Identity to discuss the impact of COVID-19 on the digital identity industry, whether or not the slow death of privacy is an inevitability, and the role standards organizations are set to play in the digital identity space moving forward.

Women Entrepreneurs and Technologists with Nicole Yeary In this episode we are talking about women entrepreneurs and technologists. Our guest, Nicole Yeary has some amazing stories about how getting laser focused yields real results and how saying yes more often could be a game changer. She shares her High-5 model for success with us. Nicole has led Ms.Tech, a Chicago-based company focused on seeing more women start and scale technology, and tech enabled companies, as the founding President since 2014. Nicole also guides the next generation of startup companies through a strong partnership between Ms.Tech and 1871 as the co-facilitator of WiSTEM, a curriculum-based program that connects women to capital, community, and technology resources. Since 2010, Nicole has made it her mission to see more women capture the resources needed to build scalable startup companies.  In just under a year, Ms. Tech was recognized in “Crain's Guide to Networking” as one of “Six Great Tech Groups, practically guaranteed to commune with the scene's best and brightest!" Nicole is also a sponsoring member of the United Nations, UN Women, Social Enterprise Alliance, Internet Society and OpenID.   Most recently Nicole was recognized as one of Chicago's “Top 100 Innovators” by Tribune, awarded "Prominent Woman in Tech" by the Illinois Technology Association, 35 Under 35 Making an Impact, among the 100 Most Inspirational Women by Today's Chicago Woman, recognized as 2017 YWCA Promise Leadership Award, MAFA Masters Honoree as an “Industry Entrepreneur Emerging Leader,” recognized as a 2016 Women Tech Leader by Chicago Woman Magazine, and among Huffington Post's "Women In Tech.” 
 Themes explored in this week's episode: Learn about Ms. Tech - a group of tech women in business and business women in tech. Be inspired by Nicole's background and how a tweet from Jeffrey Gitomer, famous author, helped ignite her path Why getting laser focused and letting everything else go can be a key to success The importance of tech incubators The Yin and Yang of women in tech Why its not all about the founders (hint: it takes a village and every role is important) Nicole's unique “high 5” approach How saying “yes” more often is a game changer Just jump! Why we don't give up “when it gets messy”    

This week we take a trip to the RSA conference in San Francisco to see what Google and Microsoft are proposing as part of the Fast Identification Online Alliance. Will it be the next OpenID?...

Identity is the missing link that connects all your users, apps, services, and devices to each other and the rest of the world. Christian Smith (@anvilhacks) is founder of Anvil Research (@AnvilResearch) and the creator of Anvil Connect, an open source authorization server built with Node.js to authenticate your users and protect your APIs.   Anvil Connect simplifies security when you have many apps and services to integrate. It acts as a broker between your apps, APIs, and a long list of OAuth providers like Google, Facebook, Twitter, and GitHub. The server works with apps written in any programming language that speaks HTTP. The code is MIT licensed and implements open standards like OAuth 2.0, OpenID Connect, and JSON Web Tokens. Resources Open ID - http://openid.net/ Anvil Connect - https://github.com/anvilresearch/connect Anvil - http://anvil.io/ Anvil Gitter Channel - https://gitter.im/christiansmith/anvil-connect Open ID Connect - http://en.wikipedia.org/wiki/OpenID_Connect Single Sign on - http://en.wikipedia.org/wiki/Single_sign-on OAuth3 - https://oauth3.org JWT (JSON Web Token) - http://jwt.io/ Let's Encrypt - https://letsencrypt.org Web Crypto -  https://developer.mozilla.org/en-US/docs/Web/API/Window/crypto Storm Path - https://stormpath.com/ Auth0 - https://auth0.com/ Service Worker - http://www.w3.org/TR/service-workers/ Ketboot -  https://github.com/substack/keyboot scramble.io - https://scramble.io/ AJ's article on creating a CSR for Https (tls/ssl) RSA Pems  - https://coolaj86.com/articles/how-to-create-a-csr-for-https-tls-ssl-rsa-pems/ keybase.io - https://keybase.io/ Panelists Erik Isaksen - HTML5 Google Developer Expert & Front End Engineer at Deloitte Digital Nick Niemeir - Partner at Good News Everyone AJ O'Neal - JavaScript Engineer

Justin and Jason interview Jeff Atwood, co-founder of Stack Overflow and the Stack Exchange network, about how he got started as a coder and his passion for programming and mentoring, how he and Joel Spolsky came up with the idea for Stack Overflow, his belief in free software and the Open ID initiative, the process of raising venture capital for Stack Exchange and his views of entrepreneurship, why he and Joel stopped doing the Stack Overflow podcast and whether they might start up again, and the hardest step when scaling a web app.