My thoughts on how to make upgrading scary low level packages less scary
https://www.reddit.com/r/ruby/comments/1kohsg8/oauth2_v2010_released/
#authorization
🛠️ It is with a mix of temerity and trepidation that I announce oauth2 v2.0.10.
Biggest new feature: IETF RFC 7009 Token Revocation.
Many bugs fixed.
Test suite & matrix: 100% line & branch, every key minor version of every runtime dep, on every minor Ruby Engine, on every Platform.
#ruby #security #authorization
Please upgrade with confidence!
[Перевод] Архитектурные принципы Spring Security. Часть первая
Команда Spring АйО перевела и адаптировала доклад Даниэля Гарнье-Муару “Spring Security Architecture Principles”, в котором на наглядных примерах рассказывается, как пользоваться возможностями Spring Security, не запутываясь на каждом шагу и не зарабатывая себе головную боль. Доклад будет опубликован тремя частями. В первой части будет рассказано об основных подходах к созданию цепочек фильтров, а также разработан простейший фильтр с красивым названием “Es prohibido” (“Это запрещено” в переводе с испанского).
https://habr.com/ru/companies/spring_aio/articles/909596/
#spring_security #java #kotlin #filterchain #filter #csrf #authorization #authentication
#android #opensource #foss #authentication #authorization #sso #iam
GitHub - casbin/awesome-auth: 📊 Software and Libraries for Authentication & Authorization & SSO & IAM
[Перевод] OpenAM и Zero Trust: Подтверждение критичных операций
Один из принципов нулевого доверия гласит: никогда не доверяй, всегда проверяй (Never trust, always verify). В этой статье мы рассмотрим, как реализовать соблюдение такого принципа в системе аутентификации на примере продуктов с открытым исходным кодом OpenAM и OpenIG .
https://habr.com/ru/articles/905824/
#openam #zero_trust #openig #authentication #authorization #mfa #otp #totp
Hackers can craft a request, send it to the Asus router, and execute functions without authorization.
#hack #cybersecurity #Asus #authorization
https://cnews.link/asus-routers-affected-by-critical-vulnerability-1/
Gatehouse-TS – TypeScript port of Rust's authorization policy framework
https://github.com/9Morello/gatehouse-ts
#HackerNews #GatehouseTS #TypeScript #Rust #Authorization #Policy #Framework #OpenSource #GitHub
Howto Decode and print JWT token payload in linux bash
https://www.glukhov.org/post/2025/04/decode-and-print-jwt-token/
#bash #linux #jwt #authorization #devops #dev
An Introduction to MCP and Authorization | Auth0.
auth0.com/blog/an-intr...
#ai #mcp #authorization #aimodels
An Introduction to MCP and Aut...
An Introduction to MCP and Authorization | Auth0.
https://auth0.com/blog/an-introduction-to-mcp-and-authorization/
Le #Royaume-Uni #UK impose une taxe d’entrée aux #Européens, une #ETA #Electronic #Travel #Authorization , ou #Autorisation #Electronique de #Voyage
Ça mériterait bien un petit #Liberation #Day et des #taxes #réciproques pour les #citoyens #britanniques.. (sorry guys..)
Le #Royaume-Uni #UK impose une taxe d’entrée aux #Européens, une #ETA #Electronic #Travel #Authorization , ou #Autorisation #Electronique de #Voyage
Ça mériterait bien un Liberation Day et des #taxes #réciproques pour les #citoyens #britanniques.. (sorry guys..)
www.ouest-france.fr/europe/royau...
Le Royaume-Uni impose une taxe...
Zhehui (Joe) Zhou, Pranjit Biswas, and Matt Ruwe have Sessions on Cloud Computing in July at Nebraska.Code().
https://nebraskacode.amegala.com
#cloudcomputing #datastorage #AWS #authorization #softwaredevelopment #lincolnnebraska #techtalk #TechnologyConference2025
Rust just got better access control! Gatehouse brings RBAC, ABAC, and ReBAC in one type-safe package 🦀
#rust #security #authorization https://github.com/thepartly/gatehouse
Gatehouse – a composable, async-friendly authorization policy framework in Rust
https://github.com/thepartly/gatehouse
#HackerNews #Gatehouse #composable #async #Rust #authorization #policy #framework
Is anyone out there familiar enough with the Google Zanzibar-inspired authorization space to help me figure out how OpenFGA, SpiceDB, and Permify compare with one another? They all seem quite similar, and I’m struggling to rank them objectively. #authorization #zanzibar #openfga #permify #spicedb
👋 Very stoked to announce that I will be speaking at #OWASP #Snowfroc this Friday at 11:00 in the Great Hall. The talk is entitled "Patterns of failure in modern #authorization" and it's mostly about why #authz is getting harder (instead of easier). I'll be citing some academic research but also looking at some interesting examples of authz failure at some fairly large, well-known brands. Hope to see you there! 🎤
p.s. I've never been to #Denver so looking forward to checking the city out a bit too. If you have suggestions for things to do (read: eat), let me know! 😄
@GossiTheDog the sheer fact that #MSPs & #CSPs can access clients' setups without proper #authorization [including #KYC / #KYB, #AuthCode|s and proper authorization via contract] is already sickening.
- This literally begs to be abused via #SocialEngineering / #SocialHacking of #Microsoft personnel or just blatant "#PrivilegueEscalation" through falsefully claiming to be a #MSP / #CSP contracted by the targeted company.
Such fundamental #ITsec fuckups are reasons alone not to use #Azure or any #Microsoft products & services at all...
Identity must not stop at Authentication. There are two other As in AAA after all.
Join the Nearshore Cyber Online Community for FREE with this link: https://www.nearshorecyber.community/c/nearshore-cyber-podcast/
Identity must not stop at Authentication. There are two other As in AAA after all.
Join the Nearshore Cyber Online Community for FREE with this link: https://www.nearshorecyber.community/c/nearshore-cyber-podcast/
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst