#authorization — Public Fediverse posts

🔗 RBAC in Laravel: A Practical Deep Dive
https://wendelladriel.com/blog/rbac-in-laravel-a-practical-deep-dive
#php #security #laravel #authorization #rbac

RBACX — что изменилось за полгода: от простого RBAC/ABAC до ReBAC с ИИ-генерацией политик

Полгода назад написал первую статью про RBACX — RBAC/ABAC-движок авторизации для Python. С тех пор вышло 25+ релизов, и библиотека стала заметно мощнее: добавил ReBAC с поддержкой OpenFGA и SpiceDB, пакетную проверку прав, ИИ-генерацию политик из OpenAPI-схемы, Redis-кэш, async Django, шортхэнд для ролей и закрыл три security-бага. Рассказываю что, зачем и как это вообще делается в одного.

https://habr.com/ru/articles/1019690/

#python #rbacx #rbac #abac #pdp #security #REBAC #authorization

Democrats say Trump Iran strikes require Congressional authorization

https://misryoum.com/us/politics/democrats-say-trump-iran-strikes-require-congressional-authorization/

NEWYou can now listen to US News Hub articles! Debate on Capitol Hill continues to rage over whether President Donald Trump started a "war" with the strikes he carried out against Iran last weekend, a key consideration for whether...

#Democrats #say #Trump #Iran #strikes #require #Congressional #authorization #US_News_Hub #misryoum_com

via @dotnet : Release v1.0 of the official MCP C# SDK

https://ift.tt/9gWkESo
#MCP #CSharpSDK #ModelContextProtocol #MCPv1 #SDKRelease #OAuth2 #JWT #Authorization #Security #ClientCredentials # CIMD #ClientMetadataDocuments #DCR #LongRunningRequests #SSE #EventSt…

via @dotnet : Release v1.0 of the official MCP C# SDK

https://ift.tt/9gWkESo
#MCP #CSharpSDK #ModelContextProtocol #MCPv1 #SDKRelease #OAuth2 #JWT #Authorization #Security #ClientCredentials # CIMD #ClientMetadataDocuments #DCR #LongRunningRequests #SSE #EventSt…

via @dotnet : Release v1.0 of the official MCP C# SDK

https://ift.tt/9gWkESo
#MCP #CSharpSDK #ModelContextProtocol #MCPv1 #SDKRelease #OAuth2 #JWT #Authorization #Security #ClientCredentials # CIMD #ClientMetadataDocuments #DCR #LongRunningRequests #SSE #EventSt…

via @dotnet : Release v1.0 of the official MCP C# SDK

https://ift.tt/9gWkESo
#MCP #CSharpSDK #ModelContextProtocol #MCPv1 #SDKRelease #OAuth2 #JWT #Authorization #Security #ClientCredentials # CIMD #ClientMetadataDocuments #DCR #LongRunningRequests #SSE #EventSt…

via @dotnet : Release v1.0 of the official MCP C# SDK

https://ift.tt/9gWkESo
#MCP #CSharpSDK #ModelContextProtocol #MCPv1 #SDKRelease #OAuth2 #JWT #Authorization #Security #ClientCredentials # CIMD #ClientMetadataDocuments #DCR #LongRunningRequests #SSE #EventSt…

OAuth 2.0 and OIDC Explained with UML
A blog by Ronald

The purpose of Open Authorization 2.0 (OAuth 2.0) is to give an application (the "Client") limited access to your data at another service (the "Resource Server"), without having to give your password to that application. When OIDC is added Single Sign-On (SSO) is supported as well. The flow...

#dev #softwaredevelopment #Security #OpenIDConnect #UML #Authentication #OAuth2.0 #OIDC #Authorization #SSO #SingleSign-On

https://jdriven.com/blog/2026/03/OAuth-2.0-Explained-with-UML/

OAuth 2.0 and OIDC Explained with UML
A blog by Ronald

The purpose of Open Authorization 2.0 (OAuth 2.0) is to give an application (the "Client") limited access to your data at another service (the "Resource Server"), without having to give your password to that application. When OIDC is added Single Sign-On (SSO) is supported as well. The flow...

#dev #softwaredevelopment #Security #OpenIDConnect #UML #Authentication #OAuth2.0 #OIDC #Authorization #SSO #SingleSign-On

https://jdriven.com/blog/2026/03/OAuth-2.0-Explained-with-UML/

OAuth 2.0 and OIDC Explained with UML
A blog by Ronald

The purpose of Open Authorization 2.0 (OAuth 2.0) is to give an application (the "Client") limited access to your data at another service (the "Resource Server"), without having to give your password to that application. When OIDC is added Single Sign-On (SSO) is supported as well. The flow...

#dev #softwaredevelopment #Security #OpenIDConnect #UML #Authentication #OAuth2.0 #OIDC #Authorization #SSO #SingleSign-On

https://jdriven.com/blog/2026/03/OAuth-2.0-Explained-with-UML/

OAuth 2.0 and OIDC Explained with UML
A blog by Ronald

The purpose of Open Authorization 2.0 (OAuth 2.0) is to give an application (the "Client") limited access to your data at another service (the "Resource Server"), without having to give your password to that application. When OIDC is added Single Sign-On (SSO) is supported as well. The flow...

#dev #softwaredevelopment #Security #OpenIDConnect #UML #Authentication #OAuth2.0 #OIDC #Authorization #SSO #SingleSign-On

https://jdriven.com/blog/2026/03/OAuth-2.0-Explained-with-UML/

OAuth 2.0 and OIDC Explained with UML
A blog by Ronald

The purpose of Open Authorization 2.0 (OAuth 2.0) is to give an application (the "Client") limited access to your data at another service (the "Resource Server"), without having to give your password to that application. When OIDC is added Single Sign-On (SSO) is supported as well. The flow...

#dev #softwaredevelopment #Security #OpenIDConnect #UML #Authentication #OAuth2.0 #OIDC #Authorization #SSO #SingleSign-On

https://jdriven.com/blog/2026/03/OAuth-2.0-Explained-with-UML/

RBACX — универсальный RBAC/ABAC-движок авторизации для Python

RBACX — авторизация без боли в Python-проектах Когда доступ «размазан» по вьюхам и миддлварам, ревью и тесты превращаются в квест - появляется мотивация все это унифицировать. Я написал RBACX — лёгкий движок, где правила описываются декларативно (JSON/YAML), а проверка прав — это один понятный вызов. В статье показываю, как собрать из него аккуратный PDP для микросервисов и монолитов. Я последние два года пишу бэкенд в стартапе MindUp — это мой первый пост на Хабре, и первая библиотека. Буду рад вопросам и критике. Если тема авторизации болит так же, как у меня, загляните!

https://habr.com/ru/articles/950080/

#python #rbacx #RBAC #ABAC #fastapi #authorization #django #flask #litestar #accesscontrol

Путеводитель по Ktor JWT auth на стороне сервера

Документация Ktor по server-jwt неполна. Если необходимо сделать что-то за рамками «Hello world», придется лезть в исходники и городить костыли. Какой-то консистентности и предсказуемости ждать не стоит, возможно, не обошлось без заговорщиков . Статья покроет необходимую базу для работы с JWT и убережет от множества подводных камней.

https://habr.com/ru/articles/921076/

#ktor #backend #kotlin #jwt_auth #говнокод #авторизация #аутентификация #костыли #authorization #authentication

[Перевод] OpenAM и Zero Trust: Подтверждение критичных операций

Один из принципов нулевого доверия гласит: никогда не доверяй, всегда проверяй (Never trust, always verify). В этой статье мы рассмотрим, как реализовать соблюдение такого принципа в системе аутентификации на примере продуктов с открытым исходным кодом OpenAM и OpenIG .

https://habr.com/ru/articles/905824/

#openam #zero_trust #openig #authentication #authorization #mfa #otp #totp

Best Practices for User Authentication and Authorization in Web Applications: A Comprehensive Security Framework – Source: securityboulevard.com https://ciso2ciso.com/best-practices-for-user-authentication-and-authorization-in-web-applications-a-comprehensive-security-framework-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #DigitalIdentity #Identity&Access #authentication #infrastructure #authorization #BestPractices #CIAM

Используем API Key и JWT Bearer аутентификацию вместе в ASP.NET Core Web API

Я расскажу, как реализовать аутентификацию с использованием как JWT, так и API-ключа на одном и том же endpoint в ASP.NET Core Web API. Совмещение этих схем аутентификации полезно, если вы хотите использовать токен JWT Bearer для аутентификации пользователей и API-ключ для аутентификации между сервисами.

https://habr.com/ru/articles/879424/

#net #net_core #net_8 #net_9 #aspnet_core #authentication #authorization #jwt #api_key

API Key Authentication в ASP.NET Core Web Api

Недавно я столкнулся с задачей реализации аутентификации с использованием API Key в ASP.NET Core Web API. Хотя многие авторы рекомендуют использовать IAuthorizationFilter для этой цели, я обнаружил, что это не самый подходящий вариант. У меня есть более удачный подход, которым я хотел бы поделиться, включая примеры. Реализация была протестирована как в .NET 8, так и в .NET 9.

https://habr.com/ru/articles/877302/

#net #net_core #net_8 #net_9 #authentication #auth #authorization #api #api_key #aspnet

@openlink,

Yep!

Creating user-controlled profile documents that streamline the decoupling of #identity, #identification, #authentication, #authorization, and #dataspaces (databases, knowledge graphs, and other document collections).

Crucial in the age of #AI!

#Privacy #GenAI #YouID #NetID #RWW

Creating user-controlled profile documents that streamline the decoupling of #identity, #identification, #authentication, #authorization, and #dataspaces (databases, knowledge graphs, and other document collections).

Crucial in the age of #AI!

#Privacy #GenAI #YouID #NetID #RWW

👉 Join Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface, in a live #API attack simulation. 🔓

In this session, they will cover:
- An exploit of #OWASP API Top 10 vulnerability
- A brute force #ATO (Account Takeover) attack on an API
- A #DDoS attack on an API
- Positive security model automation to prevent #APIattacks

Don't miss out – register now! https://bit.ly/3WODUV8

#authentication #authorization #apisecurity #hacking #owasptop10 #ddosattacks #apigateway #bruteforceattacks #cybersecurity #apptrana

👉 Join Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface, in a live #API attack simulation. 🔓

In this session, they will cover:
- An exploit of #OWASP API Top 10 vulnerability
- A brute force #ATO (Account Takeover) attack on an API
- A #DDoS attack on an API
- Positive security model automation to prevent #APIattacks

Don't miss out – register now! https://bit.ly/3WODUV8

#authentication #authorization #apisecurity #hacking #owasptop10 #ddosattacks #apigateway #bruteforceattacks #cybersecurity #apptrana

👉 Join Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface, in a live #API attack simulation. 🔓

In this session, they will cover:
- An exploit of #OWASP API Top 10 vulnerability
- A brute force #ATO (Account Takeover) attack on an API
- A #DDoS attack on an API
- Positive security model automation to prevent #APIattacks

Don't miss out – register now! https://bit.ly/3WODUV8

#authentication #authorization #apisecurity #hacking #owasptop10 #ddosattacks #apigateway #bruteforceattacks #cybersecurity #apptrana

👉 Join Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface, in a live #API attack simulation. 🔓

In this session, they will cover:
- An exploit of #OWASP API Top 10 vulnerability
- A brute force #ATO (Account Takeover) attack on an API
- A #DDoS attack on an API
- Positive security model automation to prevent #APIattacks

Don't miss out – register now! https://bit.ly/3WODUV8

#authentication #authorization #apisecurity #hacking #owasptop10 #ddosattacks #apigateway #bruteforceattacks #cybersecurity #apptrana

I'm a huge fan of #biometrics as part of secure #authentication and #authorization, but the dirty little secret no one is talking about (yet) is that the source of compromised #biometricdata can't be changed or replaced. If your system's #secureenclave or #HSM gives up the goods, you can't change your face, fingerprint, or retinal pattern. Such systems need additional safeguards to avoid the biometric version of a #replayattack, ensuring that re-enrollment results in new set of #quantumresistant cryptographic values.

https://venturebeat.com/security/the-password-identity-crisis-evolving-authentication-methods-in-2024-and-beyond/

👉 #SAML, #OAuth 2.0, and #JWT establish a robust framework for securing #API authentication and authorization processes.

Explore other key #apisecurity protocols essential for securing your API endpoints: https://bit.ly/3Rn96bb

#apiattacks #apiendpoints #authentication #authorization #apibreaches #databreaches #vulnerabilities #apikeys #apptrana #indusface

👉 #SAML, #OAuth 2.0, and #JWT establish a robust framework for securing #API authentication and authorization processes.

Explore other key #apisecurity protocols essential for securing your API endpoints: https://bit.ly/3Rn96bb

#apiattacks #apiendpoints #authentication #authorization #apibreaches #databreaches #vulnerabilities #apikeys #apptrana #indusface

👉 #SAML, #OAuth 2.0, and #JWT establish a robust framework for securing #API authentication and authorization processes.

Explore other key #apisecurity protocols essential for securing your API endpoints: https://bit.ly/3Rn96bb

#apiattacks #apiendpoints #authentication #authorization #apibreaches #databreaches #vulnerabilities #apikeys #apptrana #indusface

👉 “We have an #API gateway, and the strong authentication & authorization keeps us secure.”

This notion could cost you a #databreach, a compliance fine or even application downtime that may erode customer trust.

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how #APIs could be hacked.

They'll cover:

1. An exploit of #owaspapitop10 vulnerability
2. A brute force account take-over (ATO) attack on API
3. A #DDoS attack on an API
4. How a #WAAP could bolster security over an API gateway

📌 Save your seat now! https://bit.ly/3Mw4Inp

#apiattacks #authentication #authorization #apisecurity #hacking #owasptop10 #ddosattacks #apigateway #bruteforceattacks #ATO #apptrana #indusface

Blockchain․com Obtains Payment License in Singapore - Crypto company Blockchain․com has been granted a payment license in Singapore that... - https://news.bitcoin.com/blockchain%e2%80%a4com-obtains-payment-license-in-singapore/ #monetaryauthority #blockchain.com #cryptoexchange #cryptoservices #paymentlicense #authorization #cryptocompany #cryptowallets #centralbank #singapore #payments #license #crypto #news #mas

‘What We Do in the #Shadows’ #Stars Take Us #Behindthescenes in #Season5’s #Pride #episode

This #interview was conducted #prior to the #SAG-#AFTRA #strike #authorization

#Women #Transgender #LGBTQ #LGBTQIA #Entertainment #TV #Representation #Culture

https://www.tvinsider.com/1100096/what-we-do-in-the-shadows-season-5-pride-parade-nadja-colin-body-swap-nandor-space/

Kazakhstan Shuts Down Crypto Exchange That Transferred $34 Million Through Binance - Authorities in Kazakhstan have busted an illegal crypto trading platform, seizing ... - https://news.bitcoin.com/kazakhstan-shuts-down-crypto-exchange-that-transferred-34-million-through-binance/ #cryptocurrencies #cryptoexchange #cryptocurrency #authorization #cryptoassets #unauthorized #kazakhstan #unlicensed #exchanges #regulator #exchange #shutdown #watchdog #binance #illegal #license #seizure #crypto

@meneer,

To be clear, I am a firm believer in loosely-coupling the following:

1. #Identity -- via identifiers (e.g., a #hyperlink)
2. #Identification -- via credentials (graph)
3. #authentication -- using various protocols
4. #authorization -- access controls (eg #ABAC)
5. #storage -- file systems or #DBMS

When I speak about #DPKI and #ZeroTrust the focal points are 1-3.

#HTTP offers abstraction atop the #Internet that deemphasizes #DNS re entity naming.

/cc @bertrand @aniltj @w3c