#authz — Public Fediverse posts

Hi all! I'm at @foss_north today, enjoying the super interesting talks about open source, development tools, and general nerdery. :blobfoxlaugh: I live to meet people and talk tech so please say hi if you see me. I'm wearing a white cap with a cute little monster on it. :)

Oh and I'm also speaking this afternoon about #authz as a dev workflow, so feel free to come through and learn something about that if you like. :blobhaj_heartslove:

#foss #fossnorth #fossnorth2025

👋 Very stoked to announce that I will be speaking at #OWASP #Snowfroc this Friday at 11:00 in the Great Hall. The talk is entitled "Patterns of failure in modern #authorization" and it's mostly about why #authz is getting harder (instead of easier). I'll be citing some academic research but also looking at some interesting examples of authz failure at some fairly large, well-known brands. Hope to see you there! 🎤

p.s. I've never been to #Denver so looking forward to checking the city out a bit too. If you have suggestions for things to do (read: eat), let me know! 😄

Excited to be speaking at @fossasia
🚀 This year, I'm diving deep into Identity and Access Management (#IAM) for #OSS.

All are welcome and I encourage all knowledge levels to attend: Don't be intimidated by "advanced security"! I'm breaking down complex concepts into easy-to-understand explanations, with a historical perspective to give context.

1️⃣Explore #AuthN #AuthZ 🔐
2️⃣ @keycloak Primer 🌐
3️⃣Best Practices for #OSS 🛡️

#FOSSAsia2025

🎉 Last week of Hacktoberfest! 🎉 The OpenFGA community has several issues labeled for Hacktoberfest—perfect for newcomers and veterans alike. From quick doc fixes to tackling bugs, all contributions are welcome.
Jump in, contribute, and grab some Hacktoberfest swag while there's still time! Let's wrap up October with a strong open source push. 🛠️

🛠️ https://github.com/openfga

➡️ Learn about Hacktoberfest: https://hacktoberfest.com

#Hacktoberfest #OpenSource #OpenFGA #GoodFirstIssue #Authz

🎉 Last week of Hacktoberfest! 🎉 The OpenFGA community has several issues labeled for Hacktoberfest—perfect for newcomers and veterans alike. From quick doc fixes to tackling bugs, all contributions are welcome.
Jump in, contribute, and grab some Hacktoberfest swag while there's still time! Let's wrap up October with a strong open source push. 🛠️

🛠️ https://github.com/openfga

➡️ Learn about Hacktoberfest: https://hacktoberfest.com

#Hacktoberfest #OpenSource #OpenFGA #GoodFirstIssue #Authz

🎉 Last week of Hacktoberfest! 🎉 The OpenFGA community has several issues labeled for Hacktoberfest—perfect for newcomers and veterans alike. From quick doc fixes to tackling bugs, all contributions are welcome.
Jump in, contribute, and grab some Hacktoberfest swag while there's still time! Let's wrap up October with a strong open source push. 🛠️

🛠️ https://github.com/openfga

➡️ Learn about Hacktoberfest: https://hacktoberfest.com

#Hacktoberfest #OpenSource #OpenFGA #GoodFirstIssue #Authz

🎉 Last week of Hacktoberfest! 🎉 The OpenFGA community has several issues labeled for Hacktoberfest—perfect for newcomers and veterans alike. From quick doc fixes to tackling bugs, all contributions are welcome.
Jump in, contribute, and grab some Hacktoberfest swag while there's still time! Let's wrap up October with a strong open source push. 🛠️

🛠️ https://github.com/openfga

➡️ Learn about Hacktoberfest: https://hacktoberfest.com

#Hacktoberfest #OpenSource #OpenFGA #GoodFirstIssue #Authz

網路捷徑檔案安全機制繞過漏洞遭到利用超過一年，攻擊者用於散布數種竊資軟體 | iThome

Link

網路捷徑檔案安全機制繞過漏洞遭到利用超過一年，攻擊者用於散布數種竊資軟體 | iThome

Link

網路捷徑檔案安全機制繞過漏洞遭到利用超過一年，攻擊者用於散布數種竊資軟體 | iThome

Link

網路捷徑檔案安全機制繞過漏洞遭到利用超過一年，攻擊者用於散布數種竊資軟體 | iThome

Link

網路捷徑檔案安全機制繞過漏洞遭到利用超過一年，攻擊者用於散布數種竊資軟體 | iThome

Link

[Перевод] Использование Verified Permissions для реализации точной авторизации в высоконагруженных приложениях

Техники оптимизации функции авторизации в современных веб-приложениях. В статье рассматриваются эффективные подходы к управлению точной авторизацией с использованием Amazon Verified Permissions ( читай Cedar Engine ). Вы узнаете о техниках пакетной авторизации и кэширования ответов, которые помогут значительно повысить производительность и отзывчивость приложений. Читать

https://habr.com/ru/companies/bercut/articles/829576/

#авторизация #bercut #беркут #authz #authorization #Policyascode #вебприложения #web_application

[Перевод] Использование Verified Permissions для реализации точной авторизации в высоконагруженных приложениях

Техники оптимизации функции авторизации в современных веб-приложениях. В статье рассматриваются эффективные подходы к управлению точной авторизацией с использованием Amazon Verified Permissions ( читай Cedar Engine ). Вы узнаете о техниках пакетной авторизации и кэширования ответов, которые помогут значительно повысить производительность и отзывчивость приложений. Читать

https://habr.com/ru/companies/bercut/articles/829576/

#авторизация #bercut #беркут #authz #authorization #Policyascode #вебприложения #web_application

[Перевод] Использование Verified Permissions для реализации точной авторизации в высоконагруженных приложениях

Техники оптимизации функции авторизации в современных веб-приложениях. В статье рассматриваются эффективные подходы к управлению точной авторизацией с использованием Amazon Verified Permissions ( читай Cedar Engine ). Вы узнаете о техниках пакетной авторизации и кэширования ответов, которые помогут значительно повысить производительность и отзывчивость приложений. Читать

https://habr.com/ru/companies/bercut/articles/829576/

#авторизация #bercut #беркут #authz #authorization #Policyascode #вебприложения #web_application

💡 TIL that authorizing individuals (not groups) in #argocd via #OIDC needs to be enabled by extending the OIDC scopes to "email".

The default in the helm charts is "groups".

Default: https://artifacthub.io/packages/helm/argo/argo-cd/7.1.3?modal=values&path=configs.rbac.scopes

Source: https://github.com/argoproj/argo-cd/issues/2424

#authZ

Check out my latest post on the Cedar policy engine 🌲📝

Learn where common policy authoring mistakes can happen, and the solutions to those issues to help ensure you keep your authorization system secure 💪

#aws #cedar #authz

https://onecloudplease.com/blog/cedar-avoiding-the-cracks

Working on a project with non-InfoSec folks I was reminded that not everyone's gotten the message. All the contributors were accessing the collaboration platform with the admin's credentials ('cause it was easier than creating separate accounts). #sigh

#infosec #authn #authz #fail #meme

Excuse the hashtag spam, but I'm trying to find my tribe.

I'm interested in production deployments of ReBAC (relationship based access control) in "enterprise" environments.

Specifically, anyone who has worked on something similar to Google Zanzibar to authorize access into, not just "resources", but dynamic workflow/process driven APIs. Bonus if it is was in a SaaS setting, where each tenant has unique workflows.

#authz #spicedb #ory #keto #abac #rbac #auth0 #openfga

@VidmoOreda @nf3xn The scraper would just be grabbing and parsing the html off the page. API interaction isn't scraping and can require authN/authZ or be wide open. If the API doesn't require authN/authZ, then I don't see how any AUP is enforceable. (I still have a way to go on API security. I'm familiar with the use of OAuth tokens for authZ. I think OIDC can be used instead, which I think uses an OAuth token with a "wrapper" to add authN. Reckon JWT is in play for authN/authZ, as well.) #api #authn #authz