#openpubkey — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #openpubkey, aggregated by home.social.
-
SSH с авторизацией в Keycloak? Легко
Привет, уважаемый %username%! Уважаю твое личное время, поэтому без лишних слов - сразу к делу. В этой статье я кратко опишу, как настроить доступ к удаленному серверу по SSH с использованием Keycloak. Разберем, в чем преимущества этого решения, и что именно происходит в процессе такой авторизации.
-
### #Cloudflare open sources #OPKSSH to bring Single Sign-On #SSO to #SSH
This week, it was officially open-sourced under the umbrella of the #OpenPubkey project, itself became a #Linux Foundation open-source initiative in 2023, OPKSSH remained closed-source until now. Making it easy to #authenticate to #servers over SSH using #OpenID Connect (#OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.
-
### #Cloudflare open sources #OPKSSH to bring Single Sign-On #SSO to #SSH
This week, it was officially open-sourced under the umbrella of the #OpenPubkey project, itself became a #Linux Foundation open-source initiative in 2023, OPKSSH remained closed-source until now. Making it easy to #authenticate to #servers over SSH using #OpenID Connect (#OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.
-
### #Cloudflare open sources #OPKSSH to bring Single Sign-On #SSO to #SSH
This week, it was officially open-sourced under the umbrella of the #OpenPubkey project, itself became a #Linux Foundation open-source initiative in 2023, OPKSSH remained closed-source until now. Making it easy to #authenticate to #servers over SSH using #OpenID Connect (#OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.
-
#Cloudflare open-sourcing #OpenPubkey #SSH (OPKSSH): integrating single sign-on with SSH #OpenID #OIDC https://blog.cloudflare.com/open-sourcing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/
-
New highly nerdy and awesome blog on #openpubkey and #cryptography
https://www.bastionzero.com/blog/generalizing-openpubkey-to-any-identity-provider
-
Monster #OpenPubkey release from @ethan_heilman and the team at BastionZero and @docker today. https://www.bastionzero.com/blog/announcing-the-release-of-openpubkey-v0-3-0
-
Excited to share a new IETF internet draft that @bifurcation and I just submitted to the OAuth working group.
We introduce PIKA: Proof of Issue Key Authority, to solve a problem relevant to #openpubkey, #oidc and JWTs in general.
What's a PIKA and why do I care?
OpenPubkey uses PK Tokens to allow an OpenID Provider (OP) to bind user identities to user-held public keys. This essentially allows the OP to act like a certificate authority, without any changes to today's OIDC.
PK Tokens are signed by the OP's signing keys. But, OP's rotate their signing keys over time. What happens if we need to use a PK Token *after* the OP rotates signing key?
This is where the PIKA comes in.
In this draft, we introduce the PIKA and show how it can be combined with a timestamping authority to allow PK Tokens to be used even after the OP rotates it signing key. The PIKA is a secure object that allows you to cache the OP's key, and verify using the OP's key even if the OP is offline.
And that's why I got interested in this work.
But our solution is much more generic and widely applicable than to just OpenPubkey. PIKAs allow the verification of JWTs, ID Tokens and other OIDC Tokens without querying the OP directly. You can use them to reduce the load on a OP, or to build applications that require caching or historical information about OP keys. Historical information about signing key is a particularly important in #softwaresupplychain usecases.
We're still digesting all the different ways that PIKAs can be used. Feel free to get in touch if you have any feedback!
https://www.ietf.org/archive/id/draft-barnes-oauth-pika-00.html
-
Excellent program at @BSidesCambridgeMA today.
Excited to present #OpenPubkey and demo how to ssh using your OpenID identity without having to trust your identity provider.
HMU if you are at bsides today
-
#UnoLinux #linux #openpubkey
OpenPubKey, un nuovo protocollo crittografico open-source di BastionZero per zero-trust e autenticazioni senza password
https://www.laseroffice.it/blog/2023/10/27/openpubkey-un-nuovo-protocollo-crittografico-open-source-di-bastionzero-per-zero-trust-e-autenticazioni-senza-password/ -
Last week at #dockercon, we announced our partnership with BastionZero to work on #openPubkey. Today, you can learn more about our signing strategy for #docker official images.
https://www.docker.com/blog/signing-docker-official-images-using-openpubkey/
-
@linuxfoundation, BastionZero and Docker are excited to announce the launch of OpenPubkey as a Linux Foundation open source project. Together, we will expand the reach of #OpenPubkey and foster collaboration across #opensource.
Learn more: https://hubs.ly/Q024fN4w0
-
Time to hear about #OpenPubKey from James Carnegie and Ethan Heilman. #DockerCon
-
OpenPubkey Project launched by @linuxfoundation BastionZero and Docker https://www.fosslife.org/openpubkey-project-launched #OpenPubkey #BastionZero #Docker #LinuxFoundation #OpenSource #security #cryptography
-
That was quick. 😎
@linuxfoundation, BastionZero and @Docker Announce the Launch of the OpenPubkey Project
🤓👏
https://www.linuxfoundation.org/press/announcing-openpubkey-project
#DockerCon23 #DockerCon #DockerCommunity #docker🐋 #container #security #InfoSec #ZeroTrust #OpenPubkeyProject #OpenPubkey -
Linux Foundation, BastionZero and Docker Announce the Launch of the #OpenPubkey #Project
Cryptographic #protocol helps secure the #open source #software ecosystem with zero-trust #passwordless #authentication
https://www.linuxfoundation.org/press/announcing-openpubkey-project -
#Linux Foundation's Latest Open-Source Project: #OpenPubkey
-
Just dropped our paper on eprint: OpenPubkey. I welcome any questions/feedback replies
#OpenPubkey adds user-held public keys into OpenID Connect without breaking compatibility. This means users can create digital signatures on the web that are associated with their ID Tokens. Fully signed APIs here we come.
Our protocol is so compatible with existing IDPs that not only have we been using it in production with Google, Okta, and Microsoft IDPs for over a year, but that IDPs can't even tell that OpenPubkey is being used!