Episode 31: The Three Wallet Problem
Decentralized identity wallets are the keys to unlocking vast potential business value. But when misaligned with user expectations, wallets become a closed valve to hold back the rising tide. The implications of the “Three Wallet Problem are profound. If you are interested in decentralized identity adoption, you won’t want to miss this pivotal Identerati Office Hours episode!
Episode 30: OpenFGA Deep Dive
OpenFGA (Open Fine-Grained Authorization) is a CNCF sandbox project designed to provide scalable, fine-grained access control for applications. It is based on the Zanzibar model, originally developed by Google, which offers flexible and expressive policy management. Developers might prefer OpenFGA over other authorization solutions due to its ability to handle complex relationships and permissions with high performance and low latency, making it suitable for large-scale, real-time systems. In this episode, we’ll do a deep dive on OpenFGA to help identerati understand the current state and future promise.
Episode 29: Deploying passkeys for high-security use cases
“Synced passkeys” offer a convenient way to authenticate across devices – similar to how consumers have learned to authenticate with passwords. For organizations with high security needs, however, the duplication of keys and lack of control when introducing new devices poses a compliance challenge. Additionally, the lack of granularity when suspending or revoking multi-device credentials adds complexity to practical implementations.
The good news is that there are strategies for overcoming these challenges, making it possible for banks, fintechs, mobile network operators, and other industries with high security needs to leverage the benefits of passkeys as part of their passwordless journey.”
Episode 07: BlastRADIUS: It’s time to upgrade the world.
The recent BlastRADIUS vulnerability has hit the world by storm. The impact is that every switch, router, VPN concentrator, access point controller, etc. world-wide has to be udpated. In this podcast, we interview Alan DeKok, the founder of FreeRADIUS and InkBridge Networks. Alan is acknowledged as the world expert in the RADIUS protocol, and was the first person that contacted when the researchers found the issue. We will discuss the history of the RADIUS protocol, this issue, and what vendors and system administrators have to do in order to address the vulnerability. In short, don’t panic! Listen to the podcast, and you will find out what to do.
Episode 28: Transparency Performance Schema for Regulators
Enterprises commonly use terms and conditions and data sharing agreements that do not legally manage consent. The “Transparency Performance Schema for Regulators” (TPS4R), developed at Kantara, is a framework designed to provide a standardized approach for enterprises to report and demonstrate their compliance with regulatory requirements related to data transparency and privacy. The schema focuses on performance metrics and transparency reporting, aiming to facilitate clear communication between enterprises and regulatory bodies.
Episode 27: Holy Grail A Physical and Logical Access Card
There are a bunch of FIDO keys in the card form factor, but most of them don’t have an HID antenna to open door locks. Combining biometric and phsyical access is a game changer for physical access control–no more card sharing.
Episode 26: Shared Signals / CAEP
Shared Signals wants to limit the damage of compromised accounts used from one website to gain access to accounts on another website. CAEP uses the Shared Signals event framework to defines some typical events: Session Revoked, Credential Change, Assurance Level Change, Device Compliance Change, Session Established.
Episode 25: Empowering Authorization Through Data
Authorization decisions are only as good as the data used to make them. An identity data fabric, identity data lake, or master user record pulls data from many sources, which it prioritizes by authoritative ranking by data element.
Episode 017: Agama Low Code Identity Orchestration
Agama is a domain specific language (“DSL”) for identity orchestration. It’s governed at the Linux Foundation Janssen Project. There is also an Agama project archive format, which is a standard way to package all the assets required by an IDP to run an Agama Project.
Episode 24: Enhancing User Experience in First Party Native Applications
In native mobile applications, authentication often involves redirecting users to an external browser to complete the login process. This approach disrupts the seamless user experience that mobile app users expect.