Janssen Project is a Digital Public Good
![](https://gluu.org/wp-content/uploads/2023/03/janssen-project-for-govt-1.jpg)
The Janssen Project has been included in the Digital Public Goods Alliance (DPG) Registry. The goal of the DPG Registry is to promote digital public goods and contribute to creating a more equitable world.
Multi Master Multi-Cluster LDAP (OpenDJ) replication in Kubernetes? A controversial view
![](https://gluu.org/wp-content/uploads/2024/04/Multi-Master-Multi-Cluster-LDAP-1024x597.jpeg)
OpenDJ is a Lightweight Directory Access Protocol (LDAP) compliant distributed directory written in Java. Many organizations use it as a persistence mechanism for their IAM systems.
Enhancing Secure Mobile Authentication with OAuth, Dynamic Client Registration, and DPoP
![Explanation of OpenID as a federated identity system, its role in third-party authentication, and the security concerns addressed through TLS connections. Emphasis on the challenges faced by first-party mobile applications, the preference for backchannel authentication, and the limitations of browser redirection. Insights into the need for a backchannel OAuth Code Flow grant for multi-step authentication processes, highlighted by the IETF draft, OAuth 2.0 for First-Party Native Applications. Additional security measures discussed include proof of possession tokens, app attestation, and the use of FIDO authentication for enhanced end-user security](https://gluu.org/wp-content/uploads/2024/03/1_9MVCusHmRQ5z91scOfwSAA.webp)
Discover the latest insights from Mike Schwartz on authentication protocols, including OAuth, Dynamic Client Registration, and DPoP, in this thought-provoking blog post.
The Ten Buts of Govstack’s Identity Building Block
![](https://gluu.org/wp-content/uploads/2024/02/ten-buts-2-1024x576.png)
Each Govstack specification offers a blueprint of a digital service landscape. Assuming you think this is possible, among the various Govstack specs, the most important is the GovStack Identity Building Block specification– because most governments that participate in the 50-in-5initiative will start their digital public infrastructure projects with “identity”.
“Workload Identity”: It’s SPIFFY, but Central Policy Management?
![Graphic depicting the concept of SPIFFY Mutual TLS (mTLS) securing workload identity and communication in a distributed system using SPIFFE and SPIRE standards. SPIFFE stands for Secure Production Identity Framework for Everyone, and SPIRE stands for SPIFFE Runtime Environment. The image illustrates the process of enforcing policies based on workload identities derived from X.509 client certificates within an East-West service mesh like Istio or Cilium. It also mentions the use of policy languages such as Cilium YAML and CEL, as well as the suggestion of using OPA or other Policy Decision Points (PDP) for managing enterprise policies. Additionally, the image highlights the overlap between mTLS workload identity and OAuth clients, mentioning RFC 8705 and RFC 9449 as potential mechanisms for binding OAuth access tokens to mutual-TLS certificates](https://gluu.org/wp-content/uploads/2024/02/pi-1.png)
SPIFFY Mutual TLS (mTLS) is a way to secure workload identity and communication in a distributed system using the SPIFFE and SPIRE standards. (see also: https://spiffe.io/) SPIFFE stands for Secure Production Identity Framework for Everyone, and SPIRE stands for SPIFFE Runtime Environment.
3 Ways Banks Secure their Open Banking APIs with Gluu
![](https://gluu.org/wp-content/uploads/2022/11/open-banking.png)
The Gluu Open Banking platform provides AISPs with the application security infrastructure to meet these new technologies and security requirements.
Strong Protection in the Era of Rising Threats
![](https://gluu.org/wp-content/uploads/2024/05/rising-threats-700.jpg)
Legacy Perimeter Entry and Exit points and Security Measures Have been Replaced
Is SSI needed for Web3?
![](https://gluu.org/wp-content/uploads/2022/07/Is-SSI-needed-for-Web3.png)
The following illustration is from an article published on Medium about efforts to develop a new European digital wallet. Interestingly, it makes a connection between wallets and Web 3 that I think deserves discussion.
Decentralized ID Part 3: Credential and DID Methods
![](https://gluu.org/wp-content/uploads/2022/06/decentralized-identity-scaled-1-1024x357.jpg)
In this installment, we will discuss two more vectors of complexity: the diversity credentials and blockchain identity resolution.
Decentralized Identity: Part 2 — Walletopia
![](https://gluu.org/wp-content/uploads/2022/06/decentralized-identity-scaled-2-1024x357.jpg)
In this installment, we will discuss two more vectors of complexity: the diversity credentials and blockchain identity resolution.