logo-green.png

Enhancing Secure Mobile Authentication with OAuth, Dynamic Client Registration, and DPoP

Explanation of OpenID as a federated identity system, its role in third-party authentication, and the security concerns addressed through TLS connections. Emphasis on the challenges faced by first-party mobile applications, the preference for backchannel authentication, and the limitations of browser redirection. Insights into the need for a backchannel OAuth Code Flow grant for multi-step authentication processes, highlighted by the IETF draft, OAuth 2.0 for First-Party Native Applications. Additional security measures discussed include proof of possession tokens, app attestation, and the use of FIDO authentication for enhanced end-user security

đź”’ Discover the latest insights from Mike Schwartz on authentication protocols, including OAuth, Dynamic Client Registration, and DPoP, in this thought-provoking blog post. OpenID is a federated identity system designed to support a third party that needs to verify a person’s identity within your domain. For example, an e-commerce website may wish to offer social […]

The Ten Buts of Govstack’s Identity Building Block

Each Govstack specification offers a blueprint of a digital service landscape. Assuming you think this is possible, among the various Govstack specs, the most important is the GovStack Identity Building Block specification– because most governments that participate in the 50-in-5initiative will start their digital public infrastructure projects with “identity”. But the Govstack identity initiative is […]

Detachable IDP: Keycloak for wandering workgroups

Detachable IDP: Keycloak for wandering workgroups by Michael Schwartz, CEO of Gluu What’s great about Keycloak is that it’s an “all in one container” that has SAML, OpenID and even some old school web access management features, like Realms and RBAC policies. It also has a small memory footprint because it uses the minimalistic Quarkus […]

Is SSI needed for Web3?

The following illustration is from an article published on Medium about efforts to develop a new European digital wallet. Interestingly, it makes a connection between wallets and Web 3 that I think deserves discussion.