On Sunday 10, 2016, OAuth Security Advisory: Authorization Server Mix-Up was issued. Nov Matake wrote an excellent article about it in Japanese. To help understand the…View More IdP Mix-up Attack on OAuth [RFC6749]
Public Review of UMA 0.9 is going on
June 24: The three main UMA Version 0.9 specifications – UMA Core , OAuth Resource Set Registration , and UMA Claim Profiles – are out for a45-day public review period ending September 6 at 17:00…View More Public Review of UMA 0.9 is going on
New vulnerability on OpenSSL found
A new bug in OpenSSL was found by Masashi Kikuchi of Lepidum. It affects all versions of OpenSSL earlier than 1.0.1. For details, please refer…View More New vulnerability on OpenSSL found
Is Facebook “Like” button tracking you?
Since I am using it on this blog also, I probably should not talk loudly, but I feel creepy about the Facebook “Like” button. If…View More Is Facebook “Like” button tracking you?
OpenID Connect Stripped down to just “Authentication” (aka OAuth Authentication)
So, OpenID Connect provides a lot of advanced facilities to fulfill so many additional feature requested by the member community. It indeed is full of…View More OpenID Connect Stripped down to just “Authentication” (aka OAuth Authentication)