Jeff Lombardo
Jeff Lombardo
Hi, I try to build a Centos 6.10 slim image to understand the process of Docker slim. All is run in docker in docker image from Gitlab CI. I unfortunately...
there are some discrepancies on the guidance for the forms of authentication with https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63B-4.2pd.pdf
Please refer to https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics
We are dealing with an important security domain here and most of content presented, with the objective of explaining the underlying mechanisms, fell short of ensuring a secure end state...
While other sections like password storage are giving recommendations of libraries usage to support security functions, the OAuth2/OpenID Connect sections don't do the same. This should link to OIDC certified...
NIST's ABAC SP 800-162 mention in the spec is not an hyperlink to the document.
as per request from @baboulebou and @vladiber during WG meeting of 04/22, the metadata document shall have a dedicated attribute to allow the policy decision point to expose which additional...
While AuthZEN is not guiding nor enforcing towards a specific Authentication mechanism for the the PEP towards the PDP, the specification should be more prescriptive on the format of the...
In section 7.1.2.1.1 https://openid.github.io/authzen/#name-example-evaluate-read-actio, if one wants to use `deny_on_first_deny` or `permit_on_first_permit`, it means that there are some relations in between the requests: here the subject is the same. Therefore,...