Categories
Trust, Identity and Access Blogs

FedCM Update January 2024

Introduction Since the Research and Education (R&E) hackathon in February last year, the Federated Credential Management API (FedCM) API has moved to the point where its basic functionality has been included in Google Chrome and most Chromium-based web browsers such as Microsoft Edge. It’s become clearer that the main consumer of FedCM is Google themselves, specifically […]

Categories
Trust, Identity and Access Blogs

Your FAQ guide to the 90-day change

Get ready for the 90-day change FAQ roundup! You might have heard that Google have signalled their intent to drive through the reduction from 398-day to 90-day certificate lifecycles, as the new standard.  The timeline for this change is not yet clear. However, Certificate Authorities such as Sectigo, GlobalSign and Digicert have been advising people […]

Categories
Trust, Identity and Access Blogs

Navigating change: An update on 90-day Certificates

If you missed the news, Google have signalled their intent to drive through the reduction from 398-day to 90-day certificate lifecycles, as the new standard. This update was provided as part of their ‘Moving Forward, Together’ plan, in March 2023.    The anticipation of diminishing certificate lifespans has been a long-standing prediction. And indeed, it seems […]

Categories
Trust, Identity and Access Blogs

Securing the Digital Realm: Navigating the New Age with Updated Code Signing Certificates

Today, we’re excited to share some important updates regarding our code signing certificate process on the Sectigo portal. Due to the latest regulations introduced by the CAB Forum, Sectigo have enhanced their procedures to ensure the utmost protection for your code signing certificates. These changes are designed to minimise the risk of misuse and safeguard […]

Categories
Trust, Identity and Access Blogs

Self-Sovereign Identity in the Research and Education Community

Digital Wallets, Verifiable Credentials, and Decentralized Identifiers were a common theme of the European Identity Conference in 2023. All of which help underpin ideas of digital sovereignty. Digital sovereignty can apply to either you as an individual, the organization you belong to, or to the geopolitical region you are a citizen of. The sovereignty of […]

Categories
Trust, Identity and Access Blogs

ACME

Are you looking for automation when it comes to managing your SSL Certificates? Then you have had most likely heard of the ACME protocol. But what is it and how does it work? In this blog post, we will give you all the information you need on the ACME protocol and why it is important […]

Categories
Trust, Identity and Access Blogs

90-day Certificates Are Coming….

If you haven’t heard, Google are driving through the reduction from 398-day to 90-day certificate lifecycles, as the new standard, whether the rest of us are ready for it or not! This is ultimately a good move for consumers though, as they’re seeking improve browser cyber security for internet users, through automated certificate management. Still, […]

Categories
Blogs Federated Services Trust, Identity and Access Blogs UK Access Management Federation

Who’s supplying the keys?

  A recent incident affecting a small number of entities in the UK federation has alerted us to some issues related to the distribution of default cryptographic keys. The following advice applies to both service providers (SP) and identity providers (IdP). The risk of using a default key is that someone may impersonate you. As […]

Categories
Federated Services Trust, Identity and Access Blogs UK Access Management Federation

Federated Credential Manager (FedCM)

  User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not clobber other frameworks which protect privacy such as Single SignOn through the UK federation, SAML and OpenID Connect.  Problems and mitigations  Digital […]

Categories
Federated Services T&I Consultancy Trust, Identity and Access Blogs UK Access Management Federation

Are you making the most of your Shibboleth IdP?

We all know how it goes. We face a challenge, we find a solution, we implement it, and if we’re lucky – it works! Before you know it – the successful solution is all but forgotten. Neglected. A distant memory in the chaos of the day-to-day; buried beneath a pile of new challenges that we’re […]