Categories
Blogs Federated Services Trust, Identity and Access Blogs UK Access Management Federation

Who’s supplying the keys?

  A recent incident affecting a small number of entities in the UK federation has alerted us to some issues related to the distribution of default cryptographic keys. The following advice applies to both service providers (SP) and identity providers (IdP). The risk of using a default key is that someone may impersonate you. As […]

Categories
Federated Services Trust, Identity and Access Blogs UK Access Management Federation

Federated Credential Manager (FedCM)

  User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not clobber other frameworks which protect privacy such as Single SignOn through the UK federation, SAML and OpenID Connect.  Problems and mitigations  Digital […]

Categories
Federated Services T&I Consultancy Trust, Identity and Access Blogs UK Access Management Federation

Are you making the most of your Shibboleth IdP?

We all know how it goes. We face a challenge, we find a solution, we implement it, and if we’re lucky – it works! Before you know it – the successful solution is all but forgotten. Neglected. A distant memory in the chaos of the day-to-day; buried beneath a pile of new challenges that we’re […]

Categories
Federated Services Trust, Identity and Access Blogs

Federated access: why do I need it?

One of the many impacts of the post-COVID 19 pandemic in the library space was the increase in demand for remote access to electronic resources. This, however, is not enough. For libraries to get better engagement and more resource usage from their patrons, there is also the need for a high-quality user experience, where resources […]