Categories
Blogs Federated Services Trust, Identity and Access Blogs UK Access Management Federation

Who’s supplying the keys?

  A recent incident affecting a small number of entities in the UK federation has alerted us to some issues related to the distribution of default cryptographic keys. The following advice applies to both service providers (SP) and identity providers (IdP). The risk of using a default key is that someone may impersonate you. As […]

Categories
Federated Services Trust, Identity and Access Blogs UK Access Management Federation

Federated Credential Manager (FedCM)

  User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not clobber other frameworks which protect privacy such as Single SignOn through the UK federation, SAML and OpenID Connect.  Problems and mitigations  Digital […]

Categories
Trust, Identity and Access Blogs UK Access Management Federation

Federated SSO: Monopolies for good?

Bear with me while we have a little history lesson. As anyone who has ever used an Inertial Navigation System knows, you can only get to where you want to be, by knowing where you are coming from… Coming of age in the 80’s, I had a few certainties. Liverpool FC always won, C15 blank […]

Categories
Trust, Identity and Access Blogs UK Access Management Federation

IdPs move to MDQ

IdP operators: consider using MDQ (metadata query) Configuring your self-hosted IdP to use MDQ (metadata query) has three key benefits: a reduced memory footprint mitigation against a class of disruptive errors as the size of metadata increases robustness against problematic metadata. Half of the IdPs in the UK federation use MDQ already. The UK federation […]