You may have heard that Google has announced their intention to implement a new standard, reducing certificate lifecycles from 398 days to 90 days. You also may have heard that this change was being implemented in 2024. The exact timeline for this change remains uncertain. However, Certificate Authorities like Sectigo, GlobalSign, and Digicert strongly advise […]
Category: Trust, Identity and Access Blogs
Introduction Since the Research and Education (R&E) hackathon in February last year, the Federated Credential Management API (FedCM) API has moved to the point where its basic functionality has been included in Google Chrome and most Chromium-based web browsers such as Microsoft Edge. It’s become clearer that the main consumer of FedCM is Google themselves, specifically […]
Get ready for the 90-day change FAQ roundup! You might have heard that Google have signalled their intent to drive through the reduction from 398-day to 90-day certificate lifecycles, as the new standard. The timeline for this change is not yet clear. However, Certificate Authorities such as Sectigo, GlobalSign and Digicert have been advising people […]
If you missed the news, Google have signalled their intent to drive through the reduction from 398-day to 90-day certificate lifecycles, as the new standard. This update was provided as part of their ‘Moving Forward, Together’ plan, in March 2023. The anticipation of diminishing certificate lifespans has been a long-standing prediction. And indeed, it seems […]
Today, we’re excited to share some important updates regarding our code signing certificate process on the Sectigo portal. Due to the latest regulations introduced by the CAB Forum, Sectigo have enhanced their procedures to ensure the utmost protection for your code signing certificates. These changes are designed to minimise the risk of misuse and safeguard […]
Digital Wallets, Verifiable Credentials, and Decentralized Identifiers were a common theme of the European Identity Conference in 2023. All of which help underpin ideas of digital sovereignty. Digital sovereignty can apply to either you as an individual, the organization you belong to, or to the geopolitical region you are a citizen of. The sovereignty of […]
ACME
Are you looking for automation when it comes to managing your SSL Certificates? Then you have had most likely heard of the ACME protocol. But what is it and how does it work? In this blog post, we will give you all the information you need on the ACME protocol and why it is important […]
If you haven’t heard, Google are driving through the reduction from 398-day to 90-day certificate lifecycles, as the new standard, whether the rest of us are ready for it or not! This is ultimately a good move for consumers though, as they’re seeking improve browser cyber security for internet users, through automated certificate management. Still, […]
A recent incident affecting a small number of entities in the UK federation has alerted us to some issues related to the distribution of default cryptographic keys. The following advice applies to both service providers (SP) and identity providers (IdP). The risk of using a default key is that someone may impersonate you. As […]
User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not clobber other frameworks which protect privacy such as Single SignOn through the UK federation, SAML and OpenID Connect. Problems and mitigations Digital […]