Categories
Blogs Federated Services Trust, Identity and Access Blogs UK Access Management Federation

Who’s supplying the keys?

  A recent incident affecting a small number of entities in the UK federation has alerted us to some issues related to the distribution of default cryptographic keys. The following advice applies to both service providers (SP) and identity providers (IdP). The risk of using a default key is that someone may impersonate you. As […]

Categories
Federated Services Trust, Identity and Access Blogs UK Access Management Federation

Federated Credential Manager (FedCM)

  User tracking for digital marketing can violate user privacy on the web. Now that browser vendors are looking to implement methods to stop user tracking, we must ensure these methods do not clobber other frameworks which protect privacy such as Single SignOn through the UK federation, SAML and OpenID Connect.  Problems and mitigations  Digital […]

Categories
Federated Services T&I Consultancy Trust, Identity and Access Blogs UK Access Management Federation

Are you making the most of your Shibboleth IdP?

We all know how it goes. We face a challenge, we find a solution, we implement it, and if we’re lucky – it works! Before you know it – the successful solution is all but forgotten. Neglected. A distant memory in the chaos of the day-to-day; buried beneath a pile of new challenges that we’re […]

Categories
Domain Registry Trust, Identity and Access Blogs

How secure are your domains?

A domain name is a very important asset to an organisation. They help to establish a unique identity for your website and represent your brand, so keeping them secure is key. If the domain is not secured properly, it is at a higher risk of being hijacked.  This is particularly important as domains are a […]

Categories
Trust, Identity and Access Blogs

How to improve email security with S/MIMEs

Phishing attacks are on the rise again, with some 83% of organisations experiencing a successful email-based phishing attack in 2021, up from 57% in 2020, according to Proofpoint’s 2022 State of the Phish report.   What’s more, more than 65% of respondents also reported spear fishing and business email compromise (BEC) attacks, with 11% experiencing 10 […]

Categories
Trust, Identity and Access Blogs

10 FAQs about the Jisc Certificate Service

When the world doesn’t feel stable, make sure your website is with a Jisc SSL certificate! In this blog post, Emily Brown, Trust and Identity Co-ordinator, gives us her round up of the 10 most frequently asked questions from the certificates help desk. How to sign up? How does pricing work? How do I initiate […]

Categories
Trust, Identity and Access Blogs

What are SSL certificates, and why do we need them?

You might have overheard your IT team talking about certificates and wondered what they’re referring to. Have they completed a new course and are showing off to their team? Surely not, but then how can a website use a certificate? In this blog we explore what SSL certificates are, why you need them, and how […]

Categories
Trust, Identity and Access Blogs UK Access Management Federation

Federated SSO: Monopolies for good?

Bear with me while we have a little history lesson. As anyone who has ever used an Inertial Navigation System knows, you can only get to where you want to be, by knowing where you are coming from… Coming of age in the 80’s, I had a few certainties. Liverpool FC always won, C15 blank […]

Categories
Federated Services Trust, Identity and Access Blogs

Federated access: why do I need it?

One of the many impacts of the post-COVID 19 pandemic in the library space was the increase in demand for remote access to electronic resources. This, however, is not enough. For libraries to get better engagement and more resource usage from their patrons, there is also the need for a high-quality user experience, where resources […]

Categories
T&I Consultancy Trust, Identity and Access Blogs

Learning and collaboration depend on trust

Providing seamless access to digital services is a critical part of the IT team’s role in higher education (HE) and further education (FE). When a lecturer struggles to access wifi on a remote campus, or a student can’t work out how to access digital course materials quickly, the result is a barrier to learning and […]