Welcome to the “Authorize” clipping service, a precursor to an upcoming “Authorize” conference. This service is provided by volunteer authorization nerds who want more people to know about all the cool stuff that’s going on in the authorization world! Here’s all the news you need to know…
📅 Happening right now:
Calling all public speakers: EIC and Identiverse are open for proposals. CFPs close in January - don’t let the opportunity pass you by!
IETF OAuth working group adopted drafts for Transaction Tokens and Identity Chaining
➿ The neverending authz story:
have you ever heard of continuous authorization? StrongDM just launched it, and it’s based on Cedar, Amazon’s provably secure authorization language. Amazing new functionality.
📺 On tape:
Need a basic video primer on authorization? Dev++ has got your back.
📻 On air:
The Dynamically Speaking podcast has a new episode on entitlements, the AuthZEN working group at OpenID Foundation, and the increased presence of authorization as a topic and solution at industry events
New Authorization in Software podcast episode: Deep Dive into OPAL - OPAL responds to policy and data changes, and pushes live updates to your agents, bringing open-policy up to the speed needed by live applications.
📰 Your commute read:
One size doesn’t fit all. 🧢Is authorization like a baseball cap ? Do we have different models? Alex Babeanu and Tariq Shaikh have the answer in IDPro’s latest blog post: A Taxonomy of Modern Authorization Models.
Need to spice up your commute? Check out this epic battle as OPA and Zanzibar FIGHT it out
This is not a joke. Learn how to implement proper authorization for a healthcare app with the help of Galactic Health Corporation - a Rick & Morty inspired healthcare application.
It’s almost (almost) tax season. The SSO tax is killing trust in the security industry | CSO Online
If you’re an authorization nerd and an IDPro member, join our discussions in the IDPro Slack #authorization channel! Want to help write this newsletter and organize the conference? Find Sarah Cecchetti on LinkedIn and ask for an invite.
hey! i know those strongdm peeps! thanks for the shout out!
I could be wrong, but I fell Txn-Tokens are unnecessary. Maybe I need an additional example use case for it. I feel with the existing token exchange grant you can accomplish what's needed. Why introduce a new type of token? Curious if anyone else has thoughts on this.