Session Timeout – another useless Security Brainchild?

English on January 7th, 2016 No Comments

A synonym for “timeout” is “break” or “pause”. Sounds like a good thing – in principle. When it comes to “session timeout” perception might be different. What exactly do we mean with “session timeout”? At OWASP you might find explanations similar to: Session timeout defines an action window which represents the time span in which […]

Tags: , , , ,

Enterprise Identity Bus Part 1

English on February 19th, 2015 No Comments

With the latest Identity Server 5.0.0 release WSO2 promotes the product as an “Enterprise Identity Bus” hinting at its flag ship product the “Enterprise Service Bus” (WSO2 ESB). The Identity Server (WSO2 IS), whose strength has always been the entitlement engine with decent XACML support and the availability of thrift interfaces together with WSO2′s 100% […]

Tags: , , , ,

Enterprise Identity Bus Part 2

English on February 19th, 2015 No Comments

The first step: Integrating in-house applications into a SSO system leveraging WSO2 as the identity server. In the last article we introduced the project requirements to get rid of an application identity silo environment and to introduce an identity hub infrastructure. In this blog we are going to tackle requirement A. A. Single Sign On […]

Tags: , , , ,

Enterprise Identity Bus Part 3

English on February 19th, 2015 No Comments

The second step: Account federations with cloud services and identity providers run by customers In the first article we introduced the project requirements to get rid of an application identity silo environment and to introduce an identity hub infrastructure. The second part dealt with building a Single Sign On infrastructure leveraging WSO2 Identity Server and […]

Tags: , , , ,

Enterprise Identity Bus Part 4

English on February 19th, 2015 No Comments

The third step: Enabling easy community registration and sign-on. In the first article we introduced the project requirements to get rid of an application identity silo environment and to introduce an identity hub infrastructure. The second part dealt with building a Single Sign On infrastructure leveraging WSO2 Identity Server and OpenID Connect Apache agents. The […]

Tags: , , , ,