Questions tagged [identity-management]
The identity-management tag has no usage guidance.
51
questions
0
votes
0
answers
128
views
URLs in JWT scope
During a pentest I have found a JWT that seems to be a refresh-token issued by some IAM software.
The scope field in the JWT lists all the applications as URLs that this token can be used to obtain ...
- 98
0
votes
1
answer
113
views
Using fingerprints everywhere to identify at physical, ID required, places
I was wondering why people can't just use fingerprints to retrieve all necessary documents where required.
What would be the problem with such form of authentication, which could be used via ...
1
vote
1
answer
97
views
Mobile applications and user data security
My question is in regards to user data stored within mobile applications, after dealing with security issues of hacked firmware and manipulated apps. Is there a system that prevents modification to ...
2
votes
0
answers
385
views
Have there been duplicate IMEI numbers? [closed]
Have there ever been reported cases of duplicate IMEI numbers, whether un-intentional or deliberate?
Link to the Wikipedia description of the IMEI number or International Mobile Equipment Identity ...
- 953
0
votes
2
answers
894
views
Why would a bus ticketing app require an Internet connection when you board the bus?
The bus company that I use (Arriva UK) is trying to persuade passengers to switch from buying paper tickets to tickets stored on their app. They are particularly pushing this for 'bus passes': tickets ...
- 162
1
vote
1
answer
146
views
How is identity implemented?
When I join an organization or create a Gmail account, I am given an identity.
What does the organization do to create my identity? Does it just create new pair of public key and private key?
I tried ...
- 225
0
votes
3
answers
159
views
What security concerns are there regarding website users inputting personal financial data without putting in personally identifying data?
I am a web developer, but I have only a rudimentary grasp of security, e.g., be careful to sanitize inputs, store as little user data as possible, encrypt passwords, keep up with security issues of ...
- 103
0
votes
0
answers
173
views
What is multi-party federation?
I am asked to prepare a write up on Identity Federation. I have nearly completed the write up. There is a term multi-party federation which I am confuesed at. Does it simply mean alloting multiple ...
- 1,462
1
vote
2
answers
39k
views
Someone is using my email to create online accounts; what should I do? [duplicate]
I suspect it’s an attempt at getting into an existing account using a leaked email/password combo. I update my passwords regularly and do not reuse, so I don’t think the attack will be successful, but ...
- 119
0
votes
1
answer
310
views
AWS IAM policies that differentiate between console & access key access
Question:
How can an AWS IAM policy be devised to differentiate between a console (web) and access key (API) access?
Use Case:
Say, I want to allow the a certain group of users full IAM privileges ...
- 1
2
votes
1
answer
144
views
Alternative approaches to letting users identify themselves while maintaining privacy
This is kind of a weird question maybe, so let me explain a little background first that I hope is relevant.
I work as a Developer/Analyst for an organization that operates in a federated model with ...
- 123
1
vote
2
answers
2k
views
What is delegation, identity delegation, and delegated authorization, and what are the differences among them?
I've been writing up a guide to OAuth 2.0, OpenID Connect, and Identity Server 4 mostly for my own learning, drawing on several sources such as OAuth2 In Action, OAuth 2.0 Simplified, and CISSP: A ...
- 121
1
vote
1
answer
136
views
Service Provider that requires elevation
Our identities are stored in a separate IdP (Azure AD in this case) and the applications are acting as Service Providers. MFA is triggered based on some rules (based on geoIP etc.). We are now about ...
- 93
0
votes
1
answer
211
views
Google Cloud IAM login to linux machines
Is it true that in GCP, accounts that will be used to log in to linux machines can be provisioned in Google Cloud IAM? And if so, how is it achieved (i.e. using directory services or by amending etc ...
- 93
0
votes
1
answer
118
views
a chain of 3 federated IdPs
My client has 5 different identity and access management solutions. Until now they have been asking each one of their suppliers to add 5 trusted parties to their IAM solution, implement different URLs ...
- 93