IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [identity-management]

49 questions
3
votes
3 answers

AWS S3 resource access control through IAM permissions or bucket policies?

The way we create buckets in our org and ensure sane ACLs around it is by providing an automated tool (that internally uses Terraform) to provision an S3 bucket. So say when a user requests for a new bucket, named testBucket we create a bucket named…
qre0ct
  • 1,492
  • 3
  • 19
  • 30
3
votes
1 answer

How can we show our end-users that we are trusted by a bank?

We are developing an website which serves end users of many organizations (banks , municipalities etc). We have already setup meetings with the banks and they've agreed to work with us. Ok so let's say that a user user1 of bank bank1 is entering…
Royi Namir
  • 351
  • 3
  • 12
2
votes
1 answer

What are proper security precautions when enabling multiple connected social accounts or login/authorization methods?

It is popular today for frameworks and social sites to enable multiple authorization options when creating websites. For example, allowing a user to login with GitHub, Twitter, Facebook, etc. In addition, identity verification using mobile…
Craig Smitham
  • 123
  • 3
2
votes
2 answers

Should every SAML identity provider provide a unique public certificate to the service provider?

When accepting public keys from someone setting up an identity provider for access to resources protected by a service provider using SAML 2.0, do you absolutely need to have a unique certificate? Is this covered in the SAML specifications? If they…
Dave
  • 21
  • 1
2
votes
0 answers

Have there been duplicate IMEI numbers?

Have there ever been reported cases of duplicate IMEI numbers, whether un-intentional or deliberate? Link to the Wikipedia description of the IMEI number or International Mobile Equipment Identity number
H2ONaCl
  • 924
  • 3
  • 10
  • 21
2
votes
1 answer

Alternative approaches to letting users identify themselves while maintaining privacy

This is kind of a weird question maybe, so let me explain a little background first that I hope is relevant. I work as a Developer/Analyst for an organization that operates in a federated model with a central authority, except I'm part of one of the…
Cowman
  • 123
  • 3
2
votes
0 answers

Is the 51% attack relevant for identity management systems based on proof-of-work?

51% Attack for Cryptocurrencies Cryptocurrencies using proof-of-work for the creation of consensus are vulnerable to the double-spending attack (51% attack), because an entity with more than 50% of the computing power can produce more work (longer…
problemofficer - n.f. Monica
  • 195
  • 9
2
votes
1 answer

Should pin numbers expire?

We're using pin number for username retrieval process. Similar to a standard bank solution where a user must enter their ssn and account number to get their username. Is it necessary to expire this pin number after six months or some other time?
pnkflydgr
  • 133
  • 2
2
votes
2 answers

Is my (Chrome) email address available to websites when I'm logged into Chrome?

When I'm logged into Chrome (e.g. with my Gmail account) can websites view/obtain the email address associated with my Google/Chrome account? For example, as a means to "recognize" me?
user174182
  • 41
  • 3
1
vote
1 answer

Is it safe to recycle unshredded credit card receipts?

Is it safe to recycle unshredded paper credit card receipts? Can identity theft be helped by data disclosed on most vendor's receipts?
amphibient
  • 157
  • 1
  • 6
1
vote
1 answer

Mobile applications and user data security

My question is in regards to user data stored within mobile applications, after dealing with security issues of hacked firmware and manipulated apps. Is there a system that prevents modification to the manifest file and privileges of an application?…
Mandy Pease Newberry
  • 11
  • 2
1
vote
1 answer

How is identity implemented?

When I join an organization or create a Gmail account, I am given an identity. What does the organization do to create my identity? Does it just create new pair of public key and private key? I tried to search the web for documents on the…
pnvn
  • 225
  • 1
  • 6
1
vote
2 answers

What is delegation, identity delegation, and delegated authorization, and what are the differences among them?

I've been writing up a guide to OAuth 2.0, OpenID Connect, and Identity Server 4 mostly for my own learning, drawing on several sources such as OAuth2 In Action, OAuth 2.0 Simplified, and CISSP: A Comprehensive Beginners Guide on the Information…
Jerreck
  • 121
  • 1
  • 5
1
vote
1 answer

Service Provider that requires elevation

Our identities are stored in a separate IdP (Azure AD in this case) and the applications are acting as Service Providers. MFA is triggered based on some rules (based on geoIP etc.). We are now about to add a new application which contain sensitive…
aquaman
  • 73
  • 5
1
vote
0 answers

Difference between IAG and IDM

What is the difference between Identity Management products (such as Forefront/MIM, PicketLink, OpenIDM) and Identity Access Governance tools (such as Sailpoint,Savyint, CyberArk)? Apologies for another one of these terminology questions, I did look…
aquaman
  • 73
  • 5
1
2
3 4