Photo by Jose Fontano on Unsplash Access control plays a vital role in a multiple user environment where it is critical to ensure that people can only access what they need by placing the restrictions accordingly. Access control regulates which users, applications, and devices can add, edit, view and delete resources in an organization’s environment to protect sensitive data from misuse, theft, abuse, and other threats. However, choosing a relevant access control model can be tricky. The process of choosing and deploying an access control model looks different for each organization ..read more

As Engineering Systems become more complex, architects, designers and developers have to think about ways to optimize their systems for simplicity, performance and resilience. A common approach is to view engineering systems as two logical constructs the Control Plane and the Data Plane. Separating Data Plane and control plane The approach of separating the control plane from the data plane was first made popular in the networking domain. This terminology can be applied into engineering and applied the principles set out by networking to describe a way of separating logical parts of ..read more

In my previous blog, I went through the the basic difference between SQL vs. NoSQL vs. NewSQL. As promised, in this blog I will explore more about NoSQL along with the comparison of NoSQL Database types. NoSQL stands for Not only SQL. NoSQL Databases are also known as non-relational databases that don’t require a fixed schema. Users can create databases with flexible schema and can scale up evenly without much of a stretch. NoSQL information bases are largely utilized for BigData and ongoing applications. NoSQL database processes information in a distributed manner and can oblige tremend ..read more

Adapting to the changing requirements, database management systems pursues to evolve. In this blog, I will show you the prominent difference between SQL vs. NoSQL vs. NewSQL. Sometimes back NoSQL was solution to the limitations initiate by the relational database management systems. NoSQL was originally designed to provide fast scalability when dealing with unstructured data platforms or handle Big Data applications. But with the dramatic change of the requirements, the major drawbacks discussed below was identified. That is where NewSQL stole the spot light. NewSQL is a relational datab ..read more

Nowadays data privacy has gained a massive attention and crucial value which results to have many data regulations for users to take the ownership of their own data to control how businesses utilizing those data. Therefor to accommodate this increased user awareness, businesses needs to provide significant transparency towards collecting the consumer data and the way those data going to be used. At this point, consent management steals the spotlight which defines the strategy to gain the consumer’s consent to manage, use, store or share the consumer’s data. Through this blog, I’m going to exp ..read more

WSO2 Identity Server can be configured to provision users to marketing solutions via outbound provisioning connectors. Solutions supporting SCIM can be directly integrated with Identity Server. For solutions that have proprietary APIs, the product supports configuring one or more outbound provisioning connectors. Provisioning requests can be sent to the marketing solutions to create/convert leads using the WSO2 Enterprise Integrator (EI). The integrator provides a number of pre-built connectors (eg: Hubspot, Pardot, Marketo) which can be used to integrate with marketing solutions. If your bus ..read more

How to write a Custom Introspection Data Provider — WSO2 Identity Server Photo by Fotis Fotopoulos on Unsplash OAuth 2.0 Token Introspection defines a protocol that allows authorized protected resources to query the authorization server to determine the set of metadata for a given token that was presented to them by an OAuth Client. You can refer WSO2 documentation of “Invoke the OAuth Introspection Endpoint” to get more detail on invoking OAuth 2.0 Token Introspection. Recently, I wrote a Custom Introspection Data provider to inject some claims to introspection response. Let me shar ..read more

Last year I did an analysis on the draft specification of the JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens. In this month, the RFC for the specification(rfc9068) is officially released. Therefore let me share some interesting facts that I have identified, based on the authorization servers perspective in the newly released JWT Profile for OAuth 2.0 Access Tokens specification. Why do we need this specification… Eventhough the specification(rfc7519) of OAuth 2.0 Authorization Framework does not mandate any specific format for access tokens, in-market use, many commercial OAuth 2.0 ..read more

Just in time provisioning (JIT) is provisioning users to the Identity Server when user tries to log into an application through federated IDP such as Google, Facebook, GitHub, etc. Before look into JIT provisioning, let’s get a brief idea about provisioning types available in the WSO2 Identity Server provisioning framework. Inbound provisioning: Inbound provisioning is about, provisioning users or groups in to the WSO2 Identity Server by an external application/service providers. Inbound provisioning requests can come in the form of SCIM or SOAP. For more information, see Inbound provisionin ..read more

Through this article, I’m going to take a deep dive into time based one time password which is commonly known as TOTP. First thing first. Let’s start with the basics What is two factor authentication? The following factors are the three commonly accepted authentication factors, used to prove your identity when logging into a service. Something you know[Knowledge]— Password or PIN, etc. Something you have[Possession] — A trusted device with secret key, etc. Something you are[Inherence] — Fingerprint or face detection, etc. If hackers remotely steal your knowledge factor (e ..read more