identity-security
Safeguard articles tagged "identity-security" — guides, analysis, and best practices for software supply chain and application security.
33 articles
mTLS (mutual TLS)
What is mTLS? A precise breakdown of mutual TLS authentication, how it differs from standard TLS, why service meshes depend on it, and how to handle certificate rotation.
OIDC (OpenID Connect)
A precise technical answer to "what is OIDC": how OpenID Connect extends OAuth 2.0 with ID tokens, federated identity, and token exchange to secure modern authentication.
Workload identity federation
What is workload identity federation? A precise breakdown of keyless cloud authentication, GitHub Actions OIDC, and short-lived credentials replacing static API keys.
JWT (JSON Web Token)
A JWT (JSON Web Token) is a compact, signed token used to prove identity and claims between systems. Here's how they work, and where they break.
PASETO tokens
PASETO tokens explained: what is PASETO, how PASETO vs JWT differs, and why platform-agnostic security tokens with versioned crypto are safer by design.
Zero trust architecture (ZTA)
A precise definition of zero trust architecture, the NIST 800-207 model, ZTNA vs VPN, and how zero trust principles apply to securing modern software supply chains.
How to set up mutual TLS (mTLS) between microservices
A step-by-step guide to configuring mTLS across microservices with Istio — from CA setup and PeerAuthentication policies to certificate rotation and verification.
How to rotate SSH keys safely
A step-by-step guide to rotating SSH keys without downtime: inventory existing keys, generate new pairs, cut over safely, revoke old keys, and verify nothing was missed.
Enterprise Cloud Security: Architecture and Program Design
Enterprise cloud security fails when it is treated as a tool purchase instead of an architecture. Here is how to design the layers, the ownership model, and the program around them.
What is Multi-Factor Authentication (MFA)
MFA blocks over 99% of credential-based attacks, but Uber, Cisco, and Twilio breaches show how push-bombing and AiTM phishing still get around it.
How to enable MFA on an AWS root account
A step-by-step guide to enabling MFA on your AWS root account, covering virtual MFA device setup, verification commands, troubleshooting, and ongoing security best practices.
How to implement zero trust network architecture
A practical, step-by-step guide to implement zero trust network architecture: identity, microsegmentation, posture checks, policy-as-code, and verification.