Justin Richer – Medium

Justin Richer

GNAP: A Conversation of Authorization

After five years of standardization work, GNAP is now officially RFC9635! This long and intense process actually started a few years prior…

Oct 9

GNAP: A Conversation of Authorization

Oct 9

Making Bubbles: Re-connecting

If a set of accounts live in isolation forever, what happens to those accounts only matters within that isolated system. But when we make a…

Sep 6

Making Bubbles: Re-connecting

Sep 6

Making Bubbles: Three Stages of Identity

One of the key aspects to the bubbles model for federated identity systems is the fact that within the bubble, the account for each user is…

Jul 11

Making Bubbles: Three Stages of Identity

Jul 11

Making Bubbles

About a year ago, I wrote about a new concept I’d started to develop: a new way to look at how we view account provisioning, and how we use…

Jun 24

Making Bubbles

Jun 24

Applying RAR in OAuth 2 (and GNAP)

The Rich Authorization Request extension to OAuth 2, or RAR, is a way to talk about access in the OAuth space beyond what scopes allow, and…

Feb 22

Applying RAR in OAuth 2 (and GNAP)

Feb 22

Discovery, Negotiation, and Configuration

Interoperability is a grand goal, and a tough problem to crack. After all, what is interoperability other than independent things just…

Dec 14, 2023

Illustration of many plugs (generated by DALL-E)

Dec 14, 2023

Federation Bubbles

We’ve spent decades building up systems that identify people and devices, and interconnect all of them. We’ve built systems that let us…

Aug 4, 2023

Federation Bubbles

Aug 4, 2023

What happened to MITREid Connect?

MITREid Connect was, at one time, one of the top open source implementations of OpenID Connect and OAuth 2.0. Written in Java and targeted…

May 2, 2023

What happened to MITREid Connect?

May 2, 2023

The GNAPathon

At the recent IETF 113 meeting in Vienna, Austria, we put the GNAP protocol to the test by submitting it as a Hackathon project. Over the…

Apr 11, 2022

Apr 11, 2022

Signing HTTP Messages

There’s a new draft in the HTTP working group that deals with signing HTTP messages. Why is it here, and what does it give us?

May 4, 2021

Signing HTTP Messages

May 4, 2021

Justin Richer

Justin Richer

Justin Richer is a security architect and freelance consultant living in the Boston area. To get in touch, contact his company: https://bspk.io/

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams