Single Sign-On (SSO) has become one of the most common ways for users to access applications and infrastructure. While there is a standard authentication protocol for SSO called OpenID Connect (OIDC), it’s missing a crucial security feature: the ability to bind public keys to identities. That’s why we created OpenPubkey — an open source project that enhances SSO security by introducing a cryptographic object known as a PK Token that binds public keys to identities. In this post, we’ll introduce OpenPubkey and share a few of its early use cases from Docker and BastionZero.
Making sure databases are secure is a non-negotiable part of a security team’s job. To make that happen, companies need zero trust failsafes to ensure only the right users get into the right databases. Unfortunately, while security teams build these systems with the best intentions, the systems themselves often become so complicated and have so many nested login requirements that they become liabilities of their own.
When your goal is to protect your customers' data and your application infrastructure, paranoia abounds. If everyone and everything you know is vulnerable to being compromised, who do you trust? No one. Especially not your business VPN, which has experienced a major fall from grace.