HackerTrans
TopNewTrendsCommentsPastAskShowJobs

vinckr

no profile record

Submissions

The Agentic Trust Framework: Zero Trust Governance for AI Agents

cloudsecurityalliance.org
1 points·by vinckr·5 mesi fa·0 comments

comments

vinckr
·2 mesi fa·discuss
Has that law ever been enforced ? (e.g. taking away a FOSS or other project that someone wrote in their own time)
vinckr
·2 mesi fa·discuss
in most cases you dont need explicit permission but you need to sign a CLA (Individual Contributor License Agreement) - which kind of includes permission
vinckr
·2 mesi fa·discuss
Coming from Germany I found it funny how tiny the subway lines are in major cities in the US compared to medium-sized cities here.

I always thought Germany was a country centered a lot around cars but it was so much more extreme in the states; seemed not possible to live in a city(!) without a car.
vinckr
·2 mesi fa·discuss
Personally I hate magic links via email with a passion and will actively avoid products that have this as the only authentication method
vinckr
·2 mesi fa·discuss
I don't think we can let that one go so easily, since they might not be scanning for ad targeting (pinky promise?) - but they most certainly will slurp everything up for their AI stuff: https://blog.google/products-and-platforms/products/gmail/gm...
vinckr
·2 mesi fa·discuss
How is it obvious that this project bought starts on GitHub?
vinckr
·5 mesi fa·discuss
Very cool, thanks for sharing. Feel free to add it to https://github.com/ory/awesome-ory !
vinckr
·6 mesi fa·discuss
> Tickets cannot be moved between trackers

You can convert an issue to a discussion and vice versa, so no duplication is needed and your notification should be preserved.

Or do you mean something else?
vinckr
·7 mesi fa·discuss
after clicking on your link I browsed twitter for a minute and damn that place has become weird (or maybe it always was?)
vinckr
·7 mesi fa·discuss
I think most commit messages use conventional commits (https://www.conventionalcommits.org/en/v1.0.0/) - I found them to be quite useful for creating structures commit messages.

I think gitmore could be improved if it used the conventional commits specification, there is a reason almost everyone uses them.
vinckr
·8 mesi fa·discuss
These are fair concerns, and I want to clarify what's included versus what's paid.

The confusion here is about two different types of SSO:

_Admin SSO (for managing Ory itself)_ - Ory is fundamentally an API. For self-hosted deployments, you control access however you want - through your infrastructure, reverse proxy, or using Ory Polis. This is not gated.

_Organizations SSO (for your end users)_ - This is the paid feature. It allows your B2B customers to bring their own identity provider. If you're building a SaaS product and BigCorp wants their employees to authenticate using Okta or Azure AD, Organizations handles that federation.

The distinction matters because maintaining integrations with enterprise IDPs is continuous work. For example Google randomly changes their OIDC implementation on a Saturday evening. Someone needs to wake up and fix that. For products serving other businesses at scale, that operational burden is real.

Organizations is one of the few areas where we charge, specifically targeting the B2B SaaS use case. If you're self-hosting for internal use or building a consumer product, you don't need Organizations. If you're selling to enterprises that require SSO, you're generating revenue to support the cost.
vinckr
·8 mesi fa·discuss
if you leave the admin APIs unsecured in production it is an attack vector, not sure what you would prefer being told here?

It says "When deploying Ory open-source Servers, protect access to their APIs using Ory Oathkeeper or a comparable API Gateway."
vinckr
·8 mesi fa·discuss
sorry to hear that, hope you have a better experience going forward. if you feel like it send me some details on what was most painful and we'll fix it.
vinckr
·8 mesi fa·discuss
Another problem is also that "standards" like OAuth2/OIDC are used for a thousand use cases that weren't intended by the authors, so people get really creative with them. Plus the spec itself is vague on many essential things, for example how logout should work. Thankfully I never had to implement SAML but I would guess it's even worse there...
vinckr
·8 mesi fa·discuss
if you are a masochist that is a great retirement project!
vinckr
·8 mesi fa·discuss
Check out Ory Polis if you want SAML/SCIM support: https://github.com/ory/polis

CAPTCHA is not in scope for Kratos, there are already great solutions out there that you can use
vinckr
·8 mesi fa·discuss
You can use other parts of the Ory ecosystem to add these features, such as Ory Polis for SAML/SCIM support: https://github.com/ory/polis

CAPTCHAs aren’t a big help anymore in my personal opinion, but you can easily integrate them on the frontend when using Kratos. The commercial offering just bundles all of this out of the box for you.

If Keycloak fits your needs well and you see no room for improvement, that’s perfectly fine; by all means use what works best for you.
vinckr
·8 mesi fa·discuss
you should check out Ory Polis if you are looking for SAML support in the OSS version: https://github.com/ory/polis
vinckr
·8 mesi fa·discuss
Ory Kratos itself doesn't support SAML that is correct.

However the newest addition to the Ory ecosystem, called Ory Polis (formerly known as BoxyHQ) does close that gap. It is also Apache2 licensed, do check it out here: https://github.com/ory/polis
vinckr
·8 mesi fa·discuss
i feel you; working with a heavily patched fork of anything can be rough check out the new version, i'm sure it has improved quite a bit since then. Of course simpler solutions than Ory Kratos exist, but they often come with other tradeoffs