OAuth 2.0 Dynamic Client Registration: RFC 7591, 7592
Whether you’re building a massive SaaS platform or a niche API, OAuth is the gold standard for authorization. In such there might arise a hurdle that every developer faces: Registration.
NIST SP 800-63C-4: How Identity Crosses Trust Boundaries
Every time a user clicks “Sign in with Google” or gets SSO access to a third-party app from a corporate IdP, identity crosses a trust boundary. Identity proofing happened somewhere, authentication happened somewhere else, and now another system needs to rely on that result.
NIST SP 800-63B-4: What “Strong Authentication” Actually Means
NIST SP 800-63B-4 is the authentication volume of the 800-63-4 suite. It defines exactly what authenticator types qualify at each assurance level, what phishing resistance actually requires, and what your session and recovery policies need to look like.
Building Multi-Tenant SaaS Applications
In this blog, I’m summarizing key concepts and ideas i take way from book “Building Multi-Tenant SaaS Architectures” by Tod Golding, which I started reading while working on Tenant Management System at Money Forward.
