January, 2023 uPortal is an open source project used by many institutions to deliver personalized views to students, faculty, and staff with links out to supporting services. This article will tell you about the Log4j issue that hit the IT industry in late 2021 and how to replace Log4j with the more secure logging library, SLF4J.
November, 2022 The Shibboleth Identity Provider (IdP) V4.x release introduced a new concept to the IdP, called the Attribute Registry. This new approach to managing how the IdP encodes (or decodes) attributes is described in this Shib IdP Wiki page. It also has a key role if you are using the Attribute Consent feature of the IdP to ask your users if they are ok with various attributes being released to a service.
November, 2022 I could hear them approaching, but the music was so faint that I thought it was being piped in over the speakers. As it got louder, eyes in the room started to find the entry doors to the conference room.
September, 2022 In the previous article in this series, I wrote about the key pillars of an information security program and the types of controls that support them. In this article, I want to speak to the way that information security leadership thinks about those central supporting ideas, and what that means for decision-making. (We will explore the actual controls, their relationship to risk, and ways they can reduce that risk in another article).
July, 2022 Learning eXperience Design (LXD) is a new approach to instructional design that incorporates human-centered design principles to put the learner at the center of the learning experience.
July, 2022 In the previous article in this series, I wrote about beginning the journey to an information security program and outlined some key concepts to think about. In this article, I want to expand on the steps in that journey through an understanding of the key parts, or pillars, of an information security program. We all know the old adage that a house is only as strong as the elements of its foundation. In this article, we will learn a bit more about those elements.
May, 2022 When Unicon was founded almost 30 years ago, information security wasn’t as serious an issue. Hackers existed, but were more curious than malevolent and caused mischief more than damage. Unicon was a pure Unix consultancy then so we understood computer security very clearly, but there just wasn’t a compelling need for a company security program.
March, 2022 React vs Angular, here’s what I learned and want to share about two popular framework options and the value they brought to our project.
September, 2021 LTI 1.3 has greatly advanced the integration of edtech applications. It offers improvements in security with the use of OIDC, Oauth2, and JWT tokens, and flexibility with the use of the LTI Advantages Services such Deep Linking, Grades and Assignments, and Membership.
June, 2021 You're starting a new software project, or you’re concerned that your current solutions may have significant limitations that you’d like to remove. You've heard about some dev teams choosing a "serverless" architecture, you've heard lots of talk about "cloud native", and every third article on Hacker News seems to be about Kubernetes. You begin to wonder if and how any of these new or established solutions can help alleviate your project’s pain points.