OpenPGP Signing of HTTP POST
mailing list post on the IETF's openPGP list about using pgp with HTTP
mozdev.org - enigform: index
firefox extension for using gpg to sign POST requests
reCAPTCHA: Stop Spam, Read Books
stop spam. read books.
Dr Nic » Zero Sign On - 1 better or Infinitely better than Single Sign On?
OpenID + Client Certificates
HOWTO: Securing A Website With Client SSL Certificates
#1288 (SSL Client Certificate validation.) - lighttpd - secure, fast, compliant, and very flexible web-server - Trac
patch that adds ssl client certificate support to lighttpd
Common threads: OpenSSH key management, Part 1
using key based auth with ssh
Consuming OAuth intelligently in Rails
The Rails Way: Users and Passwords
Facebook Wants to Supply Your Internet Driver's License - Technology Review
Open ID Is A Nightmare
Why you should never use hash functions for message authentication | The If Works
JSON Web Tokens - jwt.io
Authentication with Warden, devise-less
Passwords are Obsolete — Medium
Authenticating to HashiCorp Vault using Google Cloud IAM | Google Open Source Blog
Interesting example (in golang) of authenticating to vault using a JWT signed by a GCP service account
Simplifying identity and access management of your employees, partners, and customers | Google Cloud Blog
How SAML 2.0 Authentication Works
AWS federation comes to GitHub Actions | Aidan Steele’s blog (usually about AWS)
The SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.