<ciso brief/>
Tag Banner

All news with #token exchange tag

all tags →

Wed, November 19, 2025

AWS IAM Adds Outbound Identity Federation with JWTs

#AWS #AWS IAM #Workload Identity #Token Exchange #Product Release

🔐 AWS Identity and Access Management (IAM) now supports outbound identity federation, enabling customers to exchange AWS credentials for short‑lived, cryptographically signed JSON Web Tokens (JWTs) to authenticate workloads with third‑party clouds, SaaS providers, and self‑hosted applications. Tokens include workload context so external services can enforce fine‑grained access control. Administrators can restrict who can generate tokens and configure token properties such as lifetime, audience, and signing algorithm via IAM policies, and audit issuance and usage through CloudTrail. The capability is available in all AWS commercial Regions, AWS GovCloud (US) Regions, and China Regions.

read more →

Mon, November 3, 2025

Amazon Cognito simplifies Machine-to-Machine pricing

#AWS #Amazon Cognito #Machine Identity #Token Exchange

🔔 AWS has simplified pricing for Amazon Cognito machine-to-machine (M2M) authentication by removing the M2M app client price dimension. Customers will now be charged only for successful M2M token requests per month instead of both registered app clients and token requests. The change is effective immediately across all supported Cognito regions and is automatic, requiring no customer action. This reduces the cost to build and scale M2M integrations.

read more →

Tue, July 15, 2025

Securing Cloud Identity Infrastructure Through Collaboration

#Conference #HSM #IAM #Identity Threat Detection #JWT Weakness #Key Management #OAuth Misconfig #OIDC Misuse #Secrets Management #Token Exchange

🔒 CISA's Joint Cyber Defense Collaborative (JCDC) is coordinating with major cloud providers and federal partners to strengthen core cloud identity and authentication systems against sophisticated, nation-state affiliated threats. Recent incidents have exposed risks from token forgery, compromised signing keys, stolen credentials, and gaps in secrets management, logging, and governance. On June 25, a technical exchange convened experts from industry and government to share best practices and explore mitigations such as stateful token validation, token binding, improved secrets rotation and storage, hardware security modules, and enhanced logging to better detect and respond to malicious activity.

read more →