RC RANDOM CHAOS

identity federation

2 posts

The trust contract just broke
Article

The trust contract just broke

Pentagon threat elevation exposes the federated identity flaw: signature checks do not evaluate issuer state. Trust without re-validation is not control.

Contractor pushed the boundary keys
Article

Contractor pushed the boundary keys

A CISA contractor pushed AWS GovCloud admin keys to a public GitHub repo. The credential format, not the contractor, is the failed control.