26.10 Manage Users' Identifiers and Addresses in Identity Pools
Cloudentity Platform admin users can now manage user’s identifiers and addresses within Cloudentity Identity Pools. Admins can add new identifiers with the email, mobile, UUID types, or even identifiers coming from external sources. Additionally, admins can add new verifiable email or mobile addresses for users and define whether the address is verified or not.
24.10 Cache Request Responses Within Cloudentity Authorizers
We improved Cloudentity authorizer’s integration with the Open Policy Agent’s REGO language, so that the caching features in the REGO http.send() function are effective. You can now use the following fields in your REGO policies:
cache- Cache HTTP response across OPA queries. Default: false.
force_cache- Cache HTTP response across OPA queries and override cache directives defined by the server. Default: false.
force_cache_duration_seconds- If the
force_cachefield is set to
true, this field specifies the duration in seconds for the freshness of a cached response.
In Cloudentity v2.8.0, the authorizers provide an inter-query cache that persists
validations, which enables calls to the
http.send() method to access cached responses from
previous policy validations. The cache is recreated on each API discovery cycle, so the duration of
cached responses is limited by the authorizer’s discovery interval.
Authorizer's API discovery configuration
discovery: enabled: true # when true, API discovery is enabled interval: 30s # how often discovery is performed
The cache size can be configured via the
rego_inter_query_cache_size configuration setting for
enforcement: rego_inter_query_cache_size: 1000000 # maximum size for the Rego inter-query builtin cache
20.10 Full Support for Brazilian Open Insurance
Cloudentity platform now fully supports Brazilian Open Insurance (OPIN) initiative.
The Open Finance Brazil type of workspace is configured to provide industry-specific OPIN configuration, for example, OPIN scopes.
Added permission mappings and groups validation required by OPIN. It can be used in the consent creation endpoint.
Added the following endpoints from the OPIN spec for consent creation and management:
Added DCR requirements support coming from the the Open Insurance specification. This includes:
Requirement of using mTLS for DCR registration
Software statement parsing and validation for the model provided by the specification
Software role to scope mapping during DCR
Extended mTLS aliases in the OAuth wellknown endpoint to include the backchannel authentication endpoint when Client Initiated Backchannel Authentication method is enabled as required by the OPIN specification.
Add an option to configure supported
acr(Authentication Context Class Reference) values in the authorization server’s OAuth advanced settings. Workspaces now use whatever is configured in the settings instead of an internal hardcoded list.
14.10 Bunch of New Articles for Financial Data Exchange (FDX) Compliance
We have added a whole lot of new articles on complying with the Financial Data Exchange (FDX) standards body! Check out brand new solution guide. Learn how to build consent pages that comply with the FDX requirements, how data providers can protect their APIs with Cloudentity, and much more:
- Financial Data Exchange - Secure Data Sharing Enabled by Cloudentity
- FDX Quickstart
- FDX API Security Profile - Workspace
- FDX Consent APIs
- Building FDX-UX Compliant Consent Page
- FDX Data API Access & Protection
21.09 Password Policies for Identity Pool Users
qwerty1234 was thought to be a safe password, are long gone! Make sure that your users
fulfill all of the requirements for safe passwords with Cloudentity password policies.
Such policies enable the Identity Pool administrators to specify, for example, the minimal length of
a password, number of special characters, and many more.
16.09 Integration with Kusk API Gateway
Kusk API Gateway enables developers to build, validate, deploy, and monitor REST APIs based on Envoy Proxy running on your Kubernetes cluster. Do you know what else can be run in a K8s cluster? That’s right! Cloudentity authorizers! It is now possible to integrate the Kusk Gateway with Cloudentity and protect the APIs deployed behind your gateway with advanced access control measures. The integration is based on the Cloudentity Standalone Authorizer.
1.09 Event-Based Notifications Using Webhooks
With Cloudentity Extensions, you can set up event-based notifications in order to subscribe third-party applications to important events captured by our platform. You can, for example, notify an external CRM system that a user granted their consent for an application registered within your Open Banking workspace, and more.