Skip to main content

TideCloak 0.13.21

A maintainance and bug-fixes release to solve few minor issues and introduce a minor security enhancement.

Highlights

  • Vendor's customization certification
  • Policy-driven data protection
  • Minor bug fixes

Try the TideCloak dev Playground demo:

Open in Codespaces

Cybersecurity Fabric changes

Vendor's Customization Locking

The Secure Web Enclave (SWE) support for customized user interface styling, background image and a logo is now cryptographically verifiable. This release introduces protection against rogue alteration of SWE customization without a proper Quorum-Enforced Authorization. Now, when the SWE is instructed to display customized UI elements, the hosting location (URI) of those resources are now being validated before being downloaded and displayed for the user. Users accessing a Vendor's Tide login can use any SWE across the Fabric which will confirm those settings and display as instructed.

This capability mitigates an unapproved setting of customization by a Vendor's admin without proper quorum approval.

Policy Driven Data protection

The decision to allow or deny users from encrypting or decrypting data using Tide can be set via Tide's programmable policy engine (Forseti). For example, a user wishing to decrypt a data artefact will make a direct request to the Vendor's key (VVK) ORKs, which in turn will trigger a pre-set custom Forseti policy to either perform the decryption or deny it based on programmable logic and parameters. This allows Vendors to program their own gate logic on a fine-grain basis to their users.

TideCloak changes

Verifiable customization details in adaptor

The web resources' details and certification has been added to the TideCloak adaptor to be set on the Vendor's application. This allows the Vendor to activate user-interface scenario with the quorum-approved UI elements to their users.

Improved task schedules

New and improved automated task schedulers have been introduced on the TideCloak server to allow more robust Tide license renewal processes and better error handling in case of a failure.

Detailed changelog

For a granular per-repository breakdown of changes (Midgard, Heimdall, ORK, Ragnarok, TideJS, TideCloakJS, Asgard, master-libs, tidecloak-override, and upstream Keycloak), see the detailed changelog.