Articles
I’ve written several technical articles since 1997 for various blogs, websites, and magazines, both in English and in Italian. Here you can find a list of the most recent ones:
Strengthening OAuth 2.0 with FAPI 2.0
An introduction to the relationship between OAuth 2.0 and FAPI 2.0, and how the latter enhances the security of the former.
2026-02-24 
Federated Identity vs. Single Sign-On: Key Differences
A deep dive into the differences between Single Sign-On (SSO) and Federated Identity, covering concepts, protocols, and implementation nuances.
2026-02-17
Duck Intelligence
Do machines understand? A brief philosophical-linguistic dissertation on the understanding capacity of AI systems, such as LLMs.
2026-02-06
Why Broken Access Control Still Dominates the OWASP Top 10 in 2026?
Let's explore why Broken Access Control continues to rank highest on the OWASP list of security risks in web applications and APIs after several years.
2026-01-22
Pythagoras the Digitizer
How are Pythagoras, the digital world, and quantum physics connected? A subtle thread links them through their similar worldview.
2026-01-02
Auth0 My Account API: Let Users Manage Their Own Account
Learn how the Auth0 My Account API securely enables client-side, self-service user management, eliminating the need for server-side proxies for features like passkey enrollment and account linking.
2025-12-18
FAPI for Developers: Here Is Your Guide
Introducing a new ebook to explain why FAPI is essential for regulated industries, and how to move beyond OAuth bearer tokens for top identity security.
2025-12-16
Demystifying OAuth Security: State vs. Nonce vs. PKCE
Learn the critical differences between OAuth State, Nonce, and PKCE. Discover how these parameters prevent CSRF, replay attacks, and code interception.
2025-11-27
.NET 10: What’s New for Authentication and Authorization
Dive into the latest .NET 10 updates for authentication and authorization, and important breaking changes for .NET developers.
2025-11-10