Articles
I’ve written several technical articles since 1997 for various blogs, websites, and magazines, both in English and in Italian. Here you can find a list of the most recent ones:
Demystifying OAuth Security: State vs. Nonce vs. PKCE
Learn the critical differences between OAuth State, Nonce, and PKCE. Discover how these parameters prevent CSRF, replay attacks, and code interception.
2025-11-27 
.NET 10: What’s New for Authentication and Authorization
Dive into the latest .NET 10 updates for authentication and authorization, and important breaking changes for .NET developers.
2025-11-10
The Three Laws of AI Security
What principles guide AI security? We adapt Asimov's Three Laws for modern AI agents to solve core LLM security challenges, from data control to tool access.
2025-11-07
Is Policy-Based Access Control (PBAC) an Authorization Model?
What is the difference between RBAC, ABAC, ReBAC, and PBAC? Is PBAC an authorization model or just a way to implement authorization models?
2025-10-28
MS Agent Framework and Python: Use the Auth0 Token Vault to Call Third-Party APIs
Build a secure Python AI Agent with Microsoft Agent Framework and FastAPI and learn to use Auth0 Token Vault to securely connect to the Gmail API.
2025-10-27
Demystifying JOSE, the JWT Family: JWS, JWE, JWA, and JWK Explained
Break down the differences and relationships between JOSE, JWT, JWS, JWE, JWA, and JWK with clear explanations and examples.
2025-10-07
What a Developer Advocate Is Not
Let's define what a developer advocate is not by comparing this role to a few common assumptions.
2025-10-03
Secure a .NET RAG System with Auth0 FGA
This in-depth guide shows you how to secure your AI chatbot built with .NET Blazor using the RAG pattern, ensuring users can only access information from documents they have permission to view.
2025-10-01
Does Artificial Intelligence Threaten Critical Thinking?
What if AI could paradoxically turn out to be not the death of critical thinking but rather its unexpected training ground?
2025-09-22