This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Why OAuth 2.0...nobody
Why OAuth 2.0

Version management

Difference between version and

At line 1 added 67 lines
!!! Overview
A gathering of why [OAuth 2.0] and the related Protocols [OpenID Connect] and [User-Managed Access] are the way forward for [Authentication] and [Authorization]/[Delegation] for [WEB Single Sign-On].
First some opinions, [OAuth 2.0] is a basic framework that only meets the basic [Delegation]/[Authorization] requirements. We would not consider [OAuth 2.0] adequate as for [WEB Single Sign-On] solution
!! Some Links from Others
* Comparison of [Standards Based SSO] for [WEB Single Sign-On]
* [Why OpenID Connect][2]
* [Why the Future of Identity is OpenID Connect and not SAML|http://apicrazy.com/2014/08/18/why-the-future-of-identity-is-openid-connect-and-not-saml/|target='_blank']
* [The death (and life) of a protocol|https://www.kuppingercole.com/blog/kearns/the-death-and-life-of-a-protocol|target='_blank']
* [Despite the popularity of SAML, the mobile and cloud benefits of OpenID Connect may spur adoption as an enterprise authentication platform.|http://searchsecurity.techtarget.com/news/2240222015/OpenID-Connect-Poised-for-greatness-in-enterprise-authentication|target='_blank']
* [One Small Step for OpenID Connect, a Giant Leap for the Evolution of Identity Management|http://blogs.gartner.com/mary-ruddy/2014/02/28/one-small-step-for-openid-connect-a-giant-leap-for-the-evolution-of-identity-management-8/|target='_blank']
* [Kerberos Might Not Be Dead, but It's Not Feeling Well|http://windowsitpro.com/identity-management/kerberos-might-not-be-dead-its-not-feeling-well|target='_blank']!! [OpenID Connect] Leverages other emerging technologies
The summary:
* [OpenID Connect] OpenID Connect, published in 2014, is the emerging standard for [single Sign-On|Single Sign-On] and identity provision on the internet.
* [OpenID Connect] formula for success is how it Leverages other emerging technologies delivered via the use [OAuth 2.0] flows to obtain [tokens][1]
* [OpenID Connect] has learned lessons from past efforts such as [SAML] and [OpenID] 1.0 and 2.0
* [OpenID Connect] designed to fit web apps as well as native / mobile apps.
* [OpenID Connect] is simple enough to integrate with basic apps, but it also offers a number of features and security options to match demanding enterprise requirements.
* [OpenID Connect] Builds on [OAuth 2.0]'s [Delegation]/[Authorization] framework to provide [Authentication]
* [OpenID Connect] Allows choice of [Identity Provider (IDP)]
* [OpenID Connect] is [REST]/[JSON] Friendly:
** [JSON Web Tokens]
** [JSON Web Signature]
** [JSON Web Encryption]
** [Simple Web Discovery] using [WebFinger] via [Openid-configuration]
* [OpenID Connect] Can provide [Level Of Assurance]
* [OpenID Connect] [Cool Identity Token Uses]
! [User-Managed Access]
* Builds on [OAuth 2.0]'s [Delegation]/[Authorization] framework to provide [Authentication]
* Can use [OpenID Connect] and uses most of the [OpenID Connect] additions.
* Provides [UMA-obligations] to Satisfy Legal conditions
!! Broad Usage
[OpenID Connect] specifications are open, public and include extensibility. This along with Broad Usage provides an [Delegation]/[Authorization]/[Authentication] framework that is extremely well tested and flexible.
As another example of the activity for [OpenID Connect], subsribe to the [OpenID Connect Tag at StackoverFlow|https://stackoverflow.com/tags/openid-connect/info|target='_blank']
Some of the MAJOR entities using [OpenID Connect]:
* [Single Sign On|Single Sign-On] Vendors
** [Ping Identity|https://www.pingidentity.com/en/resources/articles/openid-connect.html|target='_blank']
** [ForgeRock|https://backstage.forgerock.com/#!/docs/openam/12.0.0/admin-guide/chap-openid-connect|target='_blank']
** [Connect2ID|http://connect2id.com/learn/openid-connect|target='_blank']
** [WSO2|http://wso2.com/library/articles/2014/06/open-id-connect/|target='_blank']
** [MITREid|https://id.mitre.org/connect/|target='_blank']
** [NetIQ Access Manager 4.x|https://www.netiq.com/documentation/access-manager-41-appliance/admin/data/b1ek5o72.html|target='_blank']
** [Microsoft Azure Active Directory (Azure AD)|https://msdn.microsoft.com/en-us/library/azure/dn645541.aspx|target='_blank']
** [Microsoft ADFS|http://www.cloudidentity.com/blog/2015/08/21/openid-connect-web-sign-on-with-adfs-in-windows-server-2016-tp3/|target='_blank']
*Social Networks
** [Google|https://developers.google.com/identity/protocols/OpenIDConnect?hl=en|target='_blank']
** [Facebook|https://developers.facebook.com/docs/facebook-login|target='_blank']
** [Yahoo|https://developer.yahoo.com/openid/|target='_blank']
* Others
** [Salesforce|https://developer.salesforce.com/page/Inside_OpenID_Connect_on_Force.com|target='_blank']
** [PayPal|https://developer.paypal.com/webapps/developer/docs/integration/direct/identity/log-in-with-paypal/|target='_blank']
** [AWS account|https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html|target='_blank']
** [WebSphere|https://www.ibm.com/developerworks/websphere/library/techarticles/1502_odonnell/1502_odonnell.html|target='_blank']
** [Implementing OAuth on IBM WebSphere DataPower Appliances|http://www.ibm.com/developerworks/websphere/library/techarticles/1208_rasmussen/1208_rasmussen.html|target='_blank']
** [WebSphere Application Server Liberty server as an OpenID Connect Client|https://www-01.ibm.com/support/knowledgecenter/api/content/nl/en-us/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_config_oidc_rp.html|target='_blank']
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [OpenID Connect explained|http://connect2id.com/learn/openid-connect|target='_blank'] - based on information obtained 2013-04-10
* [#2] - [Why OpenID Connect will be ubiquitous for domain authentication|http://www.gluu.org/blog/10-reasons-openid-connect-will-be-ubiquitous/|target='_blank'] - based on information obtained 2013-04-10
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop