Web Blog_blogentry_230717_1


Biometric authentication runs afoul of religion in West Virginia#

An article Biometric authentication runs afoul of religion in West Virginia

Not For Identification Purposes#

Whenever you see someone talk about a new Identity items remember Not For Identification Purposes

Ran Across Today#

Appears most of the questions people encounter with OAuth 2.0 and OpenID Connect involve the Client-side application and how to perform integration.

Either they are trying to "roll-their-own" and deal with the too many details or they have general implementation issues from an architecture point of view such as Single Sign-On and using with multiple Applications or microservices.

What Auth0 and Microsoft get right is the simplicity.

In a traditional application Access Control and Authentication is done at the beginning of the session. There was a "user repository" where the application would call to obtain the Digital Identity information.

When we move to microservices this type of service would require each microservice to have this same ability to call the "user repository" which is not efficient or vary scalable.

Many of the posts we see on OAuth 2.0 and OpenID Connect implementation issues revolve around:

Prompt Parameter #

Well really the challenge revolves around questions like: and there are several more.

Most of these can be solved by:

More Information#

There might be more information for this subject on one of the following: ...nobody