Overview#

Michael B. Jones has written several papers on this subject.

Achieving interoperable identity systems requires agreement on data representations and protocols among the participants.

While there are several suites of successful interoperable identity data representations and protocols, including

• Kerberos [Neuman & Ts'o 94],
• X.509 [PKIX 05]
• SAML 2.0 [Cantor 05]
• WS-* WS-Security 04,* WS-Trust 09, WS-SecurityPolicy 09
• OpenID 2.0 [OpenID 07]

they have used data representations that have limited or no support in browsers and modern web development environments such as ASN.1 ITU 02, XML [XML 08], or custom data representations.

New set of Identity protocols#

A new set of open identity protocols is emerging that utilizes JSON RFC 4627 data representations and simple REST-based [Fielding 00] communication patterns. These protocols and data formats are intentionally designed to be easy to use in browsers and modern web development environments, which typically include native JSON support:[1]

• JSON Web Tokens (JWT)
• JSON Web Encryption (JWE)
• JSON Web Signature (JWS)
• JSON Web Key (JWK)
• JSON Web Algorithms (JWA)
• WebFinger
• OAuth 2.0
• OpenID Connect

Michael B. Jones paper surveys a number of the emerging open JSON-based identity protocols which he concludes by discussing how they can facilitate the emergence of identity in the browser.[1]

More Information#

There might be more information for this subject on one of the following:

• Neo-Security Stack

---

• [#1] - JSON Identity Suite - based on information obtained 2016-03