Ping Identity > Blogs > PingTalk 

PingTalk Blog

The identity standards universe is expanding – and as an architect you have new capabilities to work with if you choose.

Joining the likes of the Security Assertion Markup Language (SAML) are new protocols such as OAuth 2.0 and OpenID Connect. These new protocols provide different ways to communicate identity and access data between loosely coupled internet entities. Last week, I hosted a Webinar looking at all these new pieces, how they fit together, and how they fit in the expanding universe.

The archive for “OpenIDConnect & OAuth-Enabled Identity” is now available (including slides; login or social log-in required). In the presentation I attempt to address questions our customers have about how OAuth and OpenID Connect can be positioned in an enterprise architecture, and their position in relationship to existing standards. Will OAuth replace SAML? Can OAuth do everything that SAML can do? Can SAML do everything OAuth can do? What is OpenID Connect and why might I one day want to add that protocol to the mix? Do these protocols do new things, or accomplish old tasks in new ways?

My premise is that SAML is not going anywhere. SAML is a stable, well-known, and secure way to send descriptive messages about user identities and security contexts from technically sophisticated partner to technically sophisticated partner using the browser as a medium for communication.

But what happens when you want to communicate identity information to a less technically astute partner? What happens if your primary medium of communication is not a browser? These are the scenarios that OAuth has evolved to address; scenarios that are becoming more critical as enterprises begin to interact with mobile devices and cloud provider APIs.

I expect that the future will involve SAML and OAuth working in conjunction with each other, where the choice of protocol will be based on a few simple factors. Remember that no matter what, both of these protocols involve complexity; choice of protocol simply lets an architect choose where that complexity manifests.

How do you know what to choose? You must use the Force, Luke…  or just check out the webinar, all will be explained there.

Add your comment