There's no question that computing architectures have changed dramatically in recent years. Today's always-on, mobile and cloud workplace and marketplace have created new requirements for identity and access management standards that go beyond what Security Assertion Markup Language (SAML) can support. SAML was defined to standardize a model of web single sign-on (SSO) for browser applications, and it works very well for that purpose. But, while web applications remain important, they are no longer the only game in town.
Many organizations are migrating to cloud services, opening up APIs to data and resources, offering native mobile apps to their customers and employees, and even implementing Internet of Things (IoT) programs. While some companies attempt to apply SAML to these use cases, doing so inevitably highlights SAML's limitations in these scenarios. A new generation of identity protocols is emerging to meet the demands of these new use cases. They are specifically designed to optimize authentication and authorization functions for both the newer application architectures as well as the bandwidth and feature constraints of the new class of digital endpoints.
A critical example of these new identity protocols is OpenID Connect 1.0. Connect creates a modern, singular, cohesive framework that promises to secure all APIs, mobile native applications and browser applications on today's web. Based on REST and JSON, it uses the same building blocks as the modern application architectures and APIs it secures. Connect profiles and extends OAuth 2.0 to logically add an identity layer to the delegated authorization model that OAuth enables.
As more organizations focus on digital consumer engagement by launching new mobile apps and IoT devices as well as improving efficiencies by moving to the cloud, Connect (and OAuth on which it is built) will be central to securing identity data in an increasingly complex ecosystem.