Open Standard Protocols

The Security Assertion Markup Language (SAML) identity federation standard enables the secure exchange of authentication and authorization information between security domains. The SAML standard makes it possible to implement a scalable and secure federated identity solution across organizations, and it’s the most common protocol used to enable web SSO today. While SAML 2.0 is the latest version approved by the OASIS standards consortium, the older SAML 1.1 and SAML 1.0 protocols remain widely in use.

OpenID Connect adds an identity layer on top of the core OAuth 2.0 protocol, enabling a broad array of web, mobile and JavaScript-based clients to exchange end user identity and session data. Based on REST and JSON, it uses the same building blocks as the modern application architectures and APIs it secures. As more companies focus on digital consumer engagement and the IoT, OAuth and OpenID Connect are likely to become even more valuable in securing identity data in an increasingly complex ecosystem.

OAuth 2.0 defines an authorization framework for people, devices or apps to securely access protected resources through applications or APIs. Third-party applications can gain approval for limited access to an HTTP service, by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This enables a single, consistent and flexible identity and policy architecture for web applications, web services, devices and desktop clients to access APIs on behalf of the user. OAuth 2.0 has emerged as a key platform on which to build in support of new use cases, such as OpenID Connect.

The System for Cross-Domain Identity Management (SCIM) is a federated provisioning standard, used to manage identities between an IdP and an SP. SCIM provides a cross-application approach to managing users, groups and devices. The standard leverages modern protocols like REST and JSON in order to reduce complexity and provide a more straightforward approach to user management. SCIM allows easier, more powerful and standardized communication between identity data stores.

Web Authentication is a browser API that enables phishing-resistant, privacy-preserving authentication, and is backed by the W3C and the FIDO Alliance. This new web standard allows web applications to take advantage of user-presented authenticator devices such as key fobs, cell phones or even hardware built into modern computers. The sites can then authenticate users through both the physical possession of the authenticator and potentially by second factors such as a user-set PIN or biometrics. This authentication can augment a website’s existing username and password process or replace it entirely to enable secure passwordless authentication.