Open standard protocols for identity federation define how service providers (SPs) and identity providers (IdPs) exchange identity information. Open standards are critical to enable secure interoperability between unique identity systems, web resources, organizations and vendors. Multiple federation protocols are used today to meet requirements for a wide range of identity use cases and diverse user populations. The Ping Intelligent Identity platform is based on standards and gives our customers the secure and seamless experiences they need.
SAML: Scales Your Federated Identity Solution
The Security Assertion Markup Language (SAML) identity federation standard enables the secure exchange of authentication and authorization information between security domains. The SAML standard makes it possible to implement a scalable and secure federated identity solution across organizations, and it’s the most common protocol used to enable web SSO today. While SAML 2.0 is the latest version approved by the OASIS standards consortium, the older SAML 1.1 and SAML 1.0 protocols remain widely in use.
OpenID Connect 1.0: Exchanges User Identity Data Securely
OAuth 2.0 defines an authorization framework for people, devices or apps to securely access protected resources through applications or APIs. Third-party applications can gain approval for limited access to an HTTP service, by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf. This enables a single, consistent and flexible identity and policy architecture for web applications, web services, devices and desktop clients to access APIs on behalf of the user. OAuth 2.0 has emerged as a key platform on which to build in support of new use cases, such as OpenID Connect.
The System for Cross-Domain Identity Management (SCIM) is a federated provisioning standard, used to manage identities between an IdP and an SP. SCIM provides a cross-application approach to managing users, groups and devices. The standard leverages modern protocols like REST and JSON in order to reduce complexity and provide a more straightforward approach to user management. SCIM allows easier, more powerful and standardized communication between identity data stores.
WebAuthn: Enables Strong Authentication on the Web
Web Authentication is a browser API that enables phishing-resistant, privacy-preserving authentication, and is backed by the W3C and the FIDO Alliance. This new web standard allows web applications to take advantage of user-presented authenticator devices such as key fobs, cell phones or even hardware built into modern computers. The sites can then authenticate users through both the physical possession of the authenticator and potentially by second factors such as a user-set PIN or biometrics. This authentication can augment a website’s existing username and password process or replace it entirely to enable secure passwordless authentication.