This blog is part of a series comparing the implementation of identity management patterns in SAML and OpenID Connect: Identity Broker Service in OpenID Connect Identity Broker Service in SAML OpenID Connect AuthN & AuthZ Comparison of OpenID Connect with OAuth2.0 & SAML2.0 Cross Domain Identity Patterns: Chained Federation & Service Broker Future of Identity Federation is OpenID Connect Identity… Continue reading Why the Future of Identity is OpenID Connect and not SAML
Category: OpenID Connect
Identity Broker Service in OpenID Connect: Supporting Multiple Identity Providers & Service Providers
This blog is part of a series comparing the implementation of identity management patterns in SAML and OpenID Connect: Identity Broker Service in SAML OpenID Connect AuthN & AuthZ Cross Domain Identity Patterns: Chained Federation & Service Broker Identity Broker Service in OpenID Connect In an earlier blog post (Identity Broker Service in SAML) described how to support connections between… Continue reading Identity Broker Service in OpenID Connect: Supporting Multiple Identity Providers & Service Providers
OpenID Connect Simple Sequence Diagram
The OpenID Connect protocol, in abstract, follows the following steps. The RP (Client) sends a request to the OpenID Provider (OP). The OP authenticates the End-User and obtains authorization. The OP responds with an ID Token and usually an Access Token. The RP can send a request with the Access Token to the UserInfo Endpoint.… Continue reading OpenID Connect Simple Sequence Diagram
Comparison of OpenID Connect with OAuth2.0 & SAML2.0
The following is a high level feature comparison between OpenID Connect 1.0, OAuth 2.0 & SAML 2.0 OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to… Continue reading Comparison of OpenID Connect with OAuth2.0 & SAML2.0
NASCAR problem in authorisation server selection
An aim of OpenID Connect is to solve the problem of death by a thousand passwords by allowing the user to select their identity provider including ones that the relying party has never heard of through Dynamic Registration. A problem of allowing the user to select their identity provider is that the authentication challenge page needs… Continue reading NASCAR problem in authorisation server selection
Remote Control Soufflés: Challenge of M2M Authentication & Authorisation and Mobile data offloading
Some M2M devices will always connect to the internet using a fixed network connection / Wifi and others will always connect using a mobile network connection using an eUICC but there will be some that will offer both wifi and mobile network. It is these devices that will need to support wifi offloading where possible. … Continue reading Remote Control Soufflés: Challenge of M2M Authentication & Authorisation and Mobile data offloading
Open ID Connect and GSMA Mobile Connect
OpenID Connect (final specs launched Feb 2014) is an interoperable authentication protocol based on the OAuth 2.0 family of specifications. It uses straightforward REST/JSON message flows with a design goal of “making simple things simple and complicated things possible”. OpenID Connect lets developers authenticate their users across websites and apps without having to own and manage… Continue reading Open ID Connect and GSMA Mobile Connect
API Crazy 