This blog is part of a series comparing the implementation of identity management patterns in SAML and OpenID Connect: Identity Broker Service in OpenID Connect Identity Broker Service in SAML OpenID Connect AuthN & AuthZ Comparison of OpenID Connect with OAuth2.0 & SAML2.0 Cross Domain Identity Patterns: Chained Federation & Service Broker Future of Identity Federation is OpenID Connect Identity… Continue reading Why the Future of Identity is OpenID Connect and not SAML
Identity Broker Service in OpenID Connect: Supporting Multiple Identity Providers & Service Providers
This blog is part of a series comparing the implementation of identity management patterns in SAML and OpenID Connect: Identity Broker Service in SAML OpenID Connect AuthN & AuthZ Cross Domain Identity Patterns: Chained Federation & Service Broker Identity Broker Service in OpenID Connect In an earlier blog post (Identity Broker Service in SAML) described how to support connections between… Continue reading Identity Broker Service in OpenID Connect: Supporting Multiple Identity Providers & Service Providers
Identity Broker Service in SAML: Supporting Multiple Identity Providers & Service Providers
This blog is part of a series comparing the implementation of identity management patterns in SAML and OpenID Connect: OpenID Connect AuthN & AuthZ Cross Domain Identity Patterns: Chained Federation & Service Broker Identity Broker Service in SAML A federated organisation may have multiple distinct services (service providers) where each service is protected under a distinct trust domain. The… Continue reading Identity Broker Service in SAML: Supporting Multiple Identity Providers & Service Providers
OpenID Connect Simple Sequence Diagram
The OpenID Connect protocol, in abstract, follows the following steps. The RP (Client) sends a request to the OpenID Provider (OP). The OP authenticates the End-User and obtains authorization. The OP responds with an ID Token and usually an Access Token. The RP can send a request with the Access Token to the UserInfo Endpoint.… Continue reading OpenID Connect Simple Sequence Diagram
Zepp Sensor for Golf and Tennis: An Example of a Good App Strategy
People who know me know that I am equally bad at both golf and tennis. Because I'm keen on gadgets (and excuse all purchases as research into the internet of things), I had to purchase the new Zepp Golf sensor. The golf sensor attaches to the back of my golf glove and tracks my slow slices… Continue reading Zepp Sensor for Golf and Tennis: An Example of a Good App Strategy
Comparison of OpenID Connect with OAuth2.0 & SAML2.0
The following is a high level feature comparison between OpenID Connect 1.0, OAuth 2.0 & SAML 2.0 OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to… Continue reading Comparison of OpenID Connect with OAuth2.0 & SAML2.0
NASCAR problem in authorisation server selection
An aim of OpenID Connect is to solve the problem of death by a thousand passwords by allowing the user to select their identity provider including ones that the relying party has never heard of through Dynamic Registration. A problem of allowing the user to select their identity provider is that the authentication challenge page needs… Continue reading NASCAR problem in authorisation server selection
An Identity Management System in TOGAF: How to Fit IdM to ADM?
The TOGAF Architecture Development Method (ADM) is designed to be sufficiently generic to cover all types of IT programmes. This generalism means that the ADM method can support both organisation and governmental identity management projects. This blog post, as part of a series on identity management in TOGAF, shall cover the best fit of the… Continue reading An Identity Management System in TOGAF: How to Fit IdM to ADM?
An Identity Management System in TOGAF: stakeholders, concerns, views & viewpoints
This article is how I would deliver an Identity Management architecture and implementation in accordance with the Open Group's TOGAF architecture development method. This post is based on my personal experience as a digital enterprise architect and as a solution architect implementing indenting management, master data management and security systems. I intend this to be… Continue reading An Identity Management System in TOGAF: stakeholders, concerns, views & viewpoints
Remote Control Soufflés: Challenge of M2M Authentication & Authorisation and Mobile data offloading
Some M2M devices will always connect to the internet using a fixed network connection / Wifi and others will always connect using a mobile network connection using an eUICC but there will be some that will offer both wifi and mobile network. It is these devices that will need to support wifi offloading where possible. … Continue reading Remote Control Soufflés: Challenge of M2M Authentication & Authorisation and Mobile data offloading
API Crazy 