For the most part, OAuth 2.0 and other REST-based protocols for identity transactions are ratified and ready to use. But how can they be combined to solve the actual business problem of operating in an identity infrastructure? This session will cover the top 20 patterns of interaction for SSO, mobile, API, and provisioning use cases, showing how a practical combination of clients and scopes can result in a tightly secured identity architecture that leverages combinations of OAuth 2, SCIM, OpenID Connect, JWT assertion flow, JOSE and other protocols, including SAML. Pamela will discuss the pros and cons of solving different problems with different patterns, with the goal of naming and documenting the patterns so that they can be adopted in the industry at large.
The OpenID Connect protocol has quickly gained widespread adoption, enabling easy-to-use login and API access for both Web and native applications. During its development, extensive interoperability testing was performed on a voluntary basis to ensure that different implementations would actually work together. Now that the OpenID Connect protocol is final, the OpenID Foundation is working to ensure even better interoperation between implementations by creating a self-certification program for OpenID Connect implementations, with early participants including Google, Microsoft, NRI, Salesforce, and Ping Identity. This session will describe the certification test suite software developed by Roland Hedberg of Umeå University and how OpenID Connect implementers use it to certify their implementations to the OpenID Foundation.
We need a modern, mobile first and API friendly security stack for building the current and next generation of applications and services. This includes authentication, authorization and delegated API access. OpenID Connect and OAuth2 provide an unprecedented alignment in providing one unified solution for the above problems and have reached excellent true cross-platform and –vendor adoption in very short time. This talk walks you through the mechanics of the protocols and how they solve common application scenarios – especially when combined.