For the most part, OAuth 2.0 and other REST-based protocols for identity transactions are ratified and ready to use. But how can they be combined to solve the actual business problem of operating in an identity infrastructure? This session will cover the top 20 patterns of interaction for SSO, mobile, API, and provisioning use cases, showing how a practical combination of clients and scopes can result in a tightly secured identity architecture that leverages combinations of OAuth 2, SCIM, OpenID Connect, JWT assertion flow, JOSE and other protocols, including SAML. Pamela will discuss the pros and cons of solving different problems with different patterns, with the goal of naming and documenting the patterns so that they can be adopted in the industry at large.