The shift from monolithic and siloed applications forces the adoption of modern identity protocols. Security and risk management technical professionals focused on IAM must understand modern identity protocols to provide application security, privacy and flexibility.
- Modern Identity Protocols — Deliver Security and Interoperability
- Standardized Provisioning — Without Custom Connectors
- Privacy-Preserving Authentication and Authorization
- OAuth 2.0: Delegating Access Rights to Apps and Services
- OpenID Connect: Authentication of Users
- SCIM: Provisioning of Users
- Integrating Identity in Apps and Services
- Evolving Framework and New Use Cases
- Use Modern Identity Standards
- Avoid Nonstandard Protocols and Custom Code
- Choose the Right Protocol
- Select the Right Flow
- Treat OAuth Scopes as a Convenience Method for Asking for Claims
- Track Evolving Best Practices
- Use These Questions for Successful OAuth 2.0 and OpenID Connect Deployments
- Question 1: What Token Format Should Be Accepted?
- Question 2: When Should Tokens Expire?
- Question 3: How Should Tokens Be Validated?
- Question 4: How Can Trust Be Verified?
- Question 5: What Token Should Be Used for Downstream Services and APIs?
- Question 6: How Should Token Revocation Be Handled?
- OAuth 2.0
- OpenID Connect 1.0
- ID Token
- Provider Discovery
- User Information Endpoint
- OAuth 2.0 and OpenID Connect Flows
- SCIM User Management
Gartner Recommended Reading