Web-based IAM Protocols

This post contains web-based Identity and Access Management (IAM) protocols.

OpenID allows to use an account from another service.

List of Web-based IAM Protocols

Web-based

  • SAML
  • OAuth
  • OpenID Connect (OIDC)

Many of these protocols are used in combination to achieve Single Sign-on (SSO) or federation.

SAML

Security Access Markup Language (SAML) is both an authentication protocol and XML-based data structure used for authentication. HTTP or HTTPS protocol.

SAML allows to manage identities, authentication and authorization between identity providers and service providers.

It can be used both for SSO and federation.

Implementations of SAML:

  • OpenSAML
  • SimpleSAMLPHP
  • Shibboleth

OAuth

OAuth is used for authorization.

It provides the ability to access resources from another service. It allows to identify machines between services.

OpenID Connect (OIDC)

OpenID Connect (OIDC) is used for user authentication.

OIDC is a RESTful, JSON-based authentication protocol that, when paired with OAuth, can provide identity verification and basic profile information.

OpenID Connect performs many of the same tasks as OpenID, but in a way that is API-friendly and usable by native and mobile applications.

It is maintained by the OpenID Foundation.

HTTP or HTTPS protocol. It is built over OAuth 2.0.

It works with ID token and Access token.

You might also be interested in…

External References

  • M. Chapple et al; “CISSP Study Guide Ninth Edition”, pp. 690-695; Wiley, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *