LASCON 2017: SAML v. OpenID v. Oauth
Oct. 26, 2017•0 likes•1,843 views
Download to read offline
Report
Technology
How do SAML, OpenID Connect and OAuth compare? How are they similar? Different? When do you use one or the other? For more info, also see my blog: http://gluu.co/oauth-saml-openid
Mike SchwartzFollow
More Related Content
What's hot
OAuth 2ChrisWood262
OAuth 2.0 and OpenID ConnectJacob Combs
OAuth2 + API SecurityAmila Paranawithana
OAuth & OpenID Connect Deep DiveNordic APIs
API Security Best Practices & GuidelinesPrabath Siriwardena
Intro to OAuth2 and OpenID ConnectLiamWadman
Similar to LASCON 2017: SAML v. OpenID v. Oauth
LASCON: Three Profiels of OAuth2 for Identity and Access ManagementMike Schwartz
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
Single-Page-Application & REST securityIgor Bossenko
JHipster and Okta - JHipster Virtual Meetup December 2020Matt Raible
Open APIs - Risks and Rewards (Øredev 2013)Nordic APIs
#5 WSO2 Masterclassitalia - WSO2 Identity Server, un approccio OAUTH2Profesia Srl a socio unico
More from Mike Schwartz
OTTO - Internet2 TechX 2017Mike Schwartz
The Client is not always right! How to secure OAuth authentication from your...Mike Schwartz
Kantara OTTO slidesMike Schwartz
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!Mike Schwartz
RSA Conference 2016: Who Are You? From Meat to Electrons and Back AgainMike Schwartz
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Mike Schwartz
Recently uploaded
Product Research PresentationDeahJadeArellano
Mule Meetup Calgary- API Governance & Conformance.pdfNithaJoseph4
Webhook Testing StrategyDimpy Adhikary
Product Research Presentation-Maidy Veloso.pptxMaidyVeloso
Getting your enterprise ready for Microsoft 365 CopilotVignesh Ganesan I Microsoft MVP
How is AI changing journalism? Strategic considerations for publishers and ne...Damian Radcliffe
LASCON 2017: SAML v. OpenID v. Oauth
- 1. SAML v. OAuth v. OpenID Connect Michael Schwartz CEO, Gluu
- 4. SAML OpenID Connect Assertion (signed XML) id_token (signed JSON) IDP (Identity Provider) OP (OpenID Provider) SP (Service Provider) RP (Relying Party) or "Client” User Attribute User Claim Artifact Code XML Canonicalization / Signing JOSE (JSON Object Signing and Encryption) IDP Metadata OP Discovery Endpoint Authentication Context Class Reference acr
- 13. RFC 6749 The OAuth 2.0 Authorization Framework RFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token Usage RFC 6755 An IETF URN Sub-Namespace for OAuth RFC 6819 OAuth 2.0 Threat Model and Security Considerations Errata RFC 7009 OAuth 2.0 Token Revocation RFC 7519 JSON Web Token (JWT) RFC 7521 Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants RFC 7522 SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants RFC 7523 JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol RFC 7592 OAuth 2.0 Dynamic Client Registration Management Protocol RFC 7636 Proof Key for Code Exchange by OAuth Public Clients RFC 7662 OAuth 2.0 Token Introspection Errata RFC 7800 Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)