Nordic APIs, profile picture
Uploaded byNordic APIs
PDF, PPTX1,898 views

The “I” in API is for Identity (Nordic APIS April 2014)

The document discusses identity management standards for APIs, including OAuth 2.0, SAML, and OpenID Connect. It provides an overview of each standard, including how they work and examples of them in action. The document recommends either using SAML + OAuth 2.0 due to broad SAML adoption, or OpenID Connect as it is simpler, works across all clients, and uses OAuth access tokens. It also describes Ping Identity's solution for implementing these identity standards for APIs.

Embed presentation

Download as PDF, PPTX
pingidentity.com
THE “I” IN API IS FOR IDENTITY David Gorton Senior Program Manager Copyright © 2014 Ping Identity Corp. All rights reserved. 2
Identity is the Key • Identity unlocks access to resources – Web Resources – APIs • Identities are Everywhere and Expanding Copyright © 2014 Ping Identity Corp. All rights reserved. 3
Enterprise APIs Are The Same…but Different Copyright © 2014 Ping Identity Corp. All rights reserved. 4 Public  APIS   B2B  APIS   ü  Authen1ca1on   ü  Authoriza1on   ü  Audit  
Re-Use Identities with Standards • Increase Adoption • Reduce Risk • Interoperability • Flexibility Copyright © 2014 Ping Identity Corp. All rights reserved. 5
Available API Identity Standards • OAuth 2 (Authorization) • SAML (Authentication) • OpenID Connect (Both) Copyright © 2014 Ping Identity Corp. All rights reserved. 6
OAuth 2 – Authorization Written for API clients to securely interact with APIs on behalf of users Copyright © 2014 Ping Identity Corp. All rights reserved. 7
OAuth 2 – Details • “Authorization Server” runs the show • Client Requests a Token with a Scope –  User Authenticates –  User Authorizes Client for a Scope • Access token returned that represents a scope for the authenticated user for use by the client Multiple flows (profiles) exist based on the trust between the client, server, and user. Copyright © 2014 Ping Identity Corp. All rights reserved. 8
OAuth In Action Copyright © 2014 Ping Identity Corp. All rights reserved. 9 API  Client   OAuth  AuthZ   API  Resource   Request  Access   Token  with  Creden1als   Return  Access   Token   Request  Data   From  API   Validate  Access   Token   Return  API   Response   Return  Valida1on   Response   Request  Client   Scope  Authoriza1on   Grant  Client   Scope  Authoriza1on  
SAML – Federation Enable authentication & federation across domains & organizations Copyright © 2014 Ping Identity Corp. All rights reserved. 10
SAML - Details • Establish Trust Between Organizations • Signed and Encrypted Tokens Transfer Identity Copyright © 2014 Ping Identity Corp. All rights reserved. 11
SAML + OAuth • Authentication brokered by SAML • SAML Token Exchanged for OAuth Access Token • Access Token used to access APIs Copyright © 2014 Ping Identity Corp. All rights reserved. 12
SAML + OAuth In Action Copyright © 2014 Ping Identity Corp. All rights reserved. 13 OAuth  Client   OAuth  AuthZ   &  Federa1on   API  Resource   Request  Access   Token   Redirect  to  OAuth   Server  with  SAML   Request  Data   From  API   Validate  Access   Token   Return  API   Response   Return  Valida1on   Response   Iden1ty  Provider   Redirect  to   Iden1ty  Provider   Request  to   Start  AuthN  Flow   Request  Access   Token  with  SAML   Return  Access   Token  
OpenID Connect – The New Kid on the Block Copyright © 2014 Ping Identity Corp. All rights reserved. 14 Connect  
OpenID Connect • OIDC Token contains – Identity Token – OAuth Access Token • Trust Model for Federation • Lower Maintenance Copyright © 2014 Ping Identity Corp. All rights reserved. 15
OIDC In Action Copyright © 2014 Ping Identity Corp. All rights reserved. 16 Mobile   OIDC  Server   API  Resource   Request  OIDC   Token   Return   OIDC  Token   Request  Data   From  API   Validate  OIDC   Token   Return  API   Response   Return  Valida1on   Response   Iden1ty  Provider   Redirect  to   Iden1ty  Provider   Request  to   Start  AuthN  Flow   Validate  OIDC   Token   Return   Valida1on  Response  
Architecting API Identity • Start with API & Client Copyright © 2014 Ping Identity Corp. All rights reserved. 17 • Add OAuth 2.0 • Add SAML • Or Use OpenID Connect
What is the best option? SAML  +  OAuth  2   +  Broad  Adop1on  of  SAML   -­‐  More  complex   -­‐  Requires  browser  interac1on   +  Uses  OAuth  Access  Tokens   Copyright © 2014 Ping Identity Corp. All rights reserved. 18 OpenID  Connect   -­‐  Limited  Enterprise  Adop1on   +  One  Standard   +  Works  with  all  clients   +  Uses  OAuth  Access  Tokens  
Ping Identity Solution Copyright © 2014 Ping Identity Corp. All rights reserved. 19 ü  OAuth  2   ü  SAML   ü  OpenId  Connect   ü  Authoriza1on   ü  Audi1ng  
? Copyright © 2014 Ping Identity Corp. All rights reserved. 20

More Related Content

PPTX
Criticality of identity
byNordic APIs
 
PDF
Who’s Knocking? Identity for APIs, Web and Mobile
byNordic APIs
 
PDF
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
byNordic APIs
 
PDF
Integrated social solutions, the power and pitfalls of mashups
byNordic APIs
 
PDF
Interoperability in a B2B Word (NordicAPIS April 2014)
byNordic APIs
 
PDF
Secure your APIs using OAuth 2 and OpenID Connect
byNordic APIs
 
PDF
1400 ping madsen-nordicapis-connect-01
byNordic APIs
 
PPTX
Platform Security that will Last for Decades (Travis Spencer)
byNordic APIs
 
Criticality of identity
byNordic APIs
 
Who’s Knocking? Identity for APIs, Web and Mobile
byNordic APIs
 
Introduction to The 6 Insights of API Practice (Bill Doerrfeld)
byNordic APIs
 
Integrated social solutions, the power and pitfalls of mashups
byNordic APIs
 
Interoperability in a B2B Word (NordicAPIS April 2014)
byNordic APIs
 
Secure your APIs using OAuth 2 and OpenID Connect
byNordic APIs
 
1400 ping madsen-nordicapis-connect-01
byNordic APIs
 
Platform Security that will Last for Decades (Travis Spencer)
byNordic APIs
 

What's hot

PDF
Launching a Successful and Secure API
byNordic APIs
 
PDF
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
byHitachi, Ltd. OSS Solution Center.
 
PDF
Open APIs - Risks and Rewards (Øredev 2013)
byNordic APIs
 
PDF
Who Cares About APIs? (NordicAPIS April 2014)
byNordic APIs
 
PDF
The end of polling : why and how to transform a REST API into a Data Streamin...
byAudrey Neveu
 
PDF
Importance of APIs in the Internet of Things
byNordic APIs
 
PPTX
The Business Value for Internal APIs in the Enterprise
byAkana
 
PPTX
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
byCA API Management
 
PPTX
Bigger, Better Business With OAuth
byApigee | Google Cloud
 
PPTX
Enterprise API Adoption Patterns
byAkana
 
PDF
API Security and OAuth for the Enterprise
byCA API Management
 
PPTX
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
byBrian Campbell
 
PDF
Api architectures for the modern enterprise
byCA API Management
 
PDF
APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...
byNordic APIs
 
PPTX
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
byAkana
 
PPTX
OAuth - Don’t Throw the Baby Out with the Bathwater
byApigee | Google Cloud
 
PPTX
Powering Internal API Communities
byAkana
 
PDF
Scale a Swagger based Web API (Guillaume Laforge)
byNordic APIs
 
PDF
Enabling the Multi-Device Universe
byCA API Management
 
PPTX
Platform for Secure Digital Business
byAkana
 
Launching a Successful and Secure API
byNordic APIs
 
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
byHitachi, Ltd. OSS Solution Center.
 
Open APIs - Risks and Rewards (Øredev 2013)
byNordic APIs
 
Who Cares About APIs? (NordicAPIS April 2014)
byNordic APIs
 
The end of polling : why and how to transform a REST API into a Data Streamin...
byAudrey Neveu
 
Importance of APIs in the Internet of Things
byNordic APIs
 
The Business Value for Internal APIs in the Enterprise
byAkana
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
byCA API Management
 
Bigger, Better Business With OAuth
byApigee | Google Cloud
 
Enterprise API Adoption Patterns
byAkana
 
API Security and OAuth for the Enterprise
byCA API Management
 
OpenID Connect - a simple[sic] single sign-on & identity layer on top of OAut...
byBrian Campbell
 
Api architectures for the modern enterprise
byCA API Management
 
APIs: What’s in it for me – How can APIs bring value to our Business (Philipp...
byNordic APIs
 
A New Breed of Technical Leaders: The 101 to Defining Your API Business Stra...
byAkana
 
OAuth - Don’t Throw the Baby Out with the Bathwater
byApigee | Google Cloud
 
Powering Internal API Communities
byAkana
 
Scale a Swagger based Web API (Guillaume Laforge)
byNordic APIs
 
Enabling the Multi-Device Universe
byCA API Management
 
Platform for Secure Digital Business
byAkana
 

Viewers also liked

PPTX
Authorization for Internet of Things using OAuth 2.0
byHannes Tschofenig
 
PPT
A bit of geography
byAnia Pawłowska
 
PPTX
Законодательство по вопросам культуры. Электронная выставка.
bykemrsl
 
PPT
CAVALLS
byrevistapompeufabra
 
PDF
Cce2013.heg.ne.mh2.tekstverbanden
byghake
 
PDF
Export a Video With Your Own Logo
byaudio4fun
 
PPTX
Diigo for research
byResearchSleuths
 
PPTX
Tics de la educacion
bycriselizabeth30
 
PPT
Fundamentals of-copywriting
bychris_louis
 
PPTX
Laberinto Q igualdad
byCatalina Rodríguez Pérez
 
PPTX
NBTC: Getting Sales Incentive Compensation right
bySalubi Raymond
 
PDF
Blow The Self-Sealing Bubble agile2015
byOana Juncu
 
PDF
Kassimaal jaan alexander
bysuphacharga
 
Authorization for Internet of Things using OAuth 2.0
byHannes Tschofenig
 
A bit of geography
byAnia Pawłowska
 
Законодательство по вопросам культуры. Электронная выставка.
bykemrsl
 
CAVALLS
byrevistapompeufabra
 
Cce2013.heg.ne.mh2.tekstverbanden
byghake
 
Export a Video With Your Own Logo
byaudio4fun
 
Diigo for research
byResearchSleuths
 
Tics de la educacion
bycriselizabeth30
 
Fundamentals of-copywriting
bychris_louis
 
Laberinto Q igualdad
byCatalina Rodríguez Pérez
 
NBTC: Getting Sales Incentive Compensation right
bySalubi Raymond
 
Blow The Self-Sealing Bubble agile2015
byOana Juncu
 
Kassimaal jaan alexander
bysuphacharga
 

Similar to The “I” in API is for Identity (Nordic APIS April 2014)

PDF
Openstack identity protocols unconference
byDavid Waite
 
PDF
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
byCloudIDSummit
 
PDF
CIS13: Introduction to OAuth 2.0
byCloudIDSummit
 
PPTX
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
byPing Identity
 
PDF
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
byCloudIDSummit
 
PDF
[WSO2Con USA 2018] Identity APIs is the New Black
byWSO2
 
PDF
CIS13: Federation Protocol Cross-Section
byCloudIDSummit
 
PDF
Bring your own Identity (BYOID) with WSO2 Identity Server
byWSO2
 
PPTX
Lecture 20101124
byAnderson Liang
 
DOCX
SAML 2
bySteward_John
 
PDF
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
byCA API Management
 
PDF
OpenID Connect "101" Introduction -- October 23, 2018
byOpenIDFoundation
 
PDF
Introduction to SAML & OIDC
byForgeRock Identity Tech Talks
 
PDF
Patterns to Bring Enterprise and Social Identity to the Cloud
byCA API Management
 
PPTX
A recipe for standards-based Cloud IdM
byPaul Madsen
 
PPTX
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
byMysoreMuleSoftMeetup
 
PPTX
Connecting The Real World With The Virtual World
byPing Identity
 
PDF
FIDO, Federation and the Internet of Things
byFIDO Alliance
 
PPTX
WSO2Con USA 2014 - Identity Server Tutorial
byPrabath Siriwardena
 
PDF
GHC18 Abstract - API Security, a Grail Quest
byPaulaPaulSlides
 
Openstack identity protocols unconference
byDavid Waite
 
CIS14: Consolidating Authorization for API and Web SSO using OpenID Connect
byCloudIDSummit
 
CIS13: Introduction to OAuth 2.0
byCloudIDSummit
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
byPing Identity
 
CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFe...
byCloudIDSummit
 
[WSO2Con USA 2018] Identity APIs is the New Black
byWSO2
 
CIS13: Federation Protocol Cross-Section
byCloudIDSummit
 
Bring your own Identity (BYOID) with WSO2 Identity Server
byWSO2
 
Lecture 20101124
byAnderson Liang
 
SAML 2
bySteward_John
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
byCA API Management
 
OpenID Connect "101" Introduction -- October 23, 2018
byOpenIDFoundation
 
Introduction to SAML & OIDC
byForgeRock Identity Tech Talks
 
Patterns to Bring Enterprise and Social Identity to the Cloud
byCA API Management
 
A recipe for standards-based Cloud IdM
byPaul Madsen
 
Configuring Single Sign-On (SSO) via Identity Management | MuleSoft Mysore Me...
byMysoreMuleSoftMeetup
 
Connecting The Real World With The Virtual World
byPing Identity
 
FIDO, Federation and the Internet of Things
byFIDO Alliance
 
WSO2Con USA 2014 - Identity Server Tutorial
byPrabath Siriwardena
 
GHC18 Abstract - API Security, a Grail Quest
byPaulaPaulSlides
 

More from Nordic APIs

PPTX
How to Choose the Right API Platform - We Have the Tool You Need! - Mikkel Iv...
byNordic APIs
 
PPTX
Bulletproof Backend Architecture: Building Adaptive Services with Self-Descri...
byNordic APIs
 
PDF
Implementing Zero Trust Security in API Gateway with Cilium - Pubudu Gunatila...
byNordic APIs
 
PPTX
Event-Driven Architecture the Cloud-Native Way - Manuel Ottlik, HDI Global SE
byNordic APIs
 
PPTX
Navigating the Post-OpenAPI Era with Innovative API Design Frameworks - Danie...
byNordic APIs
 
PDF
Using Typespec for Open Finance Standards - Chris Wood, Ozone API
byNordic APIs
 
PPTX
Schema-first API Design Using Typespec - Cailin Smith, Microsoft
byNordic APIs
 
PPTX
Avoiding APIpocalypse; API Resiliency Testing FTW! - Naresh Jain, Xnsio
byNordic APIs
 
PPTX
How to Build an Integration Platform with Open Source - Magnus Hedner, Benify
byNordic APIs
 
PPTX
API Design First in Practise – An Experience Report - Hari Krishnan, Specmatic
byNordic APIs
 
PPTX
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
byNordic APIs
 
PPTX
Why Frequent API Hackathons Are Key to Product Market Feedback and Go-to-Mark...
byNordic APIs
 
PPTX
Maximizing API Management Efficiency: The Power of Shifting Down with APIOps ...
byNordic APIs
 
PPTX
APIs Vs Events - Bala Bairapaka, Sandvik AB
byNordic APIs
 
PPTX
GraphQL in the Post-Hype Era - Daniel Hervas, Reckon Digital
byNordic APIs
 
PPTX
From Good API Design to Secure Design - Axel Grosse, 42Crunch
byNordic APIs
 
PPTX
API Revolution in IoT: How Platform Engineering Streamlines API Development -...
byNordic APIs
 
PPTX
Unlocking the ROI of API Platforms: What Success Actually Looks Like - Budhad...
byNordic APIs
 
PDF
Increase Your Productivity with No-Code GraphQL Mocking - Hugo Guerrero, Red Hat
byNordic APIs
 
PPTX
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Theodo ...
byNordic APIs
 
How to Choose the Right API Platform - We Have the Tool You Need! - Mikkel Iv...
byNordic APIs
 
Bulletproof Backend Architecture: Building Adaptive Services with Self-Descri...
byNordic APIs
 
Implementing Zero Trust Security in API Gateway with Cilium - Pubudu Gunatila...
byNordic APIs
 
Event-Driven Architecture the Cloud-Native Way - Manuel Ottlik, HDI Global SE
byNordic APIs
 
Navigating the Post-OpenAPI Era with Innovative API Design Frameworks - Danie...
byNordic APIs
 
Using Typespec for Open Finance Standards - Chris Wood, Ozone API
byNordic APIs
 
Schema-first API Design Using Typespec - Cailin Smith, Microsoft
byNordic APIs
 
Avoiding APIpocalypse; API Resiliency Testing FTW! - Naresh Jain, Xnsio
byNordic APIs
 
How to Build an Integration Platform with Open Source - Magnus Hedner, Benify
byNordic APIs
 
API Design First in Practise – An Experience Report - Hari Krishnan, Specmatic
byNordic APIs
 
The Right Kind of API – How To Choose Appropriate API Protocols and Data Form...
byNordic APIs
 
Why Frequent API Hackathons Are Key to Product Market Feedback and Go-to-Mark...
byNordic APIs
 
Maximizing API Management Efficiency: The Power of Shifting Down with APIOps ...
byNordic APIs
 
APIs Vs Events - Bala Bairapaka, Sandvik AB
byNordic APIs
 
GraphQL in the Post-Hype Era - Daniel Hervas, Reckon Digital
byNordic APIs
 
From Good API Design to Secure Design - Axel Grosse, 42Crunch
byNordic APIs
 
API Revolution in IoT: How Platform Engineering Streamlines API Development -...
byNordic APIs
 
Unlocking the ROI of API Platforms: What Success Actually Looks Like - Budhad...
byNordic APIs
 
Increase Your Productivity with No-Code GraphQL Mocking - Hugo Guerrero, Red Hat
byNordic APIs
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Theodo ...
byNordic APIs
 

Recently uploaded

PDF
Step-by-Step Guide to Building Fast Flutter Web Sites
byShiv Technolabs Pvt. Ltd.
 
PDF
Ch2 -ENG.pdf COMPUTER ARCHITECTURE L2 INFO
byrogase8895
 
PPTX
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
PPTX
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
PDF
MGA Insurance Product Launch Acceleration
byOpenkoda
 
PDF
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
PPTX
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
PPTX
SAP SOD Management for Secure & Compliant Access | s4access
bydigitalbacklinks123
 
PDF
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
PDF
Guidewire Vs. Openkoda: Customizable, Open Alternative to Lagacy Core Systems
byOpenkoda
 
PPTX
Application Security – Static Application Security Testing (SAST)
byLalit Jagotra
 
PDF
Data structure using C :UNIT-I Introduction to Data structures and Stacks BCA...
byKuvempu University
 
PPTX
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
PDF
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
PDF
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
PPTX
application security presentation 2 by harman
byharmanideapad
 
PPTX
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
PPTX
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
PPTX
OpenID AuthZEN Overview - Gartner IAM 25
byDavid Brossard
 
PDF
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 
Step-by-Step Guide to Building Fast Flutter Web Sites
byShiv Technolabs Pvt. Ltd.
 
Ch2 -ENG.pdf COMPUTER ARCHITECTURE L2 INFO
byrogase8895
 
OpenChain at Okinawa Event on the 4th of December 2025
byShane Coughlan
 
AI Clinic Management Software for Otolaryngology Clinics Bringing Precision, ...
byEasy Clinic
 
MGA Insurance Product Launch Acceleration
byOpenkoda
 
Red Hat Summit 2025 - Triton GPU Kernel programming.pdf
bySanjeev Rampal
 
#15 All About Anypoint MQ - Calicut MuleSoft Meetup Group
bycalicutmulesoftmeetu
 
SAP SOD Management for Secure & Compliant Access | s4access
bydigitalbacklinks123
 
Navigating SEC Regulations for Crypto Exchanges Preparing for a Compliant Fut...
byzak jasper
 
Guidewire Vs. Openkoda: Customizable, Open Alternative to Lagacy Core Systems
byOpenkoda
 
Application Security – Static Application Security Testing (SAST)
byLalit Jagotra
 
Data structure using C :UNIT-I Introduction to Data structures and Stacks BCA...
byKuvempu University
 
Deep Dive into Durable Functions, presented at Cloudbrew 2025
byJoonas Westlin
 
Code, Coins and Collaboration: How Open Source Shapes Modern Finance.
byDavid Okononfua
 
Influence Without Power - Why Empathy is Your Best Friend.pdf
bySuzanne Lagerweij
 
application security presentation 2 by harman
byharmanideapad
 
Binance Smart Chain Development Guide.pptx
bylakshubadai
 
Reimagining Service with AI Voice Agents | Webinar
byCEPTES Software
 
OpenID AuthZEN Overview - Gartner IAM 25
byDavid Brossard
 
nsfconvertersoftwaretoconvertNSFtoPST.pdf
byNSF Converter Software
 

The “I” in API is for Identity (Nordic APIS April 2014)

  • 1.
  • 2.
    THE “I” INAPI IS FOR IDENTITY David Gorton Senior Program Manager Copyright © 2014 Ping Identity Corp. All rights reserved. 2
  • 3.
    Identity is theKey • Identity unlocks access to resources – Web Resources – APIs • Identities are Everywhere and Expanding Copyright © 2014 Ping Identity Corp. All rights reserved. 3
  • 4.
    Enterprise APIs AreThe Same…but Different Copyright © 2014 Ping Identity Corp. All rights reserved. 4 Public  APIS   B2B  APIS   ü  Authen1ca1on   ü  Authoriza1on   ü  Audit  
  • 5.
    Re-Use Identities withStandards • Increase Adoption • Reduce Risk • Interoperability • Flexibility Copyright © 2014 Ping Identity Corp. All rights reserved. 5
  • 6.
    Available API IdentityStandards • OAuth 2 (Authorization) • SAML (Authentication) • OpenID Connect (Both) Copyright © 2014 Ping Identity Corp. All rights reserved. 6
  • 7.
    OAuth 2 –Authorization Written for API clients to securely interact with APIs on behalf of users Copyright © 2014 Ping Identity Corp. All rights reserved. 7
  • 8.
    OAuth 2 –Details • “Authorization Server” runs the show • Client Requests a Token with a Scope –  User Authenticates –  User Authorizes Client for a Scope • Access token returned that represents a scope for the authenticated user for use by the client Multiple flows (profiles) exist based on the trust between the client, server, and user. Copyright © 2014 Ping Identity Corp. All rights reserved. 8
  • 9.
    OAuth In Action Copyright© 2014 Ping Identity Corp. All rights reserved. 9 API  Client   OAuth  AuthZ   API  Resource   Request  Access   Token  with  Creden1als   Return  Access   Token   Request  Data   From  API   Validate  Access   Token   Return  API   Response   Return  Valida1on   Response   Request  Client   Scope  Authoriza1on   Grant  Client   Scope  Authoriza1on  
  • 10.
    SAML – Federation Enableauthentication & federation across domains & organizations Copyright © 2014 Ping Identity Corp. All rights reserved. 10
  • 11.
    SAML - Details • EstablishTrust Between Organizations • Signed and Encrypted Tokens Transfer Identity Copyright © 2014 Ping Identity Corp. All rights reserved. 11
  • 12.
    SAML + OAuth • Authenticationbrokered by SAML • SAML Token Exchanged for OAuth Access Token • Access Token used to access APIs Copyright © 2014 Ping Identity Corp. All rights reserved. 12
  • 13.
    SAML + OAuthIn Action Copyright © 2014 Ping Identity Corp. All rights reserved. 13 OAuth  Client   OAuth  AuthZ   &  Federa1on   API  Resource   Request  Access   Token   Redirect  to  OAuth   Server  with  SAML   Request  Data   From  API   Validate  Access   Token   Return  API   Response   Return  Valida1on   Response   Iden1ty  Provider   Redirect  to   Iden1ty  Provider   Request  to   Start  AuthN  Flow   Request  Access   Token  with  SAML   Return  Access   Token  
  • 14.
    OpenID Connect –The New Kid on the Block Copyright © 2014 Ping Identity Corp. All rights reserved. 14 Connect  
  • 15.
    OpenID Connect • OIDC Tokencontains – Identity Token – OAuth Access Token • Trust Model for Federation • Lower Maintenance Copyright © 2014 Ping Identity Corp. All rights reserved. 15
  • 16.
    OIDC In Action Copyright© 2014 Ping Identity Corp. All rights reserved. 16 Mobile   OIDC  Server   API  Resource   Request  OIDC   Token   Return   OIDC  Token   Request  Data   From  API   Validate  OIDC   Token   Return  API   Response   Return  Valida1on   Response   Iden1ty  Provider   Redirect  to   Iden1ty  Provider   Request  to   Start  AuthN  Flow   Validate  OIDC   Token   Return   Valida1on  Response  
  • 17.
    Architecting API Identity • Startwith API & Client Copyright © 2014 Ping Identity Corp. All rights reserved. 17 • Add OAuth 2.0 • Add SAML • Or Use OpenID Connect
  • 18.
    What is thebest option? SAML  +  OAuth  2   +  Broad  Adop1on  of  SAML   -­‐  More  complex   -­‐  Requires  browser  interac1on   +  Uses  OAuth  Access  Tokens   Copyright © 2014 Ping Identity Corp. All rights reserved. 18 OpenID  Connect   -­‐  Limited  Enterprise  Adop1on   +  One  Standard   +  Works  with  all  clients   +  Uses  OAuth  Access  Tokens  
  • 19.
    Ping Identity Solution Copyright© 2014 Ping Identity Corp. All rights reserved. 19 ü  OAuth  2   ü  SAML   ü  OpenId  Connect   ü  Authoriza1on   ü  Audi1ng  
  • 20.
    ? Copyright © 2014Ping Identity Corp. All rights reserved. 20