This post concludes our discussion of SAML2 and JWT. Here we look at a comparison of the features and use[…]
Read moreLatest Posts
JWT Use Cases
This post explores the equivalent JWT use cases corresponding to the five SAML2 use cases that were explored earlier in[…]
Read moreOpenID Connect Logout
The OpenID Connect (OIDC) family of specs supports logout (from a single application) and global (or single) logout (from all[…]
Read moreSAML2 Use Cases
The following blog posts discuss SAML2 use cases that have been explored in this series: SAML v2.0 vs JWT: SAML2[…]
Read moreIdentity Propagation in an API Gateway Architecture
The power of end-to-end user security context with APIs This post was originally published as “Identity Propagation in an API[…]
Read moreWhen To Use Which (OAuth2) Grants and (OIDC) Flows
If you have been following my SAML2 vs JWT series lately, you are no doubt familiar with the OAuth2 and[…]
Read moreAn Alternative to Delegated Access in the Enterprise
Extending OAuth2 and OpenID Connect as the enterprise standard for API security This post was originally published as “An Alternative[…]
Read moreUnderstanding OpenID Connect Series
The following blog posts make up my series on OpenID Connect. This is part of the SAML2 vs JWT series.[…]
Read moreSAML2 vs JWT: Understanding OpenID Connect Part 3
In part 1 and part 2 of Understanding OpenID Connect, core concepts and the first Authentication Flow (Authorization Code Grant[…]
Read moreSAML2 vs JWT: Understanding OpenID Connect Part 2
This post continues our discussion of OpenID Connect (OIDC). We look at one of the three Authentication Flows defined by[…]
Read more