Extending OAuth2 and OpenID Connect as the enterprise standard for API security This post was originally published as “An Alternative[…]
Read moreTag: Authentication
Understanding OpenID Connect Series
The following blog posts make up my series on OpenID Connect. This is part of the SAML2 vs JWT series.[…]
Read moreSAML2 vs JWT: Understanding OpenID Connect Part 3
In part 1 and part 2 of Understanding OpenID Connect, core concepts and the first Authentication Flow (Authorization Code Grant[…]
Read moreSAML2 vs JWT: Understanding OpenID Connect Part 2
This post continues our discussion of OpenID Connect (OIDC). We look at one of the three Authentication Flows defined by[…]
Read moreSAML2 vs JWT: Understanding OpenID Connect Part 1
This post builds upon what we learned about OAuth2 and JWT in previous posts. OpenID Connect will give us the[…]
Read moreDesign Principles for Seamless User Authentication
This post was originally published as “Design Principles for Seamless User Authentication” on the Apigee Blog. In a previous post,[…]
Read moreKeeping Your APIs Secure for Multiple User Types
This post was originally published as “Keeping Your APIs Secure for Multiple User Types” on the Apigee Blog. In an[…]
Read moreXML Digital Signatures
The XML DSig specification is used to provide digital signature functionality to XML Documents. It is is used by numerous[…]
Read moreWhat is Authentication?
I’ve talked about authentication many times on ThinkMiddleware.com. It recently occurred to me that I have never devoted a blog[…]
Read moreRBM–Administrative Access & Security for DataPower
I generally recommend to clients that DataPower RBM (Role-Based Management) be configured to perform authentication and authorization of DataPower administrators[…]
Read more