Application Security Models
I like to start system design (at the application level) with the security model that will be used to protect[…]
Read more
Author: RCBJ
Digital Signature Series
The following blog posts are part of a series I wrote on digital signatures. DSig Part 1: XML Digital Signature[…]
Read more
Performance Tuning Methodology
I’m taking a brief excursion from my usual identity and API-centric posts to answer a question about performance tuning someone[…]
Read more
Understanding WS-Federation — Passive Requestor Profile
There are several identity protocols that are commonly supported by Identity Providers today — OAuth2, OAuth2 Token Exchange, OIDC, SAML2 Browser Profile,[…]
Read more
Summary of Azure Active Directory OAuth2 Authorization Grant and OIDC Authentication Flow Uses
A while back I needed a summary of which protocols were supported/recommended in different situations by Azure Active Directory while[…]
Read more
Authentication vs. Federation vs. SSO
Authentication. Federation. Single Sign On (SSO). I’ve mentioned these concepts many times. I haven’t actually formally defined what each of[…]
Read more
How To Submit Your Security Tokens to an API Provider, Pt. 2
This post was originally published as “How to Submit Tokens to an API Provider, Pt 2” on the Apigee Blog.[…]
Read more
How To Submit Your Security Tokens to an API Provider Pt. 1
This post was originally published as “How to Submit Tokens to an API Provider, Pt 1” on the Apigee Blog.[…]
Read more
SAML2 vs JWT: A Comparison
This post concludes our discussion of SAML2 and JWT. Here we look at a comparison of the features and use[…]
Read more
JWT Use Cases
This post explores the equivalent JWT use cases corresponding to the five SAML2 use cases that were explored earlier in[…]
Read more