Various authentication and authorization protocols used in modern applications and systems
Here is a list of various authentication and authorization protocols used in modern applications and systems:
-
OAuth: Open standard for access delegation, commonly used for granting applications limited access to user accounts on other services without exposing passwords.
-
OAuth 2.0: Successor to OAuth 1.0, simplifying the process and adding support for different authentication flows.
-
OpenID Connect (OIDC): An identity layer built on top of OAuth 2.0, providing authentication as well as information about the user in JSON format (ID tokens).
-
SAML (Security Assertion Markup Language): XML-based framework for exchanging authentication and authorization data between identity providers (IdPs) and service providers (SPs).
-
JWT (JSON Web Token): A compact, URL-safe means of representing claims to be transferred between two parties, commonly used as tokens in OAuth 2.0 and OIDC.
-
LDAP (Lightweight Directory Access Protocol): A protocol for accessing and maintaining distributed directory information services over an IP network, commonly used for centralized authentication and authorization.
-
Kerberos: A network authentication protocol that uses tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
-
CAS (Central Authentication Service): A single sign-on protocol for the web that allows a user to access multiple applications while providing their credentials (username and password) only once.
-
WS-Federation: A protocol that provides a way to negotiate and manage trust relationships between different domains, enabling federation of identities across organizations.
-
OpenAM (Open Access Manager): An open-source access management, entitlements and federation server platform that provides single sign-on and authorization services for web applications, web services, and Java EE containers.