Solving Identity Management in Modern Applications : Demystifying OAuth 2, OpenID Connect, and SAML 2 / by Yvonne Wilson, Abhishek Hingnikar.

Format:

Book

Author/Creator:

Wilson, Yvonne, author.

Hingnikar, Abhishek, author.

Language:

English

Subjects (All):

Data protection.

Data and Information Security.

Local Subjects:

Data and Information Security.

Physical Description:

1 online resource (398 pages)

Edition:

2nd ed. 2023.

Place of Publication:

Berkeley, CA : Apress : Imprint: Apress, 2023.

System Details:

Mode of access: World Wide Web.

Summary:

Know how to design and use identity management to protect your application and the data it manages. At a time when security breaches result in increasingly onerous penalties, it is paramount that application developers and owners understand identity management and the value it provides when building applications. This book takes you from account provisioning to authentication to authorization, and covers troubleshooting and common problems to avoid. The authors include predictions about why this will be even more important in the future. Application best practices with coding samples are provided. Solving Identity and Access Management in Modern Applications gives you what you need to design identity and access management for your applications and to describe it to stakeholders with confidence. You will be able to explain account creation, session and access management, account termination, and more. This expanded edition has been revised to providean overview of the new version of OAuth (2.1)―the primary changes in this version, including features that were removed from 2.1 that were in 2.0 and why they were removed. The discussion of the book's accompanying sample application has been revised to cover in more depth the approach for developing the application (also revised). A new section has been added on the OAuth 2.0 Device Authorization Grant (RFC 8628) specification, which is useful for devices with limited UI capability. Minor additions include the topics of identity proofing, the need to capture and organize consent information, the impact of tracking prevention technology on certain identity protocols, and the availability of additional options for authorization requests such as OAuth 2.0 Rich Authorization Requests and JWT-Secured Authorization Requests (RFC 9101). What You’ll Learn • Understand key identity management concepts • Incorporate essential design principles • Design authentication and access control for a modern application • Know the identity management frameworks and protocols used today (OIDC/OAuth 2.0/2.1, SAML 2.0) • Review historical failures and know how to avoid them.

Contents:

Chapter 1: The Hydra of Modern Identity

Chapter 2: The Life of an Identity

Chapter 3: Evolution of Identity

Chapter 4: Identity Provisioning

Chapter 5: OAuth 2.0 and API Authorization

Chapter 6: OIDC OpenID Connect

Chapter 7: SAML 2

Chapter 8: Authorization and Policy Enforcement

Chapter 9: Sessions

Chapter 10: Using Modern Identity to Build Applications

Chapter 11: Single Sign-on

Chapter 12: Strong Authentication

Chapter 13: Logout

Chapter 14: Account Management

Chapter 15: Deprovisioning

Chapter 16: Troubleshooting

Chapter 17: Exceptions

Chapter 18: Less Common Requirements

Chapter 19: Failures

Chapter 20: Compliance

Chapter 21: Looking into the Crystal Ball

Chapter 22: Conclusion

Appendix A: Glossary

Appendix B: Resources for Further Learning

Appendix C: SAML Authentication Request and Response

Appendix D: Public Key Cryptography

Appendix E: Troubleshooting Tools

Appendix F: Privacy Legislation

Appendix G: Security ComplianceFrameworks.

Notes:

Includes index.

Includes bibliographical references and index.

Other Format:

Print version: Wilson, Yvonne Solving Identity Management in Modern Applications

ISBN:

9781484282618

1484282612

OCLC:

1351472103