Skip to content

Standards Overview

Introduction

Currently, more and more systems are linked through Web services, portals, and integrated applications. To solve the problem of information silos, centralized identity management is usually adopted, transferring access control management from multiple local application systems to a management center. User data can be accessed very conveniently through Web services. As the scale of the Internet continues to grow, a series of standard protocols have been established. Through federated identification, authentication, and authorization, enterprises are allowed to establish data that they own and control, and share this data with partner enterprises in a structured and controlled manner.

The federated authentication introduced in this module refers to authenticating users through standard protocols by federating different identity providers.

Standard Authentication in the IDaaS Platform

The IDaaS platform supports authentication through multiple standard protocols. The introductions to each protocol are as follows.

SAML

Used to exchange authentication and authorization data between parties, especially between identity providers (IDP) and service providers (SP). The SAML protocol mainly addresses standardized, cross-domain, Web-based single sign-on (SSO) issues. For details about the SAML 2.0 protocol, please search on your own or refer to http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html.

OAuth

OAuth (Open Authorization) is an open standard that allows users to authorize third-party applications to access information stored on another service provider without providing their username and password to the third-party application or sharing all the content of their data. For details about the OAuth 2.0 protocol, please search on your own or refer to https://www.rfc-editor.org/rfc/rfc6749.

OIDC

OIDC is built on the OAuth 2.0 framework, allowing client services, i.e., applications, to verify user identities through an OpenID authentication server and exchange profile information through RESTful APIs. These APIs issue JSON Web Tokens (JWT) for information sharing during the authentication process, with high scalability and cross-platform flexibility. For details about the OIDC protocol, please search on your own or refer to https://openid.net/specs/openid-connect-core-1_0.html.

CAS

CAS (Central Authentication Service) is a central authentication service involving two entities: the CAS Server and the CAS Client. The CAS Server is responsible for user authentication; the CAS Client is responsible for providing resources. When protected resources require user authentication, the user is redirected to the CAS Server for authentication. For details about the CAS protocol, please search on your own or refer to https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html.

Kerberos

A computer network authentication protocol designed to provide strict authentication services for client/server applications communicating in the network through a key system, ensuring the authenticity and security of both communicating parties' identities.

AD (Active Directory) is a directory service based on the LDAP protocol (LDAP server + applications) that solves fine-grained permission control.

LDAP

LDAP is a directory access protocol that specifies storing and accessing data in a tree structure.

BambooCloud IDaaS Open Platform