Frameworks

Framework	Authentication	Authorization	Accounting	Description
Central Authentication Server (CAS)	✓	x	✓	is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user’s security credentials, such as a password Link to original
Remote Authentication Dial-In User Service (RADIUS)	✓	✓	✓	is a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. Link to original
Lightweight Directory Access Protocol (LDAP)				is a protocol that makes it possible for applications to query user information Link to original

Framework

Authentication

Authorization

Accounting

Description

✓

is a single sign-on protocol for the web. Its purpose is to permit a user to access multiple applications while providing their credentials (such as userid and password) only once. It also allows web applications to authenticate users without gaining access to a user’s security credentials, such as a password

Link to original

Remote Authentication Dial-In User Service (RADIUS)

✓

is a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service.

Link to original

Lightweight Directory Access Protocol (LDAP)

is a protocol that makes it possible for applications to query user information

Link to original

Delegation Protocol Frameworks

Frameworks	Delegated Authentication	Delegated Authorization	Description
Open Authorization (OAuth)	x	✓	is an open standard for token-based delegated authentication over the Internet allows an end user’s account information to be used by third-party services without exposing the user’s password is basically a way to separate the Authorization Process from the Access to the Resource and therefore limit the exposure of the credentials Link to original
OpenID Connect (OIDC)	✓	✓	is an extension of Open Authorization (OAuth) adding delegated authentication (i.e. allowing Client application(s) to obtain a Resource Owner’s information) is not backward compatible with OpenID 2 (or 1 for that matter). OpenID Connect is effectively version 3 of the OpenID specification Link to original

Frameworks

Delegated Authentication

Delegated Authorization

Description

Open Authorization (OAuth)

✓

is an open standard for token-based delegated authentication over the Internet

allows an end user’s account information to be used by third-party services without exposing the user’s password

is basically a way to separate the Authorization Process from the Access to the Resource and therefore limit the exposure of the credentials

Link to original

OpenID Connect (OIDC)

✓

is an extension of Open Authorization (OAuth) adding delegated authentication (i.e. allowing Client application(s) to obtain a Resource Owner’s information)

is not backward compatible with OpenID 2 (or 1 for that matter). OpenID Connect is effectively version 3 of the OpenID specification

Link to original

Token-Based Protocol Frameworks

Token-Based Frameworks	Authentication	Authorization	Protocol	Data Format	Description
JSON Web Tokens (JWT) (JWS - JWE - Unsecured JWT)	x	x	REST	JSON	is a JSON object containing a claim, which is to be transferred between parties usually used in conjunction with OAuth/OIDC Link to original
Simple Web Tokens (SWT)			REST		Transclude of simple-web-tokens-(swt)#^excerpt
Security Assertion Markup Language Tokens (SAML)	✓	✓	SOAP	XML	is an XML-based framework for authentication and authorization has multiple authentication methods (e.g. Single-Sign-On (SSO) across multiple sites) Link to original

Token-Based Frameworks

Authentication

Authorization

Protocol

Data Format

Description

JSON Web Tokens (JWT) (JWS - JWE - Unsecured JWT)

REST

JSON

is a JSON object containing a claim, which is to be transferred between parties

usually used in conjunction with OAuth/OIDC

Link to original

Simple Web Tokens (SWT)

REST

Transclude of simple-web-tokens-(swt)#^excerpt

Security Assertion Markup Language Tokens (SAML)

✓

SOAP

XML

is an XML-based framework for authentication and authorization

has multiple authentication methods (e.g. Single-Sign-On (SSO) across multiple sites)

Link to original

SaaS Organizations

SaaS Framework	Authentication	Authorization	Accounting	Description
Auth0 (zero)	✓	✓	✓	is an organization, that manages Universal Identity Platform for web, mobile, and IoT and can handle any of them — B2C, B2B, B2E, or a combination Link to original
Okta

SaaS Framework

Authentication

Authorization

Accounting

Description

Auth0 (zero)

✓

is an organization, that manages Universal Identity Platform for web, mobile, and IoT and can handle any of them — B2C, B2B, B2E, or a combination

Link to original

Okta

／var／log marcus chiu

Explorer

Authentication／Authorization／Delegation - Frameworks

Frameworks

Delegation Protocol Frameworks

Token-Based Protocol Frameworks

SaaS Organizations

／var／logmarcus chiu

Explorer

Authentication／Authorization／Delegation - Frameworks

Frameworks

Delegation Protocol Frameworks

Token-Based Protocol Frameworks

SaaS Organizations

／var／log marcus chiu