Chapter 6. Supported Standards

OpenAM implements the following RFCs, Internet-Drafts, and standards.

OAuth 2.0

The OAuth 2.0 Authorization Framework, in which OpenAM can play the roles of authorization server and of client.

The OAuth 2.0 Authorization Framework: Bearer Token Usage, in which OpenAM plays the role of authorization server.

Assertion Framework for OAuth 2.0, which is an Internet-Draft.

SAML 2.0 Bearer Assertion Profiles for OAuth 2.0, which is an Internet-Draft.

JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants, which is an Internet-Draft.

OpenID Connect 1.0

OpenAM plays the role of OpenID provider. The OpenID Connect specifications also depend on OAuth 2.0, JSON Web Token, and Simple Web Discovery and related specifications. The following descriptions are from the OpenID Connect 1.0 web site.

Basic Client Profile. Lightweight simple self-contained specification for a web-based Relying Party using the OAuth code flow.

Implicit Client Profile. Lightweight simple self-contained specification for a web-based Relying Party using the OAuth implicit flow.

Discovery. Defines how user and provider endpoints are dynamically discovered.

Dynamic Registration. Defines how clients dynamically register with OpenID Providers.

Standard. Full HTTP binding specification, for both clients and OpenID Providers; references Messages.

Messages. Lists all the messages that are used in OpenID Connect. You can use this to create additional bindings for Connect, such as an OpenID Connect binding for XMPP.

Session Management. Defines how to manage OpenID Connect sessions.

OAuth 2.0 Multiple Response Types. Registration document for several specific new response types, in accordance with the stipulations of the OAuth Parameters Registry.

Representational State Transfer (REST)

Style of software architecture for web-based, distributed systems.

Security Assertion Markup Language (SAML)

Standard, XML-based framework for creating and exchanging security information between online partners. OpenAM supports multiple versions of SAML including 2.0.

Liberty Alliance Project Identity Federation Framework (Liberty ID-FF)

Federation standard, whose concepts and capabilities contributed to SAML 2.0.

Simple Object Access Protocol

Lightweight protocol intended for exchanging structured information in a decentralized, distributed environment.

Web Services Description Language (WSDL)

XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information.

Web Services Federation Language (WS-Federation)

Identity federation standard, part of the Web Services Security framework.

eXtensible Access Control Markup Language (XACML)

Declarative access control policy language implemented in XML, and also a processing model, describing how to interpret policies.