OAuth 2.0 is an authorization framework, not an authentication protocol. You can think of this framework as a common denominator for authorization. OAuth2 was left...

Michael Schwartz August 2, 2013

What Exactly is Identity Federation? These days, most websites and mobile apps don’t know how to authenticate you.  Instead, they call the APIs of services...

Michael Schwartz April 16, 2013

If you’re doing research on protocols that enable single sign-on (SSO), a typical question is, “How does SAML work?”. SAML, or Security Assertion Markup Language,...

Michael Schwartz December 19, 2012