Solving Identity Management in Modern Applications: Demystifying Oauth 2.0, Openid Connect, and Saml 2.0

Know how to design and use identity management to protect your application and the data it manages.

At a time when security breaches result in increasingly onerous penalties, it is paramount that application developers and owners understand identity management and the value it provides when building applications. This book takes you from account provisioning to authentication to authorization, and covers troubleshooting and common problems to avoid. The authors include predictions about why this will be even more important in the future. Application best practices with coding samples are provided.

Solving Identity and Access Management in Modern Applications gives you what you need to design identity and access management for your applications and to describe it to stakeholders with confidence. You will be able to explain account creation, session and access management, account termination, and more.

This revised and expanded edition includes additional content providing an overview of the new version of OAuth (2.1)--what led to it, and primary changes in this version (including features removed from 2.1 that were in 2.0 and why they were removed)--as well as coverage of newer specification documents (RFC 8639--Device flow, useful for IoT devices, RFC 8705--mutual Transport Layer Security, RFC 8707--the protocol "resource" parameter, it's purpose and use, and more).

What You'll Learn

• Understand key identity management concepts
  
• Incorporate essential design principles
  
• Design authentication and access control for a modern application
  
• Know the identity management frameworks and protocols used today (OIDC/OAuth 2.0/2.1, SAML 2.0)
  
• Review historical failures and know how to avoid them

Who This Book Is For

Developers, enterprise or application architects, business application or product owners, and anyone involved in an application's identity management solution

了解如何設計和使用身份管理來保護您的應用程序及其管理的數據。

在安全漏洞導致越來越嚴重的懲罰的時代，應用程序開發人員和擁有者理解身份管理以及在構建應用程序時提供的價值至關重要。本書從帳戶配置到身份驗證和授權，並涵蓋故障排除和常見問題的避免。作者們對未來的重要性提出了預測。提供了包含編碼示例的應用程序最佳實踐。

《解決現代應用程序中的身份和訪問管理》為您提供了設計應用程序的身份和訪問管理所需的知識，並能夠自信地向利益相關者描述。您將能夠解釋帳戶創建、會話和訪問管理、帳戶終止等。

此修訂和擴展版還包括其他內容，概述了新版本的OAuth（2.1）-其背後的原因以及此版本的主要更改（包括從2.0中刪除的功能以及刪除它們的原因），以及對較新的規範文件（RFC 8639-設備流程，對於物聯網設備很有用，RFC 8705-互相傳輸層安全性，RFC 8707-協議“資源”參數，其目的和用途等）的覆蓋。

您將學到什麼：
- 理解關鍵的身份管理概念
- 結合基本設計原則
- 為現代應用程序設計身份驗證和訪問控制
- 了解當今使用的身份管理框架和協議（OIDC/OAuth 2.0/2.1，SAML 2.0）
- 檢討歷史上的失敗並知道如何避免它們

適合閱讀對象：
開發人員、企業或應用程序架構師、業務應用程序或產品擁有者，以及任何參與應用程序身份管理解決方案的人。

Yvonne Wilson is co-founder and Chief Strategy Officer for XploitDefense. She has had many roles in the software industry related to security and identity management as a security and identity architect; enterprise architect; director of developer success working with identity customers; sr. director of security governance, risk, and compliance (GRC); Chief Strategy Officer; and founder of cloud identity services. Yvonne was responsible for IT security strategy and architecture at Sun Microsystems, founded and designed the identity management services offered through Oracle Managed Cloud Services, created a GRC team at Auth0 and founded a world-wide developer success team for Auth0, working with customers and overseeing the creation of an identity management training program for customer-facing support and professional services engineers. Yvonne is currently Chief Strategy Officer at XploitDefense.

In working with business teams at Sun, designing and deploying identity systems for customers at Oracle, and while founding a developer success team at Auth0, Yvonne had the opportunity of working with many customers, from small startups to large enterprises. Her experience spans the implementation of SSO, identity federation, directory services, adaptive knowledge-based authentication, and identity provisioning as well as multilevel authentication systems with certificate-based authentication. She has worked with OIDC, SAML 2.0, WS-Fed, OAuth2.0/2.1, and OpenID. From this depth of experience, Yvonne realized the growing need for a basic overview of identity management concepts that is understandable to business application owners as well as architects and developers.

Abhishek Hingnikar is at Okta, the identity provider for the internet. He has several years of experience designing and demonstrating Identity Management solutions to customers using Auth0 using OAuth 2.0/2.1, OpenID Connect and SAML 2.0. His current focus areas involve Consumer IoT, Device Based Identity and designing solutions that explore web based identity in peripheral domains.

Yvonne Wilson是XploitDefense的聯合創始人和首席策略官。她在軟體行業中擔任過多個與安全和身份管理相關的角色，包括安全和身份架構師、企業架構師、與身份客戶合作的開發成功總監、安全治理、風險和合規性高級總監、首席策略官以及雲身份服務的創始人。Yvonne在Sun Microsystems負責IT安全策略和架構，在Oracle Managed Cloud Services創建和設計了身份管理服務，在Auth0建立了一個GRC團隊，並為Auth0創建了一個全球開發成功團隊，與客戶合作並監督為面向客戶支援和專業服務工程師創建身份管理培訓計劃。Yvonne目前擔任XploitDefense的首席策略官。

在與Sun的業務團隊合作、為Oracle的客戶設計和部署身份系統以及在Auth0創建開發成功團隊的過程中，Yvonne有機會與許多客戶合作，從小型初創企業到大型企業。她的經驗涵蓋了單點登錄、身份聯合、目錄服務、適應性基於知識的身份驗證、身份供應以及基於憑證的多層身份驗證系統的實施。她曾與OIDC、SAML 2.0、WS-Fed、OAuth2.0/2.1和OpenID一起工作。基於這樣豐富的經驗，Yvonne意識到對於業務應用擁有者、架構師和開發人員來說，有一個基本的身份管理概述的需求越來越大，並且易於理解。

Abhishek Hingnikar在Okta工作，該公司是互聯網的身份提供者。他擁有多年的經驗，使用Auth0的OAuth 2.0/2.1、OpenID Connect和SAML 2.0向客戶設計和展示身份管理解決方案。他目前的重點領域包括消費者物聯網、基於設備的身份和設計探索外圍領域的基於網絡的身份解決方案。