1. OpenID Connect

1.1 OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA)

CIBA is a new flow for decoupled authorisation of transactions, typically at a user's smartphone.

2. OAuth 2.0

2.1 OAuth Incremental Authorisation

OAuth 2.0 authorisation requests that include every scope the client might ever need can result in over-scoped authorisation and a bad end-user consent experience. The draft-ietf-oauth-incremental-authz spec enhances the OAuth 2.0 authorisation protocol by adding incremental authorisation, the ability to request specific authorization scopes as needed, when they're needed, removing the requirement to request every possible scope that might be needed upfront.

2.2 OAuth 2.0 Device Authorisation Grant

Commonly known as the device flow, this OAuth grant is for designed for browserless and input constrained devices / contexts, such as smart TVs, consoles and printers. This user authorises the client on secondary device, such their smartphone or personal computer. See RFC 8628.

2.3 Support for Resource Server specific access token profiles

The Connect2id server supports a number of access token profiles, including the definition of custom profiles, there however cannot be bound to specific resources at present.

3. Performance and scaling

3.1 Stateless authorisation sessions

Optional configuration to enable stateless authorisation sessions, to encrypt the session data into the session identifier. Can be used to save database traffic and costs in large deployments.

Comments, suggestions?

Please post your comment below, or write to Connect2id support.

comments powered by Disqus