XML
Authentication and Authorization Protocols - XML
Authentication and authorization protocols are standards for securely verifying user identities and managing access rights between systems. OAuth 2.0 enables delegated limited access for third-party applications, OpenID Connect functions as an authentication layer built on OAuth 2.0, and SAML is an XML-based standard for enterprise single sign-on. These protocols form the foundation for secure identity federation in modern web applications and enterprise systems.
authentication
authorization
OAuth
OpenID Connect
SAML
security
SSO
identity management
<?xml version="1.0" encoding="UTF-8"?>
<items>
<item>
<code>oauth-2-0</code>
<slug>oauth-2-0</slug>
<name>OAuth 2.0</name>
<description>An authorization framework for delegated limited access to third-party applications.</description>
<category>Authorization Protocol</category>
<dataFormat>JSON</dataFormat>
<rfcNumber>RFC 6749</rfcNumber>
<standardBody>IETF</standardBody>
<tokenFormat>Bearer Token</tokenFormat>
<basedOn></basedOn>
</item>
<item>
<code>openid-connect</code>
<slug>openid-connect</slug>
<name>OpenID Connect 1.0</name>
<description>A simple identity layer built on top of the OAuth 2.0 protocol.</description>
<category>Authentication Protocol</category>
<dataFormat>JSON (JWT)</dataFormat>
<rfcNumber></rfcNumber>
<standardBody>OpenID Foundation</standardBody>
<tokenFormat>ID Token (JWT)</tokenFormat>
<basedOn>OAuth 2.0</basedOn>
</item>
<item>
<code>saml-2-0</code>
<slug>saml-2-0</slug>
<name>SAML 2.0</name>
<description>An XML-based standard for exchanging authentication and authorization data between security domains.</description>
<category>Authentication and Authorization Protocol</category>
<dataFormat>XML</dataFormat>
<rfcNumber></rfcNumber>
<standardBody>OASIS</standardBody>
<tokenFormat>SAML Assertion</tokenFormat>
<basedOn></basedOn>
</item>
<item>
<code>oauth-pkce</code>
<slug>oauth-pkce</slug>
<name>OAuth 2.0 with PKCE</name>
<description>An OAuth 2.0 extension that prevents authorization code interception attacks for public clients.</description>
<category>Authorization Protocol Extension</category>
<dataFormat>JSON</dataFormat>
<rfcNumber>RFC 7636</rfcNumber>
<standardBody>IETF</standardBody>
<tokenFormat>Bearer Token</tokenFormat>
<basedOn></basedOn>
</item>
<item>
<code>oauth-device-flow</code>
<slug>oauth-device-flow</slug>
<name>OAuth 2.0 Device Authorization Grant</name>
<description>An OAuth 2.0 flow for devices with limited input or browserless devices.</description>
<category>Authorization Protocol Extension</category>
<dataFormat>JSON</dataFormat>
<rfcNumber>RFC 8628</rfcNumber>
<standardBody>IETF</standardBody>
<tokenFormat>Bearer Token</tokenFormat>
<basedOn></basedOn>
</item>
<item>
<code>jwt</code>
<slug>jwt</slug>
<name>JSON Web Token (JWT)</name>
<description>A compact, URL-safe means of representing claims to be transferred between two parties.</description>
<category>Token Format</category>
<dataFormat>JSON</dataFormat>
<rfcNumber>RFC 7519</rfcNumber>
<standardBody>IETF</standardBody>
<tokenFormat>JWT</tokenFormat>
<basedOn></basedOn>
</item>
<item>
<code>ldap</code>
<slug>ldap</slug>
<name>LDAP</name>
<description>A standard protocol for accessing and maintaining distributed directory information services over IP networks.</description>
<category>Directory Protocol</category>
<dataFormat>BER/DER</dataFormat>
<rfcNumber>RFC 4510</rfcNumber>
<standardBody>IETF</standardBody>
<tokenFormat></tokenFormat>
<basedOn></basedOn>
</item>
<item>
<code>kerberos</code>
<slug>kerberos</slug>
<name>Kerberos</name>
<description>A network authentication protocol using secret-key cryptography.</description>
<category>Network Authentication Protocol</category>
<dataFormat>Binary</dataFormat>
<rfcNumber>RFC 4120</rfcNumber>
<standardBody>IETF</standardBody>
<tokenFormat></tokenFormat>
<basedOn></basedOn>
</item>
<item>
<code>cas</code>
<slug>cas</slug>
<name>CAS (Central Authentication Service)</name>
<description>An enterprise single sign-on protocol for web applications.</description>
<category>Single Sign-On Protocol</category>
<dataFormat>XML/JSON</dataFormat>
<rfcNumber></rfcNumber>
<standardBody>Apereo Foundation</standardBody>
<tokenFormat></tokenFormat>
<basedOn></basedOn>
</item>
<item>
<code>ws-fed</code>
<slug>ws-fed</slug>
<name>WS-Federation</name>
<description>A protocol specification for enabling federation across web services.</description>
<category>Federation Protocol</category>
<dataFormat>XML</dataFormat>
<rfcNumber></rfcNumber>
<standardBody>OASIS</standardBody>
<tokenFormat></tokenFormat>
<basedOn></basedOn>
</item>
</items>