فهرست مطالب

• Contents
• About the Authors
• About the Technical Reviewers
• Acknowledgments
• Introduction
• Chapter 1: The Hydra of Modern Identity
• Identity Challenges
• Objective
• Sample Application
• Design Questions
• Summary
• Notes
• Chapter 2: The Life of an Identity
• Terminology
• Events in the Life of an Identity
• Summary
• Chapter 3: Evolution of Identity
• Identity Management Approaches
• Standard Protocols
• Summary
• Notes
• Chapter 4: Identity Provisioning
• Provisioning Options
• Selecting an External Identity Service
• Identity Provider Selection
• Identity Proofing
• Choosing and Validating Identity Attributes
• Consent Management
• Summary
• Notes
• Chapter 5: OAuth 2 and API Authorization
• API Authorization
• OAuth 2
• Terminology
• How It Works
• Token Usage Guidance
• Further Learning
• Summary
• Notes
• Chapter 6: OpenID Connect
• Problem to Solve
• Terminology
• How It Works
• UserInfo Endpoint
• Further Learning
• Summary
• Notes
• Chapter 7: SAML 2
• Problem to Solve
• Terminology
• How It Works
• Identity Federation
• Authentication Brokers
• Configuration
• Summary
• Notes
• Chapter 8: Authorization and Policy Enforcement
• Authorization vs. Policy Enforcement
• Levels of Authorization and Access Policy Enforcement
• User vs. Application Authorization
• Application Authorization
• Authorization and Enforcement Extensions
• Summary
• Notes
• Chapter 9: Sessions
• Application Sessions
• Identity Provider Sessions
• Multiple Sessions
• Session Duration
• Session Renewal
• Token Renewal
• Reconstituted Sessions
• Summary
• Notes
• Chapter 10: Using Modern Identity to Build Applications
• Sample Application: Collaborative Text Editor
• Design
• Implementation: Front End
• Implementation: Back-End API
• Other Applications
• Additional Note on Sessions
• Browsers, Trackers, and OAuth 2
• Summary
• Notes
• Chapter 11: Single Sign-On
• What Is SSO?
• How SSO Works
• SSO Configuration
• Summary
• Notes
• Chapter 12: Stronger Authentication
• The Problem with Passwords
• Stronger Forms of Authentication
• Session Timeouts
• Requesting Authentication Mechanisms
• Step-Down Authentication
• Deployment
• Summary
• Notes
• Chapter 13: Logout
• Multiple Sessions
• Logout Triggers
• Logout Options
• Application Logout
• OAuth 2
• OIDC
• SAML 2
• Session Termination
• Logout and Multilevel Authentication
• Redirect After Logout
• Summary
• Notes
• Chapter 14: Account Management
• Identity Attributes
• Credential Reset
• Account Recovery
• Password Guidance
• Helpdesk Reset
• Notification
• Summary
• Notes
• Chapter 15: Deprovisioning
• Account Termination
• Best Practices
• Summary
• Notes
• Chapter 16: Troubleshooting
• Get Familiar with the Protocols
• Prepare Your Tools
• Check the Simple Things
• Gather Information
• Analyzing an HTTP/Network Trace
• Collaborating with Others
• Summary
• Note
• Chapter 17: Exceptions
• Accounts
• Identity Providers
• System Outages
• Cybersecurity Threats
• Summary
• Notes
• Chapter 18: Less Common Requirements
• People
• Accounts
• Environment
• Summary
• Chapter 19: Failures
• Pay Attention to Process
• Beware of Phishy Emails
• Use Multi-factor Authentication
• Stay on Top of Patches
• Secure Your Cloud Storage
• Encrypt Sensitive Data
• Do Not Store Cleartext Passwords
• Provide Security Training to Developers
• Vet Your Partners
• Insider Threat
• Summary
• Notes
• Chapter 20: Compliance
• What Is Compliance?
• Why Compliance
• Compliance Landscape
• How to Proceed
• Summary
• Notes
• Chapter 21: Looking into the Crystal Ball
• Continued Security Challenges
• More Targets
• Identity – Not Just for Humans
• On the Horizon
• Lessons Learned
• Summary
• Notes
• Chapter 22: Conclusion
• Appendices
• Appendix A: Glossary
• Appendix B: Resources for Further Learning
• Appendix C: SAML 2 Authentication Request and Response
• Appendix D: Public Key Cryptography
• Appendix E: Troubleshooting Tools
• Appendix F: Privacy Legislation
• Appendix G: Security Compliance Frameworks
• Index