Lavoisier S.A.S.
14 rue de Provigny
94236 Cachan cedex

Heures d'ouverture 08h30-12h30/13h30-17h30
Tél.: +33 (0)1 47 40 67 00
Fax: +33 (0)1 47 40 67 02

Url canonique :
Url courte ou permalien :

Solving Identity and Access Management in Modern Applications, 1st ed. Demystifying OAuth 2.0, OpenID Connect, and SAML 2.0

Langue : Anglais

Auteurs :

Know how to design and use identity management to protect your application and the data it manages.

At a time when security breaches result in increasingly onerous penalties, it is paramount that application developers and owners understand identity management and the value it provides when building applications. This book takes you from account provisioning to authentication to authorization, and covers troubleshooting and common problems to avoid. The authors include predictions about why this will be even more important in the future. Coding samples are provided.

Solving Identity and Access Management in Modern Applications gives you what you need to design identity and access management for your applications and to describe it to stakeholders with confidence. You will be able to explain account creation, session and access management, account termination, and more.

What You?ll Learn

  • Understand key identity management concepts
  • Keep essential design principles in mind
  • Design authentication and access control for a modern application
  • Know the identity management frameworks and protocols used today (OIDC/ OAuth 2.0, SAML 2.0)
  • Review historical failures and know how to avoid them

Who This Book Is For

Developers, enterprise or application architects, business application or product owners, and anyone involved in an application's identity management solution


Offers an introduction to the book and sets the goals that will be achieved in the book, who this book is for and what this book deals with.

Chapter 1: Identity

This chapter explains the concept of Identity and what we mean by Identity throughout the book, it is used to create familiarity with digital identity and walks the use through where these concepts originate from.

Chapter 2: Establishing Identity

This takes a little in-depth approach towards identity and how identity evolved on the internet and how we went from admin party (a term used to denote a server where everyone has administrative access) to secured systems with multi-level identities etc.

Chapter 3: Using Identity

Explains how identity works for applications and modern systems, including: authenticating, deep links, how to protect multiple pages in your app (tell if user has a valid session), and SSO - Sharing identity between apps.

Chapter 4: Nothing Lasts Forever

A missing point in identity books is the cleanup—there are laws and increasing complexities today that get more and more involved as time passes. This chapter deals with what is done even on user end devices and what users should do, as well on the developer side on how to properly log a user out. Covers: Logout, Password Reset, Forgotten Password, and deprovisioning.

Chapter 5: Architecture

From this point on the book takes a deeper turn targeted towards architects, which helps developers and architects focus on how to visualize and develop identity architectures. It covers Trust, PSP, PIP, PDP, PEP, Enterprise Identity, User-centric Identity, and current Identity Providers.

Chapter 6: Failure is an option!

Every now and then we often find a security vulnerability making headlines in the news, this chapter aims to explain what happened wrong on a higher level and then provide pillars on how to avoid them

Chapter 7: Looking into the Crystal Ball

A look into the horizon of identity, privacy and security today. This chapter talks about the bleeding edge work in cryptography.

Yvonne Wilson has had many roles in the software industry related to security and identity management as a developer, security architect, customer success engineer working with customers, founder of cloud identity services, and director of a security governance, risk, and compliance function. She was responsible for IT security strategy and architecture at Sun Microsystems, founded and designed the identity management services offered through Oracle Managed Cloud Services, and works as Senior Director of GRC at Auth0 with customers and vendors to ensure end-to-end security of the application technology supply chain.

In working with business teams at Sun and while founding the initial support team at Auth0, Yvonne worked with many customers, from small startups to large enterprises, and through the implementation of SSO, federated SSO, adaptive knowledge-based authentication, and identity provisioning. From this depth of experience, she realized the need for a basic understanding of identity management concepts by business application owners as well as architects and developers. 

Abhishek Hingnikar has enjoyed writing software from an early age and has worked on multiple startups during his career. He currently works as a pre-sales engineer at Auth0 where he helps customers architect federated identity management solutions using OIDC, SAML, WSFed, and OAuth.

Helps you select or design appropriate identity management approaches to protect your applications

Gives you a depth of background to help you confidently describe the identity management for your application to prospective customers and partners

Serves as a handy reference guide on how to develop your architecture and application from an identity management perspective

Date de parution :

Ouvrage de 165 p.

17.8x25.4 cm

À paraître, réservez-le dès maintenant

29,53 €

Ajouter au panier
En continuant à naviguer, vous autorisez Lavoisier à déposer des cookies à des fins de mesure d'audience. Pour en savoir plus et paramétrer les cookies, rendez-vous sur la page Confidentialité & Sécurité.