Wrap-up

Let’s wrap up what you have learned.

• We’ve looked at the assorted technical standards and the solutions that exist to help meet the broad range of requirements of a modern identity and access management system implementation. There are solutions that meet the needs of our traditional local area network, and some of these are very long-standing, like Kerberos.
• Increasingly, we are looking for integration and the ability to cater to services like the cloud and its different types of cloud service. These are driving the use and the development of standards like SAML, OAuth, and OpenID Connect. We are no longer dealing with a single security realm. Typically, now we’re trying to join different pieces of technology, and SAML, OAuth, and OpenID Connect are important for that reason.
• Many of the newer integration technologies are based on open standards, which is helpful in terms of encouraging their adoption and their use. But a range of software vulnerabilities exist that can be exploited by attackers. So, we need to be careful when we are looking to manage our vulnerabilities. This requires us to try to minimize risk.
• Typically, compliance regimes like PCI DSS or ISO 27000 will mandate some sort of formal approach to vulnerability management, partly, for this reason. Many of the newer integration technologies that we see in use are based on these open standards.
• Integration and cloud services are driving the use and development of standards like SAML, OAuth, and OpenID Connect. A lot of these modern technologies are well worth investing time and energy in learning because they are growing rapidly. The consumption and the use of these technologies is, usually, commoditized using IDP technologies.
• Be aware of how SAML, OAuth, and OpenID Connect work because it enables us to ask the right questions when we’re commissioning these services, when we’re buying them, and when we’re implementing them.