𝔖 Scriptorium
✦   LIBER   ✦
πŸ“

Cloud Identity Patterns and Strategies: Design enterprise cloud identity models with OAuth 2.0 and Azure Active Directory

✍ Scribed by Giuseppe Di Federico, Fabrizio Barcaroli

Publisher
Packt Publishing
Year
2022
Tongue
English
Leaves
258
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Synopsis

Get to grips with identity patterns and design a structured enterprise identity model for cloud applications

Key Features

  • Learn all you need to know about different identity patterns and implementing them in real-world scenarios
  • Handle multi-IDP-related common situations no matter how big your organization
  • Gain practical insights into OAuth implementation patterns and flows

Book Description

Identity is paramount for every architecture design, making it crucial for enterprise and solutions architects to understand the benefits and pitfalls of implementing identity patterns. However, information on cloud identity patterns is generally scattered across different sources and rarely approached from an architect's perspective, and this is what Cloud Identity Patterns and Strategies aims to solve, empowering solutions architects to take an active part in implementing identity solutions.

Throughout this book, you'll cover various theoretical topics along with practical examples that follow the implementation of a standard de facto identity provider (IdP) in an enterprise, such as Azure Active Directory. As you progress through the chapters, you'll explore the different factors that contribute to an enterprise's current status quo around identities and harness modern authentication approaches to meet specific requirements of an enterprise. You'll also be able to make sense of how modern application designs are impacted by the company's choices and move on to recognize how a healthy organization tackles identity and critical tasks that the development teams pivot on.

By the end of this book, you'll be able to breeze through creating portable, robust, and reliable applications that can interact with each other.

What you will learn

  • Understand the evolution of identity in the enterprise
  • Discover basic to advanced OAuth patterns and implementations
  • Find out how OAuth standards are usually adopted in the enterprise
  • Explore proven solutions for modern identity challenges
  • Use Azure AD for implementing identity solutions
  • Comprehend how company structure and strategies influence design decisions

Who this book is for

This book is for cloud security engineers and identity experts. Enterprise architects, tech leads, developers, and anyone who wants to learn how to use identity patterns and strategies to build identity models for the modern cloud era will find this book useful. This book covers many DevOps and Agile principles; although not a pre-requisite, familiarity with these topics would be helpful.

Table of Contents

  1. Walkthrough of Digital Identity in the Enterprise
  2. The Cloud Era and Identity
  3. OAuth 2.0 and OIDC
  4. Authentication Flows
  5. Exploring Identity Patterns
  6. Trends in API Authentication
  7. Identity Providers in the Real World
  8. Real-World Identity Provider – A Zoom-In on Azure Active Directory
  9. Exploring Real-World Scenarios

✦ Table of Contents

Cover
Copyright
Contributors
Table of Contents
Preface
Part 1: Impact of Digital Transformation
Chapter 1: Walkthrough of Digital Identity in the Enterprise
Digital transformation – the impact on the market
Why an enterprise identity strategy?
The impact of identities on the UX
Digital identities – the duties of an enterprise
The challenges when defining an identity strategy
Single sign-on (SSO)
LDAP and Kerberos
Federation of identities
Federation terminology
Federation example
Cookies and tokens
WS-Federation
WS-Federation Passive Requestor Profile
WS-Federation Active Requestor Profile
Security Assertion Markup Language (SAML)
Summary
Chapter 2: The Cloud Era and Identity
The cloud era
Identity in the cloud era
The pillars of a cloud company
The challenges of identity
The cloud identity
A hybrid identity
The future of identity
Summary
Part 2: OAuth Implementation and Patterns
Chapter 3: OAuth 2.0 and OIDC
OAuth and OIDC basic concepts
How OAuth and OIDC work together
How the protocols are implemented in the real world
Technical background
Summary
Chapter 4: Authentication Flows
The authorization code grant flow
The authorization code grant flow with PKCE
The implicit grant flow
The client credentials grant flow
The ROPC grant flow
The OBO flow
Hybrid flows
Summary
Chapter 5: Exploring Identity Patterns
Understanding the basic terminology
Web applications
User authentication only pattern
Additional considerations
Native applications
Application authorization pattern
SPAs
Single-page authentication pattern
Additional considerations
Security considerations
Summary
Part 3: Real-World Scenarios
Chapter 6: Trends in API Authentication
The complexity of defining standard guidance
The vertical API approach
API landscape complexity
The application frontend API flow
The application automation API
The multiple IdP dilemma
Defining enterprise standards for identity
The service mesh and identity management
Authentication implications in a service mesh
Common antipatterns
Summary
Chapter 7: Identity Providers in the Real World
The technical aspects
The non-technical aspects
Azure Active Directory (AAD)
Azure Active Directory Domain Services (AD DS)
Azure Active Directory B2C (AD B2C)
Active Directory Federation Services (AD FS)
Customer Identity from SAP Customer Data Cloud
Okta (Auth0)
Summary
Chapter 8: Real-World Identity Provider – A Zoom-In on Azure Active Directory
An overview of AAD
AAD basics
Supported authentication protocols
User provisioning
Authentication types
Registering and configuring applications
App registrations
Enterprise applications
Additional features
Conditional Access
Identity Protection
Privileged Identity Management
External identities
Verifiable credentials
Microsoft Graph
Summary
Chapter 9: Exploring Real-World Scenarios
The identity features within an enterprise in the real world
The implications of the company’s structure
Frontend authentication challenges in the real world
Backend authentication challenges in the real world
Pattern 1 – multiple IDPs
Pattern 2 – a single IdP
Pattern 3 – domain-based registration
Pattern 4 – application-based registration
Authentication challenges for microservices integration
Summary
Index
Other Books You May Enjoy

πŸ“œ SIMILAR VOLUMES

Cloud Identity Patterns and Strategies:
πŸ“ Cloud Identity Patterns and Strategies: Design enterprise cloud identity models with OAuth 2.0 and Azure Active Directory
✍ Giuseppe Di Federico, Fabrizio Barcaroli πŸ“‚ Library πŸ“… 2022 πŸ› Packt Publishing 🌐 English

<p><span>Get to grips with identity patterns and design a structured enterprise identity model for cloud applications</span></p><h4><span>Key Features</span></h4><ul><li><span><span>Learn all you need to know about different identity patterns and implementing them in real-world scenarios</span></spa

Cloud Identity Patterns and Strategies:
πŸ“ Cloud Identity Patterns and Strategies: Design enterprise cloud identity models with OAuth 2.0 and Azure Active Directory
✍ Giuseppe Di Federico, Fabrizio Barcaroli πŸ“‚ Library πŸ“… 2022 πŸ› Packt Publishing 🌐 English

<p><span>Get to grips with identity patterns and design a structured enterprise identity model for cloud applications</span></p><h4><span>Key Features</span></h4><ul><li><span><span>Learn all you need to know about different identity patterns and implementing them in real-world scenarios</span></spa

OAuth 2.0 Identity and Access Management
πŸ“ OAuth 2.0 Identity and Access Management Patterns
✍ Martin Spasovski πŸ“‚ Library πŸ“… 2013 πŸ› Packt Publishing 🌐 English

<p> A practical hands-on guide to implementing secure API authorization flow scenarios with OAuth 2.0 </p> <p><b>Overview</b></p> <ul> <li>Build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate grant flow for the given scenario</li> <li>Get

OAuth 2.0 Identity and Access Management
πŸ“ OAuth 2.0 Identity and Access Management Patterns
✍ Martin Spasovski πŸ“‚ Library πŸ“… 2013 πŸ› Packt Publishing 🌐 English

<p> A practical hands-on guide to implementing secure API authorization flow scenarios with OAuth 2.0 </p> <p><b>Overview</b></p> <ul> <li>Build web, client-side, desktop, and server-side secure OAuth 2.0 client applications by utilizing the appropriate grant flow for the given scenario</li> <li>Get

OAuth 2.0 Identity and Access Management
πŸ“ OAuth 2.0 Identity and Access Management Patterns
✍ Martin Spasovski πŸ“‚ Library πŸ“… 2013 πŸ› Packt Publishing 🌐 English

OAuth 2.0 has become the most widely used authorization framework. It provides an easy-to-use sign-in mechanism and allows users to quickly and efficiently secure service APIs. It also provides a protection layer for assets so that various third-party applications cannot have direct access to them.

VMware private cloud computing with vClo
πŸ“ VMware private cloud computing with vCloud Director
✍ Simon Gallagher, Aidan Dalgleish πŸ“‚ Library πŸ“… 2013 πŸ› Sybex 🌐 English

It's All About Delivering Service with vCloud Director Empowered by virtualization, companies are not just moving into the cloud, they're moving into private clouds for greater security, flexibility, and cost savings. However, this move involves more than just infrastructure. It also represents a