2.1 Summary of Protocols
The following table provides a list of protocols, algorithms, and structures,<1> grouped according to their primary purpose.
Applicability |
Name |
Description |
Reference |
---|---|---|---|
Security token generation |
Microsoft Web Browser Federated Sign-On Protocol |
Provides for the communication of a requestor's identity and attributes for the purpose of enabling access to a protected Hypertext Transfer Protocol (HTTP) [RFC2616] web application or its resources. |
|
Security token generation |
Microsoft Web Browser Federated Sign-On Protocol Extensions |
Extends MWBF (introduced above) to support scripting for automated form submittal and to enable the passing of security identifiers (SIDs) in Security Assertion Markup Language (SAML) 1.1 assertions [SAMLCore]. |
|
Security token generation |
Security Assertion Markup Language (SAML) 1.1 and Security Assertion Markup Language (SAML) 2.0 |
A language that defines XML-encoded assertions (also known as security tokens) about authentication and authorization. |
[SAMLCore] and [SAMLCore2] |
Security token generation |
The Web Services Trust Language |
A language to help create security tokens and build trust relationships. |
|
Security token generation |
Active Directory Federation Service (AD FS) Proxy Protocol |
Provides a means for a proxy located outside a protected network to communicate with an STS located inside the protected network. |
|
Security token generation |
Security Assertion Markup Language (SAML) Proxy Request Signing Protocol |
Used by a proxy located outside a protected network to communicate with an STS located inside the protected network. |
|
Security token generation |
Active Directory Federation Service (AD FS) Web Agent Protocol |
Enables a web service (WS) resource to obtain information about an STS. |
|
OAuth authorization code processing |
The OAuth 2.0 Authorization Framework |
Allows the owner of a protected resource or service to grant access to that resource or service. |
|
OAuth authorization code processing |
Active Directory Federation Services OAuth Authorization Code Lookup Protocol |
Allows AD FS servers that are deployed in an AD FS farm configuration to share OAuth authorization codes. |
|
OAuth authorization code processing |
OAuth 2.0 Protocol Extensions and OAuth 2.0 Protocol Extensions for Broker Clients |
Specifies mandatory extensions to [RFC6749] (the OAuth 2.0 Authorization Framework). |
[MS-OAPX] and [MS-OAPXBC] |
OAuth authorization code processing |
OpenID Connect and OpenID Connect 1.0 Protocol Extensions |
Enhances the OAuth 2.0 protocol by providing a means for clients to verify end-user identities. |
|
Integration of AD FS with pre-authentication proxies |
Active Directory Federation Services and Proxy Integration Protocol |
Implements a proxy that publishes application services that are located inside the boundaries of a corporate network and orchestrates authentication for clients that are outside that boundary (that is, pre-authentication). |
|
The Web Services Federation Language |
Mechanisms to allow federation of disparate security realms so that existing authentication and authorization information can be leveraged. |
||
single sign-on |
The Web Services Federation Language Version 1.2 |
A profile to describe how passive requestors such as web browsers can use WS-Federation mechanisms. |
[WSFederation1.2] section 13. |
Device Registration |
Device Registration Discovery Protocol, Device Registration Enrollment Protocol, Device Registration Join Protocol, and Key Provisioning Protocol |
Provides for discovery and utilization of information that is needed to register personal or corporate-owned devices with a workplace. |
|
Public Key Authentication |
Public Key Authentication Protocol |
Allows HTTP clients to prove possession of a private key without having to rely on typical client authentication support from the underlying platform. |