1. OpenID Connect

1.1 OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA)

CIBA is a new flow for decoupled authorisation of transactions, typically at a user's smartphone.

1.2 OpenID Connect prompt "create"

A new prompt value called create is being introduced to enable relying parties to signal end-user sign up intent to the OpenID provider.

2. OAuth 2.0

2.1 OAuth Incremental Authorisation

OAuth 2.0 authorisation requests that include every scope the client might ever need can result in over-scoped authorisation and a bad end-user consent experience. The draft-ietf-oauth-incremental-authz spec enhances the OAuth 2.0 authorisation protocol by adding incremental authorisation, the ability to request specific authorization scopes as needed, when they're needed, removing the requirement to request every possible scope that might be needed upfront.

2.2 OAuth 2.0 Token Exchange

RFC 8693 is a protocol for a lightweight HTTP- and JSON-based Security Token Service (STS), defining how to request and obtain security tokens from OAuth 2.0 authorization servers, including security tokens employing impersonation and delegation.

2.3 OAuth 2.0 Device Authorisation Grant

Commonly known as the device flow, this OAuth grant is for designed for browserless and input constrained devices / contexts, such as smart TVs, consoles and printers. This user authorises the client on secondary device, such their smartphone or personal computer. See RFC 8628.

2.4 Support for Resource Server specific access token profiles

The Connect2id server supports a number of access token profiles, including the definition of custom profiles, there however cannot be bound to specific resources at present.

3. Performance and scaling

3.1 Stateless authorisation sessions

Optional configuration to enable stateless authorisation sessions, to encrypt the session data into the session identifier. Can be used to save database traffic and costs in large deployments.

4. Database backends

Support for new SQL database backends:

4.1 CockroachDB

CockroachDB is a distributed ACID compliant SQL database, client compatible with PostgreSQL.

Comments, suggestions?

Please post your comment below, or write to Connect2id support.

comments powered by Disqus