api-authnz
References and Links
- https://docs.google.com/document/d/1wA41NISHDiqYkLXli0VNdunvSwzO8ML1ovJkH-A8lFY/edit#heading=h.claj3e26l083 <= FedMgr AuthNZ, Nic Roy
- https://docs.google.com/document/d/1K-0HNTorsgB0DspbVnFhbJfZ0atSVCgL7ZnacAqeZLE/edit#heading=h.fuwk65hkgrzs <= InCommon TAP: API AuthNZ in Current TAP Components and Environments
- https://docs.google.com/document/d/1fhBqLqMD2Xy2BSe38bl38vaUPMZZusp09SzeC7IwQco/edit#heading=h.ye7iohncjz9 <= InCommon TAP: API AuthNZ Technologies
- https://tools.ietf.org/html/rfc8725 <= RFC 8725 JSON Web Token Best Current Practices
- https://owasp.org/www-project-api-security/ <= OWASP API Security Project
- https://devblog.axway.com/apis/understand-your-api-security-need-oauth-or-openid-connect/ <= Axway Dev Blog: API Security: OAuth or OpenID Connect
- https://nordicapis.com/the-difference-between-http-auth-api-keys-and-oauth/ <= comparing API Keys, HTTP Basic Authentication, and OAuth
- https://curity.io/resources/architect/neo-security/what-is-neosecurity/ <= standards-based model of API AuthNZ
- https://nordicapis.com/8-types-of-oauth-flows-and-powers/ <= brief rundown of each OAuth flow type
- https://openid.net/developers/libraries/ <= OpenID and JWT Libraries, Products, and Tools
- https://swagger.io/docs/specification/authentication/ <= OpenAPI 3 security schemes for AuthNZ; Lacks support for OIDC
- https://www.zmartzone.eu/ <= Support for Open Source Access Management Software (Click 'Software' on top nav bar)
- https://www.cilogon.org/ <= CILogon: An Integrated IAM Platform for Science