This repository has been archived by the owner on Feb 25, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 86
References
Christian Smith edited this page Aug 5, 2015
·
42 revisions
- OpenID Connect
- OpenID Connect 1.0 Official Working Repository
- OpenID Connect Core 1.0
- OpenID Connect Discovery 1.0
- OpenID Connect Dynamic Client Registration 1.0
- OpenID Connect Session Management 1.0 - draft 19
- OpenID Connect Implicit Client Implementer's Guide 1.0
- Native Applications
- OpenID Connect is Here, Tim Bray
- RFC 5785 Defining Well-Known Uniform Resource Identifiers (URIs)
- JSON Web Token (JWT)
- JSON Web Signature (JWS)
- JSON Web Encryption (JWE)
- JSON Web Algorithms (JWA)
- JSON Web Key (JWK)
- Using OAuth 2.0 for Server to Server Applications
- Secure Messaging vs. Javascript Object Signing and Encryption
- GitHub brianloveswords / node-jwa
- GitHub Anvil Connect JWT
- GitHub hokaccha / node-jwt-simple
- GitHub berngp / node-green-jwt
- GitHub kjur / jsjws
- GitHub davedoesdev / node-jsjws
- RFC 6749 The OAuth 2.0 Authorization Framework
- RFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token Usage
- RFC 6819 OAuth 2.0 Threat Model and Security Considerations
- Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
- JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
- RFC 6265 HTTP State Management Mechanism
- Handbook of Applied Cryptography
- An Introduction to the OpenSSL command line tool
- The anatomy of a Firebase client-side session (Stack Overflow)
- Stanford Javascript Crypto Library GitHub
- Symmetric Cryptography in Javascript (pdf)
- crypto-js
- Understanding JavaScript Cryptography using Stanford Javascript Crypto Library
- W3C Web Cryptography API
- What's wrong with in-browser cryptography?
- The anatomy of a bad idea
- http://en.wikipedia.org/wiki/PBKDF2
- Javascript Cryptography Considered Harmful
- The Matasano Crypto Challenges
- The Matasano Crypto Challenges (Pinboard)
- RFC 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
- Description of RSAES-OAEP algorithm required for JWE
- RSA PCKS1 v2.1 RSAES-OAEP algorithm StackExchange Cryptography
- RSAES-OAEP JavaScript implementation
- Glossary of cryptographic keys
- Optimal Asymmetric Encryption Padding
- GitHub davedoesdev / simple-crypt
- sourceforge WebRSA
- Wikipedia Mandatory access control
- Wikipedia Discretionary access control
- Wikipedia Role-based access control
- Wikipedia Group identifier
- Wikipedia Access control list
- Wikipedia File system permissions
- Wikipedia Attribute Based Access Control
- NIST An Introduction To Role-Based Access Control (NIST)
- NIST The NIST Model for Role-Based Access Control: Towards a Unified Standard (pdf)
- A Critique of the ANSI Standard on Role Based Access Control (pdf)
- Proposed NIST Standard for Role-Based Access Control (pdf)
- Role-Based Access Controls, 15th National Computer Security Conference (pdf)
- Role-Based Access Control, Second Edition, David F. Ferraiolo, D. Richard Kuhn, Ramaswamy Chandramouli
- Roles vs. Groups (pdf), Ravi Sandhu
- Role Based Access Control Models (pdf) Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman
Distributed Role-Based Access Control
- dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments (pdf)
- Cassandra: Distributed Access Control Policies with Tunable Expressiveness (pdf)
- Role-based access control and single sign-on for Web services, Falkcrona, Jerry (Linköping University, Department of Electrical Engineering)
- NIST Guide to Attribute Based Access Control (ABAC) Definition and Considerations (pdf)
- NIST ABAC and RBAC: Scalable, Flexible, and Auditable Access Management, Ed Coyne, DRC Timothy R. Weil, Coalfire
- Wikipedia XACML