OAuth

OAuth 2.0

• Homepage

Core

• RFC 6749: The OAuth 2.0 Authorization Framework
• RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage
• RFC 6819: OAuth 2.0 Threat Model and Security Considerations
• RFC 7636: Proof Key for Code Exchange by OAuth Public Clients
• RFC Draft: OAuth 2.0 Security Best Current Practice

Mobile and Other Devices

• RFC 8252: OAuth 2.0 for Native Apps
• RFC 8628: OAuth 2.0 Device Authorization Grant
• RFC Draft: OAuth 2.0 for Browser-Based Apps

Token and Token Management

• RFC 7662: OAuth 2.0 Token Introspection
• RFC 7009: OAuth 2.0 Token Revocation
• RFC 7519: JSON Web Token (JWT)

Discovery and Registration

• RFC 8414: OAuth 2.0 Authorization Server Metadata
• RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol
• RFC 7592: OAuth 2.0 Dynamic Client Registration Management Protocol

OAuth 2.1

• RFC Draft: The OAuth 2.1 Authorization Framework

OAuth Development

• Google OAuth 2.0 Playground
• Using OAuth 2.0 to Access Google APIs

Articles

• Dr. Philippe De Ryck, Why avoiding LocalStorage for tokens is the wrong solution

OpenID Connect

• Homepage
• OpenID Connect Core 1.0 incorporating errata set 1
• OpenID Connect Discovery 1.0 incorporating errata set 1
• OpenID Connect Dynamic Client Registration 1.0 incorporating errata set 1
• OAuth 2.0 Multiple Response Type Encoding Practices
• OAuth 2.0 Form Post Response Mode
• OpenID Connect Session Management 1.0 - draft 27
• OpenID Connect Front-Channel Logout 1.0 - draft 01
• OpenID Connect Back-Channel Logout 1.0 - draft 03

Access / Refresh Token

• Refresh Tokens
• OAuth0 - Refresh Tokens: When to Use Them and How They Interact with JWTs
• Silent Authentication
• 5 Steps to Add Modern Authentication to Legacy Apps Using JWTs
• Where to Store Tokens

Fast Identity Online (FIDO)

• FIDO Allianz
• Universal Authentication Framework (UAF) / U2F (Universal Second Factor) Specifications

Security Assertion Markup Language 2.0 (SAML 2.0)

• Homepage
• Core Specification
• Bindings Specification
• Profiles Specification
• Metadata Specification

JSON Web Token (JWT)

• RFC 7515: JSON Web Signature (JWS)
• RFC 7516: JSON Web Encryption (JWE)
• RFC 7517: JSON Web Key (JWK)
• RFC 7518: JSON Web Algorithms (JWA)
• RFC 7519: JSON Web Token (JWT)
• RFC 8725: JSON Web Token Best Current Practices

One Time Passwords

• RFC 2289: A One-Time Password System
• RFC 4226: HOTP: An HMAC-Based One-Time Password Algorithm
• RFC 4793: The EAP Protected One-Time Password Protocol (EAP-POTP)
• RFC 6238: TOTP: Time-Based One-Time Password Algorithm
• RFC 6560: One-Time Password (OTP) Pre-Authentication

Einweg-Hashfunktionen

• RFC 1321: The MD5 Message-Digest Algorithm
• RFC 2104: HMAC: Keyed-Hashing for Message Authentication
• RFC 6151: Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms
• RFC 6234: US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)
• FIPS PUB 180-4: Secure Hash Standard (SHS)
• RFC Draft: The memory-hard Argon2 password hash and proof-of-work function

Authentifizierung

• The NTLM Authentication Protocol (PDF)
• RFC 4120: The Kerberos Network Authentication Service (V5)
• RFC 4120: The Kerberos Version 5 Generic Security Service Application Program Interface (GSS-API) Mechanism: Version 2

Challenge Response

• RFC 5802: Salted Challenge Response Authentication Mechanism (SCRAM) SASL and GSS-API Mechanisms (Updated by RFC 7677)
• RFC 7677: SCRAM-SHA-256 and SCRAM-SHA-256-PLUS Simple Authentication and Security Layer (SASL) Mechanisms

Symmetrische Verschlüsselung

• FIPS PUB 46-3: Data Encryption Standard (DES), National Institute of Standards and Technology, October 25, 1999
• FIPS PUB 197: Advanced Encryption Standard (AES), National Institute of Standards and Technology, November 26, 2001

Public-Key Cryptography Standards (PKCS) - RSA Laboratories

• PKCS #1: RSA Cryptography Specifications Version 2.1 (RFC 2313)
• PKCS #1: RSA Cryptography Specifications Version 2.2 (RFC draft-moriarty-pkcs1-03)
• PKCS #3: Diffie-Hellman Key Agreement Standard, Version 1.4
• PKCS #5: Password-Based Cryptography Standard, Version 2.0 (RFC 2898)
• PKCS #5: Password-Based Cryptography Standard, Version 2.1 (RFC draft-moriarty-pkcs5-v2dot1-04)
• PKCS #6: Extended-Certificate Syntax Standard, Version 1.5
• PKCS #7: Cryptographic Message Syntax Standard, Version 1.5 (2315)
• PKCS #8: Private-Key Information Syntax Standard, Version 1.2 (RFC 5208)
• PKCS #8: EncryptedPrivateKeyInfo Media Type (RFC draft-seantek-pkcs8-encrypted-01)
• PKCS #9: Selected Object Classes and Attribute Types Version 2.0 (RFC 2985)
• PKCS #10: Certification Request Syntax Specification Version 1.7 (RFC 2986)
• PKCS #11: URI Scheme (RFC 7512)
• PKCS #12: Personal Information Exchange Syntax Version 1.1 (RFC 7292)

Generic Security Service API (GSS-API)

• RFC 2743: Generic Security Service Application Program Interface Version 2, Update 1
• RFC 5554: Clarifications and Extensions to the Generic Security Service Application Program Interface (GSS-API) for the Use of Channel Bindings
• RFC 2479: Independent Data Unit Protection Generic Security Service Application Program Interface (IDUP-GSS-API)
• RFC 2744: Generic Security Service API Version 2 : C-bindings
• RFC 5653: Generic Security Service API Version 2: Java Bindings Update

Pretty Good Privacy (PGP)

• RFC 4880: OpenPGP Message Format
• RFC 5581: The Camellia Cipher in OpenPGP

Secure / Multipurpose Internet Mail Extensions (S/MIME)

• RFC 1847: Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted
• RFC 5751: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 - Message Specification

X.509 Public Key Infrastructure

• RFC 4158: Internet X.509 Public Key Infrastructure: Certification Path Building
• RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
• RFC 6818: Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
• RFC 8398: Internationalized Email Addresses in X.509 Certificates
• RFC 8399: Internationalization Updates to RFC 5280

Transport Layer Security (TLS)

• RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2

Encryption Key Management

Key Management Interoperability Protocol (KMIP)

• OASIS Key Management Interoperability Protocol (KMIP) TC
• KMIP Implementations known to the KMIP TC (OASIS Wiki)
• Wikipedia (de): Key Management Interoperability Protocol
• Wikipedia (en): Key Management Interoperability Protocol

Misc

• RFC 4648: The Base16, Base32, and Base64 Data Encodings
• RFC 4422: Simple Authentication and Security Layer (SASL)

Fun

• Internet Protocol over Avian Carriers
• RFC 1149: A Standard for the Transmission of IP Datagrams on Avian Carriers
• RFC 2549: IP over Avian Carriers with Quality of Service
• RFC 6214: Adaptation of RFC 1149 for IPv6