7 Identity Federation Protocols Every Platform Architect Should Know

Federated identity protocols have evolved significantly from Kerberos tickets in 1993 to FIDO2 passkeys in 2023, reinventing themselves multiple times to address changing technology landscapes and security needs. These protocols, including SAML 2.0, OpenID Connect (OIDC), OAuth 2.1, WS-Federation, Kerberos, FIDO2/WebAuthn, and SCIM 2.0, serve distinct roles in authentication and identity management across enterprise environments. SAML 2.0 remains prevalent in enterprise SaaS applications due to its long-standing reliability, while OIDC is favored for new implementations due to its developer-friendly features and mobile support. OAuth 2.1, though not yet finalized, is already being adopted for its robust security measures. WS-Federation, though largely in maintenance mode, is still used in legacy Microsoft infrastructures. Kerberos continues to play a crucial role in internal corporate systems, while FIDO2/WebAuthn promises a future beyond passwords with its phishing-resistant, hardware-bound credentials. SCIM 2.0 is essential for user lifecycle management, ensuring that authentication protocols work effectively at scale. These protocols are crucial for platform architects who must support a variety of identity solutions to handle diverse customer needs, and the emerging Cross App Access (CAA) protocol may soon address complex multi-hop authorization scenarios involving AI agents.