Learn the Basics
Provide practical overview of IAM.
Client or Digital Service Providers often need to access Resources to function.
Authorization is how we control access to Resources. Authorization processes identify and authenticate the client, determine if the request should be allowed, and provide the client with unique access information.
Key Concept: Resource
A resource is a digital content that can be served over the web. Resources come in many form. A simple resource might be a text file, image, or video. A more complex resource might be interactive web pages or full-service APIs with many paths and actions.
One base resource that is often needed is a Person's profile or userinfo. A group of attributes that are unique to the user and allow a Service Provide to provide personalized user experiences.
In an authorization ecosystem, there are three main players:
- the client: accesses resources to provide a valuable service
- the authorization service: controls access by making authorization decisions
- resource service: holds and provides resources at some web location
insert diagram
To achieve these flows, our solution supports authorization frameworks and standards: OAuth & SAML
Often the client is providing their service to a Person (aka User/End-user), and needs to access resources specific to that Person. In this scenario, the person often needs to participate
To achieve user-present flows, our solution supports additional technical standards: OIDC, UMA