This document defines how to authenticate users and accessing parties on a web-services interface. It also defines how a resource owner can delegate access to its resources to an accessing party. Within this context, this document also defines the necessary roles and required separation of duties between these in order to fulfil requirements stated on security, data privacy and data protection.
All conditions and dependencies of the roles are defined towards a reference implementation using OAuth 2.0 compatible framework and OpenID Connect 1.0 compatible framework.
Status: PublishedPublication date: 2021-11
Edition: 2Number of pages: 24
Technical Committee: ISO/TC 22/SC 31 Data communication
Buy this standard
|std 1 124||PDF + ePub|
|std 2 124||Paper|