Standards Overview

Standards you’ll use every day

Standard	Purpose	Core Docs
SAML 2.0	Federated SSO with signed XML assertions	OASIS SAML 2.0
OAuth 2.0	Delegated authorization (scopes, access tokens)	RFC 6749, 6750
OpenID Connect 1.0	Authentication layer on top of OAuth 2.0	OIDC Core, Discovery, Dynamic Reg
JOSE (JWS/JWE/JWK)	Signing and encryption for JWTs	RFC 7515–7518

Tip: Prefer OIDC for browser-based auth today; use SAML where heritage vendors or SaaS require it.