Conformance
Conformance to standards protects your users
Industry standards are designed, developed and vetted by experts and help ensure a high baseline of security.
OAuth and OpenID Connect Done Better
We believe industry standards are vital for ensuring long-term, high level security. They are created and continuously developed by security experts. They also help avoid vendor lock-in, and can mean a less steep learning curve for new team members as well as simplifying regulatory compliance.
The Curity Identity Server supports a wide range of identity and security-related standards, including OAuth and OpenID Connect, and handles the complexities of these standards, making them easier to use, customize and deploy.
Certifications Received
Curity Identity Server has been certified to conform to the OpenID Connect and Mobile Connect standards. In particular, the Curity product has been self-certified to comply with the basic, implicit, hybrid and configuration protocols of OpenID Connect. Support for Mobile Connect v. 1.1 has been certified by GSMA.
Standards Supported
Curity Identity Server enables the use of a wide range of identity-related standards. It supports a growing list of OAuth, OpenID Connect, SCIM and related protocols from standard bodies such as IETF, OpenID Foundation and OASIS. In addition to integration standards, a large number of user authentication standards such as Kerberos, TOTP and SAML, are also supported.
The OAuth 2.0 Authorization Framework
(RFC 6749)
Bearer Token Usage
(RFC 6750)
OAuth 2.0 Token Introspection
(RFC 7662)
OAuth 2.0 Token Revocation
(RFC 7009)
OpenID Connect code, hybrid and implicit flows
(Core 1.0)
OpenID Connect Dynamic Registration
OpenID Connect Discovery
OpenID Connect Multiple Response Types
OpenID Connect Form Post Response Mode
OAuth Device Flow
OAuth 2.0 for Native App
(BCP 212)
JSON Web Token (JWT)
(RFC 7519)
Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
(RFC 7521)
JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
(RFC 7521)
OAuth 2.0 Dynamic Client Registration Protocol
(RFC 7591)
Proof Key for Code Exchange by OAuth Public Clients
(RFC 7636)
JWT Response for OAuth Token Introspection
OAuth 2.0 Assisted Token
SCIM 2
(RFC 7643 and 7644)
RESTCONF
(RFC 8040)
YANG
(RFC 6020)
NACM
(RFC 6536)
