Authentication

/ˌoʊ-pən-aɪ-di kəˈnɛkt/

n. “One login to rule them all… with modern flair.”

OpenID Connect is an authentication protocol built on top of the OAuth 2.0 framework. It allows clients—typically web and mobile applications—to verify the identity of a user based on the authentication performed by an identity provider (IdP) and to obtain basic profile information about that user in a secure and standardized way.

/ˈsæm-əl/

n. “Speak once, be heard everywhere.”

SAML, short for Security Assertion Markup Language, is an open standard for exchanging authentication and authorization data between parties, specifically between an identity provider (IdP) and a service provider (SP). Its core purpose is to enable Single Sign-On (SSO) across different domains securely and efficiently.

/ˌɛs-ɛs-ˈoʊ/

n. “One login to rule them all — but responsibly.”

SSO, short for Single Sign-On, is a user authentication method that allows individuals to access multiple applications or services with a single set of credentials. Instead of remembering separate usernames and passwords for each system, users log in once, and the authentication is trusted across integrated services.

/ˈoʊ-ˌɔːθ/

n. “Let someone borrow your keys without giving them the whole keyring.”

OAuth, short for Open Authorization, is a protocol that allows secure delegated access to resources without sharing credentials. Instead of giving a third-party app your username and password, OAuth enables the app to access certain parts of your account on your behalf via tokens that can be scoped and revoked.

/ɛm æk/

n. “Trust the message — not the path it traveled.”

MAC, short for Message Authentication Code, is a cryptographic construct designed to answer a deceptively simple question: has this message been altered, and did it come from someone who knows the secret? A MAC provides integrity and authenticity, but not secrecy. The contents of the message may be visible — what matters is that any tampering is detectable.

/ˌdʒiː-siː-ˈɛm/

n. “Authenticated encryption with speed and style.”

GCM, or Galois/Counter Mode, is a modern mode of operation for block ciphers that provides both confidentiality and data integrity. Unlike traditional encryption modes such as CBC, which only encrypts data, GCM combines encryption with authentication, ensuring that any tampering with the ciphertext can be detected during decryption.

/ˈeɪtʃ-ˌmæk/

n. “Authenticate it, don’t just trust it.”

HMAC, or Hash-based Message Authentication Code, is a cryptographic construction that combines a secret key with a hash function, such as SHA256 or SHA512, to provide both message integrity and authentication. Unlike simple hashes, which only verify that data hasn’t changed, HMAC ensures that the message came from someone who knows the secret key, effectively adding a layer of trust on top of data verification.