Identity and Access Management (IAM) Specialist
March 29, 2024
Updated May 12, 2025
13 minute read
Career Guide: Identity and Access Management (IAM) Specialist
Identity and Access Management, commonly known as IAM, is a critical framework within cybersecurity. It involves the policies and technologies ensuring that the right individuals have the appropriate access to technology resources. At its heart, IAM is about managing digital identities and controlling who can access what, when, and why within an organization's network and systems.
flfd2h|
Find a path to becoming a Identity and Access Management (IAM) Specialist. Learn more at:
OpenCourser.com/career/flfd2h/identity
Reading list
We haven't picked any books for this reading list yet.
Comprehensive overview of applied cryptography. It covers a wide range of topics, including JWTs and OAuth 2.0. It valuable resource for developers who want to learn more about the cryptography behind JWTs and OAuth 2.0.
This document provides a comprehensive set of recommendations for using JWTs securely. It valuable resource for developers who want to ensure that their JWT implementations are secure and compliant with best practices.
Collection of best practices for using JWTs securely. It covers topics such as signing and encryption, token validation, and avoiding common pitfalls. It valuable resource for developers who want to ensure that their applications are using JWTs securely.
Provides a comprehensive overview of the NIST RBAC standard family, which includes RBAC, ABAC, and PBAC. It is written by leading experts in the field and valuable resource for anyone who wants to learn more about the NIST RBAC standard family.
While not exclusively about OAuth2, this book covers the use of OAuth2 to protect REST APIs and delves into related technologies like JSON Web Tokens (JWT). It discusses security enhancements and best practices, including combining OAuth2 with mutual TLS. This is highly relevant for professionals working with API security.
Delves into advanced topics in API security, with a strong focus on applying OAuth 2.0 to secure enterprise APIs. It covers contemporary topics and best practices for protecting APIs from exploitation. This is ideal for experienced professionals and those dealing with enterprise-level security.
This guide, authored by a notable figure in the identity space, delves into the motivations and history behind OAuth 2.0 and OpenID Connect, in addition to explaining how they work. It provides a deeper understanding of the protocols' design choices, making it valuable for professionals seeking comprehensive knowledge.
Provides a broader view of identity management, covering OAuth 2.0, OpenID Connect, and SAML 2.0. It helps in understanding how OAuth2 fits into the larger identity and access management landscape. It is suitable for those who need to understand the interplay between different identity protocols.
Provides a high-level overview and step-by-step instructions for building an OAuth 2.0 server. It is designed to be accessible for beginners, including those with a basic programming background. It's a good starting point for gaining a broad understanding of OAuth 2.0 concepts and practical implementation.
This guide provides a comprehensive look at implementing secure authentication using OAuth2 and OpenID Connect. It covers fundamentals to advanced features, with real-world examples and up-to-date practices. It's suitable for developers and architects working on scalable and secure authentication systems.
Developer's guide to JWTs. It covers the basics of JWTs, as well as practical examples and code snippets to help developers implement JWTs in their applications.
Provides a comprehensive overview of Zero Trust Architecture (ZTA), which security model that is based on the principle of least privilege. It is written by leading experts in the field and valuable resource for anyone who wants to learn more about ZTA.
Provides a comprehensive overview of access control, including RBAC. It is written by a leading expert in the field and valuable resource for anyone who wants to learn more about access control.
Includes a section on securing Azure applications with JWTs. It provides guidance on implementing JWT-based authentication in Azure applications and covers various security considerations.
Collection of the core RFCs (Requests for Comments) related to OAuth 2.0, including the core framework (RFC 6749) and security best current practices (RFC 9700). It's a valuable reference for those who need to understand the protocol at a foundational level and its evolution. It is essential for anyone implementing or working deeply with OAuth2.
Focusing on OpenID Connect, which is built on top of OAuth 2.0, this book teaches the deployment of OpenID Connect to secure application access. It's highly relevant for understanding the identity layer provided by OpenID Connect and its practical implementation.
Comprehensive overview of computer security. It covers a wide range of topics, including JWTs and OAuth 2.0. It valuable resource for developers who want to learn more about the security implications of using JWTs and OAuth 2.0.
Provides an in-depth view of the OAuth 2.0 protocol specifically from a client perspective. It focuses on practical client integration with OAuth 2.0 service providers, discussing caveats and best practices. This is particularly useful for application developers integrating with existing OAuth2 services.
Focuses specifically on OpenID Connect and its role in providing end-user identity for applications and APIs. It explains the concepts, flows, and the use of tokens like JWT, JWS, and JWE. It's a good resource for understanding the identity layer built on OAuth2.
Offers practical recipes for solving real-world problems using OAuth 2.0, with examples often involving Spring Security and Android applications. It's a good resource for developers looking for practical solutions and code examples.
Basic introduction to JWTs. It covers the basics of JWTs, as well as practical examples and code snippets to help developers get started with JWTs.
Focuses on Keycloak, an open-source identity and access management solution that implements OAuth2 and OpenID Connect. It provides practical guidance on using a popular tool that leverages these protocols, making it useful for developers and administrators working with Keycloak.
This concise book offers an introduction to API security with OAuth 2.0 and OpenID Connect. It explains the core concepts and flows in simple terms with illustrations, making it suitable for beginners and those who need a quick overview.
For more information about how these books relate to this course, visit:
OpenCourser.com/career/flfd2h/identity
Save
