OAuth 2.0 Proof of Possession
Stop Token Misuse In Its Tracks
In our hyper-connected world, untold numbers of digital access tokens are exchanged every second. These tokens are the keys to accessing digital resources, like applications and services, and physical resources, such as cars, sensors, and light bulbs.
Bearer tokens are the cash of the digital world. Whoever has them can use them. And just as a shop owner is less concerned that the cash that you’re using is yours than they are that it is real, most digital systems only verify token validity, not possession. But there is a way to add another layer of security.
The ForgeRock Identity Platform is an early adopter of the OAuth 2.0 Proof of Possession standard, ensuring that a token presented by a client (for example, a web browser accessing an application, or an IoT device connecting to a back-end system) is presented by its rightful owner.
With the ForgeRock Identity Platform You Can:
- Increase security by providing protection against token theft.
- Provide a transparent challenge/response-style interaction to prove the client is the intended owner of the access token.
- Allow organizations to confidently create applications and services to meet their customers’ needs, with less concern about token misuse from man-in-the-middle and other attacks.
Millions of customers use your digital services--whether cloud, mobile, or IoT. Protect their digital identities and consolidate customer information, so it's easy to create and personalize the customer experience.
Cars, drones, street lights, gas pumps, wearables, medical devices... they all have a digital identity. With ForgeRock, you establish who these devices belong to, and decide how and with whom (or what) they interact.
Protect and respect privacy. With ForgeRock, you can let your customers share data selectively. Ask them what’s okay to share, how, when, and with whom. Put them in charge, and they’ll put their trust in you.