Beginner learning for everything

  What is the difference between SAML and JWT ? SAML : SAML  is older format and is based on XML.  Security Assertion Markup Language  is an open standard for exchanging authentication and authorization data between Identity Provider and Security Provider. Identity provider authenticates user and provides to Service Provider if authentication assertion is successful where Service provider relies on the Identity provider to Authenticate users. There are some use-cases where SAML being used like access to application from a portal, Enterprise SSO, Centralized Identity Store etc.   JWT : JWT  is based on json. It is used with the new authorization protocol like OpenId Connect and Oauth 2.0.  Json Web Token  is a ID token Based on JSON to pass user information as a Header, Payload and Signature Structure. There are some use-cases where JWT being used like Permanent or temporary access of resources and Mobile uses cases.

  Digital Signature: Digital Signature is used to verify authenticity, integrity, non-repudiation. Digital signature contains signing algorithm and signature verification algorithm.  Signing algorithm follows below steps: Create hash of the electronic data. Encrypts the hash value using the private key.  The encrypted hash along with the hashing algorithm is the digital signature. Signature verification steps: Verifier receives Digital Signature along with the data. It applies Public key (verification algorithm) on digital signature and generate some values.  It applies same hash function on the received data and generate hash. It then compares hash values and output of the verification algorithm.  If both are equals then digital signature is valid. Digital Certificate: Digital Certificate is used to verify the identity of the user, maybe sender or receiver. Digital Certificate contains name of certificate holder, Serial number which is used to uniquely identify a certificate, expirati