Specifications implemented
This guide presents a list of specifications and standards that NQRust-Identity currently implements. The standards are separated in different sections and, in each one, a table is shown with the following four columns:
-
Specification: The standard or specification that NQRust-Identity implements.
-
Status: The current status of the implementation inside NQRust-Identity (supported, preview, experimental,…). See Enabling and disabling features for more information.
-
Conformity: Assurance of conformity of the implementation.
- Certified (version): The specification provides conformance tests that NQRust-Identity executes periodically and for each new version. The version in brackets is the last version of NQRust-Identity certified by the authority.
- Passed: There are conformance tests provided by the authority that NQRust-Identity passes, but no version is certified yet.
- Partial: There are conformance tests but NQRust-Identity is not yet fully passing them.
- If this column is empty means that NQRust-Identity does not pass any external conformance tests for the spec. Only common project integration tests are executed. Maybe the authority does not provide a conformance tests suite or NQRust-Identity is not interested in passing them.
-
Comments: A generic column that can contain details of the implementation or the status. For example parts that are not covered yet or specific behaviors out of the spec.
OpenID Connect
OAuth
Financial-grade API (FAPI)
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| Financial-grade API Security Profile 1.0 - Part 1: Baseline (opens in a new tab) | Supported | Certified (15.0.2) | |
| Financial-grade API Security Profile 1.0 - Part 2: Advanced (opens in a new tab) | Supported | Certified (15.0.2) | |
| Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM) (opens in a new tab) | Supported | Certified (15.0.2) | |
| Financial-grade API: Client Initiated Backchannel Authentication Profile (opens in a new tab) (Draft) | Supported | Certified (15.0.2) | |
| FAPI 2.0 Security Profile (opens in a new tab) | Supported | Passed | |
| FAPI 2.0 Message Signing (opens in a new tab) | Supported | Passed |
Security Assertion Markup Language (SAML)
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| Security Assertion Markup Language (SAML) v2.0 (opens in a new tab) | Supported | This standard covers multiple bindings and contexts. NQRust-Identity implements a full range of them but there are missing parts for sure. |
User Managed Access (UMA)
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization (opens in a new tab) | Supported | ||
| Federated Authorization for User-Managed Access (UMA) 2.0 (opens in a new tab) | Supported |
JSON Web
Misc
| Specification | Status | Conformity | Comments |
|---|---|---|---|
| Security Requirements for Cryptographic Modules (FIPS 140-2) (opens in a new tab) | Supported | Certified | NQRust-Identity uses Bouncy Castle (BC) (opens in a new tab) FIPS libraries to provide FIPS 140-2. BC is indeed a certified FIPS 140-3 implementation, but also needs a certified stack (Operative system and Java VM). See FIPS 140-2 support for more information. |
| Web Authentication: An API for accessing Public Key Credentials Level 2 (opens in a new tab) | Supported | This specification has conformance tests but NQRust-Identity is not using them. NQRust-Identity acts as a WebAuthn’s Relying Party (RP) for this specification. |