Digital Identity Books & Publications Library
Curated books, whitepapers, RFCs, and publications covering every aspect of digital identity, authentication, privacy, and security.
Category
Difficulty
Content Type
Sort By
Showing 30 of 30 books
NIST SP 800-63 Digital Identity Guidelines
Paul Grassi
NIST SP 800-63 Digital Identity Guidelines
Paul Grassi, James Fenton, Elaine Newton, Ray Perlner, Andrew Regenscheid
The NIST SP 800-63 Digital Identity Guidelines provide technical requirements for federal agencies implementing digital identity services. Revision 4 covers identity proofing (800-63A), authentication and lifecycle management (800-63B), and federation and assertions (800-63C). It defines Identity Assurance Levels (IAL), Authenticator Assurance Levels (AAL), and Federation Assurance Levels (FAL).
API Security in Action
Neil Madden
API Security in Action
Neil Madden
API Security in Action teaches you how to create secure APIs for any situation. It covers authentication, authorization, audit logging, rate limiting, and encryption for REST, gRPC, and message-based APIs. The book uses practical Java examples but the principles apply to any language.
Real-World Cryptography
David Wong
Real-World Cryptography
David Wong
Real-World Cryptography teaches you applied cryptographic techniques for securing systems. It covers symmetric and asymmetric encryption, digital signatures, hash functions, key exchange, TLS, and advanced topics like secure messaging, post-quantum cryptography, and zero-knowledge proofs.
Solving Identity Management in Modern Applications
Yvonne Wilson
Solving Identity Management in Modern Applications
Yvonne Wilson, Abhishek Hingnikar
This book provides a practical guide to identity management for modern applications. It covers the fundamentals of authentication, authorization, OAuth 2.0, OpenID Connect, and SAML 2.0, explaining when and how to use each. The second edition includes updated coverage of passwordless authentication, passkeys, and decentralized identity.
OAuth 2.0 Simplified
Aaron Parecki
OAuth 2.0 Simplified
Aaron Parecki
OAuth 2.0 Simplified is a guide to building OAuth 2.0 servers and clients. Written by the author of oauth.com, it covers the OAuth 2.0 framework in clear, approachable language with practical examples for web and mobile applications.
OAuth 2 in Action
Justin Richer
OAuth 2 in Action
Justin Richer, Antonio Sanso
OAuth 2 in Action teaches you the practical use and deployment of OAuth 2 from the perspective of a client, authorization server, and resource server. You'll learn how to build an OAuth 2 ecosystem from scratch, understand the security implications, and implement it correctly in real-world scenarios.
Identity Is the New Perimeter
Jason Garbis
Identity Is the New Perimeter
Jason Garbis
This book makes the case that identity has replaced the network perimeter as the primary security boundary and provides a practical framework for implementing identity-first security. It covers identity-centric architecture, continuous authentication, adaptive access control, and identity threat detection.
Zero Trust Networks
Evan Gilman
Zero Trust Networks
Evan Gilman, Doug Barth
Zero Trust Networks provides a thorough examination of the zero trust security model, where nothing inside or outside the network perimeter is trusted by default. The book covers network architecture, device trust, user trust, application trust, and how to build systems that verify every request regardless of source.
Keycloak - Identity and Access Management for Modern Applications
Stian Thorgersen
Keycloak - Identity and Access Management for Modern Applications
Stian Thorgersen, Pedro Igor Silva
This practical guide covers Keycloak from installation to advanced configuration. Learn how to secure applications using OpenID Connect and OAuth 2.0, configure social login, implement fine-grained authorization, manage users and roles, and integrate Keycloak with existing infrastructure.
IAM for Cloud Infrastructure
Marcus Young
IAM for Cloud Infrastructure
Marcus Young
A practical guide to identity and access management across major cloud platforms. Covers AWS IAM, Azure AD (Entra ID), and GCP IAM including policies, roles, service accounts, cross-cloud identity federation, and infrastructure-as-code for IAM.
Identity Attack Vectors
Morey J. Haber
Identity Attack Vectors
Morey J. Haber, Darran Rolls
Identity Attack Vectors explores the threat landscape targeting identity systems and provides practical guidance for implementing effective IAM solutions. It covers privileged access management, identity governance, attack patterns targeting credentials and identity stores, and defensive strategies.
OpenID Connect in Action
Prabath Siriwardena
OpenID Connect in Action
Prabath Siriwardena
OpenID Connect in Action provides a comprehensive, hands-on guide to the OpenID Connect protocol. It covers the core specification, discovery, dynamic registration, session management, and practical integration patterns for securing modern web and mobile applications.
Zero Trust Security
Jason Garbis
Zero Trust Security
Jason Garbis, Jerry W. Chapman
This enterprise guide provides a comprehensive framework for planning and implementing zero trust security. It covers the strategic, architectural, and operational aspects of zero trust, including identity-centric security, microsegmentation, software-defined perimeters, and continuous verification.
Self-Sovereign Identity
Alex Preukschat
Self-Sovereign Identity
Alex Preukschat, Drummond Reed
Self-Sovereign Identity provides a comprehensive overview of decentralized identity concepts including verifiable credentials, decentralized identifiers (DIDs), and the trust-over-IP stack. It explores how SSI can transform digital identity by giving individuals control over their own identity data.
Securing DevOps
Julien Vehent
Securing DevOps
Julien Vehent
Securing DevOps covers the integration of security practices into CI/CD pipelines and cloud-native infrastructure. Topics include securing the pipeline, infrastructure security, identity management for DevOps, secrets management, and security testing automation.
Mastering Active Directory
Dishan Francis
Mastering Active Directory
Dishan Francis
A comprehensive guide to Active Directory Domain Services covering design, deployment, group policy, certificate services, federation (AD FS), Azure AD integration, security hardening, and troubleshooting in enterprise environments.
Privileged Attack Vectors
Morey J. Haber
Privileged Attack Vectors
Morey J. Haber
This book examines how attackers exploit privileged accounts and provides comprehensive guidance on building a privileged access management program. It covers PAM architecture, credential vaulting, session management, just-in-time access, and measuring PAM program effectiveness.
The Data Privacy and GDPR Handbook
Sanjay Sharma
The Data Privacy and GDPR Handbook
Sanjay Sharma
A comprehensive handbook for data privacy professionals covering GDPR implementation, data protection impact assessments, consent management, data subject rights, breach notification procedures, and ongoing compliance management.
Practical Cloud Security
Chris Dotson
Practical Cloud Security
Chris Dotson
Practical Cloud Security covers the essential security considerations for cloud deployments including identity management, network security, data protection, logging, and incident response across IaaS, PaaS, and SaaS models.
FIDO2 and WebAuthn: Passwordless Authentication
David Turner
FIDO2 and WebAuthn: Passwordless Authentication
David Turner, Christiaan Brand
A comprehensive developer guide to implementing FIDO2 and WebAuthn passwordless authentication. Covers the FIDO2 protocol, WebAuthn API, platform authenticators, roaming authenticators, passkeys, and practical implementation patterns.
Identity Management Design Guide with IBM Tivoli Identity Manager
Axel Buecker
Identity Management Design Guide with IBM Tivoli Identity Manager
Axel Buecker, Dr. Paul Ashley, Martin Borrett
This IBM Redbooks publication provides a comprehensive guide to designing and implementing identity management solutions using IBM Tivoli Identity Manager. It covers the full identity lifecycle from provisioning to deprovisioning, role-based access control, compliance reporting, and integration patterns with enterprise directories and applications.
Advanced API Security
Prabath Siriwardena
Advanced API Security
Prabath Siriwardena
Advanced API Security covers cutting-edge API security patterns including OAuth 2.0 extensions, OpenID Connect, UMA, token binding, and mutual TLS. It explores advanced topics like API gateways, service mesh security, and securing microservices architectures.
Cybersecurity Ops with bash
Paul Troncone
Cybersecurity Ops with bash
Paul Troncone, Carl Albing
Learn how to use the bash command line for cybersecurity operations including log analysis, network monitoring, malware analysis, and security auditing. Practical recipes for both offensive and defensive security tasks.
Enterprise IAM Guidebook
Jeff Lombardo
Enterprise IAM Guidebook
Jeff Lombardo
A practical guide to building and maturing an enterprise IAM program. Covers program strategy, technology selection, role management, access governance, compliance, and organizational change management for IAM.
SOC 2 Compliance Handbook
Michael Rasmussen
SOC 2 Compliance Handbook
Michael Rasmussen
A practical guide to achieving SOC 2 compliance covering the Trust Services Criteria, scoping the audit, implementing controls (with emphasis on access controls and identity management), evidence collection, and maintaining continuous compliance.
Strategic Privacy by Design
R. Jason Cronk
Strategic Privacy by Design
R. Jason Cronk
This book provides a methodology for embedding privacy into systems and processes from the ground up. It covers privacy engineering frameworks, threat modeling for privacy, data minimization strategies, and building privacy-respecting identity systems.
EU GDPR: A Pocket Guide
Alan Calder
EU GDPR: A Pocket Guide
Alan Calder
A concise, accessible guide to the EU General Data Protection Regulation. It covers the key requirements, principles, and obligations for organizations handling EU personal data, making it an ideal quick reference.
Authentication and Access Control
Jason Andress
Authentication and Access Control
Jason Andress
A practical guide to authentication mechanisms and access control models. It covers password-based authentication, multi-factor authentication, biometrics, access control models (MAC, DAC, RBAC, ABAC), and the cryptographic foundations that support them.
The CIAM Handbook
Martin Kuppinger
The CIAM Handbook
Martin Kuppinger, Anne Bailey
A comprehensive guide to Customer Identity and Access Management covering user registration, progressive profiling, consent management, social login, identity verification, and the balance between security and user experience in consumer-facing applications.
SCIM: System for Cross-domain Identity Management
Phil Hunt
SCIM: System for Cross-domain Identity Management
Phil Hunt, Kelly Grizzle
The implementer's guide to SCIM (System for Cross-domain Identity Management), the standard protocol for automating user provisioning and deprovisioning across cloud applications. Covers the SCIM schema, operations, filtering, bulk operations, and implementation best practices.