OAuth 2.0 is an open standard specifically designed as an authorization framework. Its primary purpose is to enable a third-party application (the client) to obtain delegated, limited access to a user's resources hosted on a server, without sharing the user's credentials. The Identity Provider (IdP) acts as the authorization server, issuing access tokens to the application after the user grants consent. This token then authorizes the application to access specific resources on the user's behalf. This process is the core of delegated authorization between an IdP and an application.

A. SAML: Primarily an authentication protocol for federated Single Sign-On (SSO). While it can convey authorization attributes, its main function is to assert a user's identity, not delegate access.

C. Active Directory Federation Services (ADFS): This is a specific Microsoft software component that functions as an Identity Provider. It is an implementation that uses standards like SAML, not the authorization standard itself.

D. Identity Service (IdS): This is a generic, high-level term for a service that manages identities. It is not a specific protocol or standard like OAuthv2.

1. IETF RFC 6749

The OAuth 2.0 Authorization Framework. The abstract states: "The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service... by orchestrating an approval interaction between the resource owner and the HTTP service

or by allowing the third-party application to obtain access on its own behalf." (Page 1

Abstract). This defines its core purpose as authorization.

2. Cisco Identity Services Engine Administrator Guide

Release 3.1. In the chapter "External Identity Sources

" the guide distinguishes between protocols. It describes SAML for Single Sign-On (SSO) scenarios and OAuth for securing API access. For example

Section: "SAML Identity Provider" discusses its use for authenticating administrators and sponsors into ISE.

3. OASIS Security Services (SAML) V2.0 Technical Overview. This official document states

"The primary use case for SAML is to enable Web Browser Single Sign-On (SSO)." (Document: sstc-saml-tech-overview-2.0-cd-02

Section 2.1

Page 9). This highlights its primary role in authentication

differentiating it from OAuth's focus on authorization.