In a perfect world, every developer would understand OIDC, OAuth, and the intricacies of digital identity.
Well, that isn’t the world that we live in, but FusionAuth is doing our part to help make it a reality. That’s why we’ve renewed our membership to IDPro, the professional organization for identity experts. You can think of IDPro as being akin to the American Bar Association for lawyers (except with a bit less history and influence).
As a company, FusionAuth has a foundational commitment to educating developers about identity in their own language. This includes our vendor agnostic articles, explaining the concepts of identity and our free community download, which allows developers to use a full feature OAuth and OIDC server for their applications or to learn about the concepts.
We also think identity should be as complicated as it needs to be, and not a bit more. That’s why we use terms engineers know in our documentation and application. Terms like application instead of client and identity provider instead of jargon from OAuth or OIDC documents, like Authorization Server or OpenID Provider.
Why FusionAuth Supports IDPro
Given the focus on developers, why would FusionAuth support an organization focused on digital identity professionals?
The short answer is that our community depends on us keeping on top of new developments in identity.
The slightly longer answer is that IDPro’s community and education efforts help elevate the entire digital identity ecosystem. As a happy side benefit, they help the FusionAuth team keep on top of new developments.
Let’s talk a bit more about IDPro and their benefits.
Community Engagement
IDPro is fostering a community of identity professionals. These folks are excited to be pushing the identity state of the art forward. If you ever want to hear someone wax poetic on the details of policy based access controls or the details of identity proofing, these are your people.
The main way I interact with the community is through the IDPro Slack. This has over 1,700 members and dozens of channels covering all aspects of digital identity.
I check in periodically to read discussions on channels focused on:
- CIAM (customer identity and access management)
- identity for developers
- OAuth
- and more
There are other ways to be involved with the IDPro community, including meeting up with fellow members at conferences, watching their videos, or volunteering to write for them.
Educational Resources
In addition to fostering community, IDPro is an educational institution. They are doing fantastic work to evangelize digital identity with online publications.
The IDPro Body of Knowledge (BoK) documents best practices and concepts across the identity space. From token lifetimes to MFA to access governance, there’s a detailed, reviewed article for almost any digital identity related topic. And, as mentioned above, they are looking for contributions.
In addition to this free resource, IDPro offers a certification, CIDPro. I personally hold this certification. Pursuing it deepened my understanding of the digital identity landscape.
I was intimidated by the test. I delayed taking it for almost a year after purchasing the voucher. I studied mostly by reading the BoK. The test contents were a mix of software development, identity, and standards knowledge. Studying for it definitely increased my knowledge around topics such as federation, the user lifecycle, and privacy. Here’s the study guide if you want to learn more.
I have encouraged other FusionAuth team members to pursue CIDPro as well.
Filtering Identity Trends for Developers
However, FusionAuth is not focused on the entire identity space. Honestly, no vendor is—it’s too big. Instead, FusionAuth focuses on customer identity and access management. You can learn more about use cases we’re a fit for.
Therefore, not everything IDPro members discuss, explore or write about is relevant to FusionAuth.
One of the benefits of membership is that we can watch and review what is being talked about, and determine if it is relevant for our product or community. It’s the same reason I subscribe to the IETF OAuth mailing list.
Our users and customers justifiably expect us to spend time and effort improving our product, including evaluating and implementing standards, but you can’t implement something you don’t know exists. You can view the standards we’re evaluating by watching the standards GitHub issues label. We also take community feedback and ask for real world use cases for such standards as PAR, FedCM and others, so feel free to chime in there.
While not every new development in identity makes the cut for inclusion into our product, they all deserve some regard. We pay attention so our customers and users who run FusionAuth as their auth solution don’t have to.
