← Back to Roadmaps

Authentication & Identity Fundamentals (2026) - Learning Roadmap | Nemorize

Learning Topics

This roadmap covers the following topics:

Identity in 2026
  • ⚪ Core Identity Concepts
    • ⚪ Auth vs Authz vs Accounting
    • ⚪ Subjects, Principals & Claims
    • ⚪ Sessions vs Tokens vs Cookies
  • ⚪ Trust & Threat Modeling
    • ⚪ Trust Boundaries & Threat Model
    • ⚪ Phishing-Resistant vs Phishable Factors
Passkeys & WebAuthn
  • ⚪ WebAuthn Ceremonies
    • ⚪ WebAuthn Registration Ceremony
    • ⚪ WebAuthn Authentication Ceremony
    • ⚪ Attestation & Sync Models
  • ⚪ Passkey Deployment
    • ⚪ Conditional UI & Autofill
    • ⚪ Account Recovery Without Passwords
    • ⚪ Migration: Password+MFA → Passkey-First
OAuth 2.1 & OIDC
  • ⚪ OAuth 2.1 Flows
    • ⚪ Authorization Code + PKCE
    • ⚪ Client Credentials & Device Code
    • ⚪ Refresh Token Rotation & What 2.1 Removed
  • ⚪ OIDC & Sender Constraints
    • ⚪ ID Token vs Access Token
    • ⚪ DPoP & mTLS Sender Constraint
    • ⚪ Discovery, JWKS & IdP Mappings
Token Mechanics & JWT Security
  • ⚪ JWT Structure & Algorithms
    • ⚪ JWS Signing Algorithms
    • ⚪ Standard Claims & JWE Encryption
    • ⚪ JWT Validation Pitfalls
  • ⚪ Key Rotation & Validation Strategy
    • ⚪ Local Validation vs Introspection
    • ⚪ Key Rotation & JWKS Caching
Workload & Agent Identity
  • ⚪ Workload Identity
    • ⚪ SPIFFE / SPIRE & WIF
    • ⚪ Cloud IAM & OIDC Federation from CI
    • ⚪ Short-Lived Credentials & mTLS Mesh
  • ⚪ AI Agent Identity
    • ⚪ Delegated Authority & MCP Auth Model
    • ⚪ Confused Deputy & Audit Trails
    • ⚪ Human-in-the-Loop & Revocation at Speed
Attacks, Defenses & Authorization Models
  • ⚪ Auth Attack Patterns
    • ⚪ OAuth Redirect & Mix-Up Attacks
    • ⚪ XSS, CSRF & MFA Bypass
    • ⚪ AI-Driven Phishing & Agent Attacks
  • ⚪ Authorization Models
    • ⚪ RBAC, ABAC & ReBAC / Zanzibar
    • ⚪ OPA Policy-as-Code & AWS Cedar
    • ⚪ Scopes vs Permissions vs Roles
Sessions, Federation & Post-Quantum
  • ⚪ Session Lifecycle & Continuous Access
    • ⚪ Cookie Attributes & Logout
    • ⚪ CAEP, Shared Signals & Step-Up Auth
  • ⚪ Federation, FedCM & Browser Identity
    • ⚪ SAML 2.0, OIDC Federation & SCIM
    • ⚪ FedCM & Browser as Auth Mediator
    • ⚪ Post-Quantum Readiness

Community Feedback

Share your thoughts and rate this roadmap

Loading comments...