---
title: PingGateway supported standards
description: PingGateway implements the following RFCs, Internet-Drafts, and standards:
component: pinggateway
version: 2026
page_id: pinggateway:reference:Standards
canonical_url: https://docs.pingidentity.com/pinggateway/2026/reference/Standards.html
revdate: 2025-04-01T17:53:34Z
---

# PingGateway supported standards

PingGateway implements the following RFCs, Internet-Drafts, and standards:

* [OAuth 2.0](https://oauth.net/2/)

  [RFC 6749: The OAuth 2.0 Authorization Framework](https://www.rfc-editor.org/rfc/rfc6749)

  [RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage](https://www.rfc-editor.org/rfc/rfc6750)

  [RFC 7515: JSON Web Signature (JWS)](https://www.rfc-editor.org/rfc/rfc7515)

  [RFC 7516: JSON Web Encryption (JWE)](https://www.rfc-editor.org/rfc/rfc7516)

  [RFC 7517: JSON Web Key (JWK)](https://www.rfc-editor.org/rfc/rfc7517)

  [RFC 7518: JSON Web Algorithms (JWA)](https://www.rfc-editor.org/rfc/rfc7518)

  [RFC 7519: JSON Web Token (JWT)](https://www.rfc-editor.org/rfc/rfc7519)

  [RFC 7523: JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants](https://www.rfc-editor.org/rfc/rfc7523)

  [RFC 7591: OAuth 2.0 Dynamic Client Registration Protocol](https://www.rfc-editor.org/rfc/rfc7591)

  [RFC 7636: Proof Key for Code Exchange by OAuth Public Clients](https://www.rfc-editor.org/rfc/rfc7636.html) (PKCE)

  [RFC 7662: OAuth 2.0 Token Introspection](https://www.rfc-editor.org/rfc/rfc7662)

  [RFC 7800: Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)](https://www.rfc-editor.org/rfc/rfc7800)

  [RFC 8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens](https://www.rfc-editor.org/info/rfc8705)

- [OpenID Connect 1.0](https://openid.net/developers/how-connect-works/)

  PingGateway can be configured to play the role of OpenID Connect relying party. The OpenID Connect specifications depend on OAuth 2.0, JSON Web Token, Simple Web Discovery and related specifications. The following specifications make up OpenID Connect 1.0.

  * [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html) defines core OpenID Connect 1.0 features.

    |   |                                                                                                                                                                                       |
    | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
    |   | In section 5.6 of the specification, PingGateway supports *Normal Claims*. The optional *Aggregated Claims* and *Distributed Claims* representations aren't supported by PingGateway. |

  * [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html) defines how clients can dynamically discover information about OpenID Connect providers.

  * [OpenID Connect Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) defines how clients can dynamically register with OpenID Connect providers.

  * [OAuth 2.0 Multiple Response Type Encoding Practices](https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html) defines additional OAuth 2.0 response types used in OpenID Connect.

* FAPI

  [Financial-grade API Security Profile 1.0 - Part 1: Baseline](https://openid.net/specs/openid-financial-api-part-1-1_0.html)

  [Financial-grade API Security Profile 1.0 - Part 2: Advanced](https://openid.net/specs/openid-financial-api-part-2-1_0.html)

- User-Managed Access (UMA) 2.0

  [User-Managed Access (UMA) 2.0 Grant for OAuth 2.0 Authorization](https://docs.kantarainitiative.org/uma/wg/oauth-uma-grant-2.0-08.html)

  [Federated Authorization for User-Managed Access (UMA) 2.0](https://docs.kantarainitiative.org/uma/wg/oauth-uma-federated-authz-2.0-08.html)

* [Representational State Transfer (REST)](https://en.wikipedia.org/wiki/REST)

  Style of software architecture for web-based, distributed systems. PingGateway's APIs are RESTful APIs.

- [Security Assertion Markup Language (SAML)](https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language)

  Standard, XML-based framework for implementing a SAML service provider. PingGateway supports multiple versions of SAML including 2.0, 1.1, and 1.0.

  Specifications are available from the [OASIS standards page](https://www.oasis-open.org/standards).

* Other Standards

  [RFC 4627: The application/json Media Type for JavaScript Object Notation (JSON)](https://www.rfc-editor.org/rfc/rfc4627). JSON text is encoded with Unicode; PingGateway reads and stores JSON as Unicode.

  [RFC 2616: Hypertext Transfer Protocol — HTTP/1.1](https://www.rfc-editor.org/rfc/rfc2616).

  [RFC 2617: HTTP Authentication: Basic and Digest Access Authentication](https://www.rfc-editor.org/rfc/rfc2617), supported as an authentication module.

  [RFC 5280: Internet X.509 Public Key Infrastructure Certificate](https://www.rfc-editor.org/rfc/rfc5280), supported for certificate-based authentication.

  [RFC 5785: Defining Well-Known Uniform Resource Identifiers (URIs)](https://www.rfc-editor.org/rfc/rfc5785).

  [RFC 6265: HTTP State Management Mechanism](https://www.rfc-editor.org/rfc/rfc6265) regarding HTTP Cookies and `Set-Cookie` header fields.