Posts

Showing posts from June, 2014

oAuth , OpenID, OpenID Connect, SAML

oAuth : Open Authorization  Framework  It allows you to delegate access/authorization  to third parties without sharing credentials. Third parties can access the resources on your behalf.  oAuth framework evolved over time.  First oAuth 1.0 came up. It used HTTP ( not HTTPS )  but encrypted the sensitive information at the endpoints.  This made the implementation bit difficult and cumbersome.  oAuth 2.0   is very different than 1.0 and it addressed some of the challenges of 1.0/1.1.  It removed the need for encryption at the endpoints but it requires HTTPS, which is widely available.  It made the implementation faster and easier. It also came up with multiple flows ( auth code, implicit, resource owner credential, client credential, refresh token )  for different scenarios.  Here is link to  oAuth 2.0 flows OpenID is open standard for authentication , promoted by OpenID foundation.  It allows replying partie...