I was participated to a web security workshop and session while I have captured about web features called OAuth & OpenID. Below I have brief down about the two technologies.
Web Service Security is a major requirement & crucial part of the enterprise services.WS-Security supports multiple formats for tokens multiple trust domains, multiple signature formats and multiple encryption technologies.Both OAuth and OpenID systems tend to live longer because those are two powerful features of WS-Security.
OAuth
OAuth is an open protocol that allows users to share their private resources, it can simply stored resources in one site with another site without having to hand out their username and password. Users have to share their credentials with potentially untrustworthy. There for data spread across various websites like Flickr, Twitter.With OAuth can be haven. Further access rights can be granted over the limited period of time without being required to expose their user name and password.WSO2 Identity Server include the feature that delegation via OAuth. It is representing the user as an authority
According to OAuth mechanism when user use of a service to login the authentication process It will redirects the user to where the serviceruns. In here OAuth provider uses its own OAuth credentials (token) toretrieve credentials for User. OAuth provider stores users credentialsalong with User's account allow him to use & access the service. OAuth important when someone hacked all the passwords of OAuth providers Even though user have lost his OAuth provider password the unauthorized person doesn’t have his service user password.
OpenID
OpenID enables to keep control over your own identity by separating the identity. Currently most people use the same username and password for every site that they are accessing to authenticate purposes. However this becomes very insecurity and not a recommended way of accessing. OpenID limit this risk by reducing the number of sites that you can access with same username and password. Using OpenID technology will be allowing one username/password to access any number of websites or online services. Further OpenID provider a secure channel and validate your identity.
In OpenID scenario it provides web redirections to communicate between the relying party and OpenID. Assume you want to login to web service but you don’t have a web service user credentials when other web services supporting OpenID there will be a possibility of using the supporting OpenID’s web services account as to login to the web service that we dont have user ID. There for web services supporting OpenID authorizations eliminating the need of remember more than one user id and password.
I'm willing to focus on discovering & presenting those two features how support in WSO2 Identity Server.
Web Service Security is a major requirement & crucial part of the enterprise services.WS-Security supports multiple formats for tokens multiple trust domains, multiple signature formats and multiple encryption technologies.Both OAuth and OpenID systems tend to live longer because those are two powerful features of WS-Security.
OAuth
OAuth is an open protocol that allows users to share their private resources, it can simply stored resources in one site with another site without having to hand out their username and password. Users have to share their credentials with potentially untrustworthy. There for data spread across various websites like Flickr, Twitter.With OAuth can be haven. Further access rights can be granted over the limited period of time without being required to expose their user name and password.WSO2 Identity Server include the feature that delegation via OAuth. It is representing the user as an authority
According to OAuth mechanism when user use of a service to login the authentication process It will redirects the user to where the serviceruns. In here OAuth provider uses its own OAuth credentials (token) toretrieve credentials for User. OAuth provider stores users credentialsalong with User's account allow him to use & access the service. OAuth important when someone hacked all the passwords of OAuth providers Even though user have lost his OAuth provider password the unauthorized person doesn’t have his service user password.
OpenID
OpenID enables to keep control over your own identity by separating the identity. Currently most people use the same username and password for every site that they are accessing to authenticate purposes. However this becomes very insecurity and not a recommended way of accessing. OpenID limit this risk by reducing the number of sites that you can access with same username and password. Using OpenID technology will be allowing one username/password to access any number of websites or online services. Further OpenID provider a secure channel and validate your identity.
In OpenID scenario it provides web redirections to communicate between the relying party and OpenID. Assume you want to login to web service but you don’t have a web service user credentials when other web services supporting OpenID there will be a possibility of using the supporting OpenID’s web services account as to login to the web service that we dont have user ID. There for web services supporting OpenID authorizations eliminating the need of remember more than one user id and password.
I'm willing to focus on discovering & presenting those two features how support in WSO2 Identity Server.
Hi Amal,
ReplyDeleteIt would be great if you can elaborate more on the advantage of OAuth (you mentioned in the last sentence under OAuth section)