Saturday, November 27, 2010

Authentication and Authorisation - OAuth, OpenID etc.

Thought I would look a little into some of the more recent (and not so recent) developments in application authentication and authorisation:

OpenID - open standard that describes how users can be authenticated in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities. OpenID authentication is now used and provided by several large websites. Providers include AOL, BBC, Facebook, Google, IBM, MySpace, Orange, PayPal, VeriSign, LiveJournal, Yandex, Ustream and Yahoo!

OAuth - open standard for authorisation allows users to share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials.
OAuth allows users to hand out tokens instead of credentials to their data hosted by a given service provider. Each token grants access to a specific site (e.g. a video editing site) for specific resources (e.g. just videos from a specific album) and for a defined duration (e.g. the next 2 hours). This allows a user to grant a third party site access to their information stored with another service provider, without sharing their access permissions or the full extent of their data.

Claims Based Authentication - the process of authenticating a user based on a set of claims about its identity contained in a trusted token. Such a token is often issued and signed by an entity that is able to authenticate the user by other means, and that is trusted by the entity doing the claims based authentication.

Active Directory Federation Services (ADFS) - a standards based Web Single Sign-On (SSO) service that enables federated identity by implementing claims based authentication across forests.

SAML 2.0 (Security Assertion Markup Language) - an XML-based standard for exchanging authentication and authorisation security tokens containing assertions between security domains.

No comments: