oauth tutorial - oauth2 | History of OAuth - oauth2 tutorial - oauth authentication



APIs: Application Programming Interfaces

oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  oauth implicit requests and responses - what is oauth , saml vs oauth , oauth tutorial
  • APIs are for connecting “software machines”
    • Modules within a program
    • Programs on a server
    • Programs over local networks
    oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  api gateway - what is oauth , saml vs oauth , oauth tutorial
    oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  oath web api - what is oauth , saml vs oauth , oauth tutorial

    How Web APIs Evolved

  • Before there were Web APIs, there were Web Apps
  • oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  oath web apps - what is oauth , saml vs oauth , oauth tutorial

    Then came Web Services - SOA / SOAP services

    oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  web sevice - what is oauth , saml vs oauth , oauth tutorial

    Security for Web Services

  • Establish TRUST with public key infrastructure
    • – Private key / public certificate pairs
    • – Have certificates signed by recognized CA / RA
    • – Exchange that certificate with similarly-assured certificate from partners
  • Apply asymmetric crypto at runtime to validate digital signatures / decrypt encrypted content
    • – SSL/TLS Mutual Authentication
    • – XML-DSIG/XML-ENC applied to SOAP documents
    • TRUST partner / corporate customer to treat crypto material with care and caution

    Need for more security - Evolution of OAUTH

    oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  web sevice - what is oauth , saml vs oauth , oauth tutorial

    The new security model for Web APIs

    oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  web sevice - what is oauth , saml vs oauth , oauth tutorial
    oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  web sevice - what is oauth , saml vs oauth , oauth tutorial

    we had better require more regular and active scrutiny of the Apps’ access privileges

  • First of all, DO NOT issue long-lasting certificates to the Apps (e.g. x.509 expires in 1 yr)
  • Instead, issue short-lived access tokens that can be revoked at any time
  • oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  web service - what is oauth , saml vs oauth , oauth tutorial

    …we had better require more regular and active scrutiny of the Apps’ access privileges…

  • Next, include the end user in authenticating / authorizing the App
  • Explicitly grant access
  • To a limited scope
  • oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  web service - what is oauth , saml vs oauth , oauth tutorial

    Introducing OAuth The new security model for Web APIs

  • Open standard specification by IETF WG
    • The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain “ access on its own behalf.
    oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  web service - what is oauth , saml vs oauth , oauth tutorial
    oauth 2.0 - oauth - oauth2 - oauth authentication , oauth token , oauth2 flow , oauth server , oauth flow , oauth2 authentication , oauth2 server , oauth refresh token ,  oauth authorization code -  web service - what is oauth , saml vs oauth , oauth tutorial

    Related Searches to oauth2 | History of OAuth