oauth tutorial - oauth2 | History of OAuth - oauth2 tutorial - oauth authentication
APIs: Application Programming Interfaces
- Modules within a program
- Programs on a server
- Programs over local networks
How Web APIs Evolved
Then came Web Services - SOA / SOAP services
Security for Web Services
- – Private key / public certificate pairs
- – Have certificates signed by recognized CA / RA
- – Exchange that certificate with similarly-assured certificate from partners
- – SSL/TLS Mutual Authentication
- – XML-DSIG/XML-ENC applied to SOAP documents
- TRUST partner / corporate customer to treat crypto material with care and caution
Need for more security - Evolution of OAUTH
The new security model for Web APIs
we had better require more regular and active scrutiny of the Apps’ access privileges
…we had better require more regular and active scrutiny of the Apps’ access privileges…
Introducing OAuth The new security model for Web APIs
- The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain “ access on its own behalf.