Difference between revisions of "OAuth"

From IIW
Jump to: navigation, search
(Undo revision 3246 by Igiwydijok (Talk))
 
Line 1: Line 1:
----
+
<div id="main" class="column first last span-18 prepend-1 append-1">
<div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;">
+
<h1>OAuth: Open, secure delegation for web services</h1>
----
 
=[http://elykogit.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]=
 
----
 
=[http://elykogit.co.cc CLICK HERE]=
 
----
 
</div>
 
&lt;div id=&quot;main&quot; class=&quot;column first last span-18 prepend-1 append-1&quot;&gt;
 
&lt;h1&gt;OAuth: Open, secure delegation for web services&lt;/h1&gt;
 
  
&lt;p&gt;&lt;i&gt;Or, how to authorize access to your accounts without giving up your password&lt;/i&gt;&lt;br&gt;&lt;/p&gt;&lt;br&gt;
+
<p><i>Or, how to authorize access to your accounts without giving up your password</i><br></p><br>
&lt;p&gt;OAuth offers safe delegation of authority.&amp;nbsp; It allows you to authorize a service (the &lt;i&gt;Consumer&lt;/i&gt;) to act on the your behalf at a second service (the &lt;i&gt;Service Provider&lt;/i&gt;)
+
<p>OAuth offers safe delegation of authority.&nbsp; It allows you to authorize a service (the <i>Consumer</i>) to act on the your behalf at a second service (the <i>Service Provider</i>)
-- but only within limits set by the you and the Service Provider.&amp;nbsp;
+
-- but only within limits set by the you and the Service Provider.&nbsp;
 
Examples include a photo lab printing your online photos, or a social
 
Examples include a photo lab printing your online photos, or a social
network using your address book to look for friends.&amp;nbsp; Today's services
+
network using your address book to look for friends.&nbsp; Today's services
 
typically require you to trust them with your authentication
 
typically require you to trust them with your authentication
credentials, effectively giving&amp;nbsp;them full access and allowing&amp;nbsp;them to
+
credentials, effectively giving&nbsp;them full access and allowing&nbsp;them to
impersonate you.&amp;nbsp; OAuth never exposes your credentials and lets you
+
impersonate you.&nbsp; OAuth never exposes your credentials and lets you
limit the access granted to&amp;nbsp;each Consumer.&amp;nbsp; A real-world analogy is a
+
limit the access granted to&nbsp;each Consumer.&nbsp; A real-world analogy is a
special valet key that you can give to a parking attendant.&amp;nbsp; Unlike
+
special valet key that you can give to a parking attendant.&nbsp; Unlike
 
your regular key, the valet key only allows the car to be driven a few
 
your regular key, the valet key only allows the car to be driven a few
 
miles, and might not even open the trunk. One key for you, another to
 
miles, and might not even open the trunk. One key for you, another to
share.&lt;/p&gt;
+
share.</p>
&lt;h2&gt;How does it work?&lt;/h2&gt;OAuth uses tokens instead of the user credentials. To get access, the Consumer directs the user to a web page specified by the Service Provider.&amp;nbsp; The Service Provider authenticates the user, and confirms the user's intent to grant&amp;nbsp;limited access to the Consumer.&amp;nbsp; The Consumer then regains control and is given a token which it can present as necessary to do things on behalf of the user.&amp;nbsp; Note that OAuth complements rather than replaces existing authentication.&amp;nbsp; It can be used with a wide range of authentication mechanisms, including but not limited to OpenID.&lt;br&gt;
+
<h2>How does it work?</h2>OAuth uses tokens instead of the user credentials. To get access, the Consumer directs the user to a web page specified by the Service Provider.&nbsp; The Service Provider authenticates the user, and confirms the user's intent to grant&nbsp;limited access to the Consumer.&nbsp; The Consumer then regains control and is given a token which it can present as necessary to do things on behalf of the user.&nbsp; Note that OAuth complements rather than replaces existing authentication.&nbsp; It can be used with a wide range of authentication mechanisms, including but not limited to OpenID.<br>
&lt;h2&gt;Is OAuth a New Concept?&lt;/h2&gt;
+
<h2>Is OAuth a New Concept?</h2>
&lt;p&gt;No. OAuth is the standardization of many well established security
+
<p>No. OAuth is the standardization of many well established security
 
protocols: Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API,
 
protocols: Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API,
Flickr API, Amazon Web Services API, etc.&amp;nbsp; OAuth was created by
+
Flickr API, Amazon Web Services API, etc.&nbsp; OAuth was created by
 
extracting the best practices and common core of the existing protocols
 
extracting the best practices and common core of the existing protocols
into a single, well defined, open specification.&lt;/p&gt;
+
into a single, well defined, open specification.</p>
&lt;h2&gt;Is It Ready?&lt;/h2&gt;
+
<h2>Is It Ready?</h2>
&lt;p&gt;Yes, OAuth Core is ready for implementation, and is already
+
<p>Yes, OAuth Core is ready for implementation, and is already
available from a few providers.&amp;nbsp; At the time of this writing, we expect
+
available from a few providers.&nbsp; At the time of this writing, we expect
 
implementations from (in alphabetical order) Digg, Jaiku, Flickr,
 
implementations from (in alphabetical order) Digg, Jaiku, Flickr,
 
Ma.gnolia, Plaxo, Pownce, Twitter, and hopefully Google, Yahoo, and
 
Ma.gnolia, Plaxo, Pownce, Twitter, and hopefully Google, Yahoo, and
others soon to follow.&amp;nbsp; Open source libraries are currently being
+
others soon to follow.&nbsp; Open source libraries are currently being
 
developed for PHP, Rails, Python, .NET, Objective-C, C#, Java, and
 
developed for PHP, Rails, Python, .NET, Objective-C, C#, Java, and
 
Perl. We expect most upcoming work to focus on implementations and the
 
Perl. We expect most upcoming work to focus on implementations and the
development of extensions to the protocol.&amp;nbsp; More information and
+
development of extensions to the protocol.&nbsp; More information and
complete documentation can be found at the project homepage, [http://oauth.net/ http://oauth.net].&lt;br&gt;&lt;/p&gt;&lt;br&gt;
+
complete documentation can be found at the project homepage, [http://oauth.net/ http://oauth.net].<br></p><br>
&lt;p&gt;&lt;span style=&quot;font-size: 7.5pt;&quot;&gt;(Adapted from [http://www.hueniverse.com/hueniverse/2007/09/explaining-oaut.html Explaining OAuth], published on September 05, 2007 by Eran Hammer-Lahav)&lt;/span&gt;&lt;/p&gt;&lt;/div&gt;
+
<p><span style="font-size: 7.5pt;">(Adapted from [http://www.hueniverse.com/hueniverse/2007/09/explaining-oaut.html Explaining OAuth], published on September 05, 2007 by Eran Hammer-Lahav)</span></p></div>

Latest revision as of 16:12, 3 February 2011

OAuth: Open, secure delegation for web services

Or, how to authorize access to your accounts without giving up your password


OAuth offers safe delegation of authority.  It allows you to authorize a service (the Consumer) to act on the your behalf at a second service (the Service Provider) -- but only within limits set by the you and the Service Provider.  Examples include a photo lab printing your online photos, or a social network using your address book to look for friends.  Today's services typically require you to trust them with your authentication credentials, effectively giving them full access and allowing them to impersonate you.  OAuth never exposes your credentials and lets you limit the access granted to each Consumer.  A real-world analogy is a special valet key that you can give to a parking attendant.  Unlike your regular key, the valet key only allows the car to be driven a few miles, and might not even open the trunk. One key for you, another to share.

How does it work?

OAuth uses tokens instead of the user credentials. To get access, the Consumer directs the user to a web page specified by the Service Provider.  The Service Provider authenticates the user, and confirms the user's intent to grant limited access to the Consumer.  The Consumer then regains control and is given a token which it can present as necessary to do things on behalf of the user.  Note that OAuth complements rather than replaces existing authentication.  It can be used with a wide range of authentication mechanisms, including but not limited to OpenID.

Is OAuth a New Concept?

No. OAuth is the standardization of many well established security protocols: Google AuthSub, AOL OpenAuth, Yahoo BBAuth, Upcoming API, Flickr API, Amazon Web Services API, etc.  OAuth was created by extracting the best practices and common core of the existing protocols into a single, well defined, open specification.

Is It Ready?

Yes, OAuth Core is ready for implementation, and is already available from a few providers.  At the time of this writing, we expect implementations from (in alphabetical order) Digg, Jaiku, Flickr, Ma.gnolia, Plaxo, Pownce, Twitter, and hopefully Google, Yahoo, and others soon to follow.  Open source libraries are currently being developed for PHP, Rails, Python, .NET, Objective-C, C#, Java, and Perl. We expect most upcoming work to focus on implementations and the development of extensions to the protocol.  More information and complete documentation can be found at the project homepage, http://oauth.net.


(Adapted from Explaining OAuth, published on September 05, 2007 by Eran Hammer-Lahav)