I am looking at the Google Application Engine recently. The Google Data API can support the OAuth, an open standard to support secure API authentication. I will compare popular web service technologies:
OAuth: The technology can be used to enable one web site to access the user data data stored on another web site. For example,a photo print service web site may require to access the web site store these photos. It can also enable the user to grant the approval of that web site requests. It was started in the consumer-centric world, such as twitter, flickr, pownce etc.
WS-Trust: It provides for API interaction between web servers. It always used with SOAP based APIs in Enterprise. Most REST based API is hard to leverage the WS-* Stack.
SAML(Single Authentication Mark Language) Web SSO (Single Sign-on): An XML-based framework to identity and protocols. User only logon once and can be authenticated to other systems in the organization. SAML does not define how the authentication is implemented. Google, and recently Salesforce announced support for SAM.
OpenId: The technology is commonly used for SSO. Compared with SAML, it defines the user side behavior. It is a lightweight protocol, similar to OAuth, it is in the Consumer Centric world, such as log/consumer/social networking space (MySpace, Orange recently announced support for it).
Microsoft Geneva: It is based WS-* and SAML
Strong/2ndFactorAuth: The general concept of authenticating a user with more information then just a password. Such as cookie, biometric devices, phone call....
link to Overlap of identity technologies
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment