Skip to main content


Showing posts with the label OAuth

Understanding concepts - OpenId, OAuth and SAML

I was going through some of the forums related to security concepts and found one topic which is very much communal, and many people posted questions about their confusion on the terms related to Authorization, Authentication and Security protocols.  So, I thought to write something about these terms in layman, which is more towards the concept and less towards technical aspects.  Before we start, let's have a look at the question, which really lighten the spark in me - - What's the difference between OpenID and OAuth ? Hope you are with me to get started. Well, one of the major aims of any application is to make it secure and easy to use without imposing much work on the end user. Now, in order to fulfill  this aim, we have to look into a few of the major security aspects in terms of protocols, usage and scenarios. And that's why this article is. What is Authentication and Authorization? In simple terms, authentication is the process to