Skip to main content

Posts

Showing posts with the label OpenID

Why OpenID Connect came?

After publishing my previous article on ' Understanding concepts - OpenId, OAuth and SAML'  , I received a general question from a few of my colleagues and that is ‘Why OpenID arrived? What is the need of it’? By now, most of us are already aware that OAuth 2.0 is an authorization protocol and it really did a great job by providing information, which facilitated its user to take some prodigious authorization decisions. But what about exchanging this information? How to do that? Is that exchange done in a secure manner? Bla bla bla… All such sorts of questions are dealt in different- different manner as every authentication provider have their own mean of exchanging this OAuth information. As not all the providers have provided an equivalent level of security, led to some buzzes. Here OpenID Connect came for rescue. It fixes all the common problems by providing an authentication protocol with a standardized way of exchanging messages between a provider and subs...

Understanding concepts - OpenId, OAuth and SAML

I was going through some of the forums related to security concepts and found one topic which is very much communal, and many people posted questions about their confusion on the terms related to Authorization, Authentication and Security protocols.  So, I thought to write something about these terms in layman, which is more towards the concept and less towards technical aspects.  Before we start, let's have a look at the question, which really lighten the spark in me - stackoverflow.com - What's the difference between OpenID and OAuth ? Hope you are with me to get started. Well, one of the major aims of any application is to make it secure and easy to use without imposing much work on the end user. Now, in order to fulfill  this aim, we have to look into a few of the major security aspects in terms of protocols, usage and scenarios. And that's why this article is. What is Authentication and Authorization? In simple terms, authentication is the process ...