Difference between revisions of "CLARIN/Security for web services"

From PDP/Grid Wiki
Jump to navigationJump to search
(include images)
(→‎Approaches: expand)
Line 20: Line 20:
 
<div style="clear:right"></div>[[Image:Approaches_oauth1.png|150px|right|OAuth 1.0 diagram]]
 
<div style="clear:right"></div>[[Image:Approaches_oauth1.png|150px|right|OAuth 1.0 diagram]]
 
=== OAuth 1.0 ===
 
=== OAuth 1.0 ===
 +
[http://tools.ietf.org/html/rfc5849 OAuth 1] is used on the world wide web as a method to access server resources on behalf of a resource owner. It is used by [http://wiki.oauth.net/w/page/12238516/FrontPage quite] a number of big websites like [http://code.google.com/apis/accounts/docs/OAuth.html Google], [http://dev.twitter.com/pages/sign_in_with_twitter Twitter].
 +
 +
OAuth 1.0 requires browser redirection and confirmation [TODO check if confirmation is optional]. This would be acceptable for the portal scenario, but not for nested service invocations (real delegation).
 +
  
 
<div style="clear:right"></div>[[Image:Approaches_oauth2.png|150px|right|OAuth 2.0 diagram]]
 
<div style="clear:right"></div>[[Image:Approaches_oauth2.png|150px|right|OAuth 2.0 diagram]]
 
=== OAuth 2.0 ===
 
=== OAuth 2.0 ===
 
+
[http://oauth.net/2/ OAuth 2] is the new version of OAuth, which supports many more scenario's. This is being adopted ([http://developers.facebook.com/docs/authentication/ Facebook] is on the wagon already).
  
 
<div style="clear:right"></div>
 
<div style="clear:right"></div>

Revision as of 14:21, 23 March 2011

  • ISOcat registry
  • CMDI, component metadata infrastructure


Approaches

Open diagram

Open

All services trust each other. No technical security measures (other than, possibly, blocking complete strangers); managable upto ~15 services [TODO ref needed]

Shibboleth + delegation

Shibboleth is already used for federated authentication. It has ECP support with delegation, though only through a plugin. The next major IdP release may include it though.

One cannot expect each IdP to install this plugin, or to have the latest version installed [TODO check if this is the case with Shibboleth version policies]. Therefore this option is not viable.

SAML ECP

(see Shibboleth) [TODO would there be other SAML ECP options than Shibboleth?]

OAuth 1.0 diagram

OAuth 1.0

OAuth 1 is used on the world wide web as a method to access server resources on behalf of a resource owner. It is used by quite a number of big websites like Google, Twitter.

OAuth 1.0 requires browser redirection and confirmation [TODO check if confirmation is optional]. This would be acceptable for the portal scenario, but not for nested service invocations (real delegation).


OAuth 2.0 diagram

OAuth 2.0

OAuth 2 is the new version of OAuth, which supports many more scenario's. This is being adopted (Facebook is on the wagon already).

Links

Standards

Libraries

Federations

Other