Difference between revisions of "CLARIN/Security for web services"
From PDP/Grid Wiki
Jump to navigationJump to searchm (→Libraries) |
(→Open) |
||
| Line 6: | Line 6: | ||
=== Open === | === Open === | ||
| + | All services trust each other. No technical security measures (other than, possibly, blocking complete strangers); managable upto ~15 services [REF NEEDED] | ||
=== Shibboleth + delegation === | === Shibboleth + delegation === | ||
Revision as of 11:50, 23 March 2011
Approaches
Open
All services trust each other. No technical security measures (other than, possibly, blocking complete strangers); managable upto ~15 services [REF NEEDED]
Shibboleth + delegation
SAML ECP
OAuth 1.0
OAuth 2.0
Links
Standards
- User Managed Access (UMA) has some overlap with this work
- OASIS Web Services Security: WS-Security, username, X.509, SAML
- A SASL and GSS-API Mechanism for SAML, uses base64 encoded SAML request in URL
- OAuth 2.0, and with SAML assertions
Libraries
- OAuth 2 assertion profile library
- Shibboleth ECP delegation, web-service client, and configuring it.
