Difference between revisions of "CLARIN/Security for web services"
From PDP/Grid Wiki
Jump to navigationJump to search (remove outdated content which is in report already) |
(more clarity in lay-out) |
||
Line 1: | Line 1: | ||
{{CLARIN}} | {{CLARIN}} | ||
− | This page has been superseded by a [[Media:Clarin-security_for_web_services-research-report010.pdf|report]]. <br /> | + | '''This page has been superseded by a [[Media:Clarin-security_for_web_services-research-report010.pdf|report]].''' <br /> |
A conclusion was to look into [[CLARIN/OAuth2|OAuth2]], which is being looked at [[CLARIN/OAuth2|here]]. | A conclusion was to look into [[CLARIN/OAuth2|OAuth2]], which is being looked at [[CLARIN/OAuth2|here]]. | ||
+ | |||
+ | ---- | ||
Notes after the report was finished: | Notes after the report was finished: |
Latest revision as of 11:28, 26 February 2013
<sidebar>
- CLARIN web service security
- CLARIN/Security_for_web_services|Analysis
- CLARIN/OAuth2|OAuth2
- CLARIN/OAuth2 use case|OAuth2 use-case
- CLARIN/OAuth2_real_world_usage|OAuth2 elsewhere
- resources
</sidebar>
This page has been superseded by a report.
A conclusion was to look into OAuth2, which is being looked at here.
Notes after the report was finished:
- EMI STS is a new contender, but uses SAML ECP, which not many IdPs support
Links
Standards
- User Managed Access (UMA) has some overlap with this work; seems to be useful for person-to-person sharing
- OASIS Web Services Security: WS-Security, username, X.509, SAML
- A SASL and GSS-API Mechanism for SAML, uses base64 encoded SAML request in URL
- ways to use SAML (and SAML interop scenarios)
- OAuth 2.0, and with SAML assertions
Libraries
- OAuth 2 assertion profile library
- Shibboleth ECP IdPdelegation, web-service client, and configuring it.
Federations
Other
- N-tier usage of SAML in backend
- Similar project in US' department of defense
- Data portability, and blog
- OAuth 2 uses bearer tokens and misses signatures, which may become a problem.
- Nice OAuth 1 and OAuth 2 diagrams
- xDAuth
- SimpleAuth: adaptation of OpenID to support delegation (though this might be something entirely different)
- MashMyData security model