CLARIN/Security for web services
From PDP/Grid Wiki
Revision as of 12:55, 19 December 2012 by Wvengen@nikhef.nl (talk | contribs) (remove outdated content which is in report already)
<sidebar>
- CLARIN web service security
- CLARIN/Security_for_web_services|Analysis
- CLARIN/OAuth2|OAuth2
- CLARIN/OAuth2 use case|OAuth2 use-case
- CLARIN/OAuth2_real_world_usage|OAuth2 elsewhere
- resources
</sidebar>
This page has been superseded by a report.
A conclusion was to look into OAuth2, which is being looked at here.
Notes after the report was finished:
- EMI STS is a new contender, but uses SAML ECP, which not many IdPs support
Links
Standards
- User Managed Access (UMA) has some overlap with this work; seems to be useful for person-to-person sharing
- OASIS Web Services Security: WS-Security, username, X.509, SAML
- A SASL and GSS-API Mechanism for SAML, uses base64 encoded SAML request in URL
- ways to use SAML (and SAML interop scenarios)
- OAuth 2.0, and with SAML assertions
Libraries
- OAuth 2 assertion profile library
- Shibboleth ECP IdPdelegation, web-service client, and configuring it.
Federations
Other
- N-tier usage of SAML in backend
- Similar project in US' department of defense
- Data portability, and blog
- OAuth 2 uses bearer tokens and misses signatures, which may become a problem.
- Nice OAuth 1 and OAuth 2 diagrams
- xDAuth
- SimpleAuth: adaptation of OpenID to support delegation (though this might be something entirely different)
- MashMyData security model