Tag: continuous replacement |
|
Line 1: |
Line 1: |
| An [[OAuth Access Delegation Standard]] is an [[access delegation standard]] that ... | | An [[OAuth Access Delegation Standard]] is an [[Open Standard|open]] [[access delegation standard]] that ... |
| * <B>See:</B> [[XACML]], [[Open Standard]], [[Hypertext Transfer Protocol]], [[OpenID]], [[Initiative for Open Authentication]], [[OpenID Connect]]. | | * <B>See:</B> [[XACML]], [[Access Delegation]], [[Hypertext Transfer Protocol]], [[OpenID]], [[Initiative for Open Authentication]]. |
| ---- | | ---- |
| ---- | | ---- |
| | == References == |
|
| |
|
| == References == | | === 2020 === |
| | * (Wikipedia, 2020) ⇒ https://en.wikipedia.org/wiki/OAuth Retrieved:2020-2-14. |
| | ** '''OAuth''' is an [[open standard]] for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, <ref> [https://login.amazon.com/ Amazon & OAuth 2.0] </ref> Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with [[Hypertext Transfer Protocol]] (HTTP), OAuth essentially allows [[access token]]s to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server. <P> OAuth is a service that is complementary to and distinct from [[OpenID]]. OAuth is unrelated to [[Initiative For Open Authentication|OATH]], which is a ''reference architecture'' for ''authentication'', not a ''standard'' for ''authorization''. However, OAuth is directly related to [[OpenID Connect|OpenID Connect (OIDC)]] since OIDC is an authentication layer built on top of OAuth 2.0. OAuth is also unrelated to [[XACML]], which is an authorization policy standard. OAuth can be used in conjunction with XACML where OAuth is used for ownership consent and access delegation whereas XACML is used to define the authorization policies (e.g. managers can view documents in their region). |
|
| |
|
| === 2017 ===
| |
| * (Wikipedia, 2017) ⇒ https://en.wikipedia.org/wiki/OAuth Retrieved:2017-7-21.
| |
| ** '''OAuth''' is an [[open standard]] for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with [[Hypertext Transfer Protocol]] (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server. <P> OAuth is a service that is complementary to and distinct from [[OpenID]]. OAuth is also distinct from [[Initiative For Open Authentication|OATH]], which is a ''reference architecture'' for ''authentication'', not a ''standard'' for ''authorization''. However, OAuth is directly related to [[OpenID Connect|OpenID Connect (OIDC)]] since OIDC is an authentication layer built on top of OAuth 2.0. OAuth is also distinct from [[XACML]], which is an authorization policy standard. OAuth can be used in conjunction with [[XACML]] where OAuth is used for ownership consent and access delegation whereas [[XACML]] is used to define the authorization policies (e.g. managers can view documents in their region).
| |
|
| |
|
| ---- | | ---- |
| [[Category:Concept]] | | [[Category:Concept]] |
| __NOTOC__ | | __NOTOC__ |
|
| |
| === 2020 ===
| |
| * (Wikipedia, 2020) ⇒ https://en.wikipedia.org/wiki/OAuth Retrieved:2020-2-14.
| |
| ** '''OAuth''' is an [[open standard]] for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, <ref> [https://login.amazon.com/ Amazon & OAuth 2.0] </ref> Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts with third party applications or websites. Generally, OAuth provides to clients a "secure delegated access" to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with [[Hypertext Transfer Protocol]] (HTTP), OAuth essentially allows [[access token]]s to be issued to third-party clients by an authorization server, with the approval of the resource owner. The third party then uses the access token to access the protected resources hosted by the resource server. <P> OAuth is a service that is complementary to and distinct from [[OpenID]]. OAuth is unrelated to [[Initiative For Open Authentication|OATH]], which is a ''reference architecture'' for ''authentication'', not a ''standard'' for ''authorization''. However, OAuth is directly related to [[OpenID Connect|OpenID Connect (OIDC)]] since OIDC is an authentication layer built on top of OAuth 2.0. OAuth is also unrelated to [[XACML]], which is an authorization policy standard. OAuth can be used in conjunction with XACML where OAuth is used for ownership consent and access delegation whereas XACML is used to define the authorization policies (e.g. managers can view documents in their region).
| |