OAuth is an open standard for authorizing access to specific applications and data within a server on behalf of the application owner. The basic model of authentication between a client and an application has evolved to keep up with the demands of mobile and cloud computing. A distributed architecture — where mobile clients request services from multiple protected systems — mandates Single Sign-On (SSO). OAuth provides a nimble SSO model to accommodate authentication for rapidly evolving mobile applications that consume services from a wide array of internal and external providers.
In this model, at a minimum, there are two entities involved: the client and the application running on the server. A client with valid credentials is granted access to a particular resource controlled by the application. The client credentials may be in the form of a username/password that the application validates before granting access to the resource.
This basic model of authentication has evolved overtime as a result of the need for the client to provide its credentials (e.g username/password) only once in order to be granted access to resources that are controlled by multiple applications in a distributed environment. This model is often referred to as Single Sign-On (SSO). In this model, the client “logs in” only once by providing its credentials to a single application. Upon validation by the application, the client receives a ticket (cookie) that enables it to seamlessly access resources of other applications. An example of SSO is a user logging into Amazon.com only once and accessing resources on multiple third party applications without having to login to each individual application.
The increased popularity of social media apps, mobile apps and cloud services has lead to another authentication and authorization model. The new model is based on the OAuth standard. In this model, at least three entities are involved: the user, the client application/service and the service provider. This is referred to as the three-legged OAuth model. The user is the owner of the resource and it grants client application access to its resources that are controlled by the service provider. OAuth standard enables the user to grant client application to its resources without ever sharing its username/password with the client application.
For more details on OAuth and how to use it in your organization, download our latest white paper: Cloud-based Enterprise Identity Management using OAuth.
OAuth White Paper
Cloud-based Enterprise Identity Management using OAuth