http://www.mythics.com/about/blog/what-to-consider-when-integrating-authentication
some basic terminology around authentication:
1. Identity – Describes who you are.
2. Credential – Something that proves who you are.
3. Identity Provider – A trusted system that collects your credentials and provides your validated identity to a service.
4. Service Provider – Some kind of service provided to the user that requires knowledge of the user's identity.
5. Trust – How does a service provider establish the integrity of an identity provider?
some basic terminology around authentication:
1. Identity – Describes who you are.
2. Credential – Something that proves who you are.
3. Identity Provider – A trusted system that collects your credentials and provides your validated identity to a service.
4. Service Provider – Some kind of service provided to the user that requires knowledge of the user's identity.
5. Trust – How does a service provider establish the integrity of an identity provider?
| Protocol | Identity | Credential | Identity Provider | Service Provider | Trust |
|---|---|---|---|---|---|
| SAML2 | XML "Assertion" | Multiple |
SAML2 Identity Provider |
SAML2 Service Provider |
Established by digitally signing assertions of identity with pre-shared keys or pre-trusted certificate authorities |
| OAuth | JSON "Token" | Multiple but current standards for specifying | OAuth endpoint | OAuth endpoint | OAuth verified identity providers using pre-shared "tokens" that are hard to guess, but not cryptographically verified |
| SSL Certificate Authentication | Digitally signed certificate | Digitally signed certificate | Certificate authority | Web server running SSL | Established through the trust of certificate authorities |
| BrowserID | Email address | Certificate | BrowserID provider | Any web application | Trust is established when a user is granted a certificate for authentication from their email provider |
No comments:
Post a Comment