Separating authentication and authorization [federated identities]
162 views
Skip to first unread message
François Kooman
Nov 6, 2012, 8:54:15 AM11/6/12
to oz-pr...@googlegroups.com, Andreas Åkre Solberg, Roland van Rijswijk, Remco Poortinga
Hi,
I'm very interested in seeing something simpler, stricter and more
secure than OAuth 2.0!
For our "enterprise", but not just enterprise, use case the way OAuth
2.0 works with the "webview" and registered custom scheme for native
apps allows us the option of separating authentication and
authorization at the OAuth AS. This is important as we can then plug any
authentication backend, like Mozilla Persona/BrowserID,
OpenID, or, yes, even SAML which happens to be important for the
research and education field with lots of SAML deployed. We don't use
SAML at all as part of the OAuth protocol, just for the authentication
of users...
It seems the plan so far is to just support the username/password.
What are your thoughts on integration with services that use OpenID,
BrowserID, or SAML to authenticate its users where no password is
available at the service to verify against. Do you have any (other)
thoughts on solving this "federated identity" scenario with OZ?
Thanks!
Regards,
Fran�ois
I'm very interested in seeing something simpler, stricter and more
secure than OAuth 2.0!
For our "enterprise", but not just enterprise, use case the way OAuth
2.0 works with the "webview" and registered custom scheme for native
apps allows us the option of separating authentication and
authorization at the OAuth AS. This is important as we can then plug any
authentication backend, like Mozilla Persona/BrowserID,
OpenID, or, yes, even SAML which happens to be important for the
research and education field with lots of SAML deployed. We don't use
SAML at all as part of the OAuth protocol, just for the authentication
of users...
It seems the plan so far is to just support the username/password.
What are your thoughts on integration with services that use OpenID,
BrowserID, or SAML to authenticate its users where no password is
available at the service to verify against. Do you have any (other)
thoughts on solving this "federated identity" scenario with OZ?
Thanks!
Regards,
Fran�ois
Reply all
Reply to author
Forward
0 new messages