oauth make application development more secure and reliable

Source: Internet
Author: User
Keywords OAuth single sign-on authentication API management
Tags access api api management application application development application programming application programming interface applications

The application programming interface (API) has led to an incredible explosion in application development, and the OAuth standard is designed to ensure that content is safe and secure in this explosive growth. The relationship between application development and the application programming interface (API) is like the foundation of any relationship - trust will happen

OAuth's open certification standards allow for a credible development approach. As Sam Ramji said, "the Great Cambrian explosion" that took place in the past few years can not be repeated.

According to Ramji, vice president of strategy at Apigee, an API management company, OAuth has come to life and has become a standard practice for people using large social media APIs, which are often found in cross-enterprise. At the same time, the adoption of standards is becoming more commonplace, and the term has given rise to some repercussions, but not everyone knows what that term stands for.

Scott Morrison made it easy in his explanation. The chief technology officer at API management company Layer 7 uses Facebook and Twitter to describe the term, both of which were early adopters of OAuth. Morrison explains: "Both Facebook and Twitter represent me in one way or another, and I want to put the two together; OAuth is a technology that enables individuals to build that trust between different sites."

Morrison said that in the current network environment, the merger of accounts is crucial, but prior to OAuth, usernames and passwords were confusing, had to be distributed across multiple platforms, lacked security, and were difficult to track.

"The problem is that the delivery of the application is the center of gravity. If either party is compromised, the trust you give falls apart," Morrison said. "Instead, we want delegated authority and hope to be able to talk to Facebook. 'This is a special certificate , Gives you limited access to Twitter accounts, but you can access all the tweets. 'A limited subset of features. "

Explore the advantages of OAuth

A subset of the limited functionality that distinguishes OAuth from OpenID simply provides authentication but does not allow management of access rights. There is no difference between OAuth and single sign-on authentication without delegated authorization and administrative access.

Although OAuth is a standard, Morrison describes it as the curse of "large scale what we've done in the past." He described it as more grassroots movement that could be developed.

Morrison said: "The most important point is to allow developers to integrate multiple applications with the API, the development of large changes is the use of standardized API to enable applications to talk with the application. OAuth is an important part of it because it uses Used for authentication and authorization authentication. This password is used when you call other applications from one application. "

OAuth is derived from a service-oriented structure, but like an API, it is simplified, which belongs to the "modern spirit of the era of development" that Morrison refers to as a market-agile development.

He added that OAuth is not recognized by all parties and although it has grown with early adopters, it is still largely open to consumer development. "So many things that people working in the government, military, intelligence community are doing right now make more people more intriguing," Morrison said. "In many ways OAuth has yet to prove itself in a number of areas, iphone apps, and a lot of work on getting Facebook and Twitter together. "

Morrison expects OAuth to have an upward clustering effect and ultimately to a safer development environment. 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.