Who are You? Who am I? Who is Anybody?
Paul Downey talks on the current status of identity management on the web covering cross-site challenges, REST, HTTPS, Open ID, all in the context of enterprise architecture.
InfoQ
InfoQ
Topic/Tag specific view
Authorization Content on InfoQ
Latest featured content about Authorization
News about Authorization
Twitter Experiences Site Instability Following Google, Microsoft Outages
Twitter is the latest to experience downtime when yesterday the company issued a status update indicating instability within the site. This was the second such report from Twitter this week and follows on the heels of outages experienced this week by Google’s Blogger service and Microsoft’s Business Productivity Online Suite (BPOS).
Google Debuts OAuth 2.0 Support for Google APIs
Today Google announced experimental support for OAuth 2.0 with bearer tokens. In addition, as a side announcement they've launched a new consent page for OAuth 2.0 designed with cleanliness and simplicity in mind.
A Proposal for an HTTP Digital Signature Protocol and API
Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.
Is OAuth 2.0 Bad for the Web?
Eran Hammer-Lahav, one of the editors of the OAuth 2.0 specification, published a diatribe on the latest standard draft. For him, the current proposal mortgages the future of the Web. He sees the current specification focusing too much on simplicity for the application developer while severely limiting the ability to create discoverable and interoperable services.
Presentations about Authorization
Spring Social: For the New Web of APIs
Craig Walls discusses the need for adding social features to applications, how to secure such applications and how Spring Social can help.
The Rise of OAuth
Craig Walls talks about securing the modern web and how OAuth can help with that, showing how to secure and consume resources with OAuth.
Getting Started With Spring Security 3.1
Rob Winch demoes some of the new features in Spring Security 3.1: multiple http elements, stateless authentication mode for RESTful services, Debug Filter, CAS support for proxy tickets, JAAS, etc.
Interviews about Authorization
REST and the Web as a Platform, with Subbu Allamaraju
In this interview, Subbu Allamaraju talks about real life issues of RESTful architectures. He also describes a pragmatic approach of adopting the Web as an integration platform and shares his opinion on OAuth.
Laforge and Rocher Discuss the future of Groovy, Grails and Java
In this interview, Graeme Rocher and Guillaume Laforge of SpringSource talk about the present and future of the Grails framework and the Groovy language. Rocher talks about Grails 1.4 and some of its enhancements such as improvements to GORM. And Laforge discusses Groovy 1.8, which features new DSL authoring capabilities, among other things. They look at how Java’s future impacts their projects.
Inside SpringSource with Rod Johnson
In this interview conducted at the SpringOne 2GX conference, Rod Johnson talks about the new advancements SpringSource is bringing to the enterprise Java space, including new cloud options. Johnson discusses open-source Java in general, including the flap over the direction of OpenJDK and Apache Harmony. And he delves into the new Code2Cloud effort from SpringSource and Tasktop, and much more.