Google Debuts OAuth 2.0 Support for Google APIs

by James Vastbinder on  Mar 14, 2011

Today Google announced experimental support for OAuth 2.0 with bearer tokens. In addition, as a side announcement they've launched a new consent page for OAuth 2.0 designed with cleanliness and simplicity in mind.

Goodbye, CardSpace; Hello, U-Prove!

by James Plamondon on  Feb 23, 2011 3

Last week, Microsoft announced: the cancellation Version 2.0 of its Windows CardSpace identity service, thus deprecating CardSpace; and the immediate availability of Release 2 of the Community Technology Preview of its U-Prove identity service. These announcements are just the latest moves in Microsoft's decade-long struggle to solve the Internet's "identity problem."

A Proposal for an HTTP Digital Signature Protocol and API

by Jean-Jacques Dubray on  Feb 16, 2011 2

Bill Burke, JBoss's Chief Architect and REST Easy Project Lead, published last week a proposal for a Digital Signature Protocol over HTTP. "DSig" is rapidly gaining popularity, more than 10 years after it was designed, due to the emergence of composite applications and the need to establish trusted relationships between their clients and services.

Is OpenID Living Up to Our Expectations?

by Abel Avram on  Jan 26, 2011 13

OpenID has promised to simplify the user authentication process across multiple websites, but some complain it has actually created more problems. 37signals, an early supporter of OpenID, has announced the decision to stop using it across its products. Is OpenID delivering what it promised?

Is OAuth 2.0 Bad for the Web?

by Jean-Jacques Dubray on  Sep 20, 2010 4

Eran Hammer-Lahav, one of the editors of the OAuth 2.0 specification, published a diatribe on the latest standard draft. For him, the current proposal mortgages the future of the Web. He sees the current specification focusing too much on simplicity for the application developer while severely limiting the ability to create discoverable and interoperable services.

Series On Available Authentication Mechanisms For OData Services And Clients

by Dilip Krishnan on  Jul 24, 2010

The WCF Data Services Team have recently been doing a series on the available authentication mechanisms for client/OData service authentication.

Java EE 6: Application Security Enhancements

by Srini Penchikala on  Jul 06, 2010 4

Java Enterprise Edition Version 6 release includes new security features in the areas of web container security as well as authentication and authorization aspects of Java application development. These features include programmatic and declarative security enforcement in the web tier. This post gives an overview of these new security features.

Eugenio Pace on Identity Federation, WIF and ADFS 2.0

by Jon Arild Tørresdal on  May 12, 2010

Microsoft has entered the cloud and customers are looking into moving their applications to this new platform. In doing so authentication and identity management needs to be addressed. InfoQ Editor Jon Arild Tørresdal talked to Eugenio Pace, Senior Program Manager in the Patterns & Practices team about the recent federation and identity technologies released from Microsoft.

Windows Domain to Amazon EC2 Single Sign-On Access Solutions

by Abel Avram on  Jan 21, 2010

David Chappell, the Principal of Chappell & Associates, US, has written a whitepaper proposing several solutions for Single Sign-on (SSO) access to applications deployed on Amazon EC2 from a Windows domain. InfoQ explored these solutions to understand what the benefits and tradeoffs each one presented.

RESTful API Authentication Schemes

by Dilip Krishnan on  Jan 20, 2010 3

“Everyone feels the need to write a custom authentication protocol” says George Reese, which he claims is one of the things he learnt working on a programming API for cloud providers and Saas Vendors. In a post George proposes a set of standards for any REST authentication need.

Easily Accessing Azure Cloud Services with AppFabric

by Abel Avram on  Nov 26, 2009

Microsoft Windows Azure Platform AppFabric is a set of technologies helpful to connect on-premises applications with Azure cloud services and resources and eases interoperability between users belonging to different domains. The main components are the Service Bus and the Access Control Service.

New Patterns & Practices Project – Claims Based Authentication & Authorization Guide

by Jon Arild Tørresdal on  Aug 13, 2009

The Patterns & Practices team announced a newly started project for developing a new guide called "Claims Based Authentication & Authorization Guide". This guide will give best practices on how to implement "Geneva", Microsoft's attempt to simplify user access and single sign-on based on claims.

Identity Developer Training Kit Based On Microsoft 'Geneva' Released

by Dilip Krishnan on  May 21, 2009

Microsoft released an identity developer training kit, following closely on the heels of the release of Geneva Beta 2 at Teched. The training kit is a set of hands-on labs and resources designed to help developers to take advantage of Microsoft’s identity products and services.

Geneva Manages Your Identity

by Abel Avram on  Nov 11, 2008 1

Microsoft has released Geneva Beta 1, previously known as Zermatt, an identity management solution which takes the burden of authenticating and authorizing users away from applications. Geneva supports the OASIS WS-Trust specification.

Presentation: Security (CAS and OpenID) with Ruby

by Werner Schuster on  Jul 01, 2008

In this presentation from QCon SF 2007, Justin Gehtland explains two open solutions to distributed identity and their Rails integration components: the OpenID system (using ruby-openid) and CAS (using rubycas-client).

General Feedback
Marketing and all content copyright © 2006-2016 C4Media Inc. hosted at Contegix, the best ISP we've ever worked with.
Privacy policy

We notice you're using an ad blocker

We understand why you use ad blockers. However to keep InfoQ free we need your support. InfoQ will not provide your data to third parties without individual opt-in consent. We only work with advertisers relevant to our readers. Please consider whitelisting us.