News Stay informed about the latest enterprise technology news and product updates.

Oauth enlivens the identity and access management landscape

By Alan Earls – For his part, Scott Morrison, CTO at Layer7, a provider of API security and governance for service-oriented, Web-oriented and cloud-oriented integration, argues that OAuth is the most interesting thing happening in identity and access management services.

Morrison says a plus with OAuth is that it is a “good basic idea that sits well with modern developers.” On the other hand, because it is a pure, open standard, it lacks the discipline needed to ensure wide interoperabilty.” With much that remains undefined, Morrison says there is a tension between OAuth as a “quick, grassroots standard and the more rigorous requirements of a formal standard.” But OASYS is now working to formalize OAuth, which may yield positive results.

From his perspective, Morrison says that developers should be mindful of the huge role mobile devices are playing in driving identity management. “With mobile there has been a move toward specific, focused apps, most using RESTful-style protocols. Many of them find themselves depending on OAuth as a means of establishing identity to a remote server,” he says. That, in turn, is driving APIs to be more OAuth aware. “Mobile apps are really driving the whole API explosion,” he continues.

Another important issue to consider, says Morrison, is the increasing importance of multiple identities being established through mobile communications. For example, a mobile device may need to establish the identity of the app it is using and then (for activities requiring security) the identity of the individual user of the app. In other words, identity management can be a multiple layer challenge.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Knowing that identity protection [A href="http://www.idpro.co.uk"]software[/A] is becoming more and more valued as more people get connected to the web through their mobile phones, Oauth is a good step in the right direction for developers. Since it is still in open standard, there is still much room for improvement.
Cancel

-ADS BY GOOGLE

SearchSoftwareQuality

SearchCloudApplications

SearchAWS

TheServerSide.com

SearchWinDevelopment

DevOpsAgenda

Close