A TECHNICAL INSIGHT INTO THE CONCEPTS AND TERMINOLOGIES BEHIND OAUTH – AN OPEN STANDARD FOR AUTHORIZATION

Lija Mohan, Sudheep Elayidom M

Abstract: As the world wide web matures, more and more sites rely on distributed services and cloud computing for a better scalability and efficiency to meet their enhanced needs. Some examples are: a printer printing the Flickr photos, a Facebook like social network using your Google account to find friends, or any third-party programs utilizing APIs from multiple websites. The problem is, in order for these external applications to access user data from other sites, they ask for your usernames and passwords. Not only does this require exposing your secure credentials to non trustable sources ; but also provides these application unlimited access to access your account as they wish. If they get this credentials then they have unlimited access to your account and at the worst, they can change your passwords and lock your access as well. Often the same passwords may be used for online banking and other secure transactions. OAuth is an Open Standard to allow users to grant a third-party access to their resources without sharing their actual passwords. It also provides a way to grant limited access to resources with respect to scope, duration, location etc

Keywords: OAuth, Delegated Access, Open Standard

DOI: https://doi.org/10.15623/ijret.2014.0312040