Tuesday 27 January 2009

oAuth: a new view on web security

I'm interested in the question of security in browsers. Simple stuff like managing a few hundred users that have signed up to your site is not a problem. I mean the stuff on facebook and other places where you access a users information and thus you need to make sure you get into the correct account and treat it with respect. 

In essence you don't want to present a situation where someone can get access to things they shouldn't. You'll gain a bad reputation that way. This means you need to get your application only the access it needs and nothing more. 

oAuth is apparently a protocol that does exactly that. I haven't tried it yet but I'm interested because for any app I build there will come a time that I need to consider authentication. Particularly the way things are going. Any successful app will need to connect to other data providers to get info. This means authentication.

No comments: