Authentication & Authorisation

Disadvantages of SSO

Authentication based on one mission critical application which would case a disaster if targetted, more resource intesive if the application implements authentication itself

What is authorisation?

Controlling a user's access to resources

Disadvantages of OpenID

Hitting the authorisation account (eg facebook) can take out your access to all associated websites, loss of anonymity, takes you out of site so can appear as a phishing threat

Why do we need authorisation?

It is useful to let a site access data/facilities available on other sites, like calendars & photos

Advantages of OpenID

Open source, almost everyone already has a supported account, saves users time creating accounts,

Advantages of SSO

Reduces password fatigue, Reduces helpdesk calls for password resets, reduces the amount of time spent logging in, good idea for intranet applications

Benefits of OAuth

Secure (sent over SSL), OAuth 2.0 can be used for authentication

Example of SSO

Shibboleth

What is single sign-on?

Single sign-on (SSO)is a user authentication process that permits a user to enter one name and password in order to access multiple applications.

What is authentication?

The credentials system for logging in to a website

Describe a simplified OAuth setup

User shows intent to let a consumer use a resource, consumer contacts the resource for a request token and secret, user is directed to resource with token and secret to authenticate connection, user authenticates and resource swaps request token for an access token, consumer can now access resource without prompting user

What is openID?

"Yet another distributed identity system", an open standard for providing decentralised authentication using your pre existing accounts