Showing posts with label authentication. Show all posts
Showing posts with label authentication. Show all posts

26 September 2007

Open Authentication

Sounds sensible:


The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication.

An example use case is allowing printing service printer.example.com (the Consumer), to access private photos stored on photos.example.net (the Service Provider) without requiring Users to provide their photos.example.net credentials to printer.example.com.

(Via O'Reilly Radar.)

04 July 2007

DomainKeys Identified Mail: A Certain Thing

I'm amazed it's taken so long to come up with this:

DKIM uses digital signatures to authenticate messages. These signatures allow you, or your e-mail service provider, to verify that a message claiming to be from your bank is really from your bank. Without authentication, if I receive an e-mail saying that my account has been compromised and requesting me to verify my personal details, it's a pretty good bet that I should ignore the message. But if I receive the same message and I can prove to my own satisfaction that it came from my bank, then I should probably pay serious attention.

DKIM can offer this proof, and it has just been published by the Internet Engineering Task Force--the group responsible for technical standards on the Internet--as an official Internet standard.