Authorization Terms You Hear A Lot
If you are a developer or not, you might come across some scaring abbreviations when signing your email or social media accounts like SSO, OAuth etc. Ever wondered what service in the background passes your gmail credentials to login into third-party applications?
Let's see what some of these terms mean:
- SSO - Single Sign-On (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.
- SAML -
SAML (Security Assertion Markup Language) is an umbrella standard that encompasses profiles, bindings and constructs to achieve Single Sign On (SSO), Federation and Identity Management. OAuth (Open Authorization) is a standard for authorization of resources. It does not deal with authentication.
SAML SSO works by transferring the user's identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents. The user wants to log in to a remote application, such as a support or accounting application (the service provider). - OAuth -
OAuth is an open standard for authorization, commonly used as a way for Internet users to log into third party websites using their Microsoft, Google, Facebook or Twitter accounts without exposing their password.
To Start, OAuth is not the same thing as Single Sign On (SSO). While they have some similarities — they are very different. OAuth is an authorization protocol. SSO is a high-level term used to describe a scenario in which a user uses the same credentials to access multiple domains. - Auth0 - Auth0 provides authentication and authorization as a service. It gives developers and companies the building blocks they need in order to secure their applications, without having to become security experts.
- JWT - A JSON Web Token (JWT) is a means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS) and/or encrypted using JSON Web Encryption (JWE).
In other words, JWT is a JSON object as a safe way to represent a set of information between two parties. The token is composed of a header, a payload, and a signature. The authentication server then creates the JWT and sends it to the user. - PCI - The Payment Card Industry Data Security Standard (PCI DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment, and store, process and transmit cardholder data, you need to host your data securely with a PCI compliant hosting provider.
No comments: