On Mon, Jan 19, 2009 at 5:42 PM, Jack <[email protected]> wrote: > > I am planning to start a project that will use token authorization and > was wondering what the difference was between OAuth and Shibboleth. So > far, the only thing I gather is that Shibboleth is used more in an > educational environment while OAuth seems more commercial... am I > missing something else here?
Shibboleth is an implementation of the SAML Web Browser SSO Profile [1]. The use case involves a SAML identity provider, a SAML service provider, and a browser user. The user, wishing to obtain access to a protected resource at the service provider, first authenticates to the identity provider (using a password, for instance) to obtain a SAML assertion, which the browser transmits back to the service provider. The service provider consumes the SAML assertion, which contains user identity and other attributes that the service provider can use to make an access control decision. > They seem to do very similar things, but > what are the advantages/disadvantages of using one or the other? I only have a vague idea what OAuth is about, so I can't really compare the two, sorry. Tom [1] http://wiki.oasis-open.org/security/Saml2TechOverview --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
