Hi, I'm also a newbie to OAUTH. This thread has been very educational for me.
I was wondering if it would be possible to write a SAML profile to perform what OAUTH performs (ie. to obtain a user's consent to allow a Consumer to access the user's resources located at an SP). Thanks. /thomas/ On 1/20/09, Paul Madsen <[email protected]> wrote: > > I see them as very different > > Shib defines how to use SAML to pass user attributes from IDP to SP - these > attributes consumed by the SP as input to the SP's authorization decision > for allowing the user access to resources. > > OAuth defines a mechanism by which a SP can obtain a user's consent with > respect to allowing a given Consumer to access his/her resources at that SP, > effectively collecting the user's own authorization decision and manifesting > that in a security token for later presentation. > > paul > > Tom Scavo wrote: > > On Mon, Jan 19, 2009 at 5:42 PM, Jack <[email protected]> > <[email protected]> wrote: > > > I am planning to start a project that will use token authorization and > was wondering what the difference was between OAuth and Shibboleth. So > far, the only thing I gather is that Shibboleth is used more in an > educational environment while OAuth seems more commercial... am I > missing something else here? > > > Shibboleth is an implementation of the SAML Web Browser SSO Profile > [1]. The use case involves a SAML identity provider, a SAML service > provider, and a browser user. The user, wishing to obtain access to a > protected resource at the service provider, first authenticates to the > identity provider (using a password, for instance) to obtain a SAML > assertion, which the browser transmits back to the service provider. > The service provider consumes the SAML assertion, which contains user > identity and other attributes that the service provider can use to > make an access control decision. > > > > They seem to do very similar things, but > what are the advantages/disadvantages of using one or the other? > > > I only have a vague idea what OAuth is about, so I can't really > compare the two, sorry. > > Tom > > [1] http://wiki.oasis-open.org/security/Saml2TechOverview > > > > > -- > Paul Madsen e:paul.madsen @ gmail.com > p:613-482-0432 > m:613-282-8647 > aim:PaulMdsn5 > web:connectid.blogspot.com > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
