Oauth and its uses
Open Authentication means an authentication system which will allow users to share their private resources in a site without using their user name and password. The requests are received from all types of devices to a remote application or web service for processing of information.
Nowadays requests are not only from standard computers but also from many types of mobile devices like smart cards, mobile phones, laptops etc. So, using Open Authentication can make these devices strong authentication devices.
What is the need for Oauth?
If it is possible to implement an authentication protocol for less than $10 then it will reduce the possibility of credit card fraud, it can reduce the cost of merchants, card associations and finally consumers.
It will increase user privacy by providing unique credentials without reentering the name or security number etc. Open Authentication means authenticate system which will allow users to share their private resources without sharing the user name/password/account details.
Vision for Oauth
The vision of Oauth concentrates on three important areas. They are
Credential and Security Devices – (SIM based, Public Key and OTP).
Authentication protocol framework
Credential provisioning and validation
The primary aim is to provide an all-in-one-security device, which can embed many basic authentication methods (for example authentication, encryption, signing, secure storage and physical access)
In the above mentioned methods, OTP is used in web applications for communication remote web services. For example Google Accounts, Facebook, Twitter, LinkedIn social networks can be accessed through Oauth.
In future Oauth maybe the only option for remote application access instead of conventional API methods. It is more advantageous than the API method of contacting the remote application. In API methods, different applications will follow different standards and authentication procedures and the password or access id will last only for a limited period. But in Oauth, there is a single standard for all types for report application access and one time registering and life long access id and secret key. Now most of the open applications and social networks give provision for Oauth.