开发者

Difference between Claims vs OAuth

What is the difference between Claims based authentication vs What is provided by OAuth.

I am looking for conceptual difference and not technical difference. When do I choose Claims over OAuth and vice versa.

Claims based authentication is proposed by Microsoft and build on top of WS-Security. But OAuth is more a open source protocol that is being proposed to allow fetching resources from different portals based on a security token.

Claims also has this concept of 开发者_如何学Ctoken (SAML encoded or X509 certificates).

I am trying to understand when do I choose Claims over OAuth and vice versa.

Thanks


Claims-based identity is a way of decoupling your application code from the specifics of identity protocols (such as SAML, Kerberos, WS-Security, etc). It is not only for web applications and is implemented as a .NET library / framework called WIF.

OAuth is a specific protocol by which one web site can obtain user consent to access their private data on another web site.

It is not really the case that you would choose one or the other, in fact they are complementary. Potentially you could use both at once, if you were building a .NET web app that performed OAuth via the WIF.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜