Scribd
Upload
16 views8 pages

Unit II - Authentication - Authorization

The document outlines the concepts of authentication and authorization in distributed systems security, emphasizing that authentication verifies user identity while authorization determines access rights. It introduces OAuth2 as an authorization framework that enhances security by allowing limited access to user resources without sharing credentials. Additionally, it highlights the benefits of OAuth2, including credential exposure reduction, granular permissions, token management, and its application in social media logins, API access, and single sign-on (SSO).

Uploaded by

studybunkers
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
16 views8 pages

Unit II - Authentication - Authorization

The document outlines the concepts of authentication and authorization in distributed systems security, emphasizing that authentication verifies user identity while authorization determines access rights. It introduces OAuth2 as an authorization framework that enhances security by allowing limited access to user resources without sharing credentials. Additionally, it highlights the benefits of OAuth2, including credential exposure reduction, granular permissions, token management, and its application in social media logins, API access, and single sign-on (SSO).

Uploaded by

studybunkers
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 8

Authn / Authz

Distributed Systems Security


Authentication and Authorisation
Authentication
Verifies that a user is who they say they are. For example, a user might provide a
username and password to log in to a system.

Authorization
Determines what a user can access and what actions they can perform within a
system. Authorization is based on the user's identity, which is confirmed during
authentication.
Some more points
Authentication is a prerequisite to authorization: Authentication must be completed
before authorization can take place.
Authorization permissions are set by the system owner, administrator or manager:
Users can't change authorization permissions, but they can request changes.
Authorization can be based on environmental and resource attributes. For
instance, access might be restricted to specific environments such as
development or staging, with production access being denied.
Oauth2
OAuth2 (Open Authorization 2.0) is an authorization framework that allows third-
party applications to obtain limited access to user resources without exposing user
credentials.
It provides a secure and standardized way for applications to gain access to user
data by delegating the authorization process to trusted authorization servers.
OAuth2 is widely used for enabling single sign-on (SSO) and accessing APIs on
behalf of users.
Problems it solves
Credential Exposure: OAuth2 eliminates the need for users to share their
passwords with third-party applications, reducing the risk of credential theft.
Granular Permissions: It allows users to grant applications specific access rights
(scopes) to their data, such as read-only access or limited write access.
Token Management: OAuth2 uses access tokens that can be short-lived and
refreshed, improving security compared to long-lived credentials.
Authorization Separation: It separates the roles of authentication and
authorization, allowing for more flexible and scalable security models.
Oauth2
Example applications
Social Media Logins: Platforms like Facebook, Google, and GitHub use OAuth2 to
enable users to log in to various websites and apps with their social media
accounts.
API Access: Services like Twitter, GitHub, and Spotify use OAuth2 to allow
developers to build applications that interact with their APIs on behalf of users.
Single Sign-On (SSO): OAuth2 is commonly used in enterprise environments to
provide SSO capabilities, enabling users to access multiple services with a single
login.

You might also like