Thursday, 8 December 2011

Using Trust Association Interceptors with WebSphere Application Server to support OAuth tokens

I saw this on Twitter this morning, thanks to the @LotusEducation account which is ably run by Sonia Malik and Lorraine Ludwicki.

Summary:  Are you looking to share access of your protected resources by becoming an OAuth service provider? This article describes how you can use IBM® WebSphere® Application Server (V7.0 and later) with Trust Association Interceptors (TAI) to accept OAuth tokens for authorizing calls from applications or web sites (consumer) to protected resources. TAIs make it possible to support OAuth alongside other token services, such as LTPA, while meeting WS-Security restrictions. This content is part of the IBM WebSphere Developer Technical Journal.

Intoduction: OAuth (Open Authorization) is an open protocol that permits secure API authorization from desktop and web applications (consumers) by enabling the consumer to act on behalf of a user without requiring the user to provide sensitive account information, such as username and password.

An example of a consumer might be a company that wants to aggregate all of its customers' photos onto a single web page. Rather than asking every user to enter the username/password for each of their photo sharing accounts, the company can act as a consumer and each of the photo sharing web sites can act as service providers and exchange OAuth tokens. This gives the photo aggregator company access to a user's photos without the user potentially compromising the security of their account by giving out username/password information.

No comments: