OAuth 2.0 Concepts: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=Internal= * OAuth 2.0") |
|||
Line 2: | Line 2: | ||
* [[OAuth_2.0#Subjects|OAuth 2.0]] | * [[OAuth_2.0#Subjects|OAuth 2.0]] | ||
Identity. | |||
User's presence at the system - means that the user identity is associated with the thread that is processing the user's request, and in a way, it is the user that "drives" the thread. The identity is associated with the thread in the form of a security context. | |||
There are software agents that perform actions ''on behalf'' of the user, and this is where OAuth is relevant - a user can delegate the authority of performing certain actions in a secure way. Even the software agent (the ''OAuth client'') operates under a different identity, it can still perform action on behalf of a user that may not be even logged in anymore. An example of such identity is an [[OpenShift_Security_Concepts#Service_Account|OpenShift service account]]. | |||
Authentication. | |||
Authorization. |
Revision as of 00:22, 12 November 2017
Internal
Identity.
User's presence at the system - means that the user identity is associated with the thread that is processing the user's request, and in a way, it is the user that "drives" the thread. The identity is associated with the thread in the form of a security context.
There are software agents that perform actions on behalf of the user, and this is where OAuth is relevant - a user can delegate the authority of performing certain actions in a secure way. Even the software agent (the OAuth client) operates under a different identity, it can still perform action on behalf of a user that may not be even logged in anymore. An example of such identity is an OpenShift service account.
Authentication.
Authorization.