Denny Figuerres Software and stuff

Where I post stuff that's on my mind

Auth / AAA

three words that start with "A" that come up in most talks about logins and such:





Now each has a place and we need all of them.

short nicknames like "OAuth" lead to a lot of confusion, I think the term was a poor choice but I can also see how they got there.

OAuth is "Authorization" not "Authentication" the first thing that a new developer learns about it.

I think this got started as we have multiple companies that each want to keep data on "who you are" and social net works want to be well "Social" so they tend to want to share or exchange some of that "who are you" stuff....  but they and the applications that build on them want to keep other data on "What can you do" ok I get that bit...

but what happened to the "Authentication" part?   I can't know who you are or what I will let you do unless we can prove that you are who you say you are....

after that we start talking about Open ID and all kind of other stuff...

this might all be good if you are the next facebook but what if you are just building an app and your boss said that we need OAuth cuz he heard it was the way to go?

might be that we need to have a talk about how that new buzzword is the wrong thing for the job at hand... not a fun talk to have if you just got hired!

This is where the story starts...   More to come.

Oauth, OpenID Connect, Developers and "AAA"

I am starting to work on a longer set of posts on this but here is a first pass:

TLDR:  developers want a simple to install and manage solution for handling user logins, api call permissions and mapping roles. Oauth and Open ID are standards that seem to be the result of committee that had no input from a real world developer trying to make something that works.  the number of confusing terms used and different meanings and different "flows" and "Clients" and "Token Types" creates a jungle of things for the developer who just wants to get his  or her job done.

Later I will compare this with an OLD thing called "RADIUS" that was used in the days of Dialup and how it covered a lot but was very simple to use.  then I want to talk about what I think most of us want and is there anything out there that is a better fit.



Welcome to my new blog site.

Sorry but I have not yet got everything setup so give it a day or two....