OAuth is an authorization framework that allows a resource owner to grant permission for access to their resources without the sharing of credentials, and to provide limited access to resources hosted by web-based services accessed over HTTP. This is not to be confused with Web services and service-oriented architecture (SOA). While these architectures exist in a vast array of implementations, OAuth is more focused on the emerging Web 2.0 infrastructure and the popularity of APIs that exist to provide customizable access to an organization’s applications.

For example, eBay® provides an API to provide enhanced shopping experiences by integrating with third-party applications. Twitter® and Facebook® provide APIs that extend their applications by providing content sharing capabilities. Each of these integrations requires focused attention on all aspects of security and the need to consider all access to be untrusted until proven otherwise.

In established implementations, resources are protected and accessed by providing credentials that can be authenticated, which a resource server can use to authorize access to the resource. If a resource owner wishes to grant access to a third-party, credentials must be provided, authenticated, and access authorized by the authorization service that protects the resources. Check all Using OAuth on IBM WebSphere DataPower Appliances