open authentication (OAuth)

OAuth stands for Open Authentication, a security protocol that allows end users to exchange private documents with other web users via web services without revealing the end user's identity and access authorization. OAuth secures the program interface of Web applications and uses a token to transmit the user's identification and password.

While OpenID, another security protocol, focuses on authentication and identity management, OAuth takes a centralized approach to authorization and data exchange. The approach is expressed in terms of whether a correctly authenticated person is allowed to initiate a particular action with his or her resources stored in a Web service.

As with OpenID, OAuth conceptually represents a three-way relationship between end user, web service and provider. In this constellation, the end user has private resources that it makes available to other web services for their use. The private resources can be documents, photos, videos or addresses. These resources are mostly represented by Representational State Transfer( REST). In this relationship, the web service provides an application to the end user for the use of private resources. This can be, for example, a social network where private photos are shared. Finally, there is the service provider, which can be accessed by all applications. It can perform authentication, but can have this performed by an OpenID provider, as with OpenID. The token, in turn, is the replacement for the username and password and is used to authorize access to private resources.