api - OAuth 2.0 two-legged authentication vs SSL/TLS -


i have 2 enterprise servers need communicate in secure way, , comparing using ssl (with client/server certs validate both sides) vs two-legged authentication using oauth 2.0 (optionally mac tokens or jwt tokens).

historically oauth seems have been created totally different purpose (the 3-legged case user allowing service access data somewhere), , although two-legged integrated oauth 2.0 spec, have seen two-legged oauth 2.0 doesn't seem offer additional protection on ssl.

the point can think of oauth potentially easier configure ssl, , easy make mistakes things accepting bad ssl certs can compromise security. not sure if reason enough go oauth.

note mention these separate options, think using oauth entail using on top of https/ssl, both used.

is there real advantage of using oauth 2.0 two-legged scheme server-to-server communication (no user involved)?

note: did find a similar post here, quite old don't feel gave satisfactory answer on matter.

i'll respond comment:

my question that, assuming using ssl proper client/server certs identify each machine, value using oauth (2 legged or similar) on top of authorize servers 1 (assuming there no user involved). – locksleyu

summary: wouldn't bother doing both.

details: 2-legged oauth secure consumer secret is. mutual auth ssl secure private key. assume you'll storing these in encrypted store on each server. both stored in same place see no additional security comes adding oauth.

now if considering choice between mutual auth ssl , standard ssl authentication, perhaps oauth can play role there. go whichever of options seems easier. if have oauth system in place , can add server auth it, perhaps that's way go. otherwise, go mutual auth ssl. tends bit of hassle configure works , once set up.


-

Comments

Post a Comment

Popular posts from this blog

css - SVG using textPath a symbol not rendering in Firefox -

using textpath within symbol doesn't render in firefox. renders fine in latest chrome , ie, when try reference symbol, svg text doesn't render in firefox (37.0.1) - first box appears empty. code below (no external dependencies), there should 2 boxes word test flowing vertically in centre of each. edit: thought issue somehow involved flexbox layout, until paul pointed out issue exists without flexbox layout. the html is: <div> <svg id="not_working" viewbox="0 0 250 1200" preserveaspectratio="xmidymid meet"> <symbol id="test_symbol1" preserveaspectratio="xmidymid meet" viewbox="0 0 250 1200"> <path id="test_symbol_path" d="m 100 1200 l 100 0" /> <text font-size="100" fill="red"> <textpath text-anchor="middle" startoffset="50%" xlink:href="#test_symbol_path...
Read more

Java 8 + Maven Javadoc plugin: Error fetching URL -

i attempting generate javadoc links javadoc dependencies. have tried various means generate javadoc not produce qualified class names references classes dependencies. wanted links java doc simplified class names. however, java api classnames, no links , have qualified class names. working java 8. have following configuration: <plugin> <groupid>org.apache.maven.plugins</groupid> <artifactid>maven-javadoc-plugin</artifactid> <version>2.10.2</version> <configuration> <reportoutputdirectory>${project.basedir}/target</reportoutputdirectory> <destdir>javadoc</destdir> <windowtitle>epiphany</windowtitle> <doctitle>epiphany</doctitle> <show>private</show> <detectlinks>false</detectlinks> <detectoffline...
Read more

order - Notification for user in user account opencart -

thanks helps or points me in right direction. i want show pending notification user in account page after login. notification show when order status pending. after changing other status admin remove notification. this notification show like: your order id: order status: , [ button custom url] if multiple order show multiple order id. open cart version 1.5.6.3 custom theme. $this->load->model('account/order'); $results = $this->model_account_order->getorders(); foreach ($results $result) { $product_total = $this->model_account_order->gettotalorderproductsbyorderid($result['order_id']); $voucher_total = $this->model_account_order->gettotalordervouchersbyorderid($result['order_id']); if( $result['status'] =! 5){ // 5 order status means completed $this->data['orders'][] = array( 'order_id' => $result['order_id'], ...
Read more