tag:blogger.com,1999:blog-1469590520597310377.post2816487115316373240..comments2024-02-28T11:01:34.368+00:00Comments on Thoughts on development & design: Securing your API for mobile accessRobhttp://www.blogger.com/profile/01080851737011489428noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-1469590520597310377.post-30148330978425994792015-11-05T08:58:05.624+00:002015-11-05T08:58:05.624+00:00OUATH is a delegated identity authorization protoc...OUATH is a delegated identity authorization protocol with 4 participants. I believe, one has to have an authentication layer on top of it if you'd like to leverage OUTH like for eg:; openId connect. I'm not sure whether you can do authentication with OUTH alone. Authentication can also be done using protocols like STS, SAML (within enterprise), PKI. At this point, we've a requirement to authenticate subject using multi-factor authentication from devices like mobile. Please share inputs if you've been able to do it with OUTH as i can easily secure end-point resources like SOA implementation using REST using CMS (container managed security) using Authorization header (Basic, Digest, client-cert) etc., Which authorization grant are you planning to use to authenticate subject?ashhttps://www.blogger.com/profile/13906028624195723255noreply@blogger.com