File: Zend_Oauth-Introduction.xml

package info (click to toggle)
zendframework 1.12.9%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: jessie-kfreebsd
  • size: 133,584 kB
  • sloc: xml: 1,311,829; php: 570,173; sh: 170; makefile: 125; sql: 121
file content (46 lines) | stat: -rw-r--r-- 2,717 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
<?xml version="1.0" encoding="UTF-8"?>
<!-- Reviewed: no -->
<sect1 id="zend.oauth.introduction" xmlns:xi="http://www.w3.org/2001/XInclude">
    <title>Introduction to OAuth</title>

    <para>
        OAuth allows you to approve access by any application to your private data stored a website
        without being forced to disclose your username or password. If you think about it, the
        practice of handing over your username and password for sites like Yahoo Mail or Twitter has
        been endemic for quite a while. This has raised some serious concerns because there's
        nothing to prevent other applications from misusing this data. Yes, some services may
        appear trustworthy but that is never guaranteed. OAuth resolves this problem by eliminating
        the need for any username and password sharing, replacing it with a user controlled
        authorization process.
    </para>

    <para>
        This authorization process is token based. If you authorize an application (and by
        application we can include any web based or desktop application) to access your data, it
        will be in receipt of an Access Token associated with your account. Using this Access Token,
        the application can access your private data without continually requiring your credentials.
        In all this authorization delegation style of protocol is simply a more secure solution to
        the problem of accessing private data via any web service <acronym>API</acronym>.
    </para>

    <para>
        OAuth is not a completely new idea, rather it is a standardized protocol building on the
        existing properties of protocols such as Google AuthSub, Yahoo BBAuth, Flickr
        <acronym>API</acronym>, etc. These all to some extent operate on the basis of exchanging
        user credentials for an Access Token of some description. The power of a standardized
        specification like OAuth is that it only requires a single implementation as opposed to many
        disparate ones depending on the web service. This standardization has not occurred
        independently of the major players, and indeed many now support OAuth as an alternative and
        future replacement for their own solutions.
    </para>

    <para>
        Zend Framework's <classname>Zend_Oauth</classname> currently implements a full OAuth
        Consumer conforming to the OAuth Core 1.0 Revision A Specification (24 June 2009) via the
        <classname>Zend_Oauth_Consumer</classname> class.
    </para>

    <xi:include href="Zend_Oauth-ProtocolWorkflow.xml" />
    <xi:include href="Zend_Oauth-SecurityArchitecture.xml" />
    <xi:include href="Zend_Oauth-GettingStarted.xml" />
</sect1>