To insure security we are implementing a authentication and authorization system for ours users. It has been determined that this will be done using Bearer Authentication using the OAuth 2.0 standard
Determine whether we should implement this OAuth 2.0 standard ourselves or use a third party like Google
ASP.NET Identity have tools for implementing the OAuth 2.0 authentication protocols ourselves. However it also has tools to work and connect to a third party's implementation of the OAuth 2.0 authentication protocols, like Google and Facebook. Determine which is better for our system based on our earlier discussion(see below).
What should be written?
Argumentation for the chosen implementation of the OAuth 2.0 authentication protocol for our Web Service.
From earlier discussion:
The group does not have a factual preference for either solution, but there is a slight personal preference to create our own solution. Therefore the solution should be based on which solution is the easiest and fastest to implement. The ease of implementation is especially important if we do it ourselves, as research show that most security exploits is due to failing to implement the OAuth 2.0 standard properly.
To insure security we are implementing a authentication and authorization system for ours users. It has been determined that this will be done using Bearer Authentication using the OAuth 2.0 standard
Determine whether we should implement this OAuth 2.0 standard ourselves or use a third party like Google ASP.NET Identity have tools for implementing the OAuth 2.0 authentication protocols ourselves. However it also has tools to work and connect to a third party's implementation of the OAuth 2.0 authentication protocols, like Google and Facebook. Determine which is better for our system based on our earlier discussion(see below).
What should be written? Argumentation for the chosen implementation of the OAuth 2.0 authentication protocol for our Web Service.
Relevant links: OAuth2 documentation, note we are using it with bearer tokens
From earlier discussion: The group does not have a factual preference for either solution, but there is a slight personal preference to create our own solution. Therefore the solution should be based on which solution is the easiest and fastest to implement. The ease of implementation is especially important if we do it ourselves, as research show that most security exploits is due to failing to implement the OAuth 2.0 standard properly.
Related Issues: