Modern Security
OAuth 2.0, OpenID Connect 1.0 and JWT are considered modern security mechanisms that are needed to help mobile and tablet devices to be used by clients. They replace traditional technologies like WS-*, WS-Trust, SOAP, SAML and XML.
OAuth 2.0
- OAuth allows secure authorization (i.e. what can a client do), typically to an HTTP-based service. A token is provided to the client that the client passes to the resource that is used to establish their authorization (what they can do)
- OAuth is an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications
OpenID Connect 1.0
- OpenID Connect provides authentication by providing tokens that a client passes to establish their authentication (i.e. who they are).
- OpenID 1.0 Connect is a simple identity layer on top of the OAuth 2.0 protocol.
JWT (JSON Web Tokens)
- JWT