What are the modern methods of user authentication?

Question

I am planning a web service and am a little versed in what are the current methods of securely authenticating users.

Is what Google and Facebook consider standard?

+3

mvbl fst Apr 17 '10 at 22:40

2 answers

, , , , , . .

-, ( ),

, , , ,

+1

Henri 17 . '10 22:48

Donal Fellows · Accepted Answer · 2010-04-17T23:12:51+0000

Authentication to a "web service" ... Do you mean SOAP / HTTP (S) or a web page? The answers are different in two cases!

For SOAP / HTTPS, you are talking using the WS-Security suite with SAML / XACML tokens. Permissions can be obtained in several ways, such as Kerberos or VOMS. This is clearly non-trivial, and you will need to find out what all the other parts are in the “ecosystem” of services, and ensure that you interact with it.
- OpenID Shibboleth , . , OpenID , Shibboleth ( , - ).

-, -, , OpenID , . ! ( , , .)

[EDIT]: , , . , , -, , . , HTTPS, , HTTPS, -XSS ( SO!)