Nt1310 Unit 1 Lab 2
Deciding on which cybersecurity program to use to protect clients’ login and password is always a gamble. OAuth 1 and OAuth 2 are the two most popular protocols used to safeguard client information. This protocol is used by major corporations including Twitter (Twitter Developers Documentation, n.d.) and Instagram (Authentication, n.d.), OAuth or Open Authorization) is a program which was developed to protect client passwords and information from other third-party applications. Generally, O-Auth protects information through a protocol which requires the third-party system to request a token from the server to access the client’s information without knowing their password. According to Aaron Parecki, the manager of OAuth.net and an experienced O-Auth user, the Open Authorization 1.0 protocol was designed by a small group of developers from several websites and Internet Services (Hammer-Lahav, 2010) in 2007 tasked with standardizing other authorization protocols such as Flickr Auth and Google AuthSub. (Parecki, n.d.; Chae, Choi, Choi, Yae, & Shin, 2015) Parecki continues to describe the beginning of O-Auth 2.0. He says that the objective of OAuth 2.0 was to learn from OAuth 1 and “…update it for the emerging mobile application use…” as well as to streamline certain features which were overly
…show more content…
complicated for some users. (Parecki, n.d.) What Aaron Parecki fails to mention are the security effects of simplifying the OAuth 2.0 program. Eran Hammer, the primary editor for the OAuth 2.0 spec (Parecki, n.d.), withdrew his name from the specification saying “…OAuth 2.0 is a bad protocol…” and it was the “…biggest professional disappointment of my [Eran Hammer’s] career…” (Hammer, 2012).
In this research, I intend to compare what the opportunity cost is of choosing either OAuth 1 or OAuth 2 to a corporation and to the client.
How does OAuth 1 or OAuth 2 impact the bottom line cost to a corporation versus the impact to the client and their privacy? By conducting a quantitative research study, I will survey the top 10 most popular websites based on number of users and document which protocol they use, how much money is spent on implementing cybersecurity measures and finally, how OAuth 1 or OAuth 2 affects the consumer. I will catalog how OAuth 1 or OAuth 2 affects the client by determining how often the user’s personal information is unwillingly
accessed.
References
Authentication. (n.d.). Retrieved from Instagram: https://www.instagram.com/developer/authentication/
Chae, C.-J., Choi, K.-N., Choi, K., Yae, Y.-H., & Shin, Y. (2015, February 1). The Extended Authentication Protocol using Email Authentication in OAuth 2.0 Protocol for Secure Granting of User Access. Journal of Korean Society for Internet Infomation, 1-9.
Hammer, E. (2012, July 25). OAuth 2.0 and the Road to Hell. Retrieved from Hueniverse: https://hueniverse.com/oauth-2-0-and-the-road-to-hell-8eec45921529
Hammer-Lahav, E. (2010). The OAuth 1.0 Protocol. Internet Engineering Task Force, 3. Retrieved from https://tools.ietf.org/html/rfc5849
Parecki, A. (n.d.). OAuth. Retrieved from OAuth: https://www.oauth.com/oauth2-servers/background/
Twitter Developers Documentation. (n.d.). Retrieved from Twitter Developers: https://dev.twitter.com/oauth
complicated for some users. (Parecki, n.d.) What Aaron Parecki fails to mention are the security effects of simplifying the OAuth 2.0 program. Eran Hammer, the primary editor for the OAuth 2.0 spec (Parecki, n.d.), withdrew his name from the specification saying “…OAuth 2.0 is a bad protocol…” and it was the “…biggest professional disappointment of my [Eran Hammer’s] career…” (Hammer, 2012).
In this research, I intend to compare what the opportunity cost is of choosing either OAuth 1 or OAuth 2 to a corporation and to the client.
How does OAuth 1 or OAuth 2 impact the bottom line cost to a corporation versus the impact to the client and their privacy? By conducting a quantitative research study, I will survey the top 10 most popular websites based on number of users and document which protocol they use, how much money is spent on implementing cybersecurity measures and finally, how OAuth 1 or OAuth 2 affects the consumer. I will catalog how OAuth 1 or OAuth 2 affects the client by determining how often the user’s personal information is unwillingly
accessed.
References
Authentication. (n.d.). Retrieved from Instagram: https://www.instagram.com/developer/authentication/
Chae, C.-J., Choi, K.-N., Choi, K., Yae, Y.-H., & Shin, Y. (2015, February 1). The Extended Authentication Protocol using Email Authentication in OAuth 2.0 Protocol for Secure Granting of User Access. Journal of Korean Society for Internet Infomation, 1-9.
Hammer, E. (2012, July 25). OAuth 2.0 and the Road to Hell. Retrieved from Hueniverse: https://hueniverse.com/oauth-2-0-and-the-road-to-hell-8eec45921529
Hammer-Lahav, E. (2010). The OAuth 1.0 Protocol. Internet Engineering Task Force, 3. Retrieved from https://tools.ietf.org/html/rfc5849
Parecki, A. (n.d.). OAuth. Retrieved from OAuth: https://www.oauth.com/oauth2-servers/background/
Twitter Developers Documentation. (n.d.). Retrieved from Twitter Developers: https://dev.twitter.com/oauth