<div>
<div class="content wysiwyg-content">
I have been reading about OAuth, and not quite sure I understand.<br />
<br />
From what I read, the following is what I think is going on:<br />
<br />
The client (someone with a browser), tries to access a web service. &nbsp;The Web Service routes the request to a Identify Provider (or Authentication server). &nbsp;The user logs into the Identity provider. &nbsp; &nbsp;The Identity provider sends a token to the web service. &nbsp;This token says the user is trusted, and can stay logged in. &nbsp;The web service can now check the token to see what actions the user is authorized for.<br />
<br />
Is this correct. &nbsp;Am I missing something?<br />
<br />
Is there encryption involved ? &nbsp;If so where<br />
<br />
Thanks
</div>
</div>


I have been reading about OAuth, and not quite sure I understand.

From what I read, the following is what I think is going on:

The client (someone with a browser), tries to access a web service.  The Web Service routes the request to a Identify Provider (or Authentication server).  The user logs into the Identity provider.    The Identity provider sends a token to the web service.  This token says the user is trusted, and can stay logged in.  The web service can now check the token to see what actions the user is authorized for.

Is this correct.  Am I missing something?

Is there encryption involved ?  If so where

Thanks

OAuth

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Java is a platform-independent, object-oriented programming language and run-time environment, designed to have as few implementation dependencies as possible such that developers can write one set of code across all platforms using libraries. Most devices will not run Java natively, and require a run-time component to be installed in order to execute a Java program.

Java

A Web service is a method of communication between two electronic devices over a network. It is a software function provided at a network address over the Web with the service always on as in the concept of utility computing. A web service has an interface described in Web Services Description Language (WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP (Simple Object Access Protocol) messages. There are two major classes of Web services: REST-compliant web services, and Arbitrary web services.