New OAuth toolkit

Layer 7 Technologies unveiled its OAuth Toolkit, an enterprise-class solution to provide a generalized framework for handling a broad range of OAuth scenarios across cloud, Web and mobile applications.

OAuth is a simple way to interact with published data, and is a popular method to allow secure API authorization. Based on an open protocol, OAuth supports cloud-to-cloud interactions and cross-domain federated single-sign on (SSO) in a Web browser, enabling websites to provide a more streamlined user login experience with the additional benefits of enhanced privacy and security.

Real-world implementations of OAuth have proved to be varied, especially implementations based on the draft specifications of OAuth 2.0, which change frequently in concert with ongoing draft updates.

As the OAuth security standard evolves, enterprises require increased flexibility for OAuth implementations with an eye to adapting their support over time.

With the Layer 7 OAuth Toolkit, enterprises and cloud service providers can:

• Implement the policy and identity STS controls to handle a wide range of OAuth token operations and credential types, including HMAC-SHA1 or RSA-SHA1 signature methods, SAML and the OAuth WRAP specification
• Mix and match how they implement OAuth with SAML
• Drop in new signature and credential methods without changing their APIs.

Layer 7’s OAuth Toolkit supports a variety of standards, including OAuth 1a, OAuth 2.0, SAML 1.1, SAML 2.0, WS-Trust, REST and JSON, among others.