Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

OAuth, SAML, Query APIs, oh my - Finding the right Cloud integration standard

DZone's Guide to

OAuth, SAML, Query APIs, oh my - Finding the right Cloud integration standard

· Cloud Zone
Free Resource

Deploy and scale data-rich applications in minutes and with ease. Mesosphere DC/OS includes everything you need to elastically run containerized apps and data services in production.

I've written an article for SD Times about the proliferation of standards for Cloud security. In the article I mention the Amazon Query API method of authentication, which although not an actual standard, has become something of an "industry standard" for authentication to Cloud-based APIs. It is widely used, not least for Amazon's own APIs of course.

The article didn't allow space for message examples, but here in this blog I can show an example of the Amazon Query API. This request is generated by a Vordel Gateway, acting as a client in this case. You can see that the request contains an "Authorization" header which is an HMAC signature computed over data including the URL, the timestamp, and the nonce ("number once" - a value which changes with each request, to combat capture-replay attacks). The signature is created using a shared secret key. An advantage of the Query API is that it is *much* smaller than using XML Signature, for example. It is also RESTful, because the request is a regular HTTP POST with the parameters passed as HTTP parameters. In effect it mimics a HTML Form POST. Here is the example below:

GET /ProcessAPIRequest HTTP/1.1
Connection: keep-alive
Transfer-Encoding: chunked
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20100101 Firefox/5.0
timestamp: 110708054739159GMT
Nonce: Id-0000013108497d0e-0000000001bed3d1-57
encryption_type: HmacSHA1
client_ref_id: client
Authorization: MGJ4aVdxeTIwWXltNTNSSUIvQW9vT2xOOE1BPQ==
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Via: 1.1 Dell-PC (Gateway)
Host: 127.0.0.1:7071
Content-Type: application/x-www-form-urlencoded

firstname=fname&lastname=lname&id=xyz

Discover new technologies simplifying running containers and data services in production with this free eBook by O'Reilly. Courtesy of Mesosphere.

Topics:

Published at DZone with permission of Mark O'Neill, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}