Authentication/Authorization Protocols

Whoever gets his hand dirty for developing applications needs to handle some form of authorization/authentication in the first place. There are different protocols which gave developers ways to go for different needs and options. OpenId, OAuth and SAML are just some of them that I've had to face so far. Each exhibits different traits and differs in terms of purpose, functionality and the implementation. I'll lay down some of these traits for OAuth and OpenId below.

OAuth
OAuth is designed to solve authentication problem of an application who wants to use the data and functionalities of the provider. In this case provider can be Twitter or Facebook and they provide APIs to access user's data. In OAuth, provider returns an access token which provides the application the ability to access user's data on behalf of him. Since access token is used as primary measure of authorization, application don't need to see user's username and password. OAuth protocol is currently in version 2 which differs from the first one in terms of security and complexity. V2 supports security by SSL while the v1 expect application to provide this. So it is a huge win for v2. Twitter, Facebook and Google all supports v2 now.

OpenId

OpenId is another standart protocol which is used for authorization (as opposed to OAuth which is used for authentication mostly) in a decentralized manner. The basic logic behind OpenId is to eliminate the need for implementing sometimes complex and obscure authorization module for applications. Basically this is delegated to some third party namely OpenId providers. User can register himself through these providers and use the same username and password for authorization to another application. Google, Yahoo and IBM are just some of the providers...