<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (DennisLaumen)</title>
    <link>https://pinboard.in/u:DennisLaumen/public/</link>
    <description>recent bookmarks from DennisLaumen</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="http://blog.pivotal.io/cloud-foundry-pivotal/products/securing-restful-web-services-with-oauth2"/>
	<rdf:li rdf:resource="http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/"/>
	<rdf:li rdf:resource="http://openidconnect.com/"/>
	<rdf:li rdf:resource="http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="http://blog.pivotal.io/cloud-foundry-pivotal/products/securing-restful-web-services-with-oauth2">
    <title>Securing RESTful Web Services with OAuth2</title>
    <dc:date>2014-07-31T09:51:26+00:00</dc:date>
    <link>http://blog.pivotal.io/cloud-foundry-pivotal/products/securing-restful-web-services-with-oauth2</link>
    <dc:creator>DennisLaumen</dc:creator><description><![CDATA[As an active committer on Spring Security OAuth and the Cloud Foundry UAA, one of the questions I get asked the most is: “When and why would I use OAuth2?” The answer, as often with such questions, is “it depends.” However, I must admit, there are some features of OAuth2 that make it compelling in a wide variety of situations, especially in systems composed of many lightweight web services. This article guides you through updating a system to be secured with OAuth2 and the decision points for choosing to build such a system.
]]></description>
<dc:subject>oauth rest</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:DennisLaumen/b:57652483fb67/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:oauth"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:rest"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/">
    <title>Designing a Secure REST (Web) API without OAuth</title>
    <dc:date>2013-03-29T17:07:30+00:00</dc:date>
    <link>http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/</link>
    <dc:creator>DennisLaumen</dc:creator><description><![CDATA[You want to develop a RESTful web API for developers that is secure to use, but doesn’t require the complexity of OAuth and takes a simple “pass the credentials in the query” approach… or something equally-as-easy for people to use, but it needs to be secure.

You are a smart guy, so you start to think…

]]></description>
<dc:subject>oauth rest security hmac programming</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:DennisLaumen/b:ec19825d7515/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:oauth"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:rest"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:hmac"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:programming"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://openidconnect.com/">
    <title>OpenID Connect</title>
    <dc:date>2010-05-17T17:58:43+00:00</dc:date>
    <link>http://openidconnect.com/</link>
    <dc:creator>DennisLaumen</dc:creator><description><![CDATA[Did you know that OpenID was last updated in 2007? Since then we've seen OAuth 1.0 and 2.0. Facebook Connect. OpenSocial. Google FriendConnect. Rich address book APIs. And more recently, Twitter @anywhere.

In 2005 I don't think that Brad Fitzpatrick or I could have imagined how successful OpenID would become. Today there are over 50,000 websites supporting it and that number grows into the millions if you include Google FriendConnect. There are over a billion OpenID enabled URLs and production implementations from the largest companies on the Internet.

But we as a community must be willing to take a step back and realize that there's still a long way to go. The early draft below is meant to inspire and help revitalize the OpenID community. It isn't perfect, but hopefully it's a real starting point. It is designed to be modern, removing support for features which haven't seen adoption and adding support for things like using your email address as your identity.]]></description>
<dc:subject>openidconnect oauth openid internetidentity</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:DennisLaumen/b:af6c6054dd15/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:openidconnect"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:oauth"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:internetidentity"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/">
    <title>Two tastes better together: Combining OpenID and OAuth with OpenID Connect</title>
    <dc:date>2010-05-17T17:56:32+00:00</dc:date>
    <link>http://factoryjoe.com/blog/2010/05/16/combing-openid-and-oauth-with-openid-connect/</link>
    <dc:creator>DennisLaumen</dc:creator><description><![CDATA[On Friday, David Recordon, one of the original authors of OpenID, released a single-page specification for OpenID Connect, a concept that I outlined on this blog in January before I joined Google.

I’m particularly excited about this early proposal because it builds on all the great progress that the community has made recently on a litany of technologies, including OAuth 2.0 and the link-based resource descriptor format (LRDD) and its emerging JSON-based variant (JRD).

But I’m most excited about OpenID Connect because it forces the OpenID community to evaluate the progress we’ve made over the last three years (OpenID 2.0 was introduced in 2007) and to think critically about where we go next, and how we get there, given what the market has indicated it wants.]]></description>
<dc:subject>openid oauth chrismessina internetidentity</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:DennisLaumen/b:1a47f4c428f7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:openid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:oauth"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:chrismessina"/>
	<rdf:li rdf:resource="https://pinboard.in/u:DennisLaumen/t:internetidentity"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>