There has been a lot of online talk about Oauth and OpenID, what they contribute to website / applications security, how they differ and/or are similar. I would like to show how they can jointly contribute to increased security for a website or application. To put a context on this blog, I refer to a previous blog that I wrote on Building in security to websites and apps, where I discussed a selection of OWASP principles of confidentiality, integrity and availability.
Within the scope of OWASP’s availability principle, authorisation and authentication are important and are closely related. OpenID is every much in the authentication area, while Oauth is in the authorisation space.

When a business wants to provide a service via their website or web application, they want to ensure that their users experience a good service without compromising on security. By building in a focus on security from the start when building a website or application, it is possible to ensure a quality and secure user experience. This blog post is about an approach to securing your website/web app, drawing from OWASP principles.