OAuthHub - A Service for Consolidating Authentication Services

OAuth has become a widespread authorization protocol to allow inter-enterprise sharing of user preferences and data: a Consumer that wants access to a user's protected resources held by a Service Provider can use OAuth to ask for the user's authorization for access to these resources. However, it can be tedious for a Consumer to use OAuth as a way to organize user identities, since doing so requires supporting all Service Providers that the Consumer would recognize as users' "identity providers". Each Service Provider added requires extra work, at the very least, registration at that Service Provider. Different Service Providers may differ slightly in the API they offer, their authentication/authorization process or even their supported version of OAuth. The use of different OAuth Service Providers also creates privacy, security and integration problems. Therefore OAuth is an ideal candidate for Software as a Service, while posing interesting challenges at the same time. We use conceptual modelling to derive new high-level models and provide an analysis of the solution space. We address the aforementioned problems by introducing a trusted intermediary - OAuth Hub - into this relationship and contrast it with a variant, OAuth Proxy. Instead of having to support and control different OAuth providers, Consumers can use OAuth Hub as a single trusted intermediary to take care of managing and controlling how authentication is done and what data is shared. OAuth Hub eases development and integration issues by providing a consolidated API for a range of services. We describe how a trusted intermediary such as OAuth Hub can fit into the overall OAuth architecture and discuss how it can satisfy demands on security, reliability and usability.