I still like to use the triple A acronym due to its simplicity (!). Not easy to forget. In the context of this post I will state that AAA = Authentication and Authorization. For the sake of accuracy I will also point you to the exact meaning as explained by Techopedia.
Nowadays with the cloud and as-a-service (aaS) paradigm, web2.0, web3.0 applications, APIs, services and/or microservices there comes the three musketeers (in AAA). Everybody heard of them, heck, some (if not all) webdevs are in a close friendship relation with these three musketeers.
Without further due, let’s introduce them: OpenID, OAuth and SAML. Well, yes we did hear about them but why are so important to worth writing this article? Even though they fight for the same cause, each one is doing it in its very own way and a lot of confusion happens. Here I share for myself and others some good resources to explore and help lift the confusion:
- What’s the difference between OpenID and OAuth?
- What is the difference between OpenID and SAML?
- Authentication and Authorization: OpenID vs OAuth2 vs SAML
- Demystifying OAuth 2.0 and OpenId Connect (and SAML)
If you mention the names of our three musketeers on YouTube, you will be rewarded with some nice videos like this.