Authentication - Understanding The Purpose Of TLS, Open ID ...

Trang chủ » Ch.tls » Authentication - Understanding The Purpose Of TLS, Open ID ...

Có thể bạn quan tâm

Agree & Join LinkedIn

By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.

Sign in to view more content

Create your free account or sign in to continue your search

Sign in

Welcome back

Email or phone Password Show Forgot password? Sign in

or

By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.

New to LinkedIn? Join now

or

New to LinkedIn? Join now

By clicking Continue to join or sign in, you agree to LinkedIn’s User Agreement, Privacy Policy, and Cookie Policy.

LinkedIn

LinkedIn is better on the app

Don’t have the app? Get it in the Microsoft Store.

Open the app Skip to main content 3 min read
Authentication - Understanding the Purpose of TLS, Open ID Connect, SAML, and OAuth 2.0

Comparing TLS and OAuth 2.0 sounds like comparing apples and pears for seasoned security experts. Still, it is a great way to illustrate the various facets of authentication in complex, open, and interconnected IT landscapes.

While OAuth 2.0 is on the application layer, TLS is on the network layer – and authentication is not the only objective of TLS. The Transport Layer Security (TLS) protocol, the successor of the Secure Sockets Layer (SSL) protocol, aims for securing network connections in two ways:

  • · Encrypting the traffic against eavesdroppers on the internet
  • · Validating the authenticity of the counterparty

Authentication in TLS refers to URLs (only in exceptional cases of IP addresses). More precisely: the organization behind the URL is the counterparty one expects. If a customer surfs to https://www.axa.ch, TLS gives customers the trust that he is really on a legitimate webpage. Servers present an SSL certificate to the callers to prove the identity of the organization behind the URL.

Critical in this setup are certification authorities. I myself must not be able to get a certificate for web pages of the Swiss government. Therefore, certification authorities validate a company’s or an individual’s request for a certificate. They have to filter out criminals trying to get a certificate, making a copycat webpage look legitimate.

The TLS protocol helps for machine-to-machine interaction use cases as well. In such a scenario, engineers rely on a variant validating the recipient’s identity and the caller’s identity. Both parties must present valid SSL certificates (Mutual TLS or, short, mTLS).

The Open Authorization protocol – short OAuth 2.0 - has a different focus. It is an authorization protocol that also covers authentication. Users can grant applications access to information and resources on a social media platform or in another application. The benefit for the user: he does not have to type in his CV, he imports the data from his LinkedIn profile – or she can import Facebook pictures to a dating app without having to search them on their mobile phone – and without unveiling their social media credentials to the applications. It is up to the social media platform what their APIs support, aka, interoperability to the terns, conditions, and fine print of the social media platform. In practice, a solution redirects the user to the login page of the social media platform; the user identifies herself with the password, thereby granting the solution access to the user’s data as defined in the request and confirmed by the user.

Recommended by LinkedIn

SSL/TLS Certs Reduced From 398 Days To 47 Days By 2029 SSL/TLS Certs Reduced From 398 Days To 47 Days By 2029 The Cyber Security Hub™ 8 months ago Microsoft Conditional Access: Implementation Considerations and Common Mistakes Microsoft Conditional Access: Implementation… Anders Ahl 6 months ago Security News Daily 13.10.2025 Security News Daily 13.10.2025 Wojciech Ciemski 2 months ago

OAuth 2.0 sounds tempting for every app that wants to personalize the user experience and provide user-specific access to data and services. So, why not use OAuth 2.0 and let the users go via a social media platform to identify them? Not OAuth 2.0 is the suitable protocol for such use cases, Open ID Connect is. It is a protocol derived from OAuth 2.0. Applications can verify a user’s identity using Facebook, LinkedIn, Google, or other identity providers without the users having to grant the application any access to their actual social media profile and information there.

Finally, there is SAML, the Security Assertion Markup Language. Like Open ID connect, SAML relies on an identity provider to validate a user’s identity. However, its primary purpose is enabling single sign-on within an organization (or for users of well-integrated partners). A user authenticates himself when logging in to his laptop. Afterward, he can start all applications he should have access to and see his data without typing in his password another time. In such a context, the company’s Active Directory apparently acts as an identity provider.

As table 1 summarizes, SAML, OAuth 2.0, Open ID Connect, and TSL are all state-of-the-art protocols with different purposes. Before choosing any of them, checking whether the use case matches the strength of a particular protocol is highly advisable.

No alt text provided for this image

 

Like Like Celebrate Support Love Insightful Funny Comment
  • Copy
  • LinkedIn
  • Facebook
  • X
Share 1 Comment Riyas Hussain, graphic Riyas Hussain 2y
  • Report this comment

Auth explained in plain English - thanks!!

Like Reply 1 Reaction

To view or add a comment, sign in

More articles by Klaus Haller

  • December Update Nov 30, 2025

    December Update

    Hi everyone, I’ve got a couple of updates today that I think you’ll find genuinely valuable—whether you’re deep into…

  • On AI Agents, Identities, and Chocolates Nov 27, 2025

    On AI Agents, Identities, and Chocolates

    This morning, I attended Okta’s event on AI Agents and Identity, Oktane on the Road, hosted in the legendary Lindt…

    1 Comment
  • The Fall of Public CAs for Machine-to-Machine Authentication Nov 2, 2025

    The Fall of Public CAs for Machine-to-Machine Authentication

    Still believing machine-to-machine certificates behave like web server certificates? Then, I have some bad news for…

  • Where Trust Begins—and Ends: Reflections on Web Certificates and Trust Nov 1, 2025

    Where Trust Begins—and Ends: Reflections on Web Certificates and Trust

    You already know TLS and mTLS. You can distinguish a self-signed certificate from an organization-validated one before…

  • OpenSSH Authentication: Proving Identity Without Sharing Secrets Oct 25, 2025

    OpenSSH Authentication: Proving Identity Without Sharing Secrets

    OpenSSH is more than a protocol; it is the invisible gatekeeper of many VMs and resources in and outside the cloud, a…

  • Thrilled to Share: Presenting at the Gen AI Application Security & Risk Virtual Conference! Oct 1, 2025

    Thrilled to Share: Presenting at the Gen AI Application Security & Risk Virtual Conference!

    I'm excited to announce that I'll be presenting at the upcoming Gen AI Application Security & Risk Virtual Conference!…

  • Eindrücke von der 2. Nationalen Cybersecurity Konferenz in Bern Sep 25, 2025

    Eindrücke von der 2. Nationalen Cybersecurity Konferenz in Bern

    Heute durfte ich in Bern an der zweiten Nationalen Cybersecurity Konferenz (NCSC) teilnehmen, ein Tag voller Eindrücke…

    5 Comments
  • Fixing the Clouds & Catching Up With Decades of IAM: The 2025 AWS Zurich Summit Sep 13, 2025

    Fixing the Clouds & Catching Up With Decades of IAM: The 2025 AWS Zurich Summit

    The AWS Summit in Zurich is always a highlight for me — but not for the usual reasons. I don’t go there to “learn new…

  • Exposing AI Security’s Hidden Threats: Lessons from AWS Zürich 2025 Sep 12, 2025

    Exposing AI Security’s Hidden Threats: Lessons from AWS Zürich 2025

    Attending the AWS Summit in Zürich Oerlikon is always a highlight. Even if you don’t work with AWS directly, there is…

    2 Comments
  • From Silence and Saunas to Cloud Security Architecture Aug 9, 2025

    From Silence and Saunas to Cloud Security Architecture

    It’s been quiet on my LinkedIn for a while. No, I haven’t abandoned it—or you.

    10 Comments
Show more See all articles

Others also viewed

  • CSP in 2025: What It Solves and Doesn't for Client-Side Risk

    Feroot Security 2mo

  • Understanding Critical Information Disclosure Vulnerability via CNAME

    Vijay Kumar Gupta 1y

  • 🔐 OAuth 2.0 Authorization Code Flow with PKCE

    Saurabh Kumar Verma 2mo

  • Common API Vulnerabilities and Mitigation Strategies

    Bijumon Janardhanan 11mo

  • Issue 23: Void Banshee Targets Microsoft Vulnerability, 15 Million Trello Email Addresses Leaked and SEG URL Exploits

    CloudGuard 1y

  • AI's Golden Agent Problem

    Gunnar Peterson 1mo

  • The Vital Role of TLS in Today's Digital World

    Octans Digital (OD) 2y

  • October 17, 2021

    Kannan Subbiah 4y

  • Hiding Payloads Like a Pro: How your application can secures data & best practices for Encryption

    Satyanarayana Murthy Udayagiri Venkata Naga 10mo

  • The Padlock Delusion

    Ukoh Aniekan 8mo
Show more Show less

Explore content categories

  • Career
  • Productivity
  • Finance
  • Soft Skills & Emotional Intelligence
  • Project Management
  • Education
  • Technology
  • Leadership
  • Ecommerce
  • User Experience
  • Recruitment & HR
  • Customer Experience
  • Real Estate
  • Marketing
  • Sales
  • Retail & Merchandising
  • Science
  • Supply Chain Management
  • Future Of Work
  • Consulting
  • Writing
  • Economics
  • Artificial Intelligence
  • Employee Experience
  • Workplace Trends
  • Fundraising
  • Networking
  • Corporate Social Responsibility
  • Negotiation
  • Communication
  • Engineering
  • Hospitality & Tourism
  • Business Strategy
  • Change Management
  • Organizational Culture
  • Design
  • Innovation
  • Event Planning
  • Training & Development
Show more Show less

Từ khóa » Ch.tls