aws authenticates accesses various api endpoints using protocol consisting (on client side) of user id, user secret , volatile session token. protocol lightweight , easy use (as compared saml or gssapi based authentication), use similar approach web services not directly connected aws.
so questions are:
- had amazon published regarding details of secure token protocol somewhere?
- are there implementations (desirably open source) of simple , lightweight claim based authentication protocols? in particular, i'm interested in implementations not require complex external dependencies.
the presently used aws authentication mechanism called sigv4 , documented in details here:
http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
there exist several "stand alone" (not bundled rest of aws api) libraries handle sigv4 tokens on github.
Comments
Post a Comment