Products
Technology for your digital platform that you can run yourself, in a private cloud, or as SaaS.
API Management
Integration
Identity & Access Management
Your Digital Platform, as a Service
Platform
- Your internal developer platform as a service to quickly deliver applications.
Solutions
By Technology
- API Management
  Solutions to deliver your APIs in any environment.
- Integration
  Break down data silos, streamline workflows, and unlock insights.
- Identity & Access Management
  Create secure, unique, and compelling digital experiences with ease.
  
  Customer IAM
  
  For Consumers (B2C)
  
  For B2B Applications (B2B CIAM)
  
  For Citizens (G2C)
  
  Workforce IAM
  
  API Access Management
By Industry
- Healthcare
  Provide awesome digital experiences for payers, providers, and patients.
- Finance
  Deliver secure financial experiences at speed.
- Government
  Deliver secure and simplified digital services for governments and citizens.
Featured Blog
- Implementing an Event-Driven GraphQL BFF with Real-Time Notifications
  Read Blog
Resources
- Training and Certification
- Events
Featured Whitepaper
- Transactions in a Microservice World
  Read Whitepaper
Support
- Subscription
  Learn About the Benefits of a WSO2 Subscription for Commercial Use.
- Updates
  Maintain the health and security of your solution.
- Consulting Services
  A full range of services to help you get the most out of your WSO2 project.
Featured Blog
- Self Manage Your WSO2 Support Portal Users
  Read Blog
Company
- About WSO2
  Learn about who we are and our journey.
- Team
  The people behind our innovative technologies.
- Customers
  See how we’ve helped leading enterprises from around the world.
- Careers
  Discover how you can make an impact.
- Partners
  Learn about the benefits of partnering with us.
- News
  The latest updates and insights.
Customer Spotlight
- YOMA x WSO2: Building Better Banking Relationships
  Read Case Study
Community
Contact Us
EN
- French
- German
- Portuguese
- Spanish
Profile

27 Jun, 2013

[Blog Post] Why OAuth itself is not an Authentication Framework

Prabath Siriwardena
Senior Director - Security Architecture - WSO2

Authorization is about what you can do. Your capabilities. You could prove your identity at the boarder control by name - by picture - and also by finger prints and eye retina - but it's your VISA that decides what you can do. To enter in to the country you need to have a valid VISA that has not expired. A valid VISA is not a part of your identity - but a part of what you can do. Also what you can do inside the country depends on the VISA type. What you do with a B1 or B2 differs from what you can do with an L1 or L2. That is authorization.

Read the full blog post in Prabath's blog.

About Author

Prabath Siriwardena
Senior Director - Security Architecture
WSO2