I wish AWS would: Use two-legged OAuth

The Amazon Web Services cloud HTTP API does not use HTTP Basic Auth, or HTTP Digest Auth.  Instead it uses it's own proprietary but documented authentication prototol, which not only security identifies the account credentials of the requesting user, but also protects and authenticates the HTTP request, various important headers, and also the the message body from corruption and tampering.

It was good and wise for Amazon to do this, because when they first deployed AWS, there was no simple straightfoward open protocol that did this.

But now there is.

It's based on the OAuth protocol, and is called "Two Legged OAuth" or sometimes "Signed Fetch", and there are many open source libraries in many languages in many web client frameworks that implement it.

I wish that AWS would deprecate their existing idenfication/authentication protocol, and allow HTTP clients to use Two Legged OAuth to access the AWS APIs.

1 comment:

  1. I thought the authentication used for Amazon web services was almost the same as two-legged OAuth to begin with.