OXD is a mediator, a service daemon that listens on localhost, providing easy APIs that can be called by a web application to simplify using an OpenID Connect Provider, like Google or the Gluu Server, for authentication or authorization.

OXD is not a proxy--sometimes it makes API calls on behalf of an application, but other times it just forms the right URLs and returns them to the application.

Using OXD to support federation in an application provides both technical and business advantages:

  • OXD consolidates the OAuth 2.0 code in one package. If new vulnerabilities are discovered in OAuth 2.0/OpenID Connect, OXD is the only component that needs to be updated. The OXD APIs remain the same, so you don’t have to change and regression test your applications;
  • OXD is written, maintained, and supported by developers who specialize in application security. Because of the complexity of the standards–and the liability associated with poor implementations–it makes sense to rely on professionals who have read the specifications in their entirety and understand how to properly implement the protocols;
  • Centralization reduces costs. By using OXD across your IT infrastructure for application security (as opposed to a handful of homegrown and third party OAuth 2.0 implementations), the surface area for vulnerabilities, issue resolution, and support is significantly reduced. Plus you have someone to call when something goes wrong!

More Information#

There might be more information for this subject on one of the following: