What framework is commonly used for granting third-party applications limited access to HTTP services?

The framework commonly used for granting third-party applications limited access to HTTP services is OAuth. This protocol is designed to enable secure delegated access, allowing users to authorize third-party applications to access their information without sharing their passwords.

OAuth works by using tokens instead of credentials, requiring a user to log in and approve the application’s access. This means that third-party applications can act on behalf of the user in a controlled manner, with specific scope and duration. This granular control of permissions is essential in protecting user data while allowing applications to interact with each other securely.

The other options serve different purposes in the realm of security and authentication. JWT (JSON Web Token) is a compact token format used to represent claims between parties but is not an access delegation framework. OpenID focuses primarily on user authentication rather than authorization, allowing users to log in to multiple websites without managing multiple usernames and passwords. SAML (Security Assertion Markup Language) is typically used for single sign-on (SSO) to facilitate secure and automated identity federation across various domains, again not specifically for granting limited access to third-party applications.

In summary, OAuth’s design for controlled access via tokens positions it as the preferred choice for managing third-party app permissions in a secure manner.