I have a web application build with HTML and JavaScript. Inside my application, I have to integrate with multiple other websites. To do so I have to device common secure authentication/ authorization mechanism. I have limited control over other application and there authentication/ authorization mechanism.
I initially considering saving password in a cookie and send the username and password in URL, for all the application. This method is not at all safe.
The other options I have thought about using Digest access authentication or public key authentication.
Then I come across claims-based authentication mechanism.
Which mechanism I should chose for my web application?
Also, what do I have to do to maintain secure authenticated session?
Authentication is about letting others to use your service or don't but Authorization is about privileges somebody could have for using your services like admin role or regular users.