Enterprises face a tension between the cloud-friendly software environment promoted by the Web, with its easy-to-use REST interface style and proliferation of lightweight services, and the security needs of service-oriented architecture (SOA). As developers begin turning to a new security solution called OAuth, security and risk professionals need to recognize which problems it's well-suited to solve and learn how to use it effectively in a variety of scenarios.