What framework is often used for providing third-party applications limited access to HTTP services?

The correct choice is OAuth, as it serves as a widely adopted framework for granting third-party applications limited access to HTTP services without sharing user credentials. OAuth operates on the principle of delegation; it allows users to provide permission to applications to access their information or perform actions on their behalf through secure access tokens.

When an application requires access to a user's resources hosted on a different server, OAuth allows the user to authenticate through a trusted service, granting access without disclosing their login credentials to the third-party application. This enhances security and user privacy by using access tokens with specific scopes and expiration, thereby limiting the reach and lifespan of the granted permissions.

The other options, while related to identity and access management, do not fulfill the same role as OAuth. WS-Federation is primarily an identity federation protocol, focusing on providing a mechanism for users to authenticate across different security realms, but it doesn’t specifically enable limited access to HTTP services. OpenID Connect is an identity layer built on top of OAuth 2.0, primarily used for authentication rather than the delegation of access rights. SSL, or Secure Sockets Layer, is a cryptographic protocol designed to provide secure communication over a computer network, but it does not specifically manage access to services or resources.