A Capability-based Distributed Authorization System to Enforce Context-aware Permission Sequences

11/09/2022
by   Adrian Shuai Li, et al.
0

Controlled sharing is fundamental to distributed systems. We consider a capability-based distributed authorization system where a client receives capabilities (access tokens) from an authorization server to access the resources of resource servers. Capability-based authorization systems have been widely used on the Web, in mobile applications and other distributed systems. A common requirement of such systems is that the user uses tokens of multiple servers in a particular order. A related requirement is the token may be used if certain environmental conditions hold. We introduce a secure capability-based system that supports "permission sequence" and "context". This allows a finite sequence of permissions to be enforced, each with their own specific context. We prove the safety property of this system for these conditions and integrate the system into OAuth 2.0 with proof-of-possession tokens. We evaluate our implementation and compare it with plain OAuth with respect to the average time for obtaining an authorization token and acquiring access to the resource.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
07/29/2018

Trust Based Identity Sharing For Token Grants

Authentication and authorization are two key elements of a software appl...
research
04/23/2021

Capability-based access control for multi-tenant systems using OAuth 2.0 and Verifiable Credentials

We propose a capability-based access control technique for sharing Web r...
research
01/28/2020

OAuth 2.0 authorization using blockchain-based tokens

OAuth 2.0 is the industry-standard protocol for authorization. It facili...
research
07/12/2018

SciTokens: Capability-Based Secure Access to Remote Scientific Data

The management of security credentials (e.g., passwords, secret keys) fo...
research
05/22/2019

SciTokens: Demonstrating Capability-Based Access to Remote Scientific Data using HTCondor

The management of security credentials (e.g., passwords, secret keys) fo...
research
01/06/2021

HERMES: Scalable, Secure, and Privacy-Enhancing Vehicle Access System

We propose HERMES, a scalable, secure, and privacy-enhancing system, whi...
research
05/09/2023

Opportunistic Mutual Exclusion

Mutual exclusion is an important problem in the context of shared resour...

Please sign up or login with your details

Forgot password? Click here to reset