Continuous authorization over HTTP using Verifiable Credentials and OAuth 2.0
| dc.contributor.author | Fotiou, Nikos | |
| dc.contributor.author | Faltaka, Evgenia | |
| dc.contributor.author | Kalos, Vasilis | |
| dc.contributor.author | Kefala, Anna | |
| dc.contributor.author | Pittaras, Iakovos | |
| dc.contributor.author | Siris, Vasilios A. | |
| dc.contributor.author | Polyzos, George C. | |
| dc.contributor.editor | Roßnagel, Heiko | |
| dc.contributor.editor | Schunck, Christian H. | |
| dc.contributor.editor | Mödersheim, Sebastian | |
| dc.date.accessioned | 2022-06-07T07:04:32Z | |
| dc.date.available | 2022-06-07T07:04:32Z | |
| dc.date.issued | 2022 | |
| dc.description.abstract | We design, implement, and evaluate a solution for achieving continuous authorization of HTTP requests exploiting Verifiable Credentials (VCs) and OAuth 2.0. Specifically, we develop a VC issuer that acts as an OAuth 2.0 authorization server, a VC verifier that transparently protects HTTP-based resources, and a VC wallet implemented as a browser extension capable of injecting the necessary authentication data in HTTP requests without needing user intervention. Our approach is motivated by recent security paradigms, such as the Zero Trust architecture, that require authentication and authorization of every request and it is tailored for HTTP-based services, accessed using a web browser. Our solution leverages JSONWeb Tokens and JSONWeb Signatures for encoding VCs and protecting their integrity, achieving this way interoperability and security. VCs in our system are bound to a user-controlled public key or a Decentralized Identifier, and mechanisms for proving possession are provided. Finally, VCs can be easily revoked. | en |
| dc.identifier.doi | 10.18420/OID2022_03 | |
| dc.identifier.isbn | 978-3-88579-719-7 | |
| dc.identifier.pissn | 1617-5468 | |
| dc.identifier.uri | https://dl.gi.de/handle/20.500.12116/38703 | |
| dc.language.iso | en | |
| dc.publisher | Gesellschaft für Informatik e.V. | |
| dc.relation.ispartof | Open Identity Summit 2022 | |
| dc.relation.ispartofseries | Lecture Notes in Informatics (LNI) - Proceedings, Volume P-305 | |
| dc.subject | Access control | |
| dc.subject | Authentication | |
| dc.subject | Zero Trust | |
| dc.title | Continuous authorization over HTTP using Verifiable Credentials and OAuth 2.0 | en |
| dc.type | Text/Conference Paper | |
| gi.citation.endPage | 50 | |
| gi.citation.publisherPlace | Bonn | |
| gi.citation.startPage | 39 | |
| gi.conference.date | 07.-08. July 2022 | |
| gi.conference.location | Copenhagen, Denmark | |
| gi.conference.sessiontitle | Regular Research Papers |
Dateien
Originalbündel
1 - 1 von 1
Vorschaubild nicht verfügbar
- Name:
- proceedings-03.pdf
- Größe:
- 319.71 KB
- Format:
- Adobe Portable Document Format