Logo des Repositoriums

Auflistung nach Schlagwort "authorization"

1 - 2 von 2
  • Konferenzbeitrag
    Extending the 0Auth2 Workflow to Audit Data Usage for Users and Service Providers In a Cooperative Scenario
    (10. DFN-Forum Kommunikationstechnologien, 2017) Politze, Marius; Decker, Bernd
    The increasing amount and heterogeneity of devices demands changes in IT infrastructure. Many web service architectures used to meet these demands use the OAuth2 workflow to secure their interfaces. These implementations usually tightly couple web services and an OAuth2 authorization service. The presented extension to the OAuth2 workflow is capable handling authorizations for multiple attached services and therefore combines existing services of a central IT service provider but also allows other services running in a cooperative model with only a single instance ofthe authorization server. Based on auditing parameters it is possible to present access per resource or per method giving service providers and application developers more insight in how their services are used and show users by whom their personal data is used.
  • Konferenzbeitrag
    OIDC-Agent: Managing OpenID Connect Tokens on the Command Line
    (SKILL 2018 - Studierendenkonferenz Informatik, 2018) Zachmann, Gabriel
    OpenID Connect is widely used in Authentication and Authorization Infrastructures including the infrastructures of multiple EU projects like INDIGO -DataCloud, the Human Brain Project or the European Open Science Cloud. Due to their nature, OpenID Connect Access Tokens are currently not straightforward to use from the command line. They have a high character count and are short lived. Therefore, they de facto have to be copied from a source providing the access token, most likely a web service. Considering this insufficient usability from the command line, our goal was to overcome this by developing a tool to manage OpenID Connect tokens. We present the design of this tool named oidc-agent and possible usages. The design is oriented at the ssh-agent, providing the user a familiar way to handle OpenID Connect tokens. By splitting the whole service into multiple components we also ensure privilege separation. We implemented a daemon to manage OpenID Connect tokens (oidc-agent), a tool for generating agent account conĄgurations (oidc-gen) and a tool for loading and unloading these configurations from the agent (oidc-add). Additionally, we provide application programming interfaces for agent clients through C and UNIX domain sockets. We also provide an example agent client (oidc-token) that can be used to easily get an access token from oidc-agent using the command line. Therefore, users do not need to handle long, unhandy access tokens, but the application can obtain an access-token through oidc-agent when needed. All components can be freely used and are available on GitHub under the MIT license.