Konferenzbeitrag
Token Based Authorization
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Zusatzinformation
Datum
2020
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Quelle
Verlag
Gesellschaft für Informatik e.V.
Zusammenfassung
A secure, scalable, fine grained and flexible access control is extremely important for the
digital society. The approaches used until now (RBAC, Groups in an LDAP Directory, XACML)
alone may not be able to deliver to this challenge. Building from past experiences in the Industry,
we propose an Access Management Framework where the central role is played by a token
containing all the information needed to implement fine grained access control. This Authorization
Token should be signed by the approver and embedded into a “claim” to the application at session
time. The application, after checking the validity of the token will control access to the desired
resource. In this way we can achieve fine granular access control, scalability and independence from
network topologies.