Authorization Server - Explore the Science & Experts | ideXlab

Scan Science and Technology

Contact Leading Edge Experts & Companies

Authorization Server

The Experts below are selected from a list of 294 Experts worldwide ranked by ideXlab platform

Souhwan Jung – 1st expert on this subject based on the ideXlab platform

  • personal oauth Authorization Server and push oauth for internet of things
    International Journal of Distributed Sensor Networks, 2017
    Co-Authors: Seung Wook Jung, Souhwan Jung

    Abstract:

    Internet of Things will connect millions of things to the Internet to make our lives more convenient. However, Internet of Things security is an essential factor. OAuth is one of the most successful authentication and Authorization protocols on the Internet. This article proposes push OAuth and personal OAuth Authorization Server by expanding OAuth for a secure access to the information on Internet of Things devices. In personal OAuth, the smartphones that communicate with remote Servers to deliver information on Internet of Things devices can be the OAuth Authorization Server. Hospitals (OAuth client) that intend to access the information on Internet of Things devices cannot know millions of OAuth Authorization Server when the smartphone becomes the OAuth Authorization Server. This article proposes the push OAuth that changes the OAuth protocol and issues the OAuth token when the OAuth Authorization Server registers to the OAuth client first. Personal OAuth Authorization Server is far more trustworthy th…

  • Personal OAuth Authorization Server and push OAuth for Internet of Things
    International Journal of Distributed Sensor Networks, 2017
    Co-Authors: Seung Wook Jung, Souhwan Jung

    Abstract:

    Internet of Things will connect millions of things to the Internet to make our lives more convenient. However, Internet of Things security is an essential factor. OAuth is one of the most successful authentication and Authorization protocols on the Internet. This article proposes push OAuth and personal OAuth Authorization Server by expanding OAuth for a secure access to the information on Internet of Things devices. In personal OAuth, the smartphones that communicate with remote Servers to deliver information on Internet of Things devices can be the OAuth Authorization Server. Hospitals (OAuth client) that intend to access the information on Internet of Things devices cannot know millions of OAuth Authorization Server when the smartphone becomes the OAuth Authorization Server. This article proposes the push OAuth that changes the OAuth protocol and issues the OAuth token when the OAuth Authorization Server registers to the OAuth client first. Personal OAuth Authorization Server is far more trustworthy than using a third-party OAuth Authorization Server to authenticate because users directly control access to the information generated by Internet of Things devices. The personal OAuth Authorization Server and push OAuth suggested here are expected to create a more secure Internet of Things environment as users can directly authenticate the OAuth client that can access the information on their Internet of Things devices. © The Author(s) 2017

  • WISA – A Study of OAuth 2.0 Risk Notification and Token Revocation from Resource Server
    Information Security Applications, 2015
    Co-Authors: Jungsoo Park, Minho Park, Souhwan Jung

    Abstract:

    OAuth was created to simplify authentication procedure. OAuth is a protocol that allows access to the user’s assets in 3rd party web sites or applications without exposing the user’s identity and credential. OAuth can be used to grant the access rights for the user without exposing the user’s information to third parties. By utilizing the Token issued by the Authorization Server, client is able to gain access to the resources in the Resource Server. However, in current standards, the restrictions of token usage are not clearly defined. Although it specified Token expiration time, in reality, malicious client can reuse the Token to access Resource Server. The existing Token Revocation operation has been carried out in a way that the client performs Revocation by requesting to the Authorization Server when special cases occur such as logout or identity change by resource owner. The revocation does not happen for the case that malicious code targets the Resource Server. This paper proposes a method for revoking the Token by requesting Revocation when the Resource Server performs abnormal behaviors by using Token.

John Bradley – 2nd expert on this subject based on the ideXlab platform

  • Resource Indicators for OAuth 2.0
    , 2020
    Co-Authors: John Bradley, Brian Campbell, Hannes Tschofenig

    Abstract:

    This document specifies an extension to the OAuth 2.0 Authorization
    Framework defining request parameters that enable a client to
    explicitly signal to an Authorization Server about the identity of the
    protected resource(s) to which it is requesting access.

  • OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens
    , 2020
    Co-Authors: John Bradley, Torsten Lodderstedt, Brian Campbell, Nat Sakimura

    Abstract:

    This document describes OAuth client authentication and certificate-
    bound access and refresh tokens using mutual Transport Layer Security
    (TLS) authentication with X.509 certificates. OAuth clients are
    provided a mechanism for authentication to the Authorization Server
    using mutual TLS, based on either self-signed certificates or public
    key infrastructure (PKI). OAuth Authorization Servers are provided a
    mechanism for binding access tokens to a client’s mutual-TLS
    certificate, and OAuth protected resources are provided a method for
    ensuring that such an access token presented to it was issued to the
    client presenting the token.

  • OAuth 2.0 Proof-of-Possession: Authorization Server to Client Key Distribution
    , 2019
    Co-Authors: John Bradley, Michael Jones, Hannes Tschofenig, Mihaly Meszaros, Phil Hunt

    Abstract:

    RFC 6750 specified the bearer token concept for securing access to
    protected resources. Bearer tokens need to be protected in transit as
    well as at rest. When a client requests access to a protected resource
    it hands-over the bearer token to the resource Server. The OAuth 2.0
    Proof-of-Possession security concept extends bearer token security and
    requires the client to demonstrate possession of a key when accessing
    a protected resource.

Justin Richer – 3rd expert on this subject based on the ideXlab platform

  • Federated Authorization for User-Managed Access (UMA) 2.0
    , 2019
    Co-Authors: Eve Maler, Thomas Hardjono, Maciej Machulak, Justin Richer

    Abstract:

    This specification defines a means for an UMA-enabled Authorization
    Server and resource Server to be loosely coupled, or federated, in a
    secure and authorized resource owner context.

  • OAuth 2.0 Token Introspection
    , 2015
    Co-Authors: Justin Richer

    Abstract:

    This specification defines a method for a protected resource to query
    an OAuth 2.0 Authorization Server to determine the active state of an
    OAuth 2.0 token and to determine meta-information about this token.
    OAuth 2.0 deployments can use this method to convey information about
    the Authorization context of the token from the Authorization Server
    to the protected resource.

  • OAuth 2.0 Dynamic Client Registration Protocol
    , 2015
    Co-Authors: John Bradley, Michael Jones, Maciej Machulak, Justin Richer, Phil Hunt

    Abstract:

    This specification defines mechanisms for dynamically registering
    OAuth 2.0 clients with Authorization Servers. Registration requests
    send a set of desired client metadata values to the Authorization
    Server. The resulting registration responses return a client
    identifier to use at the Authorization Server and the client metadata
    values registered for the client. The client can then use this
    registration information to communicate with the Authorization Server
    using the OAuth 2.0 protocol. This specification also defines a set of
    common client metadata fields and values for clients to use during
    registration.