Relevant bibliographies by topics / OAuth

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers
  6. Reports

Academic literature on the topic 'OAuth'

Author: Grafiati
Published: 4 June 2021
Last updated: 11 March 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'OAuth.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "OAuth"

1

Singh, Krittika KD, and Anurag Jain. "A Review OAuth-based Authorization Service Architecture in IoT Scenarios." International Journal of Advanced Research in Computer Science and Software Engineering 7, no. 8 (August 30, 2017): 335. http://dx.doi.org/10.23956/ijarcsse.v7i8.83.

Full text
Abstract:
OAuth 2.0 protocol has enjoyed wide adoption by on-line Social Network (OSN) suppliers since its origination. Though the safety guideline of OAuth two.0 is well mentioned in RFC6749 and RFC6819, many real-world attacks because of the implementation speciVcs of OAuth 2.0 in varied OSNs are discovered. According to our information, previously discovered loopholes square measure all supported the misuse of OAuth and many of them deem supplier facet or application facet vulnerabilities/faults on the far side the scope of the OAuth protocol. It was generally believed that correct use of OAuth two.0 is secure. During this paper OAuth is studied with its varied aspects and characteristics.
APA, Harvard, Vancouver, ISO, and other styles
2

Kaczmarski, Peter, and Fernand Vandamme. "WEB SECURITY: A QUICK START INTRODUCTION TO OAUTH 2.0 AND KEYCLOAK 19.X AUTHORIZATION SCENARIOS." Communication & Cognition 55, no. 3-4 (December 2022): 133–60. http://dx.doi.org/10.57028/c55-119-z1026.

Full text
Abstract:
OAuth 2.0 (Hardt, 2012) (note 1) is a widely used web security protocol. The aim of this paper is to illustrate OAuth 2.0 procedures by the use of Keycloak authorization server (Thorgensen, 2021) (note 6). Since OAuth 2.0 is a broad subject, we focus on selected Best Current Practice (BCP) topics, including the common types of authorization flows, and on the key aspects of bearer token processing by the protected resource server. The evolution of OAuth 2.0 towards OAuth version 2.1 implied by new internet challenges is also briefly discussed. To illustrate OAuth 2.0 procedures, we use a .NET6/C# demo implementation of client and server HTTP components, utilizing thereby well-known .NET6/C# classes such as HttpClient and HttpListener.
APA, Harvard, Vancouver, ISO, and other styles
3

Ferry, Eugene, John O Raw, and Kevin Curran. "Security evaluation of the OAuth 2.0 framework." Information & Computer Security 23, no. 1 (March 9, 2015): 73–101. http://dx.doi.org/10.1108/ics-12-2013-0089.

Full text
Abstract:
Purpose – The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and cloud-based web services have contributed to the level of integration that can be achieved between applications. This paper investigates the potential security issues of OAuth, an authorisation framework for granting third-party applications revocable access to user data. OAuth has rapidly become an interim de facto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published. To evaluate whether the OAuth 2.0 specification is truly ready for industry application, an entire OAuth client server environment was developed and validated against the speciation threat model. The research also included the analysis of the security features of several popular OAuth integrated websites and comparing those to the threat model. High-impacting exploits leading to account hijacking were identified with a number of major online publications. It is hypothesised that the OAuth 2.0 specification can be a secure authorisation mechanism when implemented correctly. Design/methodology/approach – To analyse the security of OAuth implementations in industry a list of the 50 most popular websites in Ireland was retrieved from the statistical website Alexa (Noureddine and Bashroush, 2011). Each site was analysed to identify if it utilised OAuth. Out of the 50 sites, 21 were identified with OAuth support. Each vulnerability in the threat model was then tested against each OAuth-enabled site. To test the robustness of the OAuth framework, an entire OAuth environment was required. The proposed solution would compose of three parts: a client application, an authorisation server and a resource server. The client application needed to consume OAuth-enabled services. The authorisation server had to manage access to the resource server. The resource server had to expose data from the database based on the authorisation the user would be given from the authorisation server. It was decided that the client application would consume emails from Google’s Gmail API. The authorisation and resource server were modelled around a basic task-tracking web application. The client application would also consume task data from the developed resource server. The client application would also support Single Sign On for Google and Facebook, as well as a developed identity provider “MyTasks”. The authorisation server delegated authorisation to the client application and stored cryptography information for each access grant. The resource server validated the supplied access token via public cryptography and returned the requested data. Findings – Two sites out of the 21 were found to be susceptible to some form of attack, meaning that 10.5 per cent were vulnerable. In total, 18 per cent of the world’s 50 most popular sites were in the list of 21 OAuth-enabled sites. The OAuth 2.0 specification is still very much in its infancy, but when implemented correctly, it can provide a relatively secure and interoperable authentication delegation mechanism. The IETF are currently addressing issues and expansions in their working drafts. Once a strict level of conformity is achieved between vendors and vulnerabilities are mitigated, it is likely that the framework will change the way we access data on the web and other devices. Originality/value – OAuth is flexible, in that it offers extensions to support varying situations and existing technologies. A disadvantage of this flexibility is that new extensions typically bring new security exploits. Members of the IETF OAuth Working Group are constantly refining the draft specifications and are identifying new threats to the expanding functionality. OAuth provides a flexible authentication mechanism to protect and delegate access to APIs. It solves the password re-use across multiple accounts problem and stops the user from having to disclose their credentials to third parties. Filtering access to information by scope and giving the user the option to revoke access at any point gives the user control of their data. OAuth does raise security concerns, such as defying phishing education, but there are always going to be security issues with any authentication technology. Although several high impacting vulnerabilities were identified in industry, the developed solution proves the predicted hypothesis that a secure OAuth environment can be built when implemented correctly. Developers must conform to the defined specification and are responsible for validating their implementation against the given threat model. OAuth is an evolving authorisation framework. It is still in its infancy, and much work needs to be done in the specification to achieve stricter validation and vendor conformity. Vendor implementations need to become better aligned in order to provider a rich and truly interoperable authorisation mechanism. Once these issues are resolved, OAuth will be on track for becoming the definitive authentication standard on the web.
APA, Harvard, Vancouver, ISO, and other styles
4

Jung, Seung Wook, and Souhwan Jung. "Personal OAuth authorization server and push OAuth for Internet of Things." International Journal of Distributed Sensor Networks 13, no. 6 (June 2017): 155014771771262. http://dx.doi.org/10.1177/1550147717712627.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Heo, Daeyoung, and Suntae Hwang. "OAuth based Proxy Delegation Service." Journal of Korean Society for Internet Information 13, no. 6 (December 31, 2012): 55–62. http://dx.doi.org/10.7472/jksii.2012.13.6.55.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Henry, Gavin. "Justin Richer on OAuth." IEEE Software 37, no. 1 (January 2020): 98–100. http://dx.doi.org/10.1109/ms.2019.2949648.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Leiba, Barry. "OAuth Web Authorization Protocol." IEEE Internet Computing 16, no. 1 (January 2012): 74–77. http://dx.doi.org/10.1109/mic.2012.11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Ylli, Enkli, Igli Tafa, and Ergis Gjergji. "OAUTH 2.0 IN SECURING APIS." International Journal of Research In Commerce and Management Studies 03, no. 01 (2021): 10–19. http://dx.doi.org/10.38193/ijrcms.2021.3102.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Paval, Anuja, and Amol Dange. "Secure HDFS Using OAuth 2.0." International Journal of Computer Trends and Technology 67, no. 6 (June 25, 2019): 89–92. http://dx.doi.org/10.14445/22312803/ijctt-v67i6p115.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Yu, Sung-Tae, and Soo-Hyun Oh. "OAuth-based User Authentication Framework for Internet of Things." Journal of the Korea Academia-Industrial cooperation Society 16, no. 11 (November 30, 2015): 8057–63. http://dx.doi.org/10.5762/kais.2015.16.11.8057.

Full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "OAuth"

1

Lavesson, Alexander, and Christina Luostarinen. "OAuth 2.0 Authentication Plugin for SonarQube." Thesis, Karlstads universitet, Institutionen för matematik och datavetenskap (from 2013), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kau:diva-67526.

Full text
Abstract:
Many web services today give users the opportunity to sign in using an account belonging to a different service. Letting users authenticate themselves using another service eliminates the need of a user having to create a new identity for each service they use. Redpill Linpro uses the open source platform SonarQube for code quality inspection. Since developers in the company are registered users of another open source platform named OpenShift, they would like to authenticate themselves to SonarQube using their OpenShift identity. Our task was to create a plugin that offers users the functionality to authenticate themselves to SonarQube using OpenShift as their identity provider by applying the authentication framework OAuth. Theproject resulted in a plugin of high code quality according to SonarQube’s assessment. RedpillLinpro will use the plugin to easily access SonarQube’s functionality when using theapplication in their developer platform.
APA, Harvard, Vancouver, ISO, and other styles
2

P, Svensson Gustav, and Filip Eriksson. "En säkerhetsanalys och jämförelse av SAML och OAuth." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-166571.

Full text
Abstract:
Vi har utfört en jämförelse av två populära SSO protokoll, OAuth och SAML. Detta för att göra valet av protokoll enklare för företag. Två simplistiska SSO-implementationer har utvecklats för att testa säkerheten av de två protokollen. En simplistisk SSO-implementation betyder i detta fallet att inga säkerhetsfunktioner har lagts till utöver vad protokollen kräver. Tre attacker har utförts: 307 redirect attack, Man in the middle och Replay attack. Resultatet visar att en simplistisk SAML implementation är säkrare än en simplistisk OAuth implementation. Vidare arbete krävs dock för att få en bättre bild av säkerheten för de olika protokollen.
APA, Harvard, Vancouver, ISO, and other styles
3

Arshad, Elham. "Analysis of Oauth and CORS vulnerabilities in the wild." Doctoral thesis, Università degli studi di Trento, 2022. https://hdl.handle.net/11572/361123.

Full text
Abstract:
Thanks to the wide range of features offered by the World Wide Web (WWW), many web applications have been published and developed through different libraries and programming languages. Adapting to new changes, the Web quickly evolved into a complex ecosystem, introducing many security problems to its users. To solve these problems, instead of re-designing the Web, the vendors added the security patches (protocols, mechanisms)to the Web platform to provide a more convenient and more secure environment for web users. However, not only did these patches not completely resolve the security problems, but their implementations also introduced other security risks unbeknownst to website operators and users. In this thesis, I propose a novel research on two different security patches to understand and analyze their deployment in real-world scenarios and discover the unseen, neglected factors and the elements involved in exploiting their use: one security protocol, OAuth, and one security mechanism, CORS. As this thesis is based on offensive approaches, I develop automated methodologies, including novel strategies for analyzing and measuring the security qualities of the OAuth protocol and CORS mechanism in real-world scenarios.
APA, Harvard, Vancouver, ISO, and other styles
4

Aas, Dag-Inge. "Authentication and Authorization for Native Mobile Applications using OAuth 2.0." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for datateknikk og informasjonsvitenskap, 2013. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-22969.

Full text
Abstract:
OAuth 2.0 has in the recent years become the de-facto standard of doing API authorization and authentication on mobile devices. However, recent critics have claimed that OAuth does not provide sufficient security or ease-of-use for developers on mobile devices. In this thesis, I study four approaches to mobile authorization using OAuth 2.0, and suggest an improved solution based on current industry best-practices for security on Android. The end result is a solution which provides a native authorization flow for third-party developers to integrate with an existing API endpoint. However, the thesis shows that even with current industry best-practices the proposed solution does not provide a completely secure approach, and developers must keep the security consequences of that fact in mind when implementing OAuth on mobile devices.
APA, Harvard, Vancouver, ISO, and other styles
5

Edin, Andreas. "Autentisering med OAuth 2.0 i SiteVision : Jämförelse mellan Java Portlets och WebApps." Thesis, Mittuniversitetet, Avdelningen för informationssystem och -teknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-33878.

Full text
Abstract:
The aim of this project has been to explore alternative technical solutions for making own extensions in the CMS SiteVision. The purpose of these extensions is to retrieve data from an external API (Office 365) which requires OAuth 2.0 authentication. Additional, the alternative technical solutions have been evaluated and compared. The comparisons have been made based on criteria developed through interviews with professional IT-consultants. The purpose of the project has been to contribute to more efficient digitization, integration and individualization of datasystems. Within the project, an applied example (POC) has been created to show examples of how the technology can be used. In this example, Java Portlets have been used to implement the above functionality. WebApps in SiteVision have also been studied since this technology is an alternative to Java Portlets. The survey shows that it is fully possible to create a separate extension in SiteVision that performs authentication with OAuth 2.0 and then uses it to retrieve data from an external API. The results from the comparison between the two different Java Portlets and WebApps technologies show that there are pros and cons of each technique. The alternatives studied where comparable in performance. Individual circumstances can dictate which alternative is best.
Det övergripande syftet med detta projekt har varit att bidra till en effektiviserad digitalisering och individualisering. Målet för projektet har varit att undersöka alternativa tekniska lösningar för att göra egna tillägg i CMS:et SiteVision. Tillägg vars uppgift består i att hämta data från ett externt API (Office 365) som kräver autentisering med OAuth 2.0. Vidare har de alternativa tekniska lösningarna värderats och jämförts. Jämförelsen har gjorts utifrån kriterier som tagits fram genom intervjuer med utvecklare på ett IT-konsultbolag. Inom projektet har ett tillämpat exempel (POC) skapats för att visa exempel på hur tekniken kan användas. I detta exempel har Java Portlets använts för att implementera ovanstående funktionalitet. Även WebApps i SiteVision har studerats då den tekniken utgör ett alternativ till Java Portlets. Undersökningen visar att det är fullt möjligt att skapa ett eget tillägg i SiteVision som genomför autentisering med OAuth 2.0 och sedan använda denna för att hämta data från ett externt API. Resultaten från jämförelsen mellan de två olika teknikerna Java Portlets och WebApps visar att det finns för- och nackdelar med respektive teknik. Båda alternativen framstår som jämstarka i jämförelsen. De individuella omständigheterna kring ett framtida användande bör fälla avgörandet för vilken teknik som väljs.
APA, Harvard, Vancouver, ISO, and other styles
6

Odyurt, Uraz. "Evaluation of Single Sign-On Frameworks, as a Flexible Authorization Solution : OAuth 2.0 Authorization Framework." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-37097.

Full text
Abstract:
This work introduces the available authorization frameworks for the purpose of Single Sign-On functionality within an enterprise, along with the fundamental technicalities. The focus of the work is on SAML 2.0 and OAuth 2.0 frame- works. Following the details related to available protocol flows, supported client profiles and security considerations, the two frameworks are compared in accordance with a set of factors given in a criteria. The report discusses the possibilities provided by a Microsoft Windows based infrastructure, as well as different scenarios and their feasibility in an enterprise environment. The preferred framework, OAuth 2.0, is selected according to the given criteria and the comparative discussions.
APA, Harvard, Vancouver, ISO, and other styles
7

Ribeiro, Alysson de Sousa. "Uma implementação do protocolo OAuth 2 em Erlang para uma arquitetura orientada a serviço." reponame:Repositório Institucional da UnB, 2017. http://repositorio.unb.br/handle/10482/24694.

Full text
Abstract:
Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2017.
Submitted by Albânia Cézar de Melo (albania@bce.unb.br) on 2017-09-11T15:42:55Z No. of bitstreams: 1 2017_AlyssondeSousaRibeiro.pdf: 1271389 bytes, checksum: 028f1e01f88580b2cbb9864a2c4e321e (MD5)
Approved for entry into archive by Raquel Viana (raquelviana@bce.unb.br) on 2017-10-03T16:16:19Z (GMT) No. of bitstreams: 1 2017_AlyssondeSousaRibeiro.pdf: 1271389 bytes, checksum: 028f1e01f88580b2cbb9864a2c4e321e (MD5)
Made available in DSpace on 2017-10-03T16:16:19Z (GMT). No. of bitstreams: 1 2017_AlyssondeSousaRibeiro.pdf: 1271389 bytes, checksum: 028f1e01f88580b2cbb9864a2c4e321e (MD5) Previous issue date: 2017-10-03
A utilização da Arquitetura Orientada a Serviço (SOA) oferece alguns benefícios, tais como: baixo acoplamento e interoperabilidade, sendo bastante utilizada para a integração de aplicações dentro de uma organização. Essa característica faz com que a arquitetura orientada a serviço seja utilizada na modernização de sistemas legados. No entanto, a sua implantação ainda merece alguns cuidados relacionados aos problemas de segurança. Este trabalho apresenta um mapeamento sistemático a cerca dos mecanismos de autenticação e autorização em SOA e levanta algumas questões de pesquisa, bem como alguns protocolos utilizados em SOA. Como resultado deste mapeamento foi identificado uma solução de autorização considerada adequada para a arquitetura utilizada pelo CPD para modernizar os seus sistemas legados. O protocolo OAuth 2.0 foi implementado no Enterprise Service Bus (ESB) que será utilizado para a modernização dos sistemas legados da UnB. Foram realizados testes de desempenho na solução permitindo verificar o aumento da latência introduzida pelo protocolo e a vazão média suportada. Foram realizadas ainda simulações de segurança com o objetivo de verificar o comportamento do protocolo implementado quando exposto a uma ataque de repetição.
The utilization of Service-Oriented Architecture (SOA) offers certain benefits, such as low coupling and interoperability. It widely used for the integration of applications within an organization. This characteristic makes it so service-oriented architecture is used in the modernization of legacy systems, being thoroughly discussed and used as an architecture solution for the modernization of the legacy systems of the IT Center (CPD) of University of Brasília (UnB). Nevertheless, its implementation still requires some care related to the security problems. This study presents a systematic mapping regarding the authentication and authorization mechanisms in SOA, and raises some research questions, as well as some of the protocols used in SOA. As a result of the mapping, an authorization solution considered adequate for the architecture used by the CPD to modernize its legacy systems was identified. The OAuth 2.0 protocol was implemented in the Enterprise Service Bus (ESB) that will be used for modernization of legacy systems of UnB. Performance tests were carried out in the solution allowing to check the increase in the latency introduced by the Protocol and the average flow supported. Simulations were carried out with the objective to verify the behavior of the Protocol implemented when exposed to a replay attack.
APA, Harvard, Vancouver, ISO, and other styles
8

Maan, Narbir Singh, and Hamza Hanchi. "Secure Access for Public Clients to Web API:s with Minimum Performance Loss." Thesis, KTH, Data- och elektroteknik, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-153731.

Full text
Abstract:
A lot of information nowadays is made available through Web APIs on the Internet and without security and encryption; it is very easy for malicious users to access confidential information. The goal was to find out what different mechanisms that are available for providing a safe communication with a web API from web clients and mobile applications with little as possible impact on the performance. Learning, implementing and maintaining the mechanisms are also im- portant aspects looked at in the evaluation. Many mechanisms are available for use to secure the communication but not all are suitable for public clients. The suitable mechanisms are Digest authentication and OAuth 2.0. The chosen mechanisms were developed, tested and evaluated in regard to safety, performance impact and usabil- ity from a company perspective. The authentication and authorization mechanism, which was the most suitable, was OAuth 2.0as it has least impact on performance and better security features than the other mechanisms.
Mycket information finns numera tillgänglig via Web API:er på Internet och utan säkerhet och kryptering är det mycket lätt att illvilliga personer får tillgång till konfidentiellinformation. Målet är att ta reda på vilka olika säkerhetsmekanismer som finns tillgängliga för att tillhandahålla en säker kommunikation med ett Web API från webbklienter och mobila applikationer med så liten påverkan på prestanda. Kunskapsinhämtning, utveckling och underhållandet av lösningar är också viktiga aspeketer som tittats på vid utvärderingen av mekanismerna. Flera mekanismer finns att använda sig av för att säkra kommunkationen men de lämpliga mekanismerna för publika klienter är Digest Authentication och OAuth 2.0. De utvalda mekanismerna har utvecklats, testats, utvärderats med avseende på säkerhet, påverkan på prestanda och användbarhet utifrån ett företags perspektiv. Autentiserings- och behörighets-mekanismen som blev den utvalda var OAuth 2.0 då den har minst påverkan på prestandan och bättre säkerhets egenskaper än de andra mekanismerna.
APA, Harvard, Vancouver, ISO, and other styles
9

Andersson, Fredrik, and Malmqvist Simon Cedergren. "Effective construction of data aggregation services in Java." Thesis, Malmö högskola, Fakulteten för teknik och samhälle (TS), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20735.

Full text
Abstract:
Stora mängder data genereras dagligen av slutanvändare hos olika tjänster. Denna data tenderar att tillhandahållas av olika aktörer, vilket skapar en fragmenterad marknad där slutanvändare måste nyttja flera programvaror för att ta del av all sin data. Detta kan motverkas genom utvecklandet av aggregeringstjänster vilka samlar data från flera tjänster på en enskild ändpunkt. Utveckling av denna typ av tjänster riskerar dock att bli kostsamt och tidskrävande, då ny kod skrivs för flera projekt trots att stora delar av funktionaliteten är snarlik. För att undvika detta kan etablerade tekniker och ramverk användas för att på så vis återanvända mer generella komponenter. Vilka av dessa tekniker som är bäst lämpade och således kan anses vara mest effektiva ur ett utvecklingsperspektiv, kan dock vara svårt att avgöra. Därför baseras denna uppsats på vad som genom analys av akademisk litteratur kan utläsas som ett akademiskt konsensus.Innan denna uppsats påbörjades utvecklades en Java-baserad dataaggeringstjänst baserad på krav från ÅF i Malmö. Denna experimentella implementation har som syfte att samla in data från två separata tjänster, och tillgängliggöra denna på en enskild ändpunkt. Efter att implementationen färdigställts påbörjades arbetet på uppsatsen. Denna består av en litteraturstudie för att undersöka vilka tekniker och ramverk som akademisk forskning funnit bäst lämpad för användningsområdet. Vidare används resultaten från studien även för att analysera i vilken grad dessa korrelerar med de krav som ÅF presenterade inför den experimentella implementationen.Litteraturstudien visar på att de teknikmässiga val som gjordes av företaget i stor utsträckning korrelerar med de tekniker som akademisk forskning funnit bäst lämpade för användningsområdet. Detta innefattar bland annat OAuth 2.0 för autentisering, JSON som serialiseringsformat samt REST som kommunikationsarkitektur. Vidare visar denna litteraturstudie på en eventuell lucka inom den tillgängliga litteraturen, då sökningar kring specifika programvaror relaterade till området endast resulterar i en mindre mängd artiklar.
Large quantities of data are generated daily by the end users of various services. This data is often provided by different providers, which creates a fragmented market where the end users have to utilize multiple applications in order to access all of their data. This can be counteracted by the development of aggregation services that gather data from multiple services to a combined endpoint. The development of these kinds of services does however run the risk of becoming costly and time-consuming since new code is written for several projects even though large portions of the functionality is similar. To avoid this, established technologies and frameworks can be utilized, thereby reusing the more general components. Which of the technologies are the best suited, and thereby can be considered the most effective from a development perspective, can however be difficult to determine. This essay is therefore based on what can be considered an academic consensus through analysis of literature regarding earlier reasearch on the subject. Before the writing of the essay began a Java-based data aggregation service was developed, based on requirements from the company ÅF in Malmö. The purpose of this experimental implementation is to gather data from two separate services, and make them accessible on a unified endpoint.After the implementation was finished, work on the essay began. This consists of a literature review to investigate what technologies and frameworks that has been found best suited for this area of application by academic research. The results from this study are also used to analyze the extent of the correlation between the results and the requirements presented by ÅF regarding the experimental implementation. The literature review shows that the choices made by the company largely correlates with the technologies that the academic research has found best suited for this area of application. This includes OAuth 2.0 for authentication, JSON as a serialization format and REST for communications architecture. The literature review also indicates a possible gap within the available academic literature since searches regarding specific pieces of software related to the subject only results in a small amount of articles.
APA, Harvard, Vancouver, ISO, and other styles
10

SHARIF, AMIR. "Analysis of Best Current Practices to Assist Native App Developers with Secure OAuth/OIDC Implementations." Doctoral thesis, Università degli studi di Genova, 2021. http://hdl.handle.net/11567/1050122.

Full text
Abstract:
OAuth 2.0 and OpenID Connect are two of the most widely used protocols to support secure and frictionless access delegation and single sign-on login solutions, which have been extensively integrated within web and mobile native applications. While securing the OAuth and OpenID Connect implementations within the web applications is widely investigated, this is not true for mobile native applications due to their peculiarities compared to web applications. Given that, we investigate the availability of necessary information to mobile native application developers. Our investigation reveals that mobile native application developers need to access many sparse documents and understand technical security writing, when they are not necessarily security experts that leads to insecure integration of OAuth and OpenID Connect solutions due to various implementation flaws. Thus, to assist mobile native application developers in the understanding of OAuth and OpenID Connect documentations, we demystify the OAuth and OpenID Connect core documentations and two of the most security-critical profiles for governmental and financial domains, namely “International Government Assurance” and “Financial Grade API” to extract the wealth information and summarize them in plain English. To secure the integration of OAuth and OpenID Connect solutions, the OAuth working group and the OpenID foundation have produced many security-related documents to provide general guidelines and best current practices. These documents explain the features that OAuth and OpenID Connect providers must support and how web and mobile native application developers should implement these solutions for the different use case scenarios. In addition, due to the peculiarities of mobile native applications, the OAuth working group has published the “OAuth 2.0 for Na- tive Apps” documentation dedicated to assist mobile native application developers. Recently, the OAuth working group released AppAuth SDK to support mobile native application developers in the secure implementation of access delegation and single sign-on login solutions within mobile native applications. It enables mobile native applications to authorize and authenticate users by communicating with OAuth and OpenID Connect providers, beside embedding the security and usability best current practices described in [DB17]. We thus perform a comprehensive analysis to investigate the compliance with the best current practices of the main OAuth and OpenID Connect providers and top-ranked Google Play Store applications. Our analysis shows that 7 out of 14 providers, and 5 out of 87 top-ranked Google Play Store applications are fully compliant with the best current practices and none of the Google Play Store applications use AppAuth SDK. We conjecture that the root-causes of the non-compliant solutions are different for OAuth and OpenID Connect providers and Google Play Store applications. Concerning providers, they might be aware of these best current practices violations and their non-compliant solutions can be due to legacy reasons. Concerning Google Play Store applications, their non-compliant solutions can be due to the following: (i) the best current practices documents for OAuth and OpenID Connect are sparse, and mobile native application developers may be either unaware of them or misinterpret them as they are not (necessarily) security expert, (ii) lack of the best current practices adoption by OAuth and OpenID Connect providers that leads to the difficulty in integration of AppAuth SDK within mobile native applications. In addition, even in the case of compliant OAuth and OpenID Connect providers, the mobile native application developers still need to properly configure the AppAuth SDK and write the secure code to invoke the SDK properly within their mobile native applications, which is not a daunting task, and (iii) the pressure on mobile native application developers to provide new functionalities for the mobile native applications may result in prioritizing the functionality over the security—as performing a risk as- assessment procedure is a complex task in the context of OAuth and OpenID Connect solutions—they could not have the resources to perform a risk assessment procedure. The above-mentioned problems motivate us to propose methodologies to assist mobile native application developers with the secure implementation of OAuth and OpenID Connect solutions within their mobile native applications. To this aim, we provide a reference model for OAuth and OpenID Connect solutions by utilizing the extracted information from various documents that can be used within a risk as- assessment approach to enable mobile native application developers with an informed decision w.r.t. their implementation choices. In addition, we design a wizard-based approach and implement it within an Android Studio plugin called mIDAssistant that assists mobile native application developers with automatic integration of the core functionalities and ensures the enforcement of the best current practices by leveraging AppAuth SDK. The effectiveness of our approach has been verified in several real-world scenarios (e.g., pull printing), research and innovation projects (e.g., the EIT Digital activity API Assistant), and in the context of industrial collaborations (Poste Italiane, IPZS). Furthermore, we had the opportunity to present our work to the OAuth working group experts (during the OAuth Security Workshop), and they have shown interest in our approach.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "OAuth"

1

Hunter's oath. New York, NY: DAW Books, 1995.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
2

Under oath. New York: Forge, 2012.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

Farnsworth, Christopher. Blood oath. Rearsby: W F Howes, 2011.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
4

Krinard, Susan. Kinsman's Oath. New York: Berkley Sensation, 2004.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
5

The oath. London: Simon & Schuster, 2010.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
6

Peretti, Frank E. The oath. Dallas: Word, 1995.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
7

Lescroart, John T. The oath. New York: Signet, 2003.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
8

Krinard, Susan. Kinsman's oath. New York: Berkley Sensation, 2004.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
9

Under oath. New York: Diamond Books, 1994.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
10

Peretti, Frank E. The oath. Dallas: Word Pub., 1995.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
More sources

Book chapters on the topic "OAuth"

1

Schwartz, Michael, and Maciej Machulak. "OAuth." In Securing the Perimeter, 105–49. Berkeley, CA: Apress, 2018. http://dx.doi.org/10.1007/978-1-4842-2601-8_4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Siriwardena, Prabath. "OAuth 1.0." In Advanced API Security, 75–90. Berkeley, CA: Apress, 2014. http://dx.doi.org/10.1007/978-1-4302-6817-8_6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Siriwardena, Prabath. "OAuth 2.0." In Advanced API Security, 91–132. Berkeley, CA: Apress, 2014. http://dx.doi.org/10.1007/978-1-4302-6817-8_7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Siriwardena, Prabath. "OAuth 1.0." In Advanced API Security, 331–54. Berkeley, CA: Apress, 2019. http://dx.doi.org/10.1007/978-1-4842-2050-4_17.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Siriwardena, Prabath. "OAuth 2.0 Profiles." In Advanced API Security, 143–53. Berkeley, CA: Apress, 2014. http://dx.doi.org/10.1007/978-1-4302-6817-8_9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Siriwardena, Prabath. "OAuth 2.0 Security." In Advanced API Security, 287–304. Berkeley, CA: Apress, 2019. http://dx.doi.org/10.1007/978-1-4842-2050-4_14.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Siriwardena, Prabath. "OAuth 2.0 Fundamentals." In Advanced API Security, 81–101. Berkeley, CA: Apress, 2019. http://dx.doi.org/10.1007/978-1-4842-2050-4_4.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Siriwardena, Prabath. "OAuth 2.0 Profiles." In Advanced API Security, 211–26. Berkeley, CA: Apress, 2019. http://dx.doi.org/10.1007/978-1-4842-2050-4_9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Lakshmiraghavan, Badrinarayanan. "OAuth 2.0 Using DotNetOpenAuth." In Pro ASP.NET Web API Security, 283–318. Berkeley, CA: Apress, 2013. http://dx.doi.org/10.1007/978-1-4302-5783-7_13.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Siriwardena, Prabath. "OAuth 2.0 Token Binding." In Advanced API Security, 243–55. Berkeley, CA: Apress, 2019. http://dx.doi.org/10.1007/978-1-4842-2050-4_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "OAuth"

1

Philippaerts, Pieter, Davy Preuveneers, and Wouter Joosen. "OAuch: Exploring Security Compliance in the OAuth 2.0 Ecosystem." In RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses. New York, NY, USA: ACM, 2022. http://dx.doi.org/10.1145/3545948.3545955.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Oh, Se-Ra, and Young-Gab Kim. "Interoperable OAuth 2.0 Framework." In 2019 International Conference on Platform Technology and Service (PlatCon). IEEE, 2019. http://dx.doi.org/10.1109/platcon.2019.8668962.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Yan, Haixing, Huixing Fang, Christian Kuka, and Huibiao Zhu. "Verification for OAuth Using ASLan++." In 2015 IEEE 16th International Symposium on High Assurance Systems Engineering (HASE). IEEE, 2015. http://dx.doi.org/10.1109/hase.2015.20.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Wang, Hui, Yuanyuan Zhang, Juanru Li, and Dawu Gu. "The Achilles heel of OAuth." In ACSAC '16: 2016 Annual Computer Security Applications Conference. New York, NY, USA: ACM, 2016. http://dx.doi.org/10.1145/2991079.2991105.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Alt, Jason, Rachana Ananthakrishnan, Kyle Chard, Ryan Chard, Ian Foster, Lee Liming, and Steven Tuecke. "OAuth SSH with Globus Auth." In PEARC '20: Practice and Experience in Advanced Research Computing. New York, NY, USA: ACM, 2020. http://dx.doi.org/10.1145/3311790.3396658.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Riabi, Imen, Hella Kaffel Ben Ayed, Bilel Zaghdoudi, and Laurent George. "Blockchain based OAuth for IoT." In 2021 10th IFIP International Conference on Performance Evaluation and Modeling in Wireless and Wired Networks (PEMWN). IEEE, 2021. http://dx.doi.org/10.23919/pemwn53042.2021.9664701.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Hossain, Nazmul, Md Alam Hossain, Md Zobayer Hossain, Md Hasan Imam Sohag, and Shawon Rahman. "OAuth-SSO: A Framework to Secure the OAuth-Based SSO Service for Packaged Web Applications." In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 2018. http://dx.doi.org/10.1109/trustcom/bigdatase.2018.00227.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Al-Sinani, Haitham S. "Integrating OAuth with Information card systems." In 2011 7th International Conference on Information Assurance and Security (IAS). IEEE, 2011. http://dx.doi.org/10.1109/isias.2011.6122819.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Buranasaksee, Utharn, Kriengkrai Porkaew, and Umaporn Supasitthimethee. "AccAuth: Accounting system for OAuth protocol." In 2014 Fifth International Conference on the Applications of Digital Information and Web Technologies (ICADIWT). IEEE, 2014. http://dx.doi.org/10.1109/icadiwt.2014.6814698.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Chen, Eric Y., Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague. "OAuth Demystified for Mobile Application Developers." In CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security. New York, NY, USA: ACM, 2014. http://dx.doi.org/10.1145/2660267.2660323.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "OAuth"

1

Hammer-Lahav, E., ed. The OAuth 1.0 Protocol. RFC Editor, April 2010. http://dx.doi.org/10.17487/rfc5849.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Dronia, S., and M. Scurtescu. OAuth 2.0 Token Revocation. Edited by T. Lodderstedt. RFC Editor, August 2013. http://dx.doi.org/10.17487/rfc7009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Richer, J., ed. OAuth 2.0 Token Introspection. RFC Editor, October 2015. http://dx.doi.org/10.17487/rfc7662.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Jones, M., A. Nadalin, J. Bradley, and C. Mortimore. OAuth 2.0 Token Exchange. Edited by B. Campbell. RFC Editor, January 2020. http://dx.doi.org/10.17487/rfc8693.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Seitz, L., G. Selander, E. Wahlstroem, S. Erdtman, and H. Tschofenig. Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth). RFC Editor, August 2022. http://dx.doi.org/10.17487/rfc9200.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Hardt, D., ed. The OAuth 2.0 Authorization Framework. RFC Editor, October 2012. http://dx.doi.org/10.17487/rfc6749.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Denniss, W., and J. Bradley. OAuth 2.0 for Native Apps. RFC Editor, October 2017. http://dx.doi.org/10.17487/rfc8252.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Jones, M., N. Sakimura, and J. Bradley. OAuth 2.0 Authorization Server Metadata. RFC Editor, June 2018. http://dx.doi.org/10.17487/rfc8414.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Denniss, W., J. Bradley, M. Jones, and H. Tschofenig. OAuth 2.0 Device Authorization Grant. RFC Editor, August 2019. http://dx.doi.org/10.17487/rfc8628.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Campbell, B., J. Bradley, and H. Tschofenig. Resource Indicators for OAuth 2.0. RFC Editor, February 2020. http://dx.doi.org/10.17487/rfc8707.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'OAuth' for particular source types:
Journal articles Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography