Relevant bibliographies by topics / OAuth / Journal articles
To see the other types of publications on this topic, follow the link: OAuth.

Journal articles on the topic 'OAuth'

Author: Grafiati
Published: 4 June 2021
Last updated: 11 March 2023

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'OAuth.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Singh, Krittika KD, and Anurag Jain. "A Review OAuth-based Authorization Service Architecture in IoT Scenarios." International Journal of Advanced Research in Computer Science and Software Engineering 7, no. 8 (August 30, 2017): 335. http://dx.doi.org/10.23956/ijarcsse.v7i8.83.

Full text
Abstract:
OAuth 2.0 protocol has enjoyed wide adoption by on-line Social Network (OSN) suppliers since its origination. Though the safety guideline of OAuth two.0 is well mentioned in RFC6749 and RFC6819, many real-world attacks because of the implementation speciVcs of OAuth 2.0 in varied OSNs are discovered. According to our information, previously discovered loopholes square measure all supported the misuse of OAuth and many of them deem supplier facet or application facet vulnerabilities/faults on the far side the scope of the OAuth protocol. It was generally believed that correct use of OAuth two.0 is secure. During this paper OAuth is studied with its varied aspects and characteristics.
APA, Harvard, Vancouver, ISO, and other styles
2

Kaczmarski, Peter, and Fernand Vandamme. "WEB SECURITY: A QUICK START INTRODUCTION TO OAUTH 2.0 AND KEYCLOAK 19.X AUTHORIZATION SCENARIOS." Communication & Cognition 55, no. 3-4 (December 2022): 133–60. http://dx.doi.org/10.57028/c55-119-z1026.

Full text
Abstract:
OAuth 2.0 (Hardt, 2012) (note 1) is a widely used web security protocol. The aim of this paper is to illustrate OAuth 2.0 procedures by the use of Keycloak authorization server (Thorgensen, 2021) (note 6). Since OAuth 2.0 is a broad subject, we focus on selected Best Current Practice (BCP) topics, including the common types of authorization flows, and on the key aspects of bearer token processing by the protected resource server. The evolution of OAuth 2.0 towards OAuth version 2.1 implied by new internet challenges is also briefly discussed. To illustrate OAuth 2.0 procedures, we use a .NET6/C# demo implementation of client and server HTTP components, utilizing thereby well-known .NET6/C# classes such as HttpClient and HttpListener.
APA, Harvard, Vancouver, ISO, and other styles
3

Ferry, Eugene, John O Raw, and Kevin Curran. "Security evaluation of the OAuth 2.0 framework." Information & Computer Security 23, no. 1 (March 9, 2015): 73–101. http://dx.doi.org/10.1108/ics-12-2013-0089.

Full text
Abstract:
Purpose – The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and cloud-based web services have contributed to the level of integration that can be achieved between applications. This paper investigates the potential security issues of OAuth, an authorisation framework for granting third-party applications revocable access to user data. OAuth has rapidly become an interim de facto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published. To evaluate whether the OAuth 2.0 specification is truly ready for industry application, an entire OAuth client server environment was developed and validated against the speciation threat model. The research also included the analysis of the security features of several popular OAuth integrated websites and comparing those to the threat model. High-impacting exploits leading to account hijacking were identified with a number of major online publications. It is hypothesised that the OAuth 2.0 specification can be a secure authorisation mechanism when implemented correctly. Design/methodology/approach – To analyse the security of OAuth implementations in industry a list of the 50 most popular websites in Ireland was retrieved from the statistical website Alexa (Noureddine and Bashroush, 2011). Each site was analysed to identify if it utilised OAuth. Out of the 50 sites, 21 were identified with OAuth support. Each vulnerability in the threat model was then tested against each OAuth-enabled site. To test the robustness of the OAuth framework, an entire OAuth environment was required. The proposed solution would compose of three parts: a client application, an authorisation server and a resource server. The client application needed to consume OAuth-enabled services. The authorisation server had to manage access to the resource server. The resource server had to expose data from the database based on the authorisation the user would be given from the authorisation server. It was decided that the client application would consume emails from Google’s Gmail API. The authorisation and resource server were modelled around a basic task-tracking web application. The client application would also consume task data from the developed resource server. The client application would also support Single Sign On for Google and Facebook, as well as a developed identity provider “MyTasks”. The authorisation server delegated authorisation to the client application and stored cryptography information for each access grant. The resource server validated the supplied access token via public cryptography and returned the requested data. Findings – Two sites out of the 21 were found to be susceptible to some form of attack, meaning that 10.5 per cent were vulnerable. In total, 18 per cent of the world’s 50 most popular sites were in the list of 21 OAuth-enabled sites. The OAuth 2.0 specification is still very much in its infancy, but when implemented correctly, it can provide a relatively secure and interoperable authentication delegation mechanism. The IETF are currently addressing issues and expansions in their working drafts. Once a strict level of conformity is achieved between vendors and vulnerabilities are mitigated, it is likely that the framework will change the way we access data on the web and other devices. Originality/value – OAuth is flexible, in that it offers extensions to support varying situations and existing technologies. A disadvantage of this flexibility is that new extensions typically bring new security exploits. Members of the IETF OAuth Working Group are constantly refining the draft specifications and are identifying new threats to the expanding functionality. OAuth provides a flexible authentication mechanism to protect and delegate access to APIs. It solves the password re-use across multiple accounts problem and stops the user from having to disclose their credentials to third parties. Filtering access to information by scope and giving the user the option to revoke access at any point gives the user control of their data. OAuth does raise security concerns, such as defying phishing education, but there are always going to be security issues with any authentication technology. Although several high impacting vulnerabilities were identified in industry, the developed solution proves the predicted hypothesis that a secure OAuth environment can be built when implemented correctly. Developers must conform to the defined specification and are responsible for validating their implementation against the given threat model. OAuth is an evolving authorisation framework. It is still in its infancy, and much work needs to be done in the specification to achieve stricter validation and vendor conformity. Vendor implementations need to become better aligned in order to provider a rich and truly interoperable authorisation mechanism. Once these issues are resolved, OAuth will be on track for becoming the definitive authentication standard on the web.
APA, Harvard, Vancouver, ISO, and other styles
4

Jung, Seung Wook, and Souhwan Jung. "Personal OAuth authorization server and push OAuth for Internet of Things." International Journal of Distributed Sensor Networks 13, no. 6 (June 2017): 155014771771262. http://dx.doi.org/10.1177/1550147717712627.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Heo, Daeyoung, and Suntae Hwang. "OAuth based Proxy Delegation Service." Journal of Korean Society for Internet Information 13, no. 6 (December 31, 2012): 55–62. http://dx.doi.org/10.7472/jksii.2012.13.6.55.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Henry, Gavin. "Justin Richer on OAuth." IEEE Software 37, no. 1 (January 2020): 98–100. http://dx.doi.org/10.1109/ms.2019.2949648.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Leiba, Barry. "OAuth Web Authorization Protocol." IEEE Internet Computing 16, no. 1 (January 2012): 74–77. http://dx.doi.org/10.1109/mic.2012.11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Ylli, Enkli, Igli Tafa, and Ergis Gjergji. "OAUTH 2.0 IN SECURING APIS." International Journal of Research In Commerce and Management Studies 03, no. 01 (2021): 10–19. http://dx.doi.org/10.38193/ijrcms.2021.3102.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Paval, Anuja, and Amol Dange. "Secure HDFS Using OAuth 2.0." International Journal of Computer Trends and Technology 67, no. 6 (June 25, 2019): 89–92. http://dx.doi.org/10.14445/22312803/ijctt-v67i6p115.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Yu, Sung-Tae, and Soo-Hyun Oh. "OAuth-based User Authentication Framework for Internet of Things." Journal of the Korea Academia-Industrial cooperation Society 16, no. 11 (November 30, 2015): 8057–63. http://dx.doi.org/10.5762/kais.2015.16.11.8057.

Full text
APA, Harvard, Vancouver, ISO, and other styles
11

Buranasaksee, Utharn. "Incorporating OAuth Protocol into Existing Information Systems." Journal of Software 11, no. 6 (June 2016): 615–22. http://dx.doi.org/10.17706/jsw.11.6.615-622.

Full text
APA, Harvard, Vancouver, ISO, and other styles
12

Srikanth, V., Jupalli Sneha Latha, Dinne Ajay Kumar, and Kakarla Uma Maheswari. "A survey on OAUTH protocol for security." International Journal of Engineering & Technology 7, no. 1.1 (December 21, 2017): 692. http://dx.doi.org/10.14419/ijet.v7i1.1.10834.

Full text
Abstract:
Web is a dangerous place. For each administration, each API’s, there are clients who might love simply to get through the different layers of security you've raised. It is one of the most powerful open standard authorization protocols available to all API developers today. Most of the popular social network API’s like Google, Twitter and Facebook uses OAuth 2.0 protocol to intensify user experience while sign-ing-on and social sharing. The code written for authorization may be leaked during transmission which then may lead to misuse. This paper uses an attacker model to study the security vulnerabilities of the OAuth protocol. The experimental results on Google API shows that some common attacks like Phishing, Replay and Impersonation may be possible on this protocol.
APA, Harvard, Vancouver, ISO, and other styles
13

Sharif, Amir, Roberto Carbone, Giada Sciarretta, and Silvio Ranise. "Best current practices for OAuth/OIDC Native Apps." Journal of Information Security and Applications 65 (March 2022): 103097. http://dx.doi.org/10.1016/j.jisa.2021.103097.

Full text
APA, Harvard, Vancouver, ISO, and other styles
14

Moon, Jeong-Kyung, Hwang-Rae Kim, and Jin-Mook Kim. "Privilege Management System in Cloud Computing using Oauth." International Journal of Security and Its Applications 8, no. 3 (May 31, 2014): 221–34. http://dx.doi.org/10.14257/ijsia.2014.8.3.23.

Full text
APA, Harvard, Vancouver, ISO, and other styles
15

Xie, Min, Wei Huang, Li Yang, and Yixian Yang. "VOAuth: A solution to protect OAuth against phishing." Computers in Industry 82 (October 2016): 151–59. http://dx.doi.org/10.1016/j.compind.2016.06.001.

Full text
APA, Harvard, Vancouver, ISO, and other styles
16

Chae, Cheol-Joo, Kwang-Nam Choi, Kiseok Choi, Yong-Hee Yae, and YounJu Shin. "The Extended Authentication Protocol using E-mail Authentication in OAuth 2.0 Protocol for Secure Granting of User Access." Journal of Internet Computing and Services 16, no. 1 (February 28, 2015): 21–28. http://dx.doi.org/10.7472/jksii.2015.16.1.21.

Full text
APA, Harvard, Vancouver, ISO, and other styles
17

Corre, Kevin, Olivier Barais, Gerson Sunyé, Vincent Frey, and Jean-Michel Crom. "Why can’t users choose their identity providers on the web?" Proceedings on Privacy Enhancing Technologies 2017, no. 3 (July 1, 2017): 75–89. http://dx.doi.org/10.1515/popets-2017-0029.

Full text
Abstract:
Abstract Authentication delegation is a major function of the modern web. Identity Providers (IdP) acquired a central role by providing this function to other web services. By knowing which web services or web applications access its service, an IdP can violate the enduser privacy by discovering information that the user did not want to share with its IdP. For instance, WebRTC introduces a new field of usage as authentication delegation happens during the call session establishment, between two users. As a result, an IdP can easily discover that Bob has a meeting with Alice. A second issue that increases the privacy violation is the lack of choice for the end-user to select its own IdP. Indeed, on many web-applications, the end-user can only select between a subset of IdPs, in most cases Facebook or Google. In this paper, we analyze this phenomena, in particular why the end-user cannot easily select its preferred IdP, though there exists standards in this field such as OpenID Connect and OAuth 2? To lead this analysis, we conduct three investigations. The first one is a field survey on OAuth 2 and OpenID Connect scope usage by web sites to understand if scopes requested by websites could allow for user defined IdPs. The second one tries to understand whether the problem comes from the OAuth 2 protocol or its implementations by IdP. The last one tries to understand if trust relations between websites and IdP could prevent the end user to select its own IdP. Finally, we sketch possible architecture for web browser based identity management, and report on the implementation of a prototype.
APA, Harvard, Vancouver, ISO, and other styles
18

Kanmani, K. V. "Survey on Restful Web Services Using Open Authorization (Oauth)." IOSR Journal of Computer Engineering 15, no. 4 (2013): 53–56. http://dx.doi.org/10.9790/0661-1545356.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Brian, Otieno Mark, and Kyung-Hyune Rhee. "A Secure Social Networking Site based on OAuth Implementation." Journal of Korea Multimedia Society 19, no. 2 (February 28, 2016): 308–15. http://dx.doi.org/10.9717/kmms.2016.19.2.308.

Full text
APA, Harvard, Vancouver, ISO, and other styles
20

Kurniawan, Rahmat. "Perancangan dan Implementasi Sistem Otentikasi OAuth 2.0 dan PKCE Berbasis Extreme Programming (XP)." Jurnal Pendidikan dan Teknologi Indonesia 2, no. 2 (February 16, 2022): 601–11. http://dx.doi.org/10.52436/1.jpti.141.

Full text
Abstract:
Perusahaan XYZ adalah sebuah perusahaan swasta yang menyediakan sebuah produk Hospital Management System (HMS) yang bersifat subscription. Dimana lebih dari satu rumah sakit menggunakan produk ini dengan satu server yang terpusat. Permasalahan yang ingin diuji pada penilitian ini adalah adalah bagaimana merancang sistem otentikasi dan otorisasi untuk sistem HMS multitenant sehingga sistem tidak bisa digunakan oleh pihak yang tidak terdaftar. Tujuan penelitian ini adalah merancang dan menerapkan prosedur otentikasi dengan mekanisme otentikasi OAuth 2.0 dan PKCE pada aplikasi HMS multitentant dengan melibatkan suatu server dan client dalam melakukan proses otentikasi untuk mempermudah proses otentikasi pada tiap tenant. Pada penelitian ini akan melibatkan tiga aplikasi. Satu aplikasi sebagai middleware dimana terdapat halaman sign-in berbasis OAuth 2.0. Dan dua aplikasi lagi sebagai client dan server. Pada penelitian ini dilakukan proses pengembangan sistem menggunakan metode Extreme Programming (XP). Hasil dari penelitian ini berupa sistem login atau sistem otorisasi dan otentikasi yang secara nyata dapat memenuhi kebutuhan perusahaan XYZ. Sistem login ini memiliki kelebihan dimana mempermudah perusahaan XYZ untuk mengatur client yang terintegrasi dengan sistem ini dan bagi client mudah untuk menimplementasikannya.
APA, Harvard, Vancouver, ISO, and other styles
21

Nazir, Danish, and Nayeem Farooq. "Security measures needed for exposing Restful services through OAuth 2." Global Sci-Tech 11, no. 4 (2019): 206. http://dx.doi.org/10.5958/2455-7110.2019.00029.6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
22

Farooqi, Shehroze, Fareed Zaffar, Nektarios Leontiadis, and Zubair Shafiq. "Measuring and mitigating OAuth access token abuse by collusion networks." Communications of the ACM 63, no. 5 (April 20, 2020): 103–11. http://dx.doi.org/10.1145/3387720.

Full text
APA, Harvard, Vancouver, ISO, and other styles
23

Torroglosa-García, Elena, Antonio D. Pérez-Morales, Pedro Martinez-Julia, and Diego R. Lopez. "Integration of the OAuth and Web Service family security standards." Computer Networks 57, no. 10 (July 2013): 2233–49. http://dx.doi.org/10.1016/j.comnet.2012.11.027.

Full text
APA, Harvard, Vancouver, ISO, and other styles
24

Kusuma, Indra, Ajib Susanto, and Ibnu Utomo Wahyu Mulyono. "IMPLEMENTASI RESTFUL WEB SERVICES DENGAN OTORISASI OAUTH 2.0 PADA SISTEM PEMBAYARAN PARKIR." Simetris: Jurnal Teknik Mesin, Elektro dan Ilmu Komputer 10, no. 1 (April 29, 2019): 391–404. http://dx.doi.org/10.24176/simet.v10i1.3026.

Full text
Abstract:
Salah satu jenis retribusi daerah adalah retribusi parkir. Setiap pemerintah daerah memiliki wewenang dalam menetapkan tarif retribusi parkir. Tetapi, sering sekali para juru parkir meminta lebih dari tarif yang sudah ditetapkan. Hal tersebut merugikan pengguna parkir, selain harus membayar lebih, pengguna parkir sering tidak mendapatkan karcis parkir. Belum lagi pengelolaan retribusi parkir yang tidak transparan menjadi salah satu penyebab rendahnya penerimaan retribusi parkir. Permasalahan ini dapat diminimalkan dengan menerapkan teknologi RESTful web services pada sistem pembayaran retribusi parkir yang terintegrasi dan transparan sehingga diharapkan mampu menjadi alternatif solusi mengatasi masalah pengelolaan retribusi parkir yang dialami oleh Pemkot maupun Pemda di Indonesia. Metode pengembangan sistem yang digunakan yaitu Extreme Programming (XP) dengan tahap : planning (perencanaan), design (perancangan), coding (pengkodean) dan testing (pengujian). Hasil aplikasi berbasis Android yaitu Markir sebagai sarana utama mengirimkan data pembayaran parkir dan OAuth 2.0 sebagai protokol otorisasi setiap transaksi data yang dilakukan. Hasil pengujian aplikasi Markir dengan metode black-box testing, sistem telah terintegrasi dengan baik dan dilakukan berbagai tahap validasi seperti client credentials, access token dan scope akses fungsi yang tersedia pada API Markir sesuai standar protokol OAuth 2.0 sehingga transaksi data lebih aman jika dibandingkan menggunakan otorisasi API standar seperti basic-auth API ataupun API Key.
APA, Harvard, Vancouver, ISO, and other styles
25

Gashi, Edon, Blerim Rexha, and Avni Rexhepi. "Trust establishment between OAuth 2.0 resource servers using claims-based authorization." Electronic Government, an International Journal 17, no. 1 (2021): 1. http://dx.doi.org/10.1504/eg.2021.10035771.

Full text
APA, Harvard, Vancouver, ISO, and other styles
26

Gashi, Edon, Blerim Rexha, and Avni Rexhepi. "Trust establishment between OAuth 2.0 resource servers using claims-based authorisation." Electronic Government, an International Journal 17, no. 3 (2021): 339. http://dx.doi.org/10.1504/eg.2021.116027.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

Sreeram, G., S. Pradeep, Saideepthi Pabba, and Nikhat Parveen. "Quantify and alleviate OAuth approach token system exploiting by conspiracy lattice." International Journal of System of Systems Engineering 11, no. 3/4 (2021): 301. http://dx.doi.org/10.1504/ijsse.2021.121472.

Full text
APA, Harvard, Vancouver, ISO, and other styles
28

Parveen, Nikhat, Saideepthi Pabba, Pradeep S, and SREERAM GUTHA. "Quantify and Alleviate OAuth Approach Token System Exploiting by Conspiracy Lattice." International Journal of System of Systems Engineering 11, no. 3/4 (2021): 1. http://dx.doi.org/10.1504/ijsse.2021.10045170.

Full text
APA, Harvard, Vancouver, ISO, and other styles
29

Singh, Jaimandeep, and Naveen Kumar Chaudhary. "OAuth 2.0 : Architectural design augmentation for mitigation of common security vulnerabilities." Journal of Information Security and Applications 65 (March 2022): 103091. http://dx.doi.org/10.1016/j.jisa.2021.103091.

Full text
APA, Harvard, Vancouver, ISO, and other styles
30

Hong, Seongho, and Heeyoul Kim. "VaultPoint: A Blockchain-Based SSI Model that Complies with OAuth 2.0." Electronics 9, no. 8 (July 31, 2020): 1231. http://dx.doi.org/10.3390/electronics9081231.

Full text
Abstract:
An identity management including authentication and authorization in a network environment is a critical security factor. Various models for identity management have been developed continually, from the silo model to the federated model and to the recently introduced self-sovereign identity (SSI) model. In particular, SSI makes users manage their own information by themselves independently of any organizations. SSI utilizes the newly emerged blockchain technology and many studies of it are in progress. However, SSI has not had wide public use because of its low compatibility and inconvenience. This is because it involves an unfamiliar user experience and an immature process. To solve this problem, this paper proposes a new blockchain-based SSI model that complies with the popular and mature standard of OAuth 2.0. Using blockchain, the proposed model secures users’ data sovereignty where users can use and control their own information in a decentralized manner, instead of depending on a specific monopolistic service-providers. Users and clients who are familiar with the existing OAuth can easily accept the proposed model and apply it, which makes both usability and scalability of the model excellent. This paper confirmed the feasibility of the proposed model by implementing it and a security analysis was performed. The proposed model is expected to contribute to the expansion of both blockchain technology and SSI.
APA, Harvard, Vancouver, ISO, and other styles
31

Chae, Cheol-Joo, Ki-Bong Kim, and Han-Jin Cho. "A study on secure user authentication and authorization in OAuth protocol." Cluster Computing 22, S1 (August 30, 2017): 1991–99. http://dx.doi.org/10.1007/s10586-017-1119-6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
32

Lupić, Aleksandar. "PRIMENA APIGEE PLATFORME ZA UPRAVLJANJE API-JEM." Zbornik radova Fakulteta tehničkih nauka u Novom Sadu 35, no. 09 (August 27, 2020): 1559–62. http://dx.doi.org/10.24867/09be13lupic.

Full text
Abstract:
U ovom radu objašnjeni su osnovni koncepti API menadžmenta i komponente platforme Apigee za upravljanje aplikacionim programskim interfejsima. Prikazana je arhitektura platforme i REST principi na koje se ona oslanja. Predstavljene su najčešće korišćene polise za upravljanje zahtevima, kao i osnovni bezbednosni principi sa akcentom na OAuth framework. Opisani su koncepti deljenih tokova, keširanja i rukovanja greškama i kroz implementaciju rešenja prikazan je rad u okviru platforme za rešavanje problema u praksi.
APA, Harvard, Vancouver, ISO, and other styles
33

Cai, Xing Quan, Qian Qian Shi, and Li Na Duan. "Acquiring Evaluation Data of Health Habits and its Application." Advanced Materials Research 739 (August 2013): 446–49. http://dx.doi.org/10.4028/www.scientific.net/amr.739.446.

Full text
Abstract:
In this paper, we present one method of acquiring the evaluation data of health habits using FitBit sensor. After registering in Fitbit.com, we create a customer client based on OAuth protocol and obtain the authorization of operational resources. Then we access to health habits assessment data, and complete data visualization. Finally, we provide the experiments results. The experiments results prove our method is feasible and valid. Our method has been used in our practical application.
APA, Harvard, Vancouver, ISO, and other styles
34

Kim, Jinouk, Jungsoo Park, Long Nguyen-Vu, and Souhwan Jung. "A Study on Vulnerability Prevention Mechanism Due to Logout Problem Using OAuth." Journal of the Korea Institute of Information Security and Cryptology 27, no. 1 (February 28, 2017): 5–14. http://dx.doi.org/10.13089/jkiisc.2017.27.1.5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
35

Oh, Se-Ra, and Young-Gab Kim. "AFaaS: Authorization framework as a service for Internet of Things based on interoperable OAuth." International Journal of Distributed Sensor Networks 16, no. 2 (February 2020): 155014772090638. http://dx.doi.org/10.1177/1550147720906388.

Full text
Abstract:
Internet of Things has become a fundamental paradigm in our everyday lives. However, standards and technologies are often designed without considering interoperability, which is a critical issue for Internet of Things. Internet of Things environment requires interoperability to share resources (e.g. data and services) between heterogeneous Internet of Things domains. The open authorization (OAuth) 2.0 framework that is actively used in Internet of Things (as well as in conventional web environments) also did not focus on interoperability. In other words, the systems that implement the same OAuth 2.0 standard cannot interoperate without additional support. For this reason, we propose an authorization framework as a service. Authorization framework as a service provides an additional authorization layer to support standard authorization capabilities as an interoperable secure wrapper between different domains. Besides, authorization framework as a service supports the four extended authorization grant flow types to issue an interoperable access token, which has a global access scope across multiple heterogeneous domains. With the authorization framework as a service, interoperability can be supported for heterogeneous domains, and token management can also be simple because an interoperable access token can represent several existing access tokens that have local access scopes. Furthermore, this article presents a feasible interoperability scenario, implementation, and security considerations for authorization framework as a service, focusing on Internet of Things platforms.
APA, Harvard, Vancouver, ISO, and other styles
36

He, Ming Xiang, Qing Ye Sun, Feng Shan, and Xin Ming Lu. "The LAN Information Integration Model Research Based on User's Individual Needs." Applied Mechanics and Materials 263-266 (December 2012): 1527–35. http://dx.doi.org/10.4028/www.scientific.net/amm.263-266.1527.

Full text
Abstract:
A maximum-meet user’s individual needs integration model was presented in this paper, which integrated information integration thinking, Web3.0 with open platform. The model embedded Service-Oriented Architecture (SOA) framework realized the information integration. Then combined the OpenID ,OAuth, and role-based access control (RBAC) achieved single sign-on and authorization system; finally, based on Maps API Mashup applications realized the interaction between the LAN Web information and maps. The model has the advantage of friendly interface, strong replicability, and high security.
APA, Harvard, Vancouver, ISO, and other styles
37

Porciúncula, Cleber Bittencourt, Sílvio Beskow, Érico Santos Rocha, and Jeferson Campos Nobre. "Authentication and Authorization for Constrained Environments (ACE) com Framework OAuth e Protocolo CoAP." Revista ComInG - Communications and Innovations Gazette 3, no. 1 (October 22, 2018): 13. http://dx.doi.org/10.5902/2448190430934.

Full text
Abstract:
O presente artigo tem por objetivo estudar o framework ACE (Authentication and Authorization for Constrained Environments) utilizando o framework OAuth 2.0 e o protocolo CoAP. O grupo analisado explora conceitos como autenticação e autorização em ambientes restritos a conexão. Este framework, engloba um conjunto de protocolos que estão em estudo para uma padronização na utilização em dispositivos IoT. Dispositivos restritos formam redes de comunicação trocando informações entre si, necessitando de requisitos de segurança para a garantir confidencialidade, integridade e disponibilidade.
APA, Harvard, Vancouver, ISO, and other styles
38

Sujanani, Tarun, and Smitha Vinod. "Implementation of OpenIdconnect and OAuth 2.0 to create SSO for educational institutes." International Journal of Engineering & Technology 7, no. 2.6 (March 11, 2018): 153. http://dx.doi.org/10.14419/ijet.v7i2.6.10142.

Full text
Abstract:
Increase in the number of users is directly proportional to the need of verifying them. This means that any user using any website or application has to be authenticated first; this leads to the creation of multiple credentials of one user. Now if these different websites or applications are connected or belong to one single organization like a college or school, a lot of redundancy of data is there. Along with this, each user has to remember a wide range of credentials for different applications/websites. So in this paper, we address the issue of redundancy and user related problems by introducing SSO using OpenId Connect in educational institutes. We aim to mark the difference between the traditional system and proposed login by testing it on a group of users.
APA, Harvard, Vancouver, ISO, and other styles
39

Windley, Phillip J. "API Access Control with OAuth: Coordinating interactions with the Internet of Things." IEEE Consumer Electronics Magazine 4, no. 3 (July 2015): 52–58. http://dx.doi.org/10.1109/mce.2015.2421571.

Full text
APA, Harvard, Vancouver, ISO, and other styles
40

Sucasas, Victor, Georgios Mantas, Saud Althunibat, Leonardo Oliveira, Angelos Antonopoulos, Ifiok Otung, and Jonathan Rodriguez. "A privacy-enhanced OAuth 2.0 based protocol for Smart City mobile applications." Computers & Security 74 (May 2018): 258–74. http://dx.doi.org/10.1016/j.cose.2018.01.014.

Full text
APA, Harvard, Vancouver, ISO, and other styles
41

Xiao, Meihua, Daolei Cheng, Wei Li, Ya'nan Li, Xinqian Liu, and Yingtian Mei. "Formal Analysis and Verification of OAuth 2.0 Protocol Improved by Key Cryptosystems." Chinese Journal of Electronics 26, no. 3 (May 1, 2017): 477–84. http://dx.doi.org/10.1049/cje.2017.04.003.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Oh, Se-Ra, Young-Gab Kim, and Sanghyun Cho. "An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role." Sensors 19, no. 8 (April 20, 2019): 1884. http://dx.doi.org/10.3390/s19081884.

Full text
Abstract:
Due to the rapid development of Internet of Things (IoT), IoT platforms that can provide common functions for things are becoming increasingly important. However, access control frameworks in diverse IoT platforms have been developed for individual security goals, designs, and technologies. In particular, current OAuth-based access control frameworks that are widely used in IoT research have not been providing interoperability among IoT platforms even though sharing resources and services is a critical issue for IoT platforms. Therefore, we analyze the main requirements for an IoT access control framework to properly design our framework and propose an interoperable access control framework based on OAuth 2.0 and Role. Our approach describes a new extended authorization grant flow to issue an Interoperable Access Token (IAT) that has a global access scope across IoT platforms using multiple pairs of clients’ credentials. With the IAT and proposed framework, we can access client-specific domains in heterogeneous IoT platforms, then valuable resources (e.g., data and services) in the domains can be accessed by validating the roles, which will greatly simplify permission management. Furthermore, IAT supports a simple token management (e.g., token issuance, refreshing, and revocation) by managing only one token for diverse IoT platforms. In addition, we implement our interoperable access control framework on Mobius and FIWARE, which are promising open-source IoT platforms, and test an interoperability scenario to demonstrate our approach with the implementation. Furthermore, the proposed framework is compared with other IoT access control approaches based on the selected requirements in this paper.
APA, Harvard, Vancouver, ISO, and other styles
43

Watini, Sri, Pipit Nursaputri, and Muhammad Iqbal. "Comparison of CAS and Manage Oauth in Single Sign on (SSO) Client Applications." IAIC Transactions on Sustainable Digital Innovation (ITSDI) 1, no. 2 (April 29, 2020): 152–59. http://dx.doi.org/10.34306/itsdi.v1i2.147.

Full text
Abstract:
Single Sign On is one of the systems that have been developed long ago to meet the expectations of developers to provide ease and convenience of accessing data. In the development of the system, methods and protocols have been formed in varied ways to suit the needs of the developers . In a variety of methods and protocols , a developer can choose the architecture and protocols that can be used to develop the system. Central Authentication Service and Open authorization is two Single Sign On systems most widely used in the manufacture of a web log . Both can be used as the basis for the application of the system of Single Sign On for developers who intend to design a login system that is safe and comfortable , so that developers can create a system that suits his desire .
APA, Harvard, Vancouver, ISO, and other styles
44

Martynyuk, Alexander N., and Sergіj S. Surkov. "IMPROVEMENT OF SECURITY FOR WEB SERVICES BY RESEARCH AND DEVELOPMENT OF OAUTH SERVER." ELECTRICAL AND COMPUTER SYSTEMS 23, no. 99 (June 20, 2016): 99–105. http://dx.doi.org/10.15276/eltecs.23.99.2016.16.

Full text
APA, Harvard, Vancouver, ISO, and other styles
45

Choi, Jeongseok, Jaekwon Kim, Dong Kyun Lee, Kwang Soo Jang, Dai-Jin Kim, and In Young Choi. "The OAuth 2.0 Web Authorization Protocol for the Internet Addiction Bioinformatics (IABio) Database." Genomics & Informatics 14, no. 1 (2016): 20. http://dx.doi.org/10.5808/gi.2016.14.1.20.

Full text
APA, Harvard, Vancouver, ISO, and other styles
46

Phogat, Anu. "Provision of overcoming the weakness of OAuth 20 protocol in online social networking." International Journal on Recent and Innovation Trends in Computing and Communication 3, no. 3 (2015): 1657–61. http://dx.doi.org/10.17762/ijritcc2321-8169.1503166.

Full text
APA, Harvard, Vancouver, ISO, and other styles
47

Musliyana, Zuhar, Andita Ghaitsa Satira, Mahendar Dwipayana, and Ayu Helinda. "Integrated Email Management System Based Google Application Programming Interface Using OAuth 2.0 Authorization Protocol." Elkawnie 6, no. 1 (June 30, 2020): 109. http://dx.doi.org/10.22373/ekw.v6i1.5545.

Full text
Abstract:
Abstract : Google Apps is a service provided by Google that allows users to use Google products with their own domain names. Among the products offered by Google Apps are email (Gmail), Docs (Google Drive), and Classroom services. In addition, Google Apps also provides Application Programming Interface (API) services that can be used by developers to take advantage of various features provided by Google. Universitas Ubudiyah Indonesia (UUI) is one of the universities that use Google Apps service for managing student emails. At present, UUI student email management through Google Apps is still not integrated with academic information system data. As a result, UUI must allocate special resources for managing student emails manually. Based on these problems, this study proposes an integration system for UUI student email management using the Google Apps API. This system is designed using PHP programming. The Google Apps API authentication method uses OAuth 2.0. The results of this study indicate that student email management on Google Apps can be done through campus academic information systems. With this system, students can activate email independently without having to be registered manually to the Google Apps page by the campus email managers.Abstrak : Google Apps adalah sebuah layanan yang disediakan oleh Google yang memungkinkan pengguna dapat menggunakan produk google dengan nama domain sendiri. Di antaranya produk yang disediakan Google Apps yaitu layanan email (Gmail), dokumen (Google Drive), dan Classroom. Selain itu, Google Apps juga menyediakan layanan Application Programming Interface (API) yang dapat dimanfaatkan oleh pengembang untuk memanfaatkan berbagai layanan yang disediakan oleh Google. Universitas Ubudiyah Indonesia (UUI) merupakan salah satu universitas yang menggunakan layanan Google Apps untuk pengelolaan email mahasiswa. Saat ini pengelolaan email mahasiswa UUI melalui Google Apps masih belum terintegrasi dengan data sistem informasi akademik. Akibatnya UUI harus mengalokasikan sumber daya khusus untuk mengelola email mahasiswa secara manual. Berdasarkan permasalahan tersebut penelitian ini mengusulkan sistem integrasi pengelolaan email mahasiswa UUI menggunakan API Google Apps. Sistem ini dirancang menggunakan pemograman PHP. Metode autentikasi API Google Apps menggunakan OAuth 2.0. Hasil penelitian ini menunjukkan pengelolaan email mahasiswa pada Google Apps dapat dilakukan melalui sistem informasi akademik kampus. Dengan adanya sistem ini mahasiswa dapat melakukan aktivasi email secara mandiri tanpa harus didaftarkan secara manual ke halaman Google Apps oleh pengelola email kampus.
APA, Harvard, Vancouver, ISO, and other styles
48

Xu, Xingdong, Leyuan Niu, and Bo Meng. "Automatic Verification of Security Properties of OAuth 2.0 Protocol with Cryptoverif in Computational Model." Information Technology Journal 12, no. 12 (June 1, 2013): 2273–85. http://dx.doi.org/10.3923/itj.2013.2273.2285.

Full text
APA, Harvard, Vancouver, ISO, and other styles
49

Cirani, Simone, Marco Picone, Pietro Gonizzi, Luca Veltri, and Gianluigi Ferrari. "IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios." IEEE Sensors Journal 15, no. 2 (February 2015): 1224–34. http://dx.doi.org/10.1109/jsen.2014.2361406.

Full text
APA, Harvard, Vancouver, ISO, and other styles
50

González, Jorge Fontenla, Manuel Caeiro Rodríguez, Martín Llamas Nistal, and Luis Anido Rifón. "Reverse OAuth: A solution to achieve delegated authorizations in single sign-on e-learning systems." Computers & Security 28, no. 8 (November 2009): 843–56. http://dx.doi.org/10.1016/j.cose.2009.06.002.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'OAuth' for other source types:
Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography