Filters








357 Hits in 6.6 sec

E-Id Authentication and Uniform Access to Cloud Storage Service Providers

Joao Gouveia, Paul Andrew Crocker, Simao Melo de Sousa, Ricardo Azevedo
2013 2013 IEEE 5th International Conference on Cloud Computing Technology and Science  
This article describes an architecture for authentication and uniform access to protected data stored on popular Cloud Storage Service Providers.  ...  and Google Drive using the authentication mechanism of the E-Id card as a unique access token.  ...  Concerning the JSON responses, the formats actually uses by Cloudpt are identical to the previous provider, one type for file and one type for directory responses.  ... 
doi:10.1109/cloudcom.2013.71 dblp:conf/cloudcom/GouveiaCSA13 fatcat:plfg4vgpunbjtf5gkmvgcnxr6i

DIRAC RESTful API

A Casajus Ramo, R Graciani Diaz, A Tsaregorodtsev
2012 Journal of Physics, Conference Series  
Users interact with DIRAC via command line, using the web portal or accessing resources via the DIRAC python API. The current DIRAC API requires users to use a python version valid for DIRAC.  ...  These delegated credentials allow the third party software to query to DIRAC on behalf of the users.  ...  Acknowledgments The presented work has been financed by Comisión Interministerial de Ciencia y Tecnología (CICYT) (project FPA2010-21885-C02-01 and CPAN CSD2007-00042 from Programa Consolider-Ingenio 2010  ... 
doi:10.1088/1742-6596/396/5/052019 fatcat:zv6rpezfvndjpl6r7gtksk4nvy

Improving the Open Stack Authentication system through federation with JASON Tokens

M Trinath Basu
2019 International Journal of Advanced Trends in Computer Science and Engineering  
In this paper, a review of the Open stack presented, bringing out different kinds of vulnerabilities that exist in authenticating the users and a federation method using JSON tokens showed that help eliminating  ...  Users are concerned about the security of their software data hosted on third-party IT infrastructure. Open Stack cloud computing platform is being used by many for implementing private clouds.  ...  Implementing JSON Tokens within Open Stack Overview on JSON Tokens JSON tokens are non-persistent, which are based on the JSON Web Token standard and implement the same as another component with the  ... 
doi:10.30534/ijatcse/2019/143862019 fatcat:njkikbraxrdz7b74663catp55y

A Secure Social Networking Site based on OAuth Implementation

Otieno Mark Brian, Kyung-Hyune Rhee
2016 Journal of Korea Multimedia Society  
With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly  ...  Security analysis and performance evaluation are given to validate the proposed scheme.  ...  The use of a structured token value like JSON Web Token (JWT) is recommended.  ... 
doi:10.9717/kmms.2016.19.2.308 fatcat:ixhmufcgobcfvefe2fwmcsuvom

Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect

Nitin Naik, Paul Jenkins
2017 2017 11th International Conference on Research Challenges in Information Science (RCIS)  
Access to computer systems and the information held on them, be it commercially or personally sensitive, is naturally, strictly controlled by both legal and technical security measures.  ...  One such method is digital identity, which is used to authenticate and authorize users to provide access to IT infrastructure to perform official, financial or sensitive operations within organisations  ...  OpenID Connect uses two main types of tokens: an access token and an ID token. The ID contains information about the authenticated user and it is a JWT (JSON Web Token).  ... 
doi:10.1109/rcis.2017.7956534 dblp:conf/rcis/NaikJ17 fatcat:kixptcxeavalnflld5qsgoxwz4

O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web

Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, Jason Polakis
2018 USENIX Security Symposium  
In this paper we investigate the security implications of SSO and offer an in-depth analysis of account hijacking on the modern Web.  ...  To remedy this we propose Single Sign-Off, an extension to OpenID Connect for universally revoking access to all the accounts associated with the hijacked identity provider account.  ...  Acknowledgements We would like to thank the anonymous reviewers for their helpful feedback.  ... 
dblp:conf/uss/GhasemisharifRC18 fatcat:z63kg7xt4jdnldmeboqr7anxwm

D3.1 - Basic Resource Trading Mechanisms And Access Scopes

Peter Reichl, Giuseppe Bianchi, Gennaro Boggia, Daniele Caldarola, Gerard Frankowski, Joao Garcia, Elena Garrido Ostermann, Nemanja Ignjatov, Gabriel Kovacs, Michal Pilc, Giuseppe Piro, Savio Sciancalepore
2016 Zenodo  
This deliverable provides an introduction into the bartering and trading of resources in the symbIoTe context, as well as a report on the discussion on security and access scopes.  ...  ABAC can be implemented with one of the authorization tokens: Macaroons or JSON Web Tokensan extensive analysis has shown the latter to be optimal for symbIoTe.  ...  JSON Web Tokens (JWT).  ... 
doi:10.5281/zenodo.817470 fatcat:ycezuermy5hixfnvnliz2ht7pa

Security evaluation of the OAuth 2.0 framework

Eugene Ferry, John O Raw, Kevin Curran
2015 Information and Computer Security  
OAuth has rapidly become an interim defacto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published.  ...  This paper investigates the potential security issues of OAuth, an authorisation framework for granting third party applications revocable access to user data.  ...  Google also returns an id_token attribute in the JSON response when requesting an access token with scope for user information.  ... 
doi:10.1108/ics-12-2013-0089 fatcat:43hnsyr67vhbnhqf23y3yd2ezq

JSON Web Token (JWT) based client authentication in Message Queuing Telemetry Transport (MQTT) [article]

Krishna Shingala
2019 arXiv   pre-print
This paper is an overview of JSON Web Token (JWT) and Transport Layer Security (TLS) as two primary approaches for authentication of the things on the Internet.  ...  JSON Web Token (JWT) is used extensively today for authorization and authentication within the OAuth and the OpenId framework.  ...  JSON Web Token The JSON Web Token (JWT), defined by [RFC7519] enable digitally secure representation and exchange of claims between two or more parties on the internet.  ... 
arXiv:1903.02895v1 fatcat:rexc7z3jwndijfbc5jsde3preq

Using the MEAN stack to implement a RESTful service for an Internet of Things application

Andrew John Poulter, Steven J. Johnston, Simon J. Cox
2015 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT)  
The paper also describes an approach to establishing a secure mechanism for communicating with IoT devices, using pull-communications.  ...  This paper examines the components of the MEAN development stack (MongoDb, Express.js, Angular.js, & Node.js), and demonstrate their benefits and appropriateness to be used in implementing RESTful web-service  ...  The finer granularity this method offers means that a user can revoke access for a given token (for example, a particular client application), without effecting other tokens.  ... 
doi:10.1109/wf-iot.2015.7389066 dblp:conf/wf-iot/PoulterJC15 fatcat:3x6kxwaey5epzggqriygq5qwai

Attribute-Based Access Control Scheme in Federated IoT Platforms [chapter]

Savio Sciancalepore, Michał Pilc, Svenja Schröder, Giuseppe Bianchi, Gennaro Boggia, Marek Pawłowski, Giuseppe Piro, Marcin Płóciennik, Hannes Weisgrab
2017 Lecture Notes in Computer Science  
Our approach features distributed and decoupled mechanisms for authentication and authorization services in complex scenarios embracing heterogeneous and federated IoT platforms, by leveraging Attribute  ...  Based Access Control and token-based authorization techniques.  ...  ; we design interfaces and interactions among components in the aforementioned architecture; we propose two possible technical solutions for the token format, that are Macaroons and JSON Web Tokens (JWTs  ... 
doi:10.1007/978-3-319-56877-5_8 fatcat:7mt6ixsz2necfcyv22n7cplapa

D2.5 - Final Symbiote Virtual Iot Environment Implementation

Matteo Pardi, Gianluca Insolvibile, Tomasz Rajtar, Mateusz Łukaszenko, Szymon Mueller, Artur Jaworski, Mikołaj Dobski, Vasileios Glykantzis, Tilemachos Pechlivanoglou, Daniele Caldarola, Nemanja Ignjatov, Jose Antonio Sanchez
2017 Zenodo  
This deliverable documents the final version of the symbIoTe Level-1 compliance system, i.e., the symbIoTe Core Services system and the necessary IoT platform adaptors.  ...  It also revokes home tokens when the expiration date indicated in the token expires or, asynchronously, when an abnormal, frequent unauthorized use is detected or the user wants to revoke it on purpose  ...  An additional interface is used for push mechanism, where notifications are linked via WebSocket with the client application.  ... 
doi:10.5281/zenodo.830233 fatcat:ftwlofalcnakrmvx2xqnjeut7u

BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

Ronghua Xu, Yu Chen, Erik Blasch, Genshe Chen
2018 Computers  
The mechanism for delegate authorization and revocation is explored.  ...  Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices  ...  on the experimental web service system.  ... 
doi:10.3390/computers7030039 fatcat:gs5bc3ojmbexpb2lkhigisphza

Designing Information System for Private Network using RBAC, FGAC and Micro service Architecture

Arjit Mishra, Surendra Gupta, Swarnim Soni
2021 International Journal of Engineering and Advanced Technology  
The solution is based on creating a central single entry point for authentication and implementing an RBAC policy that will filter every request based on access roles that the requesting user has.  ...  Delegating these processes to be handled by the third party is not suitable for some web applications that are deployed in a less resourceful environment, e.g. organization with high internet downtime  ...  JSON Web Tokens: It's a form of JSON strings used to perform authentication and information exchange in the system [14] .  ... 
doi:10.35940/ijeat.d2474.0410421 fatcat:edki7wirijfzdjn22kk5tq5czq

Language-based Defenses Against Untrusted Browser Origins

Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Sergio Maffeis
2013 USENIX Security Symposium  
Acknowledgements The authors would like to thank David Wagner, Nikhil Swamy and the anonymous reviewers for their helpful comments leading to significant improvements to this paper.  ...  We would also like to acknowledge the Mozilla and Facebook security teams for prompt and constructive discussions about our attacks.  ...  Combining DJCL and DJSON, we implemented a family of emerging IETF standards for JSON cryptography (JOSE), including JSON Web Tokens (JWT) and JSON Web Encryption (JWE) [25] Applications We revisit  ... 
dblp:conf/uss/BhargavanDM13 fatcat:spuif3bjxjgvfp75yejkbl5che
« Previous Showing results 1 — 15 out of 357 results