An analysis on the revoking mechanisms for JSON Web Tokens.

This article describes an architecture for authentication and uniform access to protected data stored on popular Cloud Storage Service Providers. ... and Google Drive using the authentication mechanism of the E-Id card as a unique access token. ... Concerning the JSON responses, the formats actually uses by Cloudpt are identical to the previous provider, one type for file and one type for directory responses. ...

doi:10.1109/cloudcom.2013.71 dblp:conf/cloudcom/GouveiaCSA13 fatcat:plfg4vgpunbjtf5gkmvgcnxr6i

Users interact with DIRAC via command line, using the web portal or accessing resources via the DIRAC python API. The current DIRAC API requires users to use a python version valid for DIRAC. ... These delegated credentials allow the third party software to query to DIRAC on behalf of the users. ... Acknowledgments The presented work has been financed by Comisión Interministerial de Ciencia y Tecnología (CICYT) (project FPA2010-21885-C02-01 and CPAN CSD2007-00042 from Programa Consolider-Ingenio 2010 ...

doi:10.1088/1742-6596/396/5/052019 fatcat:zv6rpezfvndjpl6r7gtksk4nvy

In this paper, a review of the Open stack presented, bringing out different kinds of vulnerabilities that exist in authenticating the users and a federation method using JSON tokens showed that help eliminating ... Users are concerned about the security of their software data hosted on third-party IT infrastructure. Open Stack cloud computing platform is being used by many for implementing private clouds. ... Implementing JSON Tokens within Open Stack Overview on JSON Tokens JSON tokens are non-persistent, which are based on the JSON Web Token standard and implement the same as another component with the ...

doi:10.30534/ijatcse/2019/143862019 fatcat:njkikbraxrdz7b74663catp55y

With the advancement in the area of cloud storage services as well as a tremendous growth of social networking sites, permission for one web service to act on the behalf of another has become increasingly ... Security analysis and performance evaluation are given to validate the proposed scheme. ... The use of a structured token value like JSON Web Token (JWT) is recommended. ...

doi:10.9717/kmms.2016.19.2.308 fatcat:ixhmufcgobcfvefe2fwmcsuvom

Open Access

Access to computer systems and the information held on them, be it commercially or personally sensitive, is naturally, strictly controlled by both legal and technical security measures. ... One such method is digital identity, which is used to authenticate and authorize users to provide access to IT infrastructure to perform official, financial or sensitive operations within organisations ... OpenID Connect uses two main types of tokens: an access token and an ID token. The ID contains information about the authenticated user and it is a JWT (JSON Web Token). ...

doi:10.1109/rcis.2017.7956534 dblp:conf/rcis/NaikJ17 fatcat:kixptcxeavalnflld5qsgoxwz4

In this paper we investigate the security implications of SSO and offer an in-depth analysis of account hijacking on the modern Web. ... To remedy this we propose Single Sign-Off, an extension to OpenID Connect for universally revoking access to all the accounts associated with the hijacked identity provider account. ... Acknowledgements We would like to thank the anonymous reviewers for their helpful feedback. ...

dblp:conf/uss/GhasemisharifRC18 fatcat:z63kg7xt4jdnldmeboqr7anxwm

This deliverable provides an introduction into the bartering and trading of resources in the symbIoTe context, as well as a report on the discussion on security and access scopes. ... ABAC can be implemented with one of the authorization tokens: Macaroons or JSON Web Tokensan extensive analysis has shown the latter to be optimal for symbIoTe. ... JSON Web Tokens (JWT). ...

doi:10.5281/zenodo.817470 fatcat:ycezuermy5hixfnvnliz2ht7pa

Open Access

OAuth has rapidly become an interim defacto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published. ... This paper investigates the potential security issues of OAuth, an authorisation framework for granting third party applications revocable access to user data. ... Google also returns an id_token attribute in the JSON response when requesting an access token with scope for user information. ...

doi:10.1108/ics-12-2013-0089 fatcat:43hnsyr67vhbnhqf23y3yd2ezq

This paper is an overview of JSON Web Token (JWT) and Transport Layer Security (TLS) as two primary approaches for authentication of the things on the Internet. ... JSON Web Token (JWT) is used extensively today for authorization and authentication within the OAuth and the OpenId framework. ... JSON Web Token The JSON Web Token (JWT), defined by [RFC7519] enable digitally secure representation and exchange of claims between two or more parties on the internet. ...

arXiv:1903.02895v1 fatcat:rexc7z3jwndijfbc5jsde3preq

The paper also describes an approach to establishing a secure mechanism for communicating with IoT devices, using pull-communications. ... This paper examines the components of the MEAN development stack (MongoDb, Express.js, Angular.js, & Node.js), and demonstrate their benefits and appropriateness to be used in implementing RESTful web-service ... The finer granularity this method offers means that a user can revoke access for a given token (for example, a particular client application), without effecting other tokens. ...

doi:10.1109/wf-iot.2015.7389066 dblp:conf/wf-iot/PoulterJC15 fatcat:3x6kxwaey5epzggqriygq5qwai

Our approach features distributed and decoupled mechanisms for authentication and authorization services in complex scenarios embracing heterogeneous and federated IoT platforms, by leveraging Attribute ... Based Access Control and token-based authorization techniques. ... ; we design interfaces and interactions among components in the aforementioned architecture; we propose two possible technical solutions for the token format, that are Macaroons and JSON Web Tokens (JWTs ...

doi:10.1007/978-3-319-56877-5_8 fatcat:7mt6ixsz2necfcyv22n7cplapa

This deliverable documents the final version of the symbIoTe Level-1 compliance system, i.e., the symbIoTe Core Services system and the necessary IoT platform adaptors. ... It also revokes home tokens when the expiration date indicated in the token expires or, asynchronously, when an abnormal, frequent unauthorized use is detected or the user wants to revoke it on purpose ... An additional interface is used for push mechanism, where notifications are linked via WebSocket with the client application. ...

doi:10.5281/zenodo.830233 fatcat:ftwlofalcnakrmvx2xqnjeut7u

Open Access

The mechanism for delegate authorization and revocation is explored. ... Inspired by the smart contract on top of a blockchain protocol, this paper proposes BlendCAC, which is a decentralized, federated capability-based AC mechanism to enable effective protection for devices ... on the experimental web service system. ...

doi:10.3390/computers7030039 fatcat:gs5bc3ojmbexpb2lkhigisphza

DOAJ

The solution is based on creating a central single entry point for authentication and implementing an RBAC policy that will filter every request based on access roles that the requesting user has. ... Delegating these processes to be handled by the third party is not suitable for some web applications that are deployed in a less resourceful environment, e.g. organization with high internet downtime ... JSON Web Tokens: It's a form of JSON strings used to perform authentication and information exchange in the system [14] . ...

doi:10.35940/ijeat.d2474.0410421 fatcat:edki7wirijfzdjn22kk5tq5czq

Open Access

Acknowledgements The authors would like to thank David Wagner, Nikhil Swamy and the anonymous reviewers for their helpful comments leading to significant improvements to this paper. ... We would also like to acknowledge the Mozilla and Facebook security teams for prompt and constructive discussions about our attacks. ... Combining DJCL and DJSON, we implemented a family of emerging IETF standards for JSON cryptography (JOSE), including JSON Web Tokens (JWT) and JSON Web Encryption (JWE) [25] Applications We revisit ...

dblp:conf/uss/BhargavanDM13 fatcat:spuif3bjxjgvfp75yejkbl5che

E-Id Authentication and Uniform Access to Cloud Storage Service Providers

Preserved Fulltext

DIRAC RESTful API

Preserved Fulltext

Improving the Open Stack Authentication system through federation with JASON Tokens

Preserved Fulltext

A Secure Social Networking Site based on OAuth Implementation

Preserved Fulltext

Securing digital identities in the cloud by selecting an apposite Federated Identity Management from SAML, OAuth and OpenID Connect

Preserved Fulltext

O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web

Preserved Fulltext

D3.1 - Basic Resource Trading Mechanisms And Access Scopes

Preserved Fulltext

Security evaluation of the OAuth 2.0 framework

Preserved Fulltext

JSON Web Token (JWT) based client authentication in Message Queuing Telemetry Transport (MQTT) [article]

Preserved Fulltext

Using the MEAN stack to implement a RESTful service for an Internet of Things application

Preserved Fulltext

Attribute-Based Access Control Scheme in Federated IoT Platforms [chapter]

Preserved Fulltext

D2.5 - Final Symbiote Virtual Iot Environment Implementation

Preserved Fulltext

BlendCAC: A Smart Contract Enabled Decentralized Capability-Based Access Control Mechanism for the IoT

Preserved Fulltext

Designing Information System for Private Network using RBAC, FGAC and Micro service Architecture

Preserved Fulltext

Language-based Defenses Against Untrusted Browser Origins

Preserved Fulltext