Internet Archive Scholar

OAuth 2.0 Authorization using Blockchain-based Tokens

Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos
2020 Proceedings 2020 Workshop on Decentralized IoT Systems and Security   unpublished

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (256.7 kB)
https://web.archive.org/web/20210820011212/https://www.ndss-symposium.org/wp-content/uploads/2020/04/diss2020-23002-paper.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

OAuth 2.0 is the industry-standard protocol for authorization. It facilitates secure service provisioning, as well as secure interoperability among diverse stakeholders. All OAuth 2.0 protocol flows result in the creation of an access token, which is then used by a user to request access to a protected resource. Nevertheless, the definition of access tokens is transparent to the OAuth 2.0 protocol, which does not specify any particular token format, how tokens are generated, or how they are
more » ... . Instead, the OAuth 2.0 specification leaves all these as design choices for integrators. In this paper, we propose a new type of OAuth 2.0 token backed by a distributed ledger. Our construction is secure, and it supports proof-of-possession, auditing, and accountability. Furthermore, we provide added-value token management services, including revocation, delegation, and fair exchange, by leveraging smart contracts. We realized a proof-ofconcept implementation of our solution using Ethereum smart contracts and the ERC-721 token specification.
doi:10.14722/diss.2020.23002 fatcat:3jad64jcbngjtdbhbxyvxye5cm
Citation

Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos. "OAuth 2.0 Authorization using Blockchain-based Tokens." Proceedings 2020 Workshop on Decentralized IoT Systems and Security (2020)