DOAuth 2.0: A Decentralized Authorization Protocol based on OAuth 2.0
- Title
- DOAuth 2.0: A Decentralized Authorization Protocol based on OAuth 2.0
- Authors
- 홍상원
- Date Issued
- 2021
- Publisher
- 포항공과대학교
- Abstract
- Authorization problems deal with how to give third parties access to specific resources. OAuth 2.0 is an open standard protocol for authorization that is widely used in industry. OAuth 2.0 enables a resource owner, i.e. a user, to grant a client access to user resources without disclosing his user credentials. However, OAuth 2.0 has several problems: (1) it is complicated to meet security requirements because so many parts in the OAuth 2.0 core specification, i.e. RFC 6749, are left optional for flexibility; (2) it depends on centralized authorization servers, e.g. Google, Facebook or Yahoo, so that if authorization servers are compromised, the compromise cascades throughout clients; (3) it is inefficient because a user should grant each client access to the same resources every time. Moreover, there are strong trends to strengthen user sovereignty over user resources such as GDPR (General Data Protection Regulation) and SSI (Self-Sovereign Identity).
In this thesis, we propose DOAuth 2.0, a decentralized authorization protocol that applies blockchain technology to OAuth 2.0. It is shown that DOAuth 2.0 solves the problems of OAuth 2.0 while keeping the open standard of OAuth 2.0. In addition, DOAuth 2.0 fits well with the current trends to strengthen user sovereignty over user resources.
- URI
- http://postech.dcollection.net/common/orgView/200000372539
https://oasis.postech.ac.kr/handle/2014.oak/112052
- Article Type
- Thesis
- Files in This Item:
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.