Trust establishment between OAuth 2.0 resource servers using claims-based authorisation Online publication date: Tue, 06-Jul-2021
by Edon Gashi; Blerim Rexha; Avni Rexhepi
Electronic Government, an International Journal (EG), Vol. 17, No. 3, 2021
Abstract: The OAuth 2.0 authorisation framework is one of the most commonly used authorisation frameworks. In its specification, many implementation details are loosely defined including the relationship between resource servers and authorisation servers. This paper presents an approach for establishing trust between servers by using the authorisation server as a broker, and examines an implementation for secure exchange of scholarship information between parties. To specify access rights, claims such as roles and capabilities are assigned to resource servers. These claims are asserted by the authorisation server in the form of access tokens. Instead of relying on shared databases, the issued access tokens are used to exchange messages between resource servers. This approach is useful in scenarios where applications have no shared infrastructure or are implemented by different parties.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the Electronic Government, an International Journal (EG):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook