Title: Trust establishment between OAuth 2.0 resource servers using claims-based authorisation

Authors: Edon Gashi; Blerim Rexha; Avni Rexhepi

Addresses: Faculty of Electrical and Computer Engineering, University of Prishtina, Prishtina, 10000, Kosovo ' Faculty of Electrical and Computer Engineering, University of Prishtina, Prishtina, 10000, Kosovo ' Faculty of Electrical and Computer Engineering, University of Prishtina, Prishtina, 10000, Kosovo

Abstract: The OAuth 2.0 authorisation framework is one of the most commonly used authorisation frameworks. In its specification, many implementation details are loosely defined including the relationship between resource servers and authorisation servers. This paper presents an approach for establishing trust between servers by using the authorisation server as a broker, and examines an implementation for secure exchange of scholarship information between parties. To specify access rights, claims such as roles and capabilities are assigned to resource servers. These claims are asserted by the authorisation server in the form of access tokens. Instead of relying on shared databases, the issued access tokens are used to exchange messages between resource servers. This approach is useful in scenarios where applications have no shared infrastructure or are implemented by different parties.

Keywords: authorisation; OAuth; trust; security.

DOI: 10.1504/EG.2021.116027

Electronic Government, an International Journal, 2021 Vol.17 No.3, pp.339 - 353

Accepted: 04 May 2020
Published online: 21 Apr 2021 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article