oauth 2 0 authorization using blockchain based tokens
play

OAuth 2.0 authorization using blockchain-based tokens Nikos - PowerPoint PPT Presentation

Oct 24, 2022 •911 likes •1.11k views

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos Resource sharing Authorization Client Resource owner Resource storage Resource access Resource

  1. OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos

  2. Resource sharing Authorization Client Resource owner Resource storage Resource access Resource server

  3. OAuth 2.0-based authorization Client Resource owner Authorization request Authorization grant

  4. OAuth 2.0-based authorization Client Resource owner Authorization request Authorization grant Authorization server Authorization grant Access token

  5. OAuth 2.0-based authorization Client Resource owner Authorization request Authorization grant Authorization server Authorization grant Access token Resource server Resource request, token Resource

  6. Our work Client Resource owner Authorization request Authorization grant Authorization server Authorization grant Access token Resource server Resource request, token Resource

  7. The Ethereum blockchain • Data “recorded” in the ledger are immutable • Decentrilized “smart contract” can be executed by untrusted nodes in a deterministic way

  8. ERC-721 ERC-721 tokens • Token Id • Owner Id • Metadata

  9. ERC-721 ERC-721 tokens ERC-721 token management • Token Id contract • Owner Id • ownerOf() • Metadata • transferFrom() • tokenURI() • approve() • getApproved()

  10. JWT { Client “iss”: Authorization Server “aud”: Resource URI “sub”: Client Key “exp”: Expiration Time “jti” : Token identifier } Authorization server Access token

  11. JWT + ERC-721 { Client “iss”: Authorization Server “aud”: Resource URI “sub”: Client Key “exp”: Expiration Time “jti” : Token identifier } Authorization server ERC-721 token Access token Token Id : jti Owner Id : Client key Metadata: JWT

  12. Accessing legacy resource servers Client Resource server Resource request, token Verify Client key ownership Resource • It facilitates logging and auditing services • Clients can at any time retrieve their access token from the blockchain

  13. Accessing resource servers with BC read access Client Resource server Resource request, token ownerOf(), tokenURI() Verify Client key ownership Resource

  14. Revocation Authorization server Client Resource server transferFrom() Resource request, token ownerOf(), tokenURI() • Revocation is asynchronous • Authorization server does not have to be online

  15. Delegation Client A Approve(Client B) Client B Resource server Resource request, token getApproved(), tokenURI() Verify Client key ownership Resource • Delegation is not transitive • Revocation is not affected

  16. Fair exchange Client Authorization server ERC-721 token Access token Token identifier Owner : Authorization server Metadata: JWT Payment transferFrom()

  17. Discussion • Existing OAuth 2.0 code-base can be re-used • In some cases our approach is transparent to OAuth endpoints • In no payments are involved then private, or testing chains can be used. • If the client does not interact with the blockchain, then ownerOf() may return any type of identifier. • (Public) blockchains have privacy issues, introduce delays (~13sec per transaction) and monetary costs (~$0.10 to create a token, $0.02 to revoke or delegate)

  18. Thank you fotiou@aueb.gr https://mm.aueb.gr/blockchains

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney <jbasney@ncsa.Illinois.edu> Brian Bockelman <bbockelm@cse.unl.edu> This material is based upon work supported by the National S cience Foundation under Grant

379 views • 20 slides
OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

* OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1 Document Status Current draft addresses WGLC feedback See

423 views • 8 slides
Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se) Gran Selander (goran.selander@ericsson.com) Erik Wahlstrm (erik.wahlstrom@nexusgroup.com) Samuel Erdtman (samuel.erdtman@nexusgroup.com) Hannes

147 views • 10 slides
An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. OAuth 2.0 Definition Why is this relevant for IXP operators? OAuth 2.0 Roles The resource owner is the user - you

523 views • 29 slides
A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle

A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle

A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle University, UK HANNES TSCHOFENIG, Arm Limited, UK As our daily lives become ever more connected, the need for security becomes more important. This

164 views • 13 slides
OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical Architect, Ping Identity Purpose Best Current Practices Document Builds mostly on RFC 8252 - OAuth 2.0 for Native Apps I-D

386 views • 10 slides
Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106, 21.11.2019, Singapore Brian Campbell, Nat Sakimura, Dave Tonge, Filip Skokan, Torsten Lodderstedt { "userinfo":{

340 views • 16 slides
Digital Coin Offerings: New SEC Guidance on Registration of Blockchain Tokens as Securities

Digital Coin Offerings: New SEC Guidance on Registration of Blockchain Tokens as Securities

Presenting a live 90-minute webinar with interactive Q&A Digital Coin Offerings: New SEC Guidance on Registration of Blockchain Tokens as Securities TUESDAY, OCTOBER 3, 2017 1pm Eastern | 12pm Central | 11am Mountain | 10am

516 views • 26 slides
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow Whats the problem As the web grows, more and more sites

786 views • 45 slides
Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of Computer Science Universitat Autnoma de Barcelona NordSec 2004 G. Navarro et al. (UAB) CADAT NordSec 2004 1 / 15 Outline Introduction 1

488 views • 38 slides
Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2 What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol 2 What is OAuth? Your Valet Key for the Web Delegated Authentication

357 views • 33 slides
OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software Engineer Adobe Research Switzerland Who is this guy, BTW? eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJhdWQiOiJjb25uZWN0MjAxNCIsImlzc

869 views • 42 slides
SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew

SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew

SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew Hanushevsky Stanford Linear Accelerator Center Stanford University Stanford University 27-May-08 http://xrootd slac stanford edu

550 views • 23 slides
Blockchain Powered Mobility Data is transforming the world Role of the DOV token Why Blockchain?

Blockchain Powered Mobility Data is transforming the world Role of the DOV token Why Blockchain?

Blockchain Powered Mobility Data is transforming the world Role of the DOV token Why Blockchain? B L O C K C H A I N P O W E R E D M O B I L I T Y All transaction-based mobility services benefit from blockchain-based structures: dApps.

1.06k views • 60 slides
Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Cryptocurrencies & Security on the Blockchain Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM execution must be deterministic. Cannot rely on outside information But sometimes that

591 views • 17 slides
bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

MAKE BLOCKCHAIN WORK FOR YOU bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2 Consensus 1 Encryption P2P Networks Time Stamp Challenges addressed by blockchain Regulatory and compliance pressures

669 views • 14 slides
Multiple Graph Processing Naming and Addressing Alastair Green Neo Technology Cypher Language

Multiple Graph Processing Naming and Addressing Alastair Green Neo Technology Cypher Language

Multiple Graph Processing Naming and Addressing Alastair Green Neo Technology Cypher Language Group opencypher.org | opencypher@googlegroups.com opencypher.org | opencypher@googlegroups.com Problem #1 Loading and saving > 1 Store >

714 views • 12 slides
What is Scripting? ! Yes! The name comes from written script CSCI: 4500/6500 Programming such as

What is Scripting? ! Yes! The name comes from written script CSCI: 4500/6500 Programming such as

What is Scripting? ! Yes! The name comes from written script CSCI: 4500/6500 Programming such as screenplay, where dialog is repeated verbatim for every performance Languages Scripting Languages Chapter 13 1 2 Maria Hybinette, UGA Maria

308 views • 6 slides
The use of the SIPS URI Scheme in SIP draft-ietf-sip-sips-05 Franois Audet - audet@nortel.com

The use of the SIPS URI Scheme in SIP draft-ietf-sip-sips-05 Franois Audet - audet@nortel.com

The use of the SIPS URI Scheme in SIP draft-ietf-sip-sips-05 Franois Audet - audet@nortel.com draft-sip-sips-05 Status Since draft-ietf-sip-sips-02, 3 iterations of the working group document Almost went WGLC on draft-ietf-sip-

77 views • 6 slides
A Collaborative Named Entity Focused URI Collection to Explore Web Archives Workshop on Web

A Collaborative Named Entity Focused URI Collection to Explore Web Archives Workshop on Web

A Collaborative Named Entity Focused URI Collection to Explore Web Archives Workshop on Web Archiving and Digital Libraries Sergej Wildemann & Helge Holzmann June 6, 2019 L3S Research Center - University of Hannover - Germany Introduction

802 views • 22 slides
Getting Things Done with REST http://ian S robinson.com @ian S robinson

Getting Things Done with REST http://ian S robinson.com @ian S robinson

Getting Things Done with REST http://ian S robinson.com @ian S robinson Getting Things Done Pick your path to adventure Executing a specialism in a generalized

679 views • 38 slides
Simplicity in Practice https://xkcd.com/1349/ Words, words, words. Hamlet, Act 2 Scene

Simplicity in Practice https://xkcd.com/1349/ Words, words, words. Hamlet, Act 2 Scene

Simplicity in Practice https://xkcd.com/1349/ Words, words, words. Hamlet, Act 2 Scene 2 simple, adj. one fold/braid one role, task, concept, dimension antonym: complex, interleaved, of many parts objective measure

481 views • 44 slides
STORAGE CONTENT PROVIDER Storage File System Linux OS Internal External (Flash Memory) (SD

STORAGE CONTENT PROVIDER Storage File System Linux OS Internal External (Flash Memory) (SD

STORAGE CONTENT PROVIDER Storage File System Linux OS Internal External (Flash Memory) (SD card) ..\AppData\Local\Android\sdk\platform-tools\adb Exploring the file system File System Android allows to persists application data via the

560 views • 31 slides
Limitless HTTP in an HTTPS World Inferring the Semantics of the HTTPS Protocol without Decryption

Limitless HTTP in an HTTPS World Inferring the Semantics of the HTTPS Protocol without Decryption

Limitless HTTP in an HTTPS World Inferring the Semantics of the HTTPS Protocol without Decryption Blake Anderson, PhD ; Andrew Chi ; Scott Dunlop ; and David McGrew, PhD Cisco, University of North Carolina contact:

363 views • 22 slides

More recommend