摘要
认证与授权是保障网络资源安全授权访问的重要技术,而委托可增强授权机制的动态性、灵活性和规模性。OAuth2.0规范给出了一个开放的委托授权架构,并得到广泛应用,但不适用于需要更强安全特性的场合。通过对OAuth 2.0进行扩展,提出一种Web应用环境下的安全委托授权架构。基于所有权证明(Proof-of-Possession,PoP)安全机制,提出客户端认证到资源服务器的方案,描述PoP密钥绑定到PoP令牌的方法,并详细讨论架构的总体结构和实施流程以及委托的撤销等相关问题。
Authentication and authorization are the important technologies to ensure the secure access to the Web resources,and the delegation can strengthen the dynamicity,flexibility and scalability of authorization mechanism. OAuth( open authorization)2. 0 specification defines an open delegation authorization framework and is used in a wide variety of applications,but it is not applicative to the scenarios that require stronger security properties. By extending the functionalities of the OAuth 2. 0,a secure delegation authorization framework for the Web application environment is proposed. In the proposed framework,the scheme of client authentication to the resource server is proposed based on the proof-of-possession( Po P) security mechanism,and the method to bind Po P key to Po P token is described. Finally,the related issues in the framework such as the overall architecture,the abstract implementation flow and the revocation of delegation are discussed in detail.
出处
《计算机与现代化》
2016年第8期105-108,122,共5页
Computer and Modernization
基金
广东第二师范学院教授科研专项基金资助项目(2014ARF24)
关键词
开放授权架构
委托
授权
认证
所有权证明
open authorization(OAuth) framework
delegation
authorization
authentication
proof-of-possession