oauth 2 0 authorization using blockchain based tokens
play

OAuth 2.0 authorization using blockchain-based tokens Nikos - PowerPoint PPT Presentation

Oct 24, 2022 •911 likes •1.11k views

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos Resource sharing Authorization Client Resource owner Resource storage Resource access Resource

  1. OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos

  2. Resource sharing Authorization Client Resource owner Resource storage Resource access Resource server

  3. OAuth 2.0-based authorization Client Resource owner Authorization request Authorization grant

  4. OAuth 2.0-based authorization Client Resource owner Authorization request Authorization grant Authorization server Authorization grant Access token

  5. OAuth 2.0-based authorization Client Resource owner Authorization request Authorization grant Authorization server Authorization grant Access token Resource server Resource request, token Resource

  6. Our work Client Resource owner Authorization request Authorization grant Authorization server Authorization grant Access token Resource server Resource request, token Resource

  7. The Ethereum blockchain • Data “recorded” in the ledger are immutable • Decentrilized “smart contract” can be executed by untrusted nodes in a deterministic way

  8. ERC-721 ERC-721 tokens • Token Id • Owner Id • Metadata

  9. ERC-721 ERC-721 tokens ERC-721 token management • Token Id contract • Owner Id • ownerOf() • Metadata • transferFrom() • tokenURI() • approve() • getApproved()

  10. JWT { Client “iss”: Authorization Server “aud”: Resource URI “sub”: Client Key “exp”: Expiration Time “jti” : Token identifier } Authorization server Access token

  11. JWT + ERC-721 { Client “iss”: Authorization Server “aud”: Resource URI “sub”: Client Key “exp”: Expiration Time “jti” : Token identifier } Authorization server ERC-721 token Access token Token Id : jti Owner Id : Client key Metadata: JWT

  12. Accessing legacy resource servers Client Resource server Resource request, token Verify Client key ownership Resource • It facilitates logging and auditing services • Clients can at any time retrieve their access token from the blockchain

  13. Accessing resource servers with BC read access Client Resource server Resource request, token ownerOf(), tokenURI() Verify Client key ownership Resource

  14. Revocation Authorization server Client Resource server transferFrom() Resource request, token ownerOf(), tokenURI() • Revocation is asynchronous • Authorization server does not have to be online

  15. Delegation Client A Approve(Client B) Client B Resource server Resource request, token getApproved(), tokenURI() Verify Client key ownership Resource • Delegation is not transitive • Revocation is not affected

  16. Fair exchange Client Authorization server ERC-721 token Access token Token identifier Owner : Authorization server Metadata: JWT Payment transferFrom()

  17. Discussion • Existing OAuth 2.0 code-base can be re-used • In some cases our approach is transparent to OAuth endpoints • In no payments are involved then private, or testing chains can be used. • If the client does not interact with the blockchain, then ownerOf() may return any type of identifier. • (Public) blockchains have privacy issues, introduce delays (~13sec per transaction) and monetary costs (~$0.10 to create a token, $0.02 to revoke or delegate)

  18. Thank you fotiou@aueb.gr https://mm.aueb.gr/blockchains

Recommend

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney <jbasney@ncsa.Illinois.edu> Brian Bockelman <bbockelm@cse.unl.edu> This material is based upon work supported by the National S cience Foundation under Grant

379 views • 20 slides
OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

* OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1 Document Status Current draft addresses WGLC feedback See

423 views • 8 slides
Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se) Gran Selander (goran.selander@ericsson.com) Erik Wahlstrm (erik.wahlstrom@nexusgroup.com) Samuel Erdtman (samuel.erdtman@nexusgroup.com) Hannes

147 views • 10 slides
An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. OAuth 2.0 Definition Why is this relevant for IXP operators? OAuth 2.0 Roles The resource owner is the user - you

523 views • 29 slides
A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle

A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle

A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle University, UK HANNES TSCHOFENIG, Arm Limited, UK As our daily lives become ever more connected, the need for security becomes more important. This

164 views • 13 slides
OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical Architect, Ping Identity Purpose Best Current Practices Document Builds mostly on RFC 8252 - OAuth 2.0 for Native Apps I-D

386 views • 10 slides
Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106, 21.11.2019, Singapore Brian Campbell, Nat Sakimura, Dave Tonge, Filip Skokan, Torsten Lodderstedt { "userinfo":{

340 views • 16 slides
Digital Coin Offerings: New SEC Guidance on Registration of Blockchain Tokens as Securities

Digital Coin Offerings: New SEC Guidance on Registration of Blockchain Tokens as Securities

Presenting a live 90-minute webinar with interactive Q&A Digital Coin Offerings: New SEC Guidance on Registration of Blockchain Tokens as Securities TUESDAY, OCTOBER 3, 2017 1pm Eastern | 12pm Central | 11am Mountain | 10am

516 views • 26 slides
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow Whats the problem As the web grows, more and more sites

786 views • 45 slides
Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of

Chained and Delegable Authorization Tokens G. Navarro J. Garca J. A. Ortega-Ruiz Dept. of Computer Science Universitat Autnoma de Barcelona NordSec 2004 G. Navarro et al. (UAB) CADAT NordSec 2004 1 / 15 Outline Introduction 1

488 views • 38 slides
Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2 What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol 2 What is OAuth? Your Valet Key for the Web Delegated Authentication

357 views • 33 slides
OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software Engineer Adobe Research Switzerland Who is this guy, BTW? eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJhdWQiOiJjb25uZWN0MjAxNCIsImlzc

869 views • 42 slides
SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew

SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew

SRM Space Tokens SRM Space Tokens SRM Space Tokens SRM Space Tokens Scalla/xrootd Andrew Hanushevsky Stanford Linear Accelerator Center Stanford University Stanford University 27-May-08 http://xrootd slac stanford edu

550 views • 23 slides
Blockchain Powered Mobility Data is transforming the world Role of the DOV token Why Blockchain?

Blockchain Powered Mobility Data is transforming the world Role of the DOV token Why Blockchain?

Blockchain Powered Mobility Data is transforming the world Role of the DOV token Why Blockchain? B L O C K C H A I N P O W E R E D M O B I L I T Y All transaction-based mobility services benefit from blockchain-based structures: dApps.

1.06k views • 60 slides
Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM

Cryptocurrencies & Security on the Blockchain Oracles and Tokens Prof. Tom Austin San Jos State University Oracles Motivation EVM execution must be deterministic. Cannot rely on outside information But sometimes that

591 views • 17 slides
bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2

MAKE BLOCKCHAIN WORK FOR YOU bluzelle What is Blockchain? Blockchain is a combination of multiple technologies 4 3 2 Consensus 1 Encryption P2P Networks Time Stamp Challenges addressed by blockchain Regulatory and compliance pressures

669 views • 14 slides
A Blockchain-based Mapping System IETF 98 Chicago March 2017 Jordi Pailliss, Albert

A Blockchain-based Mapping System IETF 98 Chicago March 2017 Jordi Pailliss, Albert

A Blockchain-based Mapping System IETF 98 Chicago March 2017 Jordi Pailliss, Albert Cabellos , Vina Ermagan, Fabio Maino acabello@ac.upc.edu htup://openoverlayrouter.org 1 A short Blockchain tutorial 2 Blockchain - Introductjon

545 views • 38 slides
OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com

OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com

OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com AG The OAuth 2.0 Success Story Tremendous adoption since publication in 2012 Driven by large service providers and OpenID Connect

594 views • 30 slides
OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106

OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106

draft-fett-oauth-dpop-03 OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106 Singapore Nov 2019 Brian Campbell (presenter, co-author, workation photographer) John Bradley (co-author of sorts) Torsten

407 views • 19 slides
Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain

Solidus Blockchain Ethan Cecchetti March 26, 2017 Blockchains Blockchain Blockchain blockchain blockchain blockchain Blockchain blockchain blockchain Blockchain Blockchain (blockchain) Blockchain blockchain, blockchain

470 views • 12 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides
Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard

Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard

Blockchain-based e-voting systems: Legal challengesexemplified by German law Burkhard Schfer/Tobias J. Schulz Agenda Introduction 1 2 Blockchain-based e-voting systems 3 Legal framework in Germany 4 Discussion 5 Summary/Outlook 2

353 views • 21 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
A Blockchain based Data Production Traceability System Research Project 2 Sandino Moeniralam

A Blockchain based Data Production Traceability System Research Project 2 Sandino Moeniralam

A Blockchain based Data Production Traceability System Research Project 2 Sandino Moeniralam Wednesday February 28, 2018 University of Amsterdam Introduction Need for data lineage Copernicus EO Sentinel-2 mission Blockchain based

217 views • 19 slides

More recommend