Implementation of Role-Based Access Control on OAuth 2.0 as Authentication and Authorization System

Triartono, Zehan; Negara, Ridha Muldina; Sussi,

doi:10.23919/eecsi48112.2019.8977061

Cited by 11 publications

(7 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…There is no exception to this for the implementation of an identity management model using the OAuth2 protocol. Another proposed OAuth2 authorization model, in [ 28 ], presents interconnection between OAuth2 protocol and RBAC. Each scope describes the context that is available to the user and the functions and constraints that are applied to the user.…”

Section: Related Work On Access Control In Microservicesmentioning

confidence: 99%

Enhancing Microservices Security with Token-Based Access Control Method

Venčkauskas

Kukta

Grigaliūnas

et al. 2023

Sensors

View full text Add to dashboard Cite

Microservices are compact, independent services that work together with other microservices to support a single application function. Organizations may quickly deliver high-quality applications using the effective design pattern of the application function. Microservices allow for the alteration of one service in an application without affecting the other services. Containers and serverless functions, two cloud-native technologies, are frequently used to create microservices applications. A distributed, multi-component program has a number of advantages, but it also introduces new security risks that are not present in more conventional monolithic applications. The objective is to propose a method for access control that ensures the enhanced security of microservices. The proposed method was experimentally tested and validated in comparison to the centralized and decentralized architectures of the microservices. The obtained results showed that the proposed method enhanced the security of decentralized microservices by distributing the access control responsibility across multiple microservices within the external authentication and internal authorization processes. This allows for easy management of permissions between microservices and can help prevent unauthorized access to sensitive data and resources, as well as reduce the risk of attacks on microservices.

show abstract

Section: Related Work On Access Control In Microservicesmentioning

confidence: 99%

Enhancing Microservices Security with Token-Based Access Control Method

Venčkauskas

Kukta

Grigaliūnas

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Sebagai contoh di perguruan tinggi, proses belajar mengajar yang semula tatap muka beralih ke platform online, memanfaatkan berbagai aplikasi Learning Management System (LMS) dan online meeting seperti Zoom, Google Meet, Microsoft Teams, dan Cisco Webex Meeting [1]. Selain SaaS, perguruan tinggi juga masih menggunakan aplikasi pada infrastruktur onpremises, dimana sebagian besar monolith dan menggunakan role-based access control (RBAC) [2]. Dengan semakin banyaknya aplikasi dan sumber daya yang tersedia untuk pengajar, staf, dan mahasiswa, penyediaan akses yang seamless menjadi semakin penting.…”

Section: Pendahuluanunclassified

Evaluasi Penerapan Single Sign-on Saml Dan Oauth 2.0: Studi Pada Perguruan Tinggi Yogyakarta

Salmuasih

Setiawan

2023

JSiI

View full text Add to dashboard Cite

Dalam memutuskan strategi Single Sign-On (SSO) yang efektif, perguruan tinggi perlu memahami manfaat SSO, mengidentifikasi kebutuhan spesifik organisasi, dan memilih protokol yang akan memenuhi kebutuhan tersebut. Kontribusi penelitian ini adalah menganalisis efektifitas penerapan SSO protokol SAML dan OAuth 2.0 pada perguruan tinggi Yogyakarta. Langkah penelitian meliputi pengumpulan data, kemudian melakukan analisis penerapan protokol SAML dan OAuth 2.0 terhadap referensi yang relevan. Pengumpulan data dilakukan melalui literatur review, observasi pada domain-domain website resmi perguruan tinggi, survei, dan wawancara kepada 22 responden dari 17 Pusat IT perguruan tinggi. Dari hasil survei dan wawancara ditemukan ketidaksesuaian penerapan protokol pada 7 perguruan tinggi yang mengintegrasikan aplikasi native (desktop-based/mobile-based) dan IoT menggunakan SAML dan juga ditemukan ketidaksesuaian penerapan protokol yaitu OAuth 2.0 pada 2 perguruan tinggi. Hasil analisis menunjukkan bahwa beberapa perguruan tinggi belum menerapkan SSO secara efektif. Meskipun 60% perguruan tinggi mengklaim telah melakukan riset dalam pemilihan protokol SSO yang digunakan, namun pada praktiknya masih dijumpai penerapan SSO yang justru menambah kompleksitas permasalahan sebelumnya. Kata kunci: evaluasi, oauth 2.0, perguruan tinggi, saml, single sign-on

show abstract

“…Como exemplo, o OAuth 2.0, que atua como um framework para garantir a seguranc ¸a de cada microsservic ¸o, permite que o cliente se autentique no servidor de autorizac ¸ão e obtenha um token de acesso, emitindo uma solicitac ¸ão ao usuário para conceder uma sessão [Pasomsup and Limpiyakorn 2021]. O objetivo é permitir que os usuários autorizem aplicativos de terceiros a acessarem seus recursos protegidos sem compartilhar suas credenciais de login [Triartono et al 2019]. Um outro método que oferece um logon único e provisionamento de identidade para usuários em diferentes aplicativos é o OpenID Connect, possibilitando que os usuários tenham apenas uma identidade digital.…”

Section: Soluc ¸õEs De Autenticac ¸ãO E Autorizac ¸ãO Em Microsservic...unclassified

“…Nesse modelo os privilégios são associados aos papéis ou grupos de papéis. Portanto, um usuário terá todas as permissões correspondentes ao papel ao qual ele pertence [Triartono et al 2019]. Outra soluc ¸ão que atua como um nível intermediário, recebendo as solicitac ¸ões dos clientes e as direcionando para o servic ¸o adequado, é o API Gateway.…”

Section: Soluc ¸õEs De Autenticac ¸ãO E Autorizac ¸ãO Em Microsservic...unclassified

Desafios da Autenticação e Autorização na Comunicação entre Serviços em Arquiteturas de Microsserviços

Araújo,

Marinho

2023

Anais Estendidos Do XXIII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg Estendido 2023)

View full text Add to dashboard Cite

Nos últimos o uso de microsserviços surgiu como alternativa à arquitetura monolítica, devido aos vários benefícios que essa nova abordagem oferece. No entanto, essa transição trouxe consigo desafios relacionados à segurança. Esta pesquisa tem como objetivo compreender os principais desafios enfrentados e as soluções adotadas no contexto de autenticação e autorização em microsserviços. Sendo assim, foram avaliados 21 estudos, que revelaram os principais problemas e diversas soluções para mitigar tais problemas, como o uso de JSON Web Tokens (JWT), OAuth 2.0, protocolo mTLS (Mutual Transport Layer Security), Role-based Access Control Model (RBAC), OpenID Connect, Single Sign-On (SSO) e API Gateway.

show abstract

Implementation of Role-Based Access Control on OAuth 2.0 as Authentication and Authorization System

Cited by 11 publications

References 5 publications

Enhancing Microservices Security with Token-Based Access Control Method

Enhancing Microservices Security with Token-Based Access Control Method

Evaluasi Penerapan Single Sign-on Saml Dan Oauth 2.0: Studi Pada Perguruan Tinggi Yogyakarta

Desafios da Autenticação e Autorização na Comunicação entre Serviços em Arquiteturas de Microsserviços

Contact Info

Product

Resources

About