Jump to Navigation

 

Platform-level support for Authorization in Cloud Services with OAuth 2

The OAuth 2 web authorization framework allows services to act on behalf of users when interacting with other services. It avoids sharing username and passwords across services, thus, in principle protecting users from several threats. However, it is known that the implementation of this kind of authorization protocol is tricky, and potentially leads to vulnerable web services. In this paper we present a toolkit for Java-based Cloud platforms which facilitates the deployment of the OAuth 2 authorization framework into existing web services. We developed a set of interceptors, using aspect-oriented programming techniques for SOA, to handle the main OAuth flow. Secondly, we created an Eclipse plug-in to integrate OAuth into cloud services with minimum effort.

Authors: 
Jakub Sendor , Yann Lehmanny, Gabriel Sermez and Anderson Santana de Oliveira
Publication Date: 
Tuesday, March 11, 2014 to Friday, March 14, 2014
Place: 
Boston, Massachusetts, USA
Publication Reference: 

Sendor j. , Lehmanny y., Sermez g., Santana de Oliveira A., "Platform-level support for Authorization in Cloud Services with OAuth 2", 2014 IEEE International Conference on Cloud Engineering (IC2E), Page(s): 458 - 465, IEEE, DOI: 10.1109/IC2E.2014.60.