DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers

2010 IEEE International Symposium on Policies for Distributed Systems and Networks Pub Date : 2010-07-21 DOI:10.1109/policy.2010.12

Joshua Schiffman, Xinwen Zhang, S. Gibbs

{"title":"DAuth: Fine-Grained Authorization Delegation for Distributed Web Application Consumers","authors":"Joshua Schiffman, Xinwen Zhang, S. Gibbs","doi":"10.1109/policy.2010.12","DOIUrl":null,"url":null,"abstract":"Web applications are becoming the predominant means by which users interact with online content. However, current authentication approaches use a single authentication credential to manage access permissions, which is too inflexible for distributed programs with unique security and privacy requirements for each component. In this paper, we introduce DAuth, an authorization mechanism that allows fine-grained and flexible control of access permissions derived from a single authentication credential for distributed consumers of web applications. We implement DAuth as a proxy for a Twitter social networking application within our distributed Elastic Application framework and find it introduces negligible overhead and requires only minor modification of existing applications. Through our evaluation, we demonstrate DAuth improves on existing web authentication mechanisms to support distributed web application consumers and can be implemented as a proxy to web applications that do not wish to develop their own implementation.","PeriodicalId":143330,"journal":{"name":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","volume":"266 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 IEEE International Symposium on Policies for Distributed Systems and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/policy.2010.12","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

Web applications are becoming the predominant means by which users interact with online content. However, current authentication approaches use a single authentication credential to manage access permissions, which is too inflexible for distributed programs with unique security and privacy requirements for each component. In this paper, we introduce DAuth, an authorization mechanism that allows fine-grained and flexible control of access permissions derived from a single authentication credential for distributed consumers of web applications. We implement DAuth as a proxy for a Twitter social networking application within our distributed Elastic Application framework and find it introduces negligible overhead and requires only minor modification of existing applications. Through our evaluation, we demonstrate DAuth improves on existing web authentication mechanisms to support distributed web application consumers and can be implemented as a proxy to web applications that do not wish to develop their own implementation.

查看原文本刊更多论文

DAuth:分布式Web应用程序消费者的细粒度授权委托

Web应用程序正在成为用户与在线内容交互的主要手段。然而，当前的身份验证方法使用单个身份验证凭据来管理访问权限，这对于每个组件都有独特的安全和隐私要求的分布式程序来说太不灵活了。在本文中，我们介绍了DAuth，这是一种授权机制，允许对来自web应用程序的分布式消费者的单个身份验证凭证的访问权限进行细粒度和灵活的控制。我们在分布式弹性应用程序框架中将DAuth作为Twitter社交网络应用程序的代理来实现，发现它引入的开销可以忽略不计，并且只需要对现有应用程序进行少量修改。通过我们的评估，我们证明了DAuth改进了现有的web身份验证机制，以支持分布式web应用程序消费者，并且可以作为不希望开发自己实现的web应用程序的代理来实现。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 IEEE International Symposium on Policies for Distributed Systems and Networks

自引率

0.00%

发文量