Platform-level Support for Authorization in Cloud Services with OAuth 2

Abstract

The OAuth 2 web authorization framework allows services to act on behalf of users when interacting with other services. It avoids sharing username and passwords across services, thus, in principle protecting users from several threats. However, it is known that the implementation of this kind of authorization protocol is tricky, and potentially leads to vulnerable web services. In this paper we present a toolkit for Java-based Cloud platforms which facilitates the deployment of the OAuth 2 authorization framework into existing web services. We developed a set of interceptors, using aspect-oriented programming techniques for SOA, to handle the main OAuth flow. Secondly, we created an Eclipse plug-in to integrate OAuth into cloud services with minimum effort.