A secure OAuth 2.0 implementation model

A secure OAuth 2.0 implementation model

Show other versions (1)

Pilveen tallennetaan yhä enemmän dataa ja verkkopalveluiden määrää kasvaa jatkuvasti. Tämän vuoksi käyttäjillä on yhä useammin tarve sallia kolmannen osapuolen sovelluksille pääsy verkkopalveluihin tallennettuun dataan. OAuth 2.0 valtuutuskehys pyrkii tarjoamaan avoimen ja standardoidun protokollan...

Full description

Bibliographic Details
Main Author: Koponen, Ari-Pekka
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Tietotekniikan laitos, Department of Mathematical Information Technology, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:eng
Published: 2016
Subjects:
OAuth
OAuth 2.0
Tietotekniikka
Mathematical Information Technology
602
valtuutus
tietoturva
Online Access: https://jyx.jyu.fi/handle/123456789/51065
_version_ 1826225737407922176
author Koponen, Ari-Pekka
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Tietotekniikan laitos Department of Mathematical Information Technology University of Jyväskylä Jyväskylän yliopisto
author_facet Koponen, Ari-Pekka Informaatioteknologian tiedekunta Faculty of Information Technology Tietotekniikan laitos Department of Mathematical Information Technology University of Jyväskylä Jyväskylän yliopisto Koponen, Ari-Pekka Informaatioteknologian tiedekunta Faculty of Information Technology Tietotekniikan laitos Department of Mathematical Information Technology University of Jyväskylä Jyväskylän yliopisto
author_sort Koponen, Ari-Pekka
datasource_str_mv jyx
description Pilveen tallennetaan yhä enemmän dataa ja verkkopalveluiden määrää kasvaa jatkuvasti. Tämän vuoksi käyttäjillä on yhä useammin tarve sallia kolmannen osapuolen sovelluksille pääsy verkkopalveluihin tallennettuun dataan. OAuth 2.0 valtuutuskehys pyrkii tarjoamaan avoimen ja standardoidun protokollan valtuuttamiseen. OAuth 2.0:n tietoturvallinen toteutus vaatii kuitenkin laajaa tuntemusta OAuth 2.0:n spesifikaatiosta ja verkkopalveluiden tietoturvasta yleisesti. Tämän konstruktiivisen tutkimuksen tarkoituksena on konstruktoida web-kehittäjille tietoturvallinen malli OAuth 2.0 sovelluskehyksen toteutusta varten. Tutkimuksessa tunnistetaan tietoturvallisen OAuth 2.0 toteutuksen ominaisuudet. Tämän pohjalta tehdään OAuth 2.0 toteutus. Toteutuksen tietoturva testataan ja tulokset analysoidaan. A growing amount of data is stored in the cloud and the number of web services is soaring. This has created a need for users to authorize third party applications to access their resources. The OAuth 2.0 authorization framework aims to offer an open and standardized protocol for authorization. However, implementing OAuth 2.0 securely requires a great deal of knowledge of both the OAuth 2.0 specification and web security in general. The present research will take a form of a constructive research study. The aim is to construct a secure model for web developers implementing OAuth 2.0. The features of a secure OAuth 2.0 implementation are identified. Then, OAuth 2.0 is implemented. The security of this implementation is tested and the results reviewed.
first_indexed 2023-03-22T09:58:02Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "H\u00e4m\u00e4l\u00e4inen, Timo", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Koponen, Ari-Pekka", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2016-08-25T17:20:43Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2016-08-25T17:20:43Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2016", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.other", "value": "oai:jykdok.linneanet.fi:1572590", "language": null, "element": "identifier", "qualifier": "other", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/51065", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Pilveen tallennetaan yh\u00e4 enemm\u00e4n dataa ja verkkopalveluiden m\u00e4\u00e4r\u00e4\u00e4 kasvaa jatkuvasti. T\u00e4m\u00e4n vuoksi k\u00e4ytt\u00e4jill\u00e4 on yh\u00e4 useammin tarve sallia kolmannen osapuolen sovelluksille p\u00e4\u00e4sy verkkopalveluihin tallennettuun dataan. OAuth 2.0 valtuutuskehys pyrkii tarjoamaan avoimen ja standardoidun protokollan valtuuttamiseen. OAuth 2.0:n tietoturvallinen toteutus vaatii kuitenkin laajaa tuntemusta OAuth 2.0:n spesifikaatiosta ja verkkopalveluiden tietoturvasta yleisesti. T\u00e4m\u00e4n konstruktiivisen tutkimuksen tarkoituksena on konstruktoida web-kehitt\u00e4jille tietoturvallinen malli OAuth 2.0 sovelluskehyksen toteutusta varten. Tutkimuksessa tunnistetaan tietoturvallisen OAuth 2.0 toteutuksen ominaisuudet. T\u00e4m\u00e4n pohjalta tehd\u00e4\u00e4n OAuth 2.0 toteutus. Toteutuksen tietoturva testataan ja tulokset analysoidaan.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "A growing amount of data is stored in the cloud and the number of web services is soaring. This has created a need for users to authorize third party applications to access their resources. The OAuth 2.0 authorization framework aims to offer an open and standardized protocol for authorization. However, implementing OAuth 2.0 securely requires a great deal of knowledge of both the OAuth 2.0 specification and web security in general. The present research will take a form of a constructive research study. The aim is to construct a secure model for web developers implementing OAuth 2.0. The features of a secure OAuth 2.0 implementation are identified. Then, OAuth 2.0 is implemented. The security of this implementation is tested and the results reviewed.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted using Plone Publishing form by Ari-Pekka Koponen (arkopone) on 2016-08-25 17:20:42.837722. Form: Pro gradu -lomake (https://kirjasto.jyu.fi/julkaisut/julkaisulomakkeet/pro-gradu-lomake). JyX data: [jyx_publishing-allowed (fi) =True]", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2016-08-25T17:20:43Z\nNo. of bitstreams: 2\nURN:NBN:fi:jyu-201608253883.pdf: 232472 bytes, checksum: e6838c8cd6507436ca1b518d3e8a6bb3 (MD5)\nlicense.html: 4803 bytes, checksum: 389d30e1ec551ff6fe21b504af367d5a (MD5)", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2016-08-25T17:20:43Z (GMT). No. of bitstreams: 2\nURN:NBN:fi:jyu-201608253883.pdf: 232472 bytes, checksum: e6838c8cd6507436ca1b518d3e8a6bb3 (MD5)\nlicense.html: 4803 bytes, checksum: 389d30e1ec551ff6fe21b504af367d5a (MD5)\n Previous issue date: 2016", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "1 verkkoaineisto (66 sivua)", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "OAuth", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "OAuth 2.0", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "A secure OAuth 2.0 implementation model", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201608253883", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Tietotekniikan laitos", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Department of Mathematical Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.date.updated", "value": "2016-08-25T17:20:43Z", "language": null, "element": "date", "qualifier": "updated", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": null, "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": "fi", "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "valtuutus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_51065
language eng
last_indexed 2025-02-18T10:54:45Z
main_date 2016-01-01T00:00:00Z
main_date_str 2016
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/15005f22-c653-4af3-a6fe-726c1e149563\/download","text":"URN:NBN:fi:jyu-201608253883.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2016
record_format qdc
source_str_mv jyx
spellingShingle Koponen, Ari-Pekka A secure OAuth 2.0 implementation model OAuth OAuth 2.0 Tietotekniikka Mathematical Information Technology 602 valtuutus tietoturva
title A secure OAuth 2.0 implementation model
title_full A secure OAuth 2.0 implementation model
title_fullStr A secure OAuth 2.0 implementation model A secure OAuth 2.0 implementation model
title_full_unstemmed A secure OAuth 2.0 implementation model A secure OAuth 2.0 implementation model
title_short A secure OAuth 2.0 implementation model
title_sort secure oauth 2 0 implementation model
title_txtP A secure OAuth 2.0 implementation model
topic OAuth OAuth 2.0 Tietotekniikka Mathematical Information Technology 602 valtuutus tietoturva
topic_facet 602 Mathematical Information Technology OAuth OAuth 2.0 Tietotekniikka tietoturva valtuutus
url https://jyx.jyu.fi/handle/123456789/51065 http://www.urn.fi/URN:NBN:fi:jyu-201608253883
work_keys_str_mv AT koponenaripekka asecureoauth20implementationmodel AT koponenaripekka secureoauth20implementationmodel

Similar Items