OAuthHub: A Service for Consolidating Authentication Services

Xuzong Chen, Gareth Sime, Christof Lutteroth, Gerald Weber

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

OAuth has become a widespread authorization protocol to allow inter-enterprise sharing of user preferences and data: a Consumer that wants access to a user's protected resources held by a Service Provider can use OAuth to ask for the user's authorization for access to these resources. However, it can be tedious for a Consumer to use OAuth as a way to organize user identities, since doing so requires supporting all Service Providers that the Consumer would recognize as users' "identity providers". Each Service Provider added requires extra work, at the very least, registration at that Service Provider. Different Service Providers may differ slightly in the API they offer, their authentication/authorization process or even their supported version of OAuth. The use of different OAuth Service Providers also creates privacy, security and integration problems. Therefore OAuth is an ideal candidate for Software as a Service, while posing interesting challenges at the same time. We use conceptual modelling to derive new high-level models and provide an analysis of the solution space. We address the aforementioned problems by introducing a trusted intermediary - OAuth Hub - into this relationship and contrast it with a variant, OAuth Proxy. Instead of having to support and control different OAuth providers, Consumers can use OAuth Hub as a single trusted intermediary to take care of managing and controlling how authentication is done and what data is shared. OAuth Hub eases development and integration issues by providing a consolidated API for a range of services. We describe how a trusted intermediary such as OAuth Hub can fit into the overall OAuth architecture and discuss how it can satisfy demands on security, reliability and usability.
Original languageEnglish
Title of host publicationProceedings of the 19th IEEE International Enterprise Distributed Object Computing Conference (EDOC), 2015
PublisherIEEE
Pages201-210
Number of pages10
ISBN (Print)9781467392020
DOIs
Publication statusPublished - 2015

Fingerprint Dive into the research topics of 'OAuthHub: A Service for Consolidating Authentication Services'. Together they form a unique fingerprint.

Cite this