Authorization of Web Requests Based on Merkle Trees
Kuupäev
2020
Autorid
Ajakirja pealkiri
Ajakirja ISSN
Köite pealkiri
Kirjastaja
Tartu Ülikool
Abstrakt
People should not have access to unauthorized data. Web applications can employ many
different authentication and authorization schemes to accomplish this. To prove user
permissions, session IDs or signed sets of claims are often used. However, scalability and
efficiency are increasingly important in microservice architecture. It is also beneficial to
decrease privacy risks when communicating with unknown parties. Thus, we propose a
way of signing and selectively transmitting a large set of claims using the Merkle tree. In
addition, we implement a JavaScript library based on the concept, that is optimized
Kirjeldus
Märksõnad
authorization, claims, efficiency, privacy, Merkle tree, cryptographic hash tree